Jumbotron Vector

Privacy Policy

Below are the privacy policies related to the processing of personal data carried out by Open Fiber, as the Data controller.

Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966, in its capacity as Data Controller (hereinafter referred to as the “Data Controller” or “Open Fiber”), hereby informs you, pursuant to Article 13 of EU Regulation No. 2016/679 (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”), that your personal data (hereinafter referred to as “Data”) may be processed in the manner and for the purposes outlined below.

Purpose and Legal Basis of Processing

Your personal data—including, but not limited to, name, address, city, postal code, company name and VAT number (or the VAT number of the entity/organisation you represent), telephone number, and email address—will be processed (as defined under Art. 4, paragraph 2 of the GDPR) for the purpose of managing activities related to the fibre cabling of the building for which you serve as Administrator. The legal basis for the processing is the legitimate interest pursuant to Article 6(1)(f) of the GDPR.

Data Retention Periods

The Data concerning you will be retained only for as long as necessary to fulfil the purpose outlined in Article 1.

How Data Are Used

The processing of Data is carried out using both paper and electronic means, with appropriate measures in place to ensure the security and confidentiality of the Data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR. Data may be processed by internal or external individuals who are specifically authorised and bound by a confidentiality obligation.

Scope of Data Circulation

The Data may also be processed by third-party companies that perform activities on behalf of the Data Controller, acting as external Data Processors(for example, credit institutions, professional firms, suppliers or consultants who manage and/or assist in the management or maintenance of the electronic and/or telematic tools we use, insurance companies that provide insurance services, for the time strictly necessary to ensure optimal service performance). Your Data will only be accessible to Open Fiber staff members who require it to perform their roles or duties
. Such personnel will be appropriately instructed to prevent the loss, destruction, unauthorised access, or improper processing of the Data. Without your explicit consent, the Data Controller may disclose your Data to supervisory authorities, judicial bodies, and any other entities to which disclosure is mandatory under the law (pursuant to Art. 6(b) and (c) of the GDPR).

Nature of Provision

The provision of your Data for the purpose outlined in point 1 is mandatory. Refusal to provide such Data, or the provision of inaccurate and/or incomplete information as specified in point 1, would hinder communication between Open Fiber and the apartment blocks involved in the fibre optic cabling project. In any case, you may exercise your right to object to processing by writing to privacy@openfiber.it.

Data Dissemination

Your Data will not be disclosed.

Transfer of Data abroad

Your Data will not be transferred outside the European Union or the European Economic Area. However, the Data Controller reserves the right, if necessary, to relocate servers to countries outside the EU. In such cases, the Data Controller ensures that any transfer of Data outside the EU will be carried out in compliance with Articles 44 and following of the GDPR, as well as other applicable legal provisions, by entering into agreements that guarantee an adequate level of protection, if required.

Data Controller and Data Protection Officer

The Data Controller is Open Fiber S.p.A., – a sole shareholder company, subject to the direction and coordination of Open Fiber Holdings S.p.A. – with its registered office at Largo Guido Donegani 2, 20121 Milan, MI, Italy, VAT number, tax code, and registration with the Milan Register of Companies no. 09320630966, and can be contacted at the following email address privacy@openfiber.it. Open Fiber has appointed a Data Protection Officer (DPO) in accordance with Article 37 of the GDPR, who can be contacted at the following address: dpo.of@openfiber.it

Exercise of rights

We inform you that, as a Data Subject (“Data Subject”), you have the right to exercise your rights under the GDPR, including the following: a)The right, pursuant to Art. 15 of the GDPR, to obtain confirmation as to whether or not Data relating to you are being processed and, if so, to access the Data and the following information (i) the purposes of the processing; (ii) the categories of Data concerned; (iii) the recipients or categories of recipients to whom the Data have been or will be disclosed, particularly if they are in third countries or international organisations;
(iv) where possible, the expected retention period of the Data or, if not possible, the criteria used to determine this period; (v) the existence of the Data Subject’s right to request rectification or erasure of the Data, restriction of its processing, or to object to its processing from the Data Controller; (vi) the right to lodge a complaint with a supervisory authority, pursuant to Art. 77 ff. of the GDPR; (vii) if the Data were not collected from the Data Subject, any available information about their source; (viii) the existence of automated decision-making processes, including profiling, as referred to in Art. 22(1) and (4) of the GDPR, and, at least in such cases, meaningful information about the logic involved, as well as the significance and potential consequences of such processing for the Data Subject; (ix) the right to be informed of the existence of appropriate safeguards as defined in Article 46 of the GDPR regarding the transfer of Data, if they are transferred to a third country or international organisation; b) The Data Subject shall also have the right (where applicable) to exercise their rights under Articles 16-21 of the GDPR, including the Right to rectification, the Right to be forgotten, the Right to restriction of processing, the Right to data portability, and the Right to object. We inform you that Open Fiber is committed to responding to your request no later than one month from the date of its receipt. This deadline may be extended depending on the complexity or number of requests, and Open Fiber will inform you of the reason for any extension within one month of your request. The outcome of your request may be provided to you in writing, either in hard copy or in electronic form.

Methods of Exercising Rights

The Data Subject may exercise the aforementioned rights at any time and request an updated list of Data Processors by submitting a request to the following email addresses: privacy@openfiber.it or dpo.of@openfiber.it

If you believe that the processing of your Data violates the provisions of the Regulation, you have the right to lodge a complaint with the Data Protection Authority, as provided under Article 77 of the Regulation, or to seek judicial remedy pursuant to Article 79 of the Regulation, following the procedures and instructions published on the Authority’s official website: www.garanteprivacy.it

Download the privacy policy in pdf format

Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966, in its capacity as Data Controller (hereinafter referred to as the “Data Controller” or “Open Fiber”), hereby informs you, pursuant to Articles 13 and 14 of EU Regulation No. 2016/679 (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”), that your personal data (hereinafter referred to as “Data”) may be processed in the manner and for the purposes outlined below.

Purpose and Legal Basis of Processing

Your Data—including, but not limited to, personal information, address, city, postal code, telephone number, and email address—will be processed (as defined in Article 4, paragraph 2 of the GDPR) for the purpose of telemarketing. Specifically, this processing aims to present you with the opportunity to activate internet services via the Open Fiber infrastructure through telecommunications operators. The legal basis for the processing is your consent, in accordance with Article 6(1)(a) of the GDPR.
Your Data was provided to Open Fiber by AdSalsa Italia Publicidad Sucursal s.l.u., which collected it in its private Database based on the specific consent you previously granted.

