Operators

PRIVACY NOTICE 

BECOME A PARTNER 

Open Fiber S.p.A., with registered office at Viale dell’Innovazione n. 1 – 20126 Milan, Italy, VAT number 09320630966, as Data Controller (hereinafter referred to as the “Controller”), informs you, pursuant to Article 13 of EU Regulation No. 679/2016 (also referred to as the “General Data Protection Regulation” or “GDPR”), that your personal data (hereinafter “Data” or “the Data”) provided through the above form may be processed according to the methods and for the purposes set out below. 

Purpose and legal basis of processing 

Your Data, including but not limited to personal identification data, contact details, and data related to the R.O.C., will be processed (for the definition of “processing” see Article 4, paragraph 2 of the GDPR) for the following purposes: 

1. a) registration in the “Become a Partner” section of the website www.openfiber.it; b) to allow Open Fiber to provide its sales services; 
2. c) conducting marketing activities, market research, and commercial communication related to the services offered by Open Fiber. Such activities may be carried out by sending advertising, informational, promotional material, or invitations to participate in initiatives, events, and offers, either through “traditional” means (e.g., postal mail and/or operator calls) or through “automated” contact systems (e.g., SMS and/or MMS, messages via social apps like WhatsApp, telephone calls without operator intervention, e-mails, faxes, interactive applications), pursuant to Article 130 paragraphs 1 and 2 of the Italian Privacy Code and subsequent amendments. 

The legal basis for the processing under point a) is Article 6(1)(b) of the GDPR, whereas for the purposes under points b) and c) the legal basis is your consent pursuant to Article 6(1)(a) of the GDPR. 

Data Retention Periods 

The Data concerning you will be retained according to the following criteria: 

• for the purposes referred to in point a), the data will be processed until you notify your request for deletion by writing to privacy@openfiber.it;
• for the purposes referred to in points b) and c), the data will be retained until consent is revoked, which can be done via the specific procedure indicated in Open Fiber’s communications and/or by writing to privacy@openfiber.it. 

Data Processing Methods 

The processing of Data is carried out using electronic tools with appropriate measures to ensure the security and confidentiality of the Data, aimed at preventing unauthorized access, loss, or destruction, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Controller and Processor) of the GDPR. The Data may be processed by authorized internal or external parties who are bound to confidentiality. 

Scope of Data Circulation 

The Data may be processed by third-party companies that perform activities on behalf of the Data Controller, in their capacity as External Data Processors (by way of example and not limited to: credit institutions, professional firms, suppliers/consultants managing and/or participating in the management and/or maintenance of electronic and/or telematic tools used by us, insurance companies for the provision of insurance services, for the time strictly necessary for the optimal execution of such service). Your Data will be accessible only to those within the Company who require it in relation to the performance of their duties or hierarchical position. Such persons will be adequately instructed in order to prevent loss, destruction, unauthorized access, or unlawful processing of the Data. 

Without your explicit consent (pursuant to art. 6 lett. b) and c) of the GDPR), the Data Controller may communicate your Data to supervisory bodies, judicial authorities, as well as to all other subjects to whom communication is mandatory by express provision of law. 

Nature of Data Provision 

The provision of your Data for the purposes indicated in points a) and b) is mandatory. Any refusal and/or provision of inaccurate and/or incomplete information with reference to points a) and b) would prevent, respectively, your registration in the “Become a Partner” section of the website www.openfiber.it and Open Fiber’s ability to provide the requested services. 

The provision of data referred to in point c) is optional. 

Data Disclosure 

Your Data will be shared between the Data Controller and the duly appointed Data Processors for the execution of the activity. 

Data Transfer Abroad 

The Data will not be transferred outside the European Union or the European Economic Area. However, it is understood that the Data Controller, if necessary, may relocate the servers to countries outside the EU. In such cases, the Data Controller hereby ensures that any transfer of Data outside the EU will be carried out in compliance with Articles 44 et seq. of the GDPR and applicable legal provisions, including, where necessary, the execution of agreements that guarantee an adequate level of protection. 

Data Controller and Data Protection Officer 

The Data Controller is Open Fiber S.p.A., a single-member company subject to the direction and coordination of Open Fiber Holdings S.p.A., with registered office at Viale dell’Innovazione n. 1 – 20126 Milan, Italy, VAT number, tax identification number and registration number in the Milan Companies Register 09320630966, contactable via the following e-mail address: privacy@openfiber.it. 

Open Fiber has appointed the Data Protection Officer (DPO) pursuant to Article 37 of  the GDPR, who can be contacted at the following e-mail address: dpo.of@openfiber.it.

Exercise of Rights 

We inform you that, as the Data Subject (“Data Subject”) regarding the processing of your personal data, you have the right to exercise the rights provided for under the GDPR, specifically: a) the right, pursuant to Article 15, to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, to access such data and the following information: i) the purposes of the processing; ii) the categories of personal data concerned; iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients are third countries or international organizations; iv) where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period; v) the existence of the right of the Data Subject to request from the Data Controller rectification or erasure of personal data or restriction of processing or to object to such processing; vi) the right to lodge a complaint with a supervisory authority pursuant to Articles 77 et seq. of the GDPR; vii) where the personal data are not collected from the Data Subject, any available information as to their source; viii) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the Data Subject; ix) the right to be informed about the existence of appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer, where applicable, of personal data to a third country or an international organization. b) The Data Subject shall also have, where applicable, the possibility to exercise the rights set forth in Articles 16-21 of the GDPR (right to rectification, right to erasure, right to restriction of processing, right to data portability, and right to object). We inform you that Open Fiber undertakes to respond to your requests no later than one month from receipt of the request. This time limit may be extended depending on the complexity or number of requests, and Open Fiber will inform you of the reasons for such extension within one month from your request. The outcome of your request may be provided in writing, either on paper or electronically. 

Methods for Exercising Rights 

The Data Subject may exercise the aforementioned rights at any time and request the updated list of Data Processors by submitting a request to the following e-mail addresses: privacy@openfiber.it or dpo.of@openfiber.it. Should you believe that the processing of your personal data violates the provisions of the Regulation, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), as provided for under Article 77 of the GDPR, or to seek judicial remedies pursuant to Article 79 of the GDPR, following the procedures and guidelines published on the Authority’s official website: www.garanteprivacy.it.