Open Fiber S.p.A., with registered office in Via Certosa 2, 20155, Milan MI, Italy, VAT No. 09320630966, as data controller (hereinafter “Data Controller”), informs you, pursuant to Article 13 EU Regulation No 679/2016 (hereinafter also “General Data Protection Regulation” or “GDPR”) that your personal data (hereinafter “Data” or “the Data”) provided through the above form may be processed in the manner and for the purposes indicated below.
- Purpose and Legal Basis of the Processing
Your Data, such as, for example, personal data, contact data, data relating to the R.O.C., will be processed (for the definition of ‘processing’, see art. 4, paragraph 2 of the GDPR) for the following purposes:
- registration in the “Become a Partner” section of the www.openfiber.it website;
to allow Open Fiber to provide its own sales services.
- to carry out marketing activities, market research, commercial communication, relating to the Services offered by Open Fiber. This activity may be carried out either by sending advertising, informative or promotional material or invitations to take part in initiatives, events and offers, or by using “traditional” methods (e.g., paper mail and/or operator calls), or by using “automated” contact systems (e.g., SMS and/or MMS, messages via social whatsapp, telephone calls without operator, e-mail, fax, interactive applications), pursuant to Article 130 c. par. 1 and 2 of the Code, as amended.
The legal basis for the processing referred to in point a) is Article 6 c..1 lett. b) of the GDPR, while for the purposes of points b) the legal basis is consent pursuant to Article 6 c.1 lett. a) of the GDPR.
- Data Retention Periods
Your data will be stored according to the following criteria:
- regarding point a) until you communicate your request for erasure by writing to email@example.com
- for the purposes of point b) until the withdrawal of consent which can be exercised through the appropriate method indicated on Open Fiber communications or by writing to firstname.lastname@example.org.
- How the Data is Used
Data is processed through paper media and electronic tools. Appropriate measures are used to ensure the security and confidentiality of the Data. The measures aim at preventing unauthorised access, loss or destruction, in accordance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR. The Data may be processed by internal or external persons who are specifically authorised and committed to confidentiality.
- Scope of Data Movement
The Data may be processed by third party companies that carry out activities on behalf of the Data Controller, in their capacity as External Data Processors (by way of example but not limited to: credit institutions, professional firms, suppliers/consultants that manage and/or participate in the management and/or maintenance of the electronic and/or telematic instruments used by us, insurance companies for the provision of insurance services, for the time strictly necessary for the optimal performance of such service). Your Data will only be made accessible only to those within the Company who need it in relation to the fulfilment of their duties or hierarchical position. Such persons shall be properly instructed to avoid loss, destruction, unauthorised access or unauthorised processing of the Data.
Without your express consent (pursuant to Article 6 lett. b) and c) of the GDPR), the Data Controller may disclose your Data to supervisory bodies, judicial authorities as well as to all other entities to which disclosure is mandatory under an express provision of law.
- Nature of Data Provision
The provision of your Data for the purposes outlined in points (a) and (b) is mandatory. Your refusal and/or the provision of inaccurate and/or incomplete information with reference to points (a) and (b) would prevent, respectively, your registration in the “Become a Partner” section of the website www.openfiber.it and the impossibility for Open Fiber to provide the requested services.
- Data Dissemination
The Data will not be disseminated.
- Transfer of Data Abroad
The Data will not be transferred outside the European Union and the EEA. In any event, it is understood that the Data Controller may move the servers outside the EU if necessary. In this case, the Data Controller hereby assures that the transfer of data outside the EU will take place in accordance with Articles 44 et seq. of the GDPR and the applicable legal provisions by entering into agreements, if necessary, that guarantee an adequate level of protection.
- Controller and Data Protection Officer (DPO)
The Data Controller is Open Fiber S.p.A., with registered office in Via Certosa 2, 20155, Milan MI, Italy, VAT No. 09320630966.
Open Fiber has appointed a Data Protection Officer (DPO) pursuant to Article 37 of the GDPR who can be contacted at the following address: email@example.com.
- Exercise of Rights
We inform you that, as a Data Subject, you may exercise your rights under the GDPR, namely: the right, pursuant to Article 15, to obtain confirmation as to whether or not Data concerning you are being processed and, if so, to obtain access to the Data and the following information: (i) the purposes of the processing (ii) the categories of Data concerned; (iii) the recipients or categories of recipients to whom the Data have been or will be disclosed, in particular whether third countries or international organisations; (iv) where possible, the expected period of retention of the Data or, if this is not possible, the criteria used to determine this period; v) the existence of the data subject’s right to request from the Controller the rectification or erasure of the Data or the restriction of their processing or to object to their processing; vi) the right to lodge a complaint with a supervisory authority, pursuant to art. 77 et seq. of the GDPR; vii) where the Data are not collected from the Data Subject, all available information on their origin; viii) the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4) of the GDPR, and, at least in such cases, meaningful information on the logic involved, as well as the significance and envisaged consequences of such processing for the Data Subject (ix) the right to be informed of the existence of appropriate safeguards within the meaning of Article 46 of the GDPR relating to the transfer, where the Data is transferred to a third country or international organisation;
Where applicable, you also have the rights set out in articles 16-21 GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object).
We inform you that our Company undertakes to respond to your request within one month at the latest of receipt of the request. This deadline may be extended depending on the complexity or number of requests and the Company will explain the reason for the extension to you within one month of your request. The outcome of your request may be provided to you in writing either in hard copy or electronically.
- Methods of Exercising Rights
The Data Subject may at any time exercise the above-mentioned rights and request an updated list of those data processors by sending a request to the following e-mail addresses: firstname.lastname@example.org or email@example.com.
If you believe that the processing of your Data is in breach of the provisions of the Regulation, you have the right to lodge a complaint with the Italian Data Protection Authority [Garante Privacy], as provided for by Article 77 of the Regulation, or to take legal action (Article 79 of the Regulation), following the procedures and instructions published on the official website of the Authority: www.garanteprivacy.it