Data Retention Periods

The Data concerning you will be retained only for as long as necessary to fulfil the purpose outlined in Article 1 and, in any case, will be deleted by the Data Controller no later than 6 months from the commencement of the activity.

How Data Are Used

The processing of Data is carried out using electronic means, with appropriate measures in place to ensure the security and confidentiality of the Data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR. Data may be processed by internal or external individuals who are specifically authorised and bound by a confidentiality obligation.

Scope of Data Circulation

The Data will also be disclosed to third-party companies acting on behalf of the Data Controller in their capacity as Data Processors(such as, but not limited to, call centre agencies and list providers), for the time strictly necessary to ensure the optimal performance of their activities. The call centre agency may make “silent” phone calls in accordance with applicable legislation and the provisions issued by the Data Protection Authority (refer to the General Measure of 20 February 2014). Your Data will be accessible only to those within Open Fiber who have been specifically authorised and identified based on their role and responsibilities. Such personnel will be appropriately instructed to prevent the loss, destruction, unauthorised access, or improper processing of the Data. Without your explicit consent, the Data Controller may disclose your Data to supervisory authorities, judicial bodies, and any other entities to which disclosure is mandatory under the law (pursuant to Art. 6(b) and (c) of the GDPR).

Nature of Provision

The provision of your Data for the purpose outlined in point 1 is optional. Refusal to provide such Data, or the provision of inaccurate and/or incomplete information as specified in point 1, would hinder communication between Open Fiber and the users involved in telemarketing activities. In any case, you may exercise your right to object to processing by writing to privacy@openfiber.it

Data Dissemination

Your Data will be shared between the Data Controller and the Data Processors duly appointed to carry out the activities.

Transfer of Data abroad

Your Data will not be transferred outside the European Union or the European Economic Area. However, the Data Controller reserves the right, if necessary, to relocate servers to countries outside the EU. In such cases, the Data Controller ensures that any transfer of Data outside the EU will be carried out in compliance with Articles 44 and following of the GDPR, as well as other applicable legal provisions, by entering into agreements that guarantee an adequate level of protection, if required.

Data Controller and Data Protection Officer

The Data Controller is Open Fiber S.p.A., – a sole shareholder company, subject to the direction and coordination of Open Fiber Holdings S.p.A. – with its registered office at Largo Guido Donegani 2, 20121 Milan, MI, Italy, VAT number, tax code, and registration with the Milan Register of Companies no. 09320630966, and can be contacted at the following email address: privacy@openfiber.it

Open Fiber has appointed a Data Protection Officer (DPO) in accordance to Article 37 of the GDPR, who can be contacted at the following address: dpo.of@openfiber.it

Exercise of Rights

We inform you that you, as a Data Subject (“Data Subject”), have the possibility to exercise the rights provided by the GDPR, namely: a) the right, pursuant to Art. 15, to obtain confirmation as to whether or not Data relating to you is being processed and, if so, to obtain access to the Data and the following information:
(i) the purposes of the processing (ii) the categories of Data concerned; (iii) the recipients or categories of recipients to whom the Data have been or will be disclosed, in particular whether third countries or international organisations; (iv) where possible, the expected period of retention of the Data or, if this is not possible, the criteria used to determine this period v)the existence of the Data Subject’s right to request from the Data Controller the rectification or erasure of the Data or the restriction of the processing to object to its processing; vi) the right to lodge a complaint with a supervisory authority, pursuant to Art. 77 ff. of the GDPR; vii) where the Data are not collected from the Data Subject, all available information on their origin; viii) the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4) of the GDPR, and, at least in such cases, meaningful information on the logic used, as well as the importance and expected consequences of such processing for the Data Subject (ix) the right to be informed of the existence of adequate safeguards within the meaning of Article 46 of the GDPR relating to the transfer, if the Data is transferred to a third country or international organisation.
The Data Subject shall also (where applicable) have the possibility to exercise the rights under Articles 16-21 of the GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to Data portability, right to object). We inform you that Open Fiber is committed to responding to your request no later than one month from the date of its receipt. This deadline may be extended depending on the complexity or number of requests, and Open Fiber will
inform you of the reason for any extension within one month of your request. The outcome of your request may be provided to you in writing, either in hard copy or in electronic form.

Methods of Exercising Rights

The Data Subject may exercise the aforementioned rights at any time and request an updated list of Data Processors by submitting a request to the following email addresses: 

privacy@openfiber.it or dpo.of@openfiber.it

If you believe that the processing of your Data violates the provisions of the Regulation, you have the right to lodge a complaint with the Data Protection Authority, as provided under Article 77 of the Regulation, or to seek judicial remedy pursuant to Article 79 of the Regulation, following the procedures and instructions published on the Authority’s official website: www.garanteprivacy.it

Download the privacy policy in pdf format

Open Fiber S.p.A., with its registered office at Largo Guido Donegani 2, 20121 Milan, MI, Italy, VAT No. 09320630966, in its capacity as the Data Controller of its employees’ personal data (hereinafter referred to as the “Data Controller”), hereby informs you, pursuant to Article 13 of EU Regulation No. 679/2016 (hereinafter the “General Data Protection Regulation” or “GDPR”), that your personal data (hereinafter referred to as “Data”) related to, connected with, and/or necessary for your employment relationship may be processed in the manner and for the purposes outlined below.

Purpose and Legal Basis for Processing 

Your Data will be processed (as defined in Article 4, paragraph 2 of the GDPR) for the following purposes: 

  1. a) The establishment, management, and termination of the employment relationship with our Company;
  2. b) The processing and payment of remuneration, as well as the handling of all related administrative and accounting tasks; 
  3. c) Compliance with legal, regulatory, and legislative obligations applicable to the employment relationship, including obligations towards tax authorities and social security and welfare agencies; 
  4. d) The provision of training courses (both mandatory training required by law and any non-compulsory training courses);
  5. e) Ensuring health and safety; 
  6. f) Monitoring employees’ expenses (e.g., travel, telephone services, vehicles); 
  7. g) The use of work tools; 
  8. h) Access control. 

The legal basis for the processing is identified, for example, in the establishment, execution, and potential termination of the employment contract between you and the Company, as well as in the obligations directly and/or indirectly arising from or related to that contract. 

