PRIVACY POLICY
For European Union residents
INFORMATION ON TREATMENT OF ON-LINE CLIENT PERSONAL DATA AS PER (EU) GDPR REGULATION (2016/679)
Data Controller
MAIRE S.p.A. (“Company”)
Registered Office - Viale Castello della Magliana 27 00148 Rome - Italy
Operative Headquarters - Via Gaetano De Castillia 6A 20124 Milan - Italy
Tax Code, VAT Code and Rome Enterprise Registry Code 07673571001
Tel. 02 63131 - privacy@groupmaire.com
Data Protection Officer Contact: dpo@groupmaire.com
Processed Personal Data
Internet Use (also see: Cookie Policy)
At the end of the data conservation periods indicated above, the data will be destroyed, eliminated or anonymised.
Further specific information on the processing of personal data will be provided in the specific areas of the website where the data is requested (“People & Careers”).
Mandatory Monitoring of Data
Data processing is necessary to guarantee the services provided by the website.
Data Processors
The data may be processed by autonomous external organisations such as authorities and surveillance and monitoring bodies. The data may be processed by autonomous third parties through the installation of analytical and/or profiling cookies. For further information: see Cookie Policy.
Moreover, data may be processed, on behalf of the Company, by external parties designated to manage said data with adequate instructions. These parties are essentially included in the following categories:
a. Companies providing services required for the objectives indicated in this document (IT suppliers);
b. Companies providing support for the market studies and statistical analyses.
Parties Authorised to Process Data
Data may be processed by company staff, pursuing the objectives indicated above, who has been duly authorised to process that data and who have received adequate instructions.
Transfer of Personal Data to Non-EU Countries
Certain Internet use data may be transferred outside of the European Union (see Cookie Policy)
Rights of the Data Subject - Right to Lodge a Complaint with a Supervisory Authority
By contacting Simona Dolce (Via Gaetano De Castillia 6/A 20124 Milan or via e-mail at privacy@groupmaire.com) at the Group Corporate Affairs, Governance & Compliance Office, data subjects may request access to the data concerning them and demand the erasure of said data, the correction of inexact data, the integration of incomplete data and the limitation of data processing as established by GDPR Art. 18, as well as opposing the processing of data in case of legitimate interest by data subject.
Moreover, if the data processing is based on consent or contract and automatically implemented, data subjects have the right to receive said data in an organised, common and easily legible format by an automatic device and, if technically feasible, said data may be freely transmitted to a third party.
Data subjects also have the right to revoke consent, at any moment, provided for marketing and/or profiling objectives, as well as to deny the treatment of data for marketing objectives, including profiling related to direct marketing.
Data subjects have the right to file a complaint with the supervisory authority in the member state in which they reside or work, or in the member state in which the claimed violation occurred.
For Nigeria residents
IMPORTANT INFORMATION AND WHO WE ARE
This privacy policy (“Policy”) applies to MAIRE S.p.A., a company incorporated in Italy with its registered office at Viale Castello della Magliana 27 00148 Rome, Italy (“MAIRE” “we”, “our”, or “us”). MAIRE operates this website and conducts business activities in Nigeria through its subsidiary, Tecnimont Nigeria Limited, a company incorporated in Nigeria with its registered office at 101 Jubril Martins St, Victoria Island, Lagos, Nigeria (“Tecnimont Nigeria”).
2. ABOUT THIS POLICY
We take privacy seriously and are committed to protecting it. This Policy applies to all users who access or interact with our website from Nigeria. It explains how we collect, use, disclose and protect personal data and other information obtained through the website. Although the website is operated by MAIRE, we are committed to complying with applicable Nigerian data protection and privacy laws, including the Nigeria Data Protection Act 2023 (“NDPA”), when processing information relating to Nigerian users. This Policy does not apply to third-party websites, applications or services that may be linked to or accessed through our website. We encourage users to review the privacy and data protection policies of those third- party platforms before providing any personal data. This website is not intended for children, and we do not knowingly collect data relating to children.
3. DATA CONTROLLER
The data controller responsible for the processing of personal data collected through this website is MAIRE. For users located in Nigeria, MAIRE may share information with or receive support from its Nigerian subsidiary, Tecnimont Nigeria, which acts as our local representative and assists with business operations in Nigeria. MAIRE remains responsible for determining the purposes and means of processing personal data collected through the website. We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO or privacy team using the information set out in the contact details section of this Policy.
4. THE TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU
Personal data means any information about a person from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Technical Data: including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.
Usage Data: including information about how you interact with and use our website and services.
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.
5. HOW IS YOUR PERSONAL DATA COLLECTED?
We collect data from and about you through automated technologies. As you interact with our website, we automatically collect Technical Data and Usage Data. This personal data is also collected using cookies and similar technologies. We may also receive Technical Data about you if you visit other websites that employ our cookies. Please see our cookie policy Cookie Policy for further details.
6. HOW WE USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Purpose/Use | Type of data | Legal basis and retention period |
Allowing the correct operation of the services provided by the website | Technical | (a) Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud. (b) Necessary to comply with a legal obligation to meet statutory, regulatory or security requirements, such as maintaining IT logs, preventing fraud and ensuring data protection compliance. For the data retention period, please refer to cookie policy |
Obtain anonymous statistical information on use of the website | (a) Technical (b) Usage | Necessary for our legitimate interests to keep our website updated and relevant and improve visitors’ experience. For the data retention period, please refer to cookie policy |
7. DATA ANONYMISATION AND USE OF AGGREGATED INFORMATION
The information you give us is confidential and protected by law. The confidentiality of personal information is a priority for us. Your information may be converted into statistical or aggregated data in such a way as to ensure you are not identified or identifiable from it. Aggregated data cannot be linked back to you as a natural person. We may use this data for analytical and research purposes.
