Open Fiber S.p.A., with registered office in Via Certosa 2, 20155, Milan MI, Italy, VAT No. 09320630966, as data controller (hereinafter “Data Controller”), informs you, pursuant to Article 13 EU Regulation No 679/2016 (hereinafter also “General Data Protection Regulation” or “GDPR”) that your personal data (hereinafter “Data”) provided through the above form may be processed in the manner and for the purposes indicated below.
- Purpose and Legal Basis of the Processing
Your data, such as, for example, personal data, contact data, address, city, postal code, company name/VAT number of your company/the company you represent, VAT number of the entity/organisation you represent, will be processed (for the definition of ‘processing’, see Article 4, c. 4, par. 2 of the GDPR) for the following purpose: to provide you with feedback on your request for an optic fiber terminating segment/lead-in ducts.
The legal basis of the processing is Article 6 c..1 lett. b) of the GDPR
Data Retention Periods.
Your data will be stored according to the following criteria:
– for a period not exceeding that necessary to fulfil any legal obligations
How the Data is Used
Data processing is carried out using paper media and electronic tools. Appropriate measures are used to ensure the security and confidentiality of the Data. The measures aim at preventing unauthorised access, loss or destruction, in accordance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR. The Data may be processed by internal or external persons who are specifically authorised and committed to confidentiality.
- Scope of Data Movement
The Data may also be processed by third party companies that carry out activities on behalf of the Data Controller, in their capacity as external data processors (by way of example but not limited to: credit institutions, professional firms, suppliers/consultants that manage and/or participate in the management and/or maintenance of the electronic and/or telematic tools used by us, insurance companies for the provision of insurance services, for the time strictly necessary for the optimal performance of such service). Your data will be made accessible only to those within Open Fiber who need it in relation to the exercise of their duties or hierarchical position. Such persons shall be properly instructed to avoid loss, destruction, unauthorised access or unauthorised processing of the Data. Without your express consent (pursuant to Article 6 lett. b) and c) of the GDPR), the Data Controller may disclose your Data to supervisory bodies, judicial authorities as well as to all other entities to which disclosure is mandatory under an express provision of law.
- Nature of Data Provision
The provision of your Data for the purpose outlined in point (a) is mandatory. Your refusal and/or the provision of incorrect and/or incomplete information in relation to point (a) will prevent us from providing you with a response.
- Data dissemination
The Data will not be disseminated.
- Transfer of Data Abroad
The Data will not be transferred outside the European Union. In any event, it is understood that the Data Controller may move the servers outside the EU if necessary. In this case, the Data Controller hereby assures that the transfer of the Data outside the EU will take place in accordance with Articles 44 et seq. of the GDPR and the applicable legal provisions by entering into agreements, if necessary, that guarantee an adequate level of protection.
- Controller and Data Protection Officer (DPO)
The Data Controller is Open Fiber S.p.A., with registered office in Via Certosa 2, 20155, Milan MI, Italy, VAT No. 09320630966. Open Fiber has appointed a Data Protection Officer (DPO) pursuant to Article 37 of the GDPR who can be contacted at the following address: firstname.lastname@example.org.
- Exercise of rights
We inform you, as a Data subject (“Data Subject”), you may exercise the rights provided by the GDPR, namely: a) the right, pursuant to Article 15, to obtain confirmation as to whether or not your Data are being processed and, if so, to obtain access to the Data and to the following information: (i) the purposes of the processing (ii) the categories of Data concerned; (iii) the recipients or categories of recipients to whom the Data have been or will be disclosed, in particular whether third countries or international organisations; (iv) where possible, the expected period of retention of the Data or, if this is not possible, the criteria used to determine this period; v) the existence of the data subject’s right to request from the Controller the rectification or erasure of the Data or the restriction of their processing or to object to their processing; vi) the right to lodge a complaint with a supervisory authority, pursuant to art. 77 et seq. of the GDPR; vii) where the Data are not collected from the Data Subject, all available information on their origin; viii) the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4) of the GDPR, and, at least in such cases, meaningful information on the logic involved, as well as the significance and envisaged consequences of such processing for the Data Subject (ix) the right to be informed of the existence of appropriate safeguards under Article 46 of the GDPR relating to the transfer, if the Data is transferred to a third country or an international organisation; b) the Data Subject may also (where applicable) exercise the rights under Articles. 16-21 of the GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object).
We inform you that Open Fiber is committed to responding to your request within one month at the latest from receipt of the request. This deadline may be extended depending on the complexity or number of requests and Open Fiber will explain the reason for the extension within one month of your request. The outcome of your request may be provided to you in writing either in hard copy or electronically.
- Methods of Exercising Rights
The Data Subject may at any time exercise the above-mentioned rights and request an updated list of data processors by sending a request to the following e-mail addresses: email@example.com or firstname.lastname@example.org.
If you believe that the processing of your data is in breach of the provisions of the Regulation, you have the right to lodge a complaint with the Italian Data Protection Authority [Garante Privacy], as provided for by Article 77 of the Regulation, or to take legal action (Article 79 of the Regulation), following the procedures and instructions published on the official website of the Authority: www.garanteprivacy.it