Personal Data Subject to Processing 

In particular, the Data in question includes: 

– Your name, address, or other personal identifiers, as well as information concerning your family members, social security details, educational and employment history, and possibly your bank account details (common Data), along with videos and photographs. 

The Data Controller may also process “special categories of personal data” as defined in Article 9 of the GDPR and Data relating to “criminal convictions and offences” as defined in Article 10 of the GDPR for the purposes outlined above. Regarding personal data, photos, and videos processed for video surveillance purposes, all Data Subjects can consult the extended privacy notice available on the notice boards at the reception of the company offices and via the following link: https://openfiber.it/privacy-policy/   

Special Categories of Personal Data and Data Relating to Criminal Convictions or Offences 

Other Data referred to in Article 9 of the GDPR may be processed, specifically Data that can reveal:

  • Health status (e.g. documentation of disability for the purposes of  
  • mandatory employment; sickness, maternity, or accident certificates for documenting work absences; Data regarding inability to work for assignment to specific tasks or to apply particular work-related prescriptions; Data on inability to work for family allowance purposes); 
  • Membership in a trade union, association, or union-like organisation (for example, when requesting salary deductions for the payment of membership fees); – Racial and ethnic origin; 
  • Religious beliefs (e.g. in cases of leave and/or religious holidays other than Catholic holidays, in accordance with applicable legislation), as well as philosophical or other beliefs.

Data revealing any criminal convictions and ongoing criminal proceedings may also be processed in accordance with Presidential Decree (D.P.R.) 14 November 2002, No. 313, as amended and supplemented. (‘Testo unico delle disposizioni legislative e regolamentari in materia di casellario giudiziale, di anagrafe delle sanzioni amministrative dipendenti da reato e dei relativi carichi pendenti (Testo A)’); such Data will be processed in compliance with the principles set out in Article 10 of the GDPR. 

The aforementioned Data will be processed by personnel who require it for the performance of their duties or based on their hierarchical position within the relevant organisational unit, and in any case, solely for the purposes outlined in paragraph 1 of this information notice. 

Data Retention Periods 

The Data provided will be retained for the entire duration of your employment relationship with our Company and, subsequently, for the period required by applicable laws and regulations. Certain types of Data related to the employment relationship may be retained for as long as necessary to protect Open Fiber’s legal defence needs in court, to respond to requests for information from social security agencies, or to meet requests from authorities and/or judicial police for investigative purposes. 

How Data Are Used 

The processing of Data is carried out using both paper and electronic means, with appropriate measures in place to ensure the security and confidentiality of the Data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR. Data may be processed by internal or external individuals who are specifically authorised and bound by a confidentiality obligation.  

Scope of Data Circulation 

The Data may also be processed by third-party companies that perform activities on behalf of the Data Controller, acting as External Data Processors(for example, credit institutions, professional firms, suppliers or consultants who manage and/or assist in the management or maintenance of the electronic and/or telematic tools we use, insurance companies that provide insurance services, for the time strictly necessary to ensure optimal service performance).  Your Data will only be accessible to staff members of the Company who require it to perform their roles or duties within the organisation. Such personnel will be appropriately instructed to prevent the loss, destruction, unauthorised access, or improper processing of the Data. 

Without your explicit consent, the Data Controller may disclose your Data to supervisory authorities, judicial bodies, and any other entities to which disclosure is mandatory under the law (pursuant to Art. 6(b) and (c) of the GDPR).  

Nature of Provision 

The provision of Data is mandatory for the performance of the activities outlined in paragraph 1 above,  

Purposes and Legal Basis of Processing, 

letters a), b), c), d), and e). Any refusal to provide such Data will prevent us from properly managing the employment relationship and fulfilling our legal and/or contractual obligations to you. 

Please note that for the processing of Data as described above, your consent is not required, as the processing is necessary to comply with legal obligations and/or those arising from the employment contract to which you are a party. Consent is also not required from the Data Subject or their relatives by virtue of applicable law and the current authorisation of the Data Protection Authority for the processing of sensitive Data in private employment relationships. Under these provisions, the processing of special categories of Data, including health-related Data, as well as their communication and disclosure within the limits of the authorisation, is permitted without the written consent of the Data Subject, in order to fulfil legal and regulatory obligations related to the management of the employment relationship. Similarly, consent is not required for the processing of judicial Data, in accordance with the law and the current authorisation of the Data Protection Authority for the processing of judicial Data by private entities, public economic bodies, and public authorities. 

Data Dissemination 

Your Data will not be disclosed to any unspecified persons. 

Transfer of Data abroad 

Data will not be transferred outside the European Union. However, the Data Controller reserves the right, if necessary, to relocate  servers to countries outside the EU. In such cases, the Data Controller ensures that any transfer of Data outside the EU will be carried out in compliance with Articles 44 and following of the GDPR, as well as other applicable legal provisions, by entering into agreements that guarantee an adequate level of protection, if required. 

Video Surveillance 

Pursuant to Article 3.1 of the General Provision on Video Surveillance issued by the Data Protection Authority on 29 April 2004 and the General Provision on Video Surveillance of 8 April 2010, we inform you that a video surveillance system is in operation for the purpose of monitoring access and areas subject to potential risks.  As this system involves automatic and generalised recording, individuals entering video-surveilled areas cannot avoid being filmed. The sole purpose of this surveillance is to ensure the safety of staff and third parties, protect the company’s assets, and assist in identifying perpetrators of offences, thereby facilitating the protection of violated rights in the event of unlawful actions. Through the above-mentioned video surveillance system, Data concerning you, in the form of your images, may also be processed. We inform you that the processing of Data collected via the cameras is conducted in accordance with the provisions of the above-mentioned General Provisions on video surveillance. 

The Data collected will not be disclosed or shared and will be retained only for as long as is strictly necessary to achieve the aforementioned purposes, in compliance with applicable laws and regulations.

