Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966, in its capacity as Data Controller (hereinafter referred to as the “Data Controller”), hereby informs you, pursuant to Article 13 of EU Regulation No. 679/2016 (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”), that your personal data (hereinafter referred to as “Data”) provided by e-mail or business card may be processed in the manner and for the purposes outlined below.
- Purpose and Legal Basis of Processing
Your contact Data—including, but not limited to, name, address, city, postal code, company name and VAT number (or the VAT number of the entity/organisation you represent), telephone number, and email address—will be processed (as defined under Art. 4, paragraph 2 of the GDPR) within the scope of business relations for the following purpose:
- a) Business communications by e-mail or telephone
The legal basis for the processing under a) is the legitimate interest pursuant to Article 6(1)(f) of the GDPR.
The Data concerning you will be retained until you request its deletion using the appropriate method provided in emails sent by Open Fiber, or by contacting privacy@openfiber.it. In any case, your Data will be kept only as long as it is necessary for business purposes.
The processing of Data is carried out using both paper and electronic means, with appropriate measures in place to ensure the security and confidentiality of the Data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR. Data may be processed by internal or external individuals who are specifically authorised and bound by a confidentiality obligation.
- Scope of Data Circulation
The Data may also be processed by third-party companies that perform activities on behalf of the Data Controller, acting as External Data Processors(for example, credit institutions, professional firms, suppliers or consultants who manage and/or assist in the management or maintenance of the electronic and/or telematic tools we use, insurance companies that provide insurance services, for the time strictly necessary to ensure optimal service performance). Your Data will only be accessible to Open Fiber staff members who require it to perform their roles or duties. Such personnel will be appropriately instructed to prevent the loss, destruction, unauthorised access, or improper processing of the Data. Without your explicit consent, the Data Controller may disclose your Data to supervisory authorities, judicial bodies, and any other entities to which disclosure is mandatory under the law (pursuant to Art. 6(b) and (c) of the GDPR).
The provision of your Data for the purpose outlined in point (a) is mandatory. Refusal to provide such Data, or the provision of inaccurate and/or incomplete information as specified in point (a) would hinder business-to-business communication.
Your Data will not be disclosed.
Your Data will not be transferred outside the European Union or the European Economic Area. However, the Data Controller reserves the right, if necessary, to relocate servers to countries outside the EU. In such cases, the Data Controller ensures that any transfer of Data outside the EU will be carried out in compliance with Articles 44 and following of the GDPR, as well as other applicable legal provisions, by entering into agreements that guarantee an adequate level of protection, if required.
- Data Controller and Data Protection Officer
The Data Controller is Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966, and can be contacted at the following email address: privacy@openfiber.it. Open Fiber has appointed a Data Protection Officer (DPO) in accordance with Article 37 of the GDPR, who can be contacted at the following address: dpo.of@openfiber.it.
We inform you that, as a Data Subject (“Data Subject”), you have the right to exercise your rights under the GDPR, including the following: a)The right, pursuant to Art. 15 of the GDPR, to obtain confirmation as to whether or not Data relating to you are being processed and, if so, to access the Data and the following information (i) the purposes of the processing; (ii) the categories of Data concerned; (iii) the recipients or categories of recipients to whom the Data have been or will be disclosed, particularly if they are in third countries or international organisations;
(iv) where possible, the expected retention period of the Data or, if not possible, the criteria used to determine this period; (v) the existence of the Data Subject’s right to request rectification or erasure of the Data, restriction of its processing, or to object to its processing from the Data Controller; (vi) the right to lodge a complaint with a supervisory authority, pursuant to Art. 77 ff. of the GDPR; (vii) if the Data were not collected from the Data Subject, any available information about their source; (viii) the existence of automated decision-making processes, including profiling, as referred to in Art. 22(1) and (4) of the GDPR, and, at least in such cases, meaningful information about the logic involved, as well as the significance and potential consequences of such processing for the Data Subject; (ix) the right to be informed of the existence of appropriate safeguards as defined in Article 46 of the GDPR regarding the transfer of Data, if they are transferred to a third country or international organisation; b) The Data Subject shall also have the right (where applicable) to exercise their rights under Articles 16-21 of the GDPR, including the Right to rectification, the Right to be forgotten, the Right to restriction of processing, the Right to Data portability, and the Right to object. We inform you that Open Fiber is committed to responding to your request no later than one month from the date of its receipt. This deadline may be extended depending on the complexity or number of requests, and Open Fiber will inform you of the reason for any extension within one month of your request. The outcome of your request may be provided to you in writing, either in hard copy or in electronic form.
- Methods of Exercising Rights
The Data Subject may at any time exercise the aforementioned rights and request an updated list of Data Processors by sending a request to the following e-mail addresses: privacy@openfiber.it or dpo.of@openfiber.it.
If you believe that the processing of your Data violates the provisions of the Regulation, you have the right to lodge a complaint with the Data Protection Authority, as provided under Article 77 of the Regulation, or to seek judicial remedy pursuant to Article 79 of the Regulation, following the procedures and instructions published on the Authority’s official website: www.garanteprivacy.it