Open Fiber S.p.A., with registered office in Via Certosa 2, 20155, Milan MI, Italy, VAT No. 09320630966, as data controller (hereinafter “Data Controller”), informs you, pursuant to Article 13 EU Regulation No 679/2016 (hereinafter also “General Data Protection Regulation” or “GDPR”) that your personal data (hereinafter “Data”) provided through the above form may be processed in the manner and for the purposes indicated below.
- Purpose and Legal Basis of the Processing
Your data, such as, for example, personal data, contact data, address, city, postal code, company name/VAT number of your company/the company you represent, VAT number of the entity/organisation you represent, will be processed (for the definition of ‘processing’, see Article 4, c. 4, par. 2 of the GDPR) for the following purpose:
- to provide you with feedback on your request regarding “Coverage”, “General Information”, “Infratel Calls”.
- to carry out marketing activities, market research, commercial communication relating to the activities of Open Fiber. This activity may be carried out either by sending advertising, informative or promotional material or invitations to take part in initiatives, events and offers, or by using “traditional” methods (e.g. paper mail and/or operator calls), or by using “automated” contact systems (e.g. SMS and/or MMS, messages via social whatsapp, telephone calls without operator, e-mail, fax, interactive applications), pursuant to Article 130 par. 1 and 2 of the Code, as amended;
The legal basis for the processing referred to in point a) is the legitimate interest pursuant to Article 6 c..1 lett. f) of the GDPR, while for the purposes of points b) the legal basis is consent pursuant to Article 6 c.1 lett. a) of the GDPR.
- Data Retention Periods.
- regarding point a) up to 10 years and, in any case, until you communicate your request for erasure by writing to firstname.lastname@example.org
- for the purposes referred to in points b) until the revocation of consent which can be exercised through the appropriate method indicated on Open Fiber communications or by writing to email@example.com.
- in any case for a period not exceeding that necessary to comply with any regulatory obligations.
- How the Data is Used
Data is processed through paper media and electronic tools. Appropriate measures are used to ensure the security and confidentiality of the Data. These measures aim at preventing unauthorised access, loss, or destruction, in accordance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR. The Data may be processed by internal or external persons, who are specifically authorised and committed to confidentiality.
- Scope of Data Movement
The Data may also be processed by third party companies that carry out activities on behalf of the Data Controller, in their capacity as external data processors (by way of example but not limited to: credit institutions, professional firms, suppliers/consultants that manage and/or participate in the management and/or maintenance of the electronic and/or telematic tools used by us, insurance companies for the provision of insurance services, for the time strictly necessary for the optimal performance of such service). Your Data will be made accessible only to those within Open Fiber who need it in relation to the exercise of their duties or hierarchical position. Such persons shall be properly instructed to avoid loss, destruction, unauthorised access, or unauthorised processing of the Data. Without your express consent (pursuant to Article 6 lett. b) and c) of the GDPR), the Data Controller may disclose your Data to supervisory bodies, judicial authorities as well as to all other entities to which disclosure is mandatory under an express provision of law.
- Nature of data provision
The provision of your Data for the purpose outlined in point (a) is mandatory. Your refusal and/or provision of inaccurate and/or incomplete information in relation to point (a) will prevent us from providing you with feedback on your request for “Coverage”, “General Information” and “Infratel Calls”.
- Data Dissemination
The Data will not be disseminated.
- Transfer of Data Abroad
The Data shall not be transferred outside the European Union and the European Economic Area. In any event, it is understood that the Data Controller may move the servers outside the EU if necessary. In such case, the Data Controller hereby assures that the transfer of the Data outside the EU will take place in accordance with Articles 44 et seq. of the GDPR and the applicable legal provisions by entering into agreements, if necessary, that guarantee an adequate level of protection.
- Controller and Data Protection Officer (DPO)
The Data Controller is Open Fiber S.p.A., with registered office in Via Certosa 2, 20155, Milan MI, Italy, VAT No. 09320630966, who can be contacted at the following email address firstname.lastname@example.org.
Open Fiber has appointed a Data Protection Officer (DPO) pursuant to Article 37 of the GDPR who can be contacted at the following address: email@example.com.
- Exercise of rights
We inform you that, as a Data subject (“Data Subject”), you can exercise the rights under the GDPR, namely: a) the right, pursuant to Article 15, to obtain confirmation as to whether or not your Data are being processed and, if so, to obtain access to the Data and to the following information: (i) the purposes of the processing (ii) the categories of Data concerned; (iii) the recipients or categories of recipients to whom the Data have been or will be disclosed, in particular whether third countries or international organisations; (iv) where possible, the expected period of retention of the Data or, if this is not possible, the criteria used to determine this period; v) the existence of the data subject’s right to request from the Controller the rectification or erasure of the Data or the restriction of their processing or to object to their processing; vi) the right to lodge a complaint with a supervisory authority, pursuant to Article 77 et seq. of the GDPR; vii) where the Data are not collected from the Data Subject, all available information on their origin; viii) the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4) of the GDPR, and, at least in such cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the Data Subject (ix) the right to be informed of the existence of appropriate safeguards under Article 46 of the GDPR relating to the transfer, if the Data is transferred to a third country or an international organisation; b) the Data Subject (where applicable) may also exercise the rights under Articles. 16-21 of the GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object). We inform you that Open Fiber is committed to responding to your request within one month at the latest from receipt of the request. This deadline may be extended depending on the complexity or number of requests and Open Fiber will explain the reason for the extension within one month of your request. The outcome of your request may be provided to you in writing either in hard copy or electronically.
- Methods of Exercising Rights
The Data Subject may at any time exercise the above-mentioned rights and request an updated list of data processors by sending a request to the following e-mail addresses: firstname.lastname@example.org or email@example.com.
If you believe that the processing of your Data is in breach of the provisions of the Regulation, you have the right to lodge a complaint with the Italian Data Protection Authority [Garante Privacy], in accordance with Article 77 of the Regulation, or to take legal action (Article 79 of the Regulation), following the procedures and instructions published on the official website of the Authority: www.garanteprivacy.it