Data Controller and Data Protection Officer 

With registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966 – Open Fiber has appointed a Data Protection Officer (DPO or Data Protection Officer) pursuant to Article 37 of the GDPR who may be contacted, for matters concerning the processing of your Data, at the following address:  dpo.of@openfiber.it

Exercise of Rights 

As a Data Subject, we inform you that you may exercise the following rights under the GDPR: 

  1. a) The right, pursuant to Article 15 of the GDPR, to obtain confirmation as to whether or not Data concerning you is being processed and, if so, to access the Data and the following information: i) The purposes of the processing; ii) The categories of Data concerned; iii) The recipients or categories of recipients to whom the Data has been or will be disclosed, particularly if these recipients are in third countries or international organisations; iv) Where possible, the expected retention period of the Data or, if not possible, the criteria used to determine this period; v) The existence of the Data Subject’s right to request rectification or erasure of the Data from the Data Controller, restriction of its processing, or objection to its processing; vi) The right to lodge a complaint with a supervisory authority, pursuant to Articles 77 and following of the GDPR; vii) Where the Data was not collected directly from the Data Subject, all available information about its source; viii) The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and meaningful information about the logic involved, as well as the significance and expected consequences of such processing for the Data Subject; ix) The right to be informed of the existence of adequate safeguards, pursuant to Article 46 of the GDPR, concerning the transfer of Data, if the Data is transferred to a third country or international organisation. 
  2. b) The Data Subject shall also have the right (where applicable) to exercise their rights under Articles 16-21 of the GDPR, including the Right to rectification, the Right to be forgotten, the Right to restriction of processing, the Right to Data portability, and the Right to object. 

We inform you that our Company is committed to responding to your request no later than one month from the date of its receipt. This deadline may be extended depending on the complexity or number of requests, and the Company will inform you of the reason for any extension within one month of your request. The outcome of your request may be provided to you in writing, either in hard copy or in electronic form. 

Methods of Exercising Rights  

The Data Subject may at any time exercise the aforementioned rights and the updated list of Data Processors by sending a request to the following e-mail addresses: privacy@openfiber.it or dpo.of@opefiber.it

Download the privacy policy in pdf format

Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966, in its capacity as Data Controller (hereinafter referred to as “Data Controller” or “Open Fiber”), hereby informs you, pursuant to Article 13 of EU Regulation No. 679/2016 (hereinafter the “General Data Protection Regulation”or“GDPR”)

that the personal data you provided through the above form may be processed in the manner and for the purposes outlined below.
Where applicable, it is necessary for each recipient of this information notice to share its contents with their employees, collaborators, and contractors whose Data will be processed as part of the contractual relationship with Open Fiber.

Purpose and Legal Basis of Processing

The personal data to be processed include: (i) personal information; (ii) Curriculum Vitae; (iii) contact details; and, where applicable, (iv) Data relating to criminal convictions and offences, or Data relevant for the purposes of the Declaration in lieu of Anti-Mafia Certification.
personal data will be processed for the following purposes: negotiation, signing and performance of the commercial agreement.
The legal basis for the processing is:
– The execution of the contract and related pre-contractual measures, pursuant to Article 6(1)(b) of the GDPR; – The authorisation provided by an internal regulation concerning personal data related to criminal convictions and offences, in accordance with Article 10 of the GDPR.

Data Retention Periods

The Data concerning you will be stored according to the following criteria: 

  • For a period not exceeding 10 years from the end of the contractual relationship;
  • For a period not exceeding the time necessary to fulfil regulatory obligations. 

How Data Are Used

The processing of Data is carried out using paper-based and digital media, and electronic tools, with appropriate measures in place to ensure the security and confidentiality of the Data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR. Data may be processed by internal or external individuals who are specifically authorised and bound by a confidentiality obligation.

Scope of Data Circulation

The Data may be processed by third-party companies that perform activities on behalf of the Data Controller, acting as Data Processors(for example, credit institutions, professional firms, suppliers or consultants who manage and/or assist in the management or maintenance of the electronic and/or telematic tools we use, insurance companies that provide insurance services, for the time strictly necessary to ensure optimal service performance). Your Data will only be accessible to staff members of the Company who require it to perform their roles or duties within the organisation. Such personnel will be appropriately instructed to prevent the loss, destruction, unauthorised access, or improper processing of the Data.
Without your explicit consent, the Data Controller may disclose your Data to supervisory authorities, judicial bodies, and any other entities to which disclosure is mandatory under the law (pursuant to Art. 6(b) and (c) of the GDPR).

Nature of Provision

The provision of your Data for the purpose outlined above is mandatory. Refusal to provide such Data, or the provision of inaccurate and/or incomplete information would prevent the performance of the Contract.

Data Dissemination

Your Data will not be disclosed to any unspecified persons.

Transfer of Data abroad

Data will not be transferred outside the European Economic Area. However, the Data Controller reserves the right, if necessary, to relocate servers to countries outside this area. In such cases, the Data Controller ensures that any transfer of Data will be carried out in compliance with Articles 44 and following of the GDPR, as well as other applicable legal provisions, by entering into agreements that guarantee an adequate level of protection, if required.

Data Controller and Data Protection Officer

The Data Controller is Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121, MI Milan, Italy, VAT No. 09320630966, and can be contacted at the following email address: privacy@openfiber.it

Open Fiber has appointed a Data Protection Officer (DPO) in accordance with Article 37 of the GDPR, who can be contacted at the following address: dpo.of@openfiber.it

Exercise of Rights

We inform you that you, as a Data Subject (“Data Subject”), have the possibility to exercise the rights provided by the GDPR, namely:
a. the right, pursuant to Art. 15, to obtain confirmation as to whether or not Data relating to you is being processed and, if so, to obtain access to the Data and the following information: (i) the purposes of the processing (ii) the categories of Data concerned; (iii) the recipients or categories of recipients to whom the Data have been or will be disclosed, in particular whether third countries or international organisations; (iv) where possible, the expected Data retention period or, if this is not possible, the criteria used to determine that period v) the existence of the Data Subject’s right to request from the Controller the rectification or erasure of the Data or the restriction of the processing or to object to its processing; vi) the right to lodge a complaint with a supervisory authority, pursuant to Art. 77 ff. of the GDPR; vii) where the Data are not collected from the Data Subject, all available information on their origin; viii) the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4) of the GDPR, and, at least in such cases, meaningful information on the logic used, as well as the importance and the expected consequences of such processing for the Data Subject (ix) the right to be informed of the existence of adequate safeguards within the meaning of Article 46 of the GDPR relating to the transfer, if the Data are transferred to a third country or international organisation;
b. the Data Subject shall also (where applicable) have the possibility to exercise the rights set out in Articles 16-21 of the GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to Data portability, right to object).
We inform you that the Data Controller is committed to responding to your request no later than one month from the date of its receipt. This deadline may be extended depending on the complexity or number of requests, and the Company will inform you of the reason for any extension within one month of your request. The outcome of your request may be provided to you in writing, either in hard copy or in electronic form.