8. PERSONAL DATA PROTECTION PRINCIPLES
When we process your personal data, we are guided by the following principles. Personal data shall be:
- collected only for specific, legitimate and lawful purposes;
- processed lawfully for the purpose for which it was collected and not further processed in a manner incompatible with which that purpose(s);
- processed adequately, accurately and without prejudice to the dignity of the human person;
- adequate, relevant and limited to what is necessary in relation to the purpose for which it is
processed;
- accurate and where necessary, kept up to date;
- stored only for the period within which it is reasonably needed; and
- processed in a secure manner and protected against unauthorised or unlawful access or processing or accidental loss, destruction or damage.
9. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data where necessary with third parties acting as data processing controllers, for example, entities belonging to MAIRE group or supervisory and control authorities and bodies and in general public or private parties entitled to request the data.
Circumstances that may necessitate our sharing of your personal data with the third parties identified above include where we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to:
- satisfy any applicable law, regulation, legal process or enforceable governmental request,
- enforce applicable terms of service, including investigation of potential violations thereof,
- detect, prevent, or otherwise address fraud, security or technical issues, or 3
- protect against imminent harm to our rights, property or safety as required or permitted by law.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
10. INTERNATIONAL TRANSFERS
To the extent required by the NDPA and where we will be sharing, transferring or storing your personal data outside of Nigeria, including for example in the European Union, we will ensure that such transfers comply with the NDPA and this Policy. In particular, we will ensure that the Nigeria Data Protection Commission (NDPC) has issued an adequacy decision in respect of the country where the recipient entities are located.
Where there is no adequacy decision, we will rely on appropriate safeguards such as binding corporate rules or standard contractual clauses, as may be applicable. In the absence of these, and in line with the NDPA, we may transfer your personal data outside Nigeria in the following circumstances:
- with your consent;
- where the transfer is necessary for the performance of a contract between you and us, or for the implementation of pre-contractual measures taken at your request;
- where the transfer is necessary for the conclusion or performance of a contract concluded in your interest between the Company and another natural or legal person;
- where the transfer is necessary for important reasons of public interest;
- where the transfer is necessary for the establishment, exercise, or defence of legal claims; or
- where the transfer is necessary in order to protect your vital interests, or those of other persons, where you are physically or legally incapable of giving consent.
To the extent that the transfer of personal data requires prior authorisation or regulatory approval from the NDPC, we will ensure that such authorisation or approval is obtained before the transfer takes place.
11. DATA SECURITY
We have implemented appropriate technical and organisational security measures to prevent your personal data from unlawful or unauthorised processing, accidental loss, destruction, damage, alteration or disclosure.
These measures are designed to maintain the confidentiality, integrity, and availability of your personal data.
Access to your personal data is restricted to employees, agents, contractors and other third parties who have a legitimate business need to know. They will only process your personal data in accordance with our instructions and are bound by confidentiality obligations.
We have also established procedures to identify, investigate and respond to any suspected personal data breaches according to relevant regulations. Where required by law, we will promptly notify you and the relevant regulatory authority of such breaches.
12. DATA RETENTION
We retain personal data collected through the website only for as long as necessary to fulfil the purposes described in this Policy, including maintaining website performance, ensuring security and meeting legal or regulatory obligations. Technical information such as IP addresses and device data is typically retained for a limited period to enable website functionality, investigate potential security incidents and generate aggregated analytics. After this period, the data is either deleted or anonymized so it can no longer identify individual users.
Where applicable, anonymized or aggregated data may be retained for longer periods for statistical or analytical purposes.
We review our retention practices periodically to ensure that personal data is not kept for longer than necessary and that it is handled in compliance with the Nigeria Data Protection Act 2023 and other applicable laws.
13. VIOLATIONS
We will take swift action to remedy any suspected breaches of personal data. We will not be responsible for any breach of personal data which occurs as a result of:
- an event which is beyond our control;
- an act or threats of terrorism;
- any natural disaster (including but not limited to fires, explosions, earthquakes, floods, epidemics, or pandemics) which compromises our data protection measures;
- war, hostilities (whether war be declared or not), invasion, act of foreign enemies, requisition, or embargo, rebellion, revolution, insurrection, or military or usurped power, or civil war which compromises our data protection measures; or
- the use of your personal data by a third party designated by you.
If you know or suspect that a breach of personal data has occurred, or a violation of this Privacy Policy has occurred, you should immediately contact our DPO through the contact information provided below.
14. YOUR LEGAL RIGHTS
You may exercise one or more of the following data subject rights:
- Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest as the legal basis for that particular use of your data. However, in some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
o If you want us to establish the data's accuracy;
o Where our use of the data is unlawful, but you do not want us to erase it;
o Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
o You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
If you wish to exercise any of the rights set out above, please contact us using the contact details set out below.
No Fee Usually Required
You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
What We May Need From You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Time Limit To Respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
15. CONTACT DETAILS
If you have any questions about this Policy or about the use of your personal data or you want to exercise your privacy rights, please contact:
- Data Protection Officer: dpo@groupmaire.com, or
- Privacy team: privacy@groupmaire.com
16. COMPLAINTS
You have also the right to make a complaint to the Nigeria Data Protection Commission, the Nigerian regulator for data protection issues (https://ndpc.gov.ng/ ).
17. THIRD-PARTY LINKS
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these
third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.