Methods of Exercising Rights

The Data Subject may exercise the aforementioned rights at any time and request an updated list of Data Processors by submitting a request to the following email addresses: privacy@openfiber.it or dpo.of@openfiber.it

If you believe that the processing of your Data violates the provisions of the Regulation, you have the right to lodge a complaint with the Data Protection Authority, as provided under Article 77 of the Regulation, or to seek judicial remedy pursuant to Article 79 of the Regulation, following the procedures and instructions published on the Authority’s official website: www.garanteprivacy.it.

Download the privacy policy in pdf format

Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966, in its capacity as Data Controller (hereinafter referred to as the “Data Controller”), hereby informs you, pursuant to Article 13 of EU Regulation No. 679/2016 (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”), that your personal data (hereinafter referred to as “Data”) provided by e-mail or business card may be processed in the manner and for the purposes outlined below.

Purpose and Legal Basis of Processing

Your contact Data—including, but not limited to, name, address, city, postal code, company name and VAT number (or the VAT number of the entity/organisation you represent), telephone number, and email address—will be processed (as defined under Art. 4, paragraph 2 of the GDPR) within the scope of business relations for the following purpose:

  1. a) Business communications by e-mail or telephone

The legal basis for the processing under a) is the legitimate interest pursuant to Article 6(1)(f) of the GDPR.

Data Retention Periods

The Data concerning you will be retained until you request its deletion using the appropriate method provided in emails sent by Open Fiber, or by contacting privacy@openfiber.it. In any case, your Data will be kept only as long as it is necessary for business purposes.

How Data Are Used

The processing of Data is carried out using both paper and electronic means, with appropriate measures in place to ensure the security and confidentiality of the Data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR. Data may be processed by internal or external individuals who are specifically authorised and bound by a confidentiality obligation.

Scope of Data Circulation

The Data may also be processed by third-party companies that perform activities on behalf of the Data Controller, acting as External Data Processors(for example,  credit institutions, professional firms, suppliers or consultants who manage and/or assist in the management or maintenance of the electronic and/or telematic tools we use, insurance companies that provide insurance services, for the time strictly necessary to ensure optimal service performance). Your Data will only be accessible to Open Fiber staff members who require it to perform their roles or duties. Such personnel will be appropriately instructed to prevent the loss, destruction, unauthorised access, or improper processing of the Data. Without your explicit consent, the Data Controller may disclose your Data to supervisory authorities, judicial bodies, and any other entities to which disclosure is mandatory under the law (pursuant to Art. 6(b) and (c) of the GDPR).

Nature of Provision

The provision of your Data for the purpose outlined in point (a) is mandatory. Refusal to provide such Data, or the provision of inaccurate and/or incomplete information as specified in point (a) would hinder business-to-business communication.

Data Dissemination

Your Data will not be disclosed.

Transfer of Data abroad

Your Data will not be transferred outside the European Union or the European Economic Area. However, the Data Controller reserves the right, if necessary, to relocate servers to countries outside the EU. In such cases, the Data Controller ensures that any transfer of Data outside the EU will be carried out in compliance with Articles 44 and following of the GDPR, as well as other applicable legal provisions, by entering into agreements that guarantee an adequate level of protection, if required.

  • Data Controller and Data Protection Officer

The Data Controller is Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966, and can be contacted at the following email address: privacy@openfiber.it.  Open Fiber has appointed a Data Protection Officer (DPO) in accordance with Article 37 of the GDPR, who can be contacted at the following address: dpo.of@openfiber.it.

  • Exercise of Rights

We inform you that, as a Data Subject (“Data Subject”), you have the right to exercise your rights under the GDPR, including the following: a)The right, pursuant to Art. 15 of the GDPR, to obtain confirmation as to whether or not Data relating to you are being processed and, if so, to access the Data and the following information (i) the purposes of the processing; (ii) the categories of Data concerned; (iii) the recipients or categories of recipients to whom the Data have been or will be disclosed, particularly if they are in third countries or international organisations;
(iv) where possible, the expected retention period of the Data or, if not possible, the criteria used to determine this period; (v) the existence of the Data Subject’s right to request rectification or erasure of the Data, restriction of its processing, or to object to its processing from the Data Controller; (vi) the right to lodge a complaint with a supervisory authority, pursuant to Art. 77 ff. of the GDPR; (vii) if the Data were not collected from the Data Subject, any available information about their source; (viii) the existence of automated decision-making processes, including profiling, as referred to in Art. 22(1) and (4) of the GDPR, and, at least in such cases, meaningful information about the logic involved, as well as the significance and potential consequences of such processing for the Data Subject; (ix) the right to be informed of the existence of appropriate safeguards as defined in Article 46 of the GDPR regarding the transfer of Data, if they are transferred to a third country or international organisation; b) The Data Subject shall also have the right (where applicable) to exercise their rights under Articles 16-21 of the GDPR, including the Right to rectification, the Right to be forgotten, the Right to restriction of processing, the Right to Data portability, and the Right to object. We inform you that Open Fiber is committed to responding to your request no later than one month from the date of its receipt. This deadline may be extended depending on the complexity or number of requests, and Open Fiber will inform you of the reason for any extension within one month of your request. The outcome of your request may be provided to you in writing, either in hard copy or in electronic form.

Methods of Exercising Rights

The Data Subject may at any time exercise the aforementioned rights and request an updated list of Data Processors by sending a request to the following e-mail addresses: privacy@openfiber.it or dpo.of@openfiber.it.

If you believe that the processing of your Data violates the provisions of the Regulation, you have the right to lodge a complaint with the Data Protection Authority, as provided under Article 77 of the Regulation, or to seek judicial remedy pursuant to Article 79 of the Regulation, following the procedures and instructions published on the Authority’s official website: www.garanteprivacy.it

Download the privacy policy in pdf format

Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966, in its capacity as Data Controller (hereinafter referred to as the “Data Controller”), hereby informs you, pursuant to Article 13 of EU Regulation No. 2016/679 (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”), that your personal data (hereinafter referred to as “Data”) may be processed in the manner and for the purposes outlined below.

Purpose and Legal Basis of Processing 

Your Data, including but not limited to personal information, contact details, Data related to the geographical location of your company’s registered office or the company you represent, language preferences, and company name, will be processed (as defined in Article 4, paragraph 2 of the GDPR) for the following purposes:

  • Damage claim management; 
  • Compliance with legal and regulatory obligations, and, more generally, with applicable legislation from time to time.

The legal basis of the processing is as follows:

  • Article 9(2)(b) of the GDPR, which allows processing necessary for the exercise of the Data Controller’s rights in the field of social security and social protection.
  • Article 6(1)(f) of the GDPR, which establishes the legitimate interest in processing the Data to respond to damage claims. In light of this legal basis, you may exercise your right to object at any time by writing to privacy@openfiber.it

Data Retention Periods 

The Data concerning you will be stored according to the following criteria:

  • For a period not exceeding ten years;
  • For a period not exceeding the time necessary to fulfil regulatory obligations.

How Data Are Used

The processing of Data is carried out using both paper and electronic means, with appropriate measures in place to ensure the security and confidentiality of the Data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR. Data may be processed by internal or external individuals who are specifically authorised and bound by a confidentiality obligation.  

Scope of Data Circulation 

The Data may be processed by third-party companies that perform activities on behalf of the Data Controller, acting as Data Processors (for example, credit institutions, professional firms, suppliers or consultants who manage and/or assist in the management or maintenance of the electronic and/or telematic tools we use, insurance companies that provide insurance services, for the time strictly necessary to ensure optimal service performance). Your Data will only be accessible to staff members of the Company who require it to perform their roles or duties within the organisation. Such personnel will be appropriately instructed to prevent the loss, destruction, unauthorised access, or improper processing of the Data.  

Without your explicit consent, the Data Controller may disclose your Data to the insurance company (as an independent Data Controller) as well as to supervisory authorities, judicial bodies, and any other entities to which disclosure is mandatory under the law (pursuant to Art. 6(b) and (c) of the GDPR). 

Nature of Provision 

The provision of your Data for the purpose outlined above is mandatory. Refusal to provide such Data, or the provision of inaccurate and/or incomplete information would prevent the performance of the activity aimed at verifying the entitlement to compensation. 

Data Dissemination 

Your Data will not be disclosed to any unspecified persons. 

Transfer of Data abroad 

Data will not be transferred outside the European Economic Area.  However, the Data Controller reserves the right, if necessary, to relocate servers to countries outside the EU.

In such cases, the Data Controller ensures that any transfer of Data outside the EU will be carried out in compliance with Articles 44 and following of the GDPR, as well as other applicable legal provisions, by entering into agreements that guarantee an adequate level of protection, if required.

Data Controller and Data Protection Officer

The Data Controller is Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966. 

Open Fiber appointed a Data Protection Officer ( Data Protection Officer or DPO) pursuant to Article 37 of the GDPR, who can be contacted at the following address:  dpo.of@openfiber.it

Exercise of Rights 

As a Data Subject, we inform you that you may exercise your rights under the GDPR: 

  • a) The right, pursuant to Article 15 of the GDPR, to obtain confirmation as to whether or not Data concerning you is being processed and, if so, to access the Data and the following information: i) The purposes of the processing; ii) The categories of Data concerned; iii) The recipients or categories of recipients to whom the Data has been or will be disclosed, particularly if these recipients are in third countries or international organisations; iv) Where possible, the expected retention period of the Data or, if not possible, the criteria used to determine this period; v) The existence of the Data Subject’s right to request rectification or erasure of the Data from the Data Controller, restriction of its processing, or objection to its processing; vi) The right to lodge a complaint with a supervisory authority, pursuant to Articles 77 and following of the GDPR; vii) Where the Data was not collected directly from the Data Subject, all available information about its source; viii) The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and meaningful information about the logic involved, as well as the significance and expected consequences of such processing for the Data Subject; ix) The right to be informed of the existence of adequate safeguards, pursuant to Article 46 of the GDPR, concerning the transfer of Data, if the Data is transferred to a third country or international organisation. 
  • b) The Data Subject shall also have the right (where applicable) to exercise their rights under Articles 16-21 of the GDPR, including the Right to rectification, the Right to be forgotten, the Right to restriction of processing, the Right to Data portability, and the Right to object. 

We inform you that our Company is committed to responding to your request no later than one month from the date of its receipt. This deadline may be extended depending on the complexity or number of requests, and the Company will inform you of the reason for any extension within one month of your request. The outcome of your request may be provided to you in writing, either in hard copy or in electronic form. If you believe that the processing of your Data violates the provisions of the Regulation, you have the right to lodge a complaint with the Data Protection Authority, as provided under Article 77 of the Regulation, or to seek judicial remedy pursuant to Article 79 of the Regulation, following the procedures and instructions published on the Authority’s official website: www.garanteprivacy.it. 

Methods of Exercising Rights  

The Data Subject may at any time exercise the aforementioned rights and request an updated list of Data Processors by sending a request to the following e-mail addresses: 

privacy@openfiber.it or dpo.of@opefiber.it

Download the privacy policy in pdf format

Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966, in its capacity as Data Controller (hereinafter referred to as “Open Fiber” and/or the “Data Controller”), hereby informs you, pursuant to Article 13 of EU Regulation No. 679/2016 (hereinafter referred to as the “Regulation” or “GDPR”), that your personal data (hereinafter referred to as “Data”) provided by means of the above form may be processed in the manner and for the purposes outlined below.

Purpose and Legal Basis of Processing

Your Data, including but not limited to personal information, contact details, address, city, postal code, company name, VAT number of your company or the company you represent, and the VAT number of the entity or organisation you represent, will be processed (as defined in Article 4, paragraph 2 of the GDPR) for the following purposes:

  • To provide you with feedback regarding your expression of interest in the installation of the optical socket;
  • To carry out the installation and maintenance of the optical socket;
  • To conduct statistical analysis, evaluate customer experience, and manage potential disputes;
  • With your consent, to carry out marketing activities, market research, and commercial communications related to Open Fiber’s activities. These activities may involve the sending of advertising, informational, and promotional material, as well as invitations to participate in initiatives, events, and offers. This can be done through traditional methods (such as paper mail and/or calls from call centre operators) or through automated systems (such as SMS and/or MMS, social media messages, WhatsApp, automated phone calls, email, fax, or interactive applications), in accordance with Article 130, paragraphs 1 and 2, of Legislative Decree No. 196 of 30 June 2003, as amended;
  • With your consent, to transfer personal data to third parties, acting as independent Data controllers, for marketing, market research, commercial communication, and direct sales related to their products and/or services.

The legal basis for processing points (a), (b), and (c) is the legitimate interest, as defined in Article 6(1)(f) of the GDPR. For the purposes outlined in points (d) and (e), the legal basis is your consent, pursuant to Article 6(1)(a) of the GDPR.

Data Retention Periods

The Data concerning you will be stored according to the following criteria:

  • For the purpose referred to in point (a), and in the event that the address can be connected according to an undetermined timeline, the Data will be retained until your request for information has been fully processed or until you submit a request for deletion, using the specific method provided in emails sent by Open Fiber or by sending a communication to the following address 
  • privacy@openfiber.it. If, however, the address cannot be connected in the future, the Data will be deleted within 6 months of your request.
  • For the purpose outlined in point (b), the Data will be retained for as long as the optical socket remains installed at your premises;
  • For the purpose outlined in point (c), the Data will be retained until you submit a request for deletion using the appropriate method provided in emails sent by Open Fiber, or by sending a communication to privacy@openfiber.it;
  • For the purposes outlined in points (d) and (e), the Data will be retained until you revoke your consent, which can be done by using the appropriate method provided in Open Fiber communications or by sending a communication to privacy@openfiber.it;
  • In any case, the Data will be retained no longer than the period necessary to comply with regulatory obligations.

How Data Are Used

The processing of Data is carried out using paper and/or electronic means, with appropriate measures in place to ensure the security and confidentiality of the Data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR. The Data may be processed by individuals, both internal and external to Open Fiber, who are specifically authorised and obligated to comply with confidentiality requirements.

Scope of Data Circulation

The Data may also be processed by third-party companies that perform activities on behalf of the Data Controller, acting as External Data Processors (for example, credit institutions, professional firms, suppliers or consultants who manage and/or assist in the management or maintenance of the electronic and/or telematic tools use by Open Fiber, insurance companies that provide insurance services, for the time strictly necessary to ensure optimal service performance). Furthermore, your Data will only be accessible to Open Fiber staff members who require it to perform their roles or duties. Anyway, such personnel will be appropriately instructed to prevent the loss, destruction, unauthorised access, or improper processing of the Data. Without your explicit consent, the Data Controller may disclose your Data to supervisory authorities, judicial bodies, and any other entities to which disclosure is mandatory under the law (pursuant to Art. 6(b) and (c) of the GDPR).

  1. Nature of Provision

The disclosure of your Data for the purpose outlined in point (a) is mandatory. Refusal to provide such Data, or the provision of inaccurate and/or incomplete information would prevent us from responding to your expression of interest.

Data Dissemination

Your Data will not be disclosed.

Transfer of Data abroad

Your Data will not be transferred outside the European Union or the European Economic Area. However, the Data Controller reserves the right, if necessary, to relocate its servers to countries outside the EU. In such cases, the Data Controller ensures that any transfer of Data outside the EU will be carried out in compliance with Articles 44 and following of the GDPR, as well as other applicable legal provisions, by entering into agreements that guarantee an adequate level of Data protection, if required.

Data Controller and Data Protection Officer

The Data Controller is Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966, and can be contacted at the following e-mail address: privacy@openfiber.it.

Open Fiber has appointed a Data Protection Officer (DPO) in accordance with Article o 37 of the GDPR, who can be contacted at the following e-mail address: dpo.of@openfiber.it

Exercise of Rights

We inform you that, as a Data Subject (hereinafter “Data Subject”), you have the right to exercise the following rights under the GDPR: a) The right, pursuant to Article 15, to obtain confirmation as to whether or not Data concerning you is being processed and, if so, to access the Data and receive the following information: i) The purposes of the processing; ii) The categories of Data Subject to processing; iii) The recipients or categories of recipients to whom the Data has been or will be disclosed, particularly if located in third countries or international organisations; iv) Where possible, the expected retention period of the Data, or, if not possible, the criteria used to determine this period; v) The right to request from the Data Controller the rectification or erasure of the Data, the restriction of its processing, or to object to its processing; vi) The right to lodge a complaint with a supervisory authority, pursuant to Article 77 and following of the GDPR; vii) If the Data was not collected from the Data Subject, the right to obtain all available information about the origin of the Data; viii) The right to be informed of the existence of any automated decision-making process, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and in such cases, the right to obtain information on the logic involved, as well as the consequences of such processing for the Data Subject; ix) The right to be informed of the existence of adequate safeguards pursuant to Article 46 of the GDPR in relation to the transfer of Data, if it is transferred to a third country or an international organisation. b) The right to exercise (where applicable) the rights set out in Articles 16-21 of the GDPR, including the Right to Rectification, the Right to Erasure (Right to be Forgotten), the Right to Restriction of Processing, the Right to Data Portability, and the Right to Object.

We inform you that Open Fiber is committed to responding to your request no later than one month from the date of its receipt. This deadline may be extended depending on the complexity or number of requests, and Open Fiber will inform you of the reason for any extension within one month of your request. A reply to your request may be provided to you in writing or in paper or electronic form.

Methods of Exercising Rights

The Data Subject may at any time exercise the aforementioned rights and request an updated list of Data Processors by sending a request to the following e-mail addresses: privacy@openfiber.it or dpo.of@openfiber.it

If you believe that the processing of your Data violates the provisions of the Regulation, you , have the right to lodge a complaint with the Data Protection Authority, as provided under Article 77 of the Regulation, or to seek judicial remedy pursuant to Article 79 of the GDPR, following the procedures and instructions published on the Authority’s official website: www.garanteprivacy.it

Download the privacy policy in pdf format

Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966, in its capacity as Data Controller (hereinafter referred to as the “Data Controller” or “Open Fiber”), hereby informs you, pursuant to Article 13 of EU Regulation No. 2016/679 (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”), that your personal data (hereinafter referred to as “Data”) may be processed in the manner and for the purposes outlined below.

Purpose and Legal Basis of Processing

The personal data Subject to processing includes contact details, as well as personal and fiscal information exchanged or mutually acquired by the parties during all phases of the tender procedure initiated by Open Fiber to identify the successful bidder.
Such Data will be processed (as defined in Article 4, paragraph 2 of the GDPR) for purposes related to compliance with statutory and regulatory provisions in civil, tax, and fiscal matters, as well as pursuant to requirements issued by the competent authorities. This includes verifying compliance with anti-mafia regulations, activities related to the procurement process, and the eventual execution of the contract, in accordance with applicable regulations. Additionally, Data may be processed to defend a right in court or in the appropriate fora as provided by statutory and regulatory provisions.
The legal basis for the processing is: i) The performance of the contract and/or pre-contractual measures under Article 6(1)(b) of the GDPR, relating to participation in the tender procedure, the procurement process, and the potential establishment, execution, or termination of the contract; ii) The processing of Data
to comply with specific legal obligations (pursuant to Article 6(1)(c) of the GDPR) in accordance with tender and contract regulations, as outlined in Legislative Decree No. 50/2016, as amended and supplemented;
iii) The processing of Data to disclose any criminal convictions or ongoing criminal proceedings, pursuant to Presidential Decree No. 313 of 14 November 2002, as amended and supplemented. (“Testo unico delle disposizioni legislative e regolamentari in materia di casellario giudiziale, di anagrafe delle sanzioni amministrative dipendenti da reato e dei relativi carichi pendenti (Testo A)”). Such Data will be processed—beyond the general terms for all Data—in compliance with Article 10 of the GDPR and relevant tender and contract regulations, pursuant to Legislative Decree No. 50/2016, as amended and supplemented.

Data Retention Periods

The Data provided will be retained for as long as necessary to fulfil purposes related to compliance with regulatory obligations in accounting, tax, and civil law, and in any case, for 10 years after the expiration of the contractual agreements.

How Data Are Used

Processing will be carried out using tools that ensure the security and confidentiality of the Data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Processor) of the GDPR. The processing may also involve the use of automated tools or platforms, utilized during the tender procedure to store, manage, or transmit the Data.

Scope of Data Circulation

Your Data may be disclosed to parties who require access to it in order to perform support, instrumental, or auxiliary activities related to the contractual relationship between us, strictly to the extent necessary for carrying out these tasks.

The Data may also be processed by third-party companies acting on behalf of the Data Controller, in their capacity as Data Processors (such as credit institutions, professional firms, suppliers, or consultants involved in the management and/or maintenance of the electronic and/or telematic tools we use) for the time strictly necessary to ensure optimal performance of these services.

Without your explicit consent (pursuant to Article 6(1)(b) and (c) of the GDPR), the Data Controller may disclose your Data for the aforementioned purposes to supervisory bodies, judicial authorities, and any other entities to whom communication is legally required to fulfil these purposes.

Nature of Provision

We remind you that, with reference to the purposes outlined above, the provision of Data is mandatory. The Data referenced in this information notice is essential for evaluating the offer submitted. Refusal to provide the requested Data and/or the provision of inaccurate Data may result in the inability to:

a) Comply with statutory and regulatory provisions in accounting, tax, civil, and fiscal matters, as well as with the requirements set by the competent authorities;
b) Verify compliance with anti-mafia legislation;
c) Ensure proper regulatory, technical, and economic management of the contractual relationship;
d) Defend a right in court or in the appropriate legal fora, as required by applicable statutory and regulatory provisions.

Data Dissemination

Your Data will not be disclosed to any unspecified persons.

Transfer of Data abroad

Your Data will not be transferred outside the European Union or the European Economic Area. However, the Data Controller reserves the right, if necessary, to relocate servers to countries outside the EU. In such cases, the Data Controller ensures that any transfer of Data outside the EU will be carried out in compliance with Articles 44 and following of the GDPR, as well as other applicable legal provisions, by entering into agreements that guarantee an adequate level of protection, if required.

Data Controller and Data Protection Officer

The Data Controller is Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966. Open Fiber has appointed a Data Protection Officer (DPO) in accordance pursuant 37 of the GDPR, who can be contacted at the following address: dpo.of@openfiber.it

Exercise of Rights

As a Data Subject, we inform you that you may exercise your rights under the GDPR, namely:

  1. a) The right, pursuant to Article 15 of the GDPR, to obtain confirmation as to whether or not Data concerning you is being processed and, if so, to access the Data and the following information: i) The purposes of the processing; ii) The categories of Data concerned; iii) The recipients or categories of recipients to whom the Data has been or will be disclosed, particularly if these recipients are in third countries or international organisations; iv) Where possible, the expected retention period of the Data or, if not possible, the criteria used to determine this period; v) The existence of the Data Subject’s right to request rectification or erasure of the Data from the Data Controller, restriction of its processing, or objection to its processing; vi) The right to lodge a complaint with a supervisory authority, pursuant to Articles 77 and following of the GDPR; vii) Where the Data was not collected directly from the Data Subject, all available information about its source; viii) The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and meaningful information about the logic involved, as well as the significance and expected consequences of such processing for the Data Subject; ix) The right to be informed of the existence of adequate safeguards, pursuant to Article 46 of the GDPR, concerning the transfer of Data, if the Data is transferred to a third country or international organisation.
  2. b) The Data Subject shall also have the right (where applicable) to exercise their rights under Articles 16-21 of the GDPR, including the Right to rectification, the Right to be forgotten, the Right to restriction of processing, the Right to Data portability, and the Right to object.

We inform you that our Company is committed to responding to your request no later than one month from the date of its receipt. This deadline may be extended depending on the complexity or number of requests, and the Company will inform you of the reason for any extension within one month of your request. The outcome of your request may be provided to you in writing, either in hard copy or in electronic form.

Methods of Exercising Rights

The Data Subject may at any time exercise the rights referred to in the preceding paragraph and obtain an updated list of Data Processors by sending a request to the following e-mail addresses: privacy@openfiber.it or dpo.of@openfiber.it

Download the privacy policy in pdf format

As required by Article 13 of the European Union’s Data Protection Regulation 2016/679 (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”), the Data Subject (the user of the website https://openfiber.it/ ) must be informed, prior to the processing of personal data (hereinafter referred to as “Data”), that the Data collected through the website will be processed by the Company using computerized and/or telematic tools for the purposes outlined in this notice.

To this end, the Data Subject is subject to the Privacy Policy prepared by Open Fiber S.p.A. (hereinafter also ‘Open Fiber’ or ‘the Company’ or ‘the Data Controller’).

Data Controller and Data Protection Officer

The Data Controller is Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966.

Pursuant to Articles 37 et seq. of the GDPR, the Company has appointed a Data Protection Officer, who can be contacted at the following e-mail address: dpo.of@openfiber.it.

For more information on the rights of the Data Subject, please refer to the section titled “Rights of the Data Subject” in this notice.

Legal Basis and Purpose of Processing

Data provided while browsing the website https://openfiber.it/  are processed by the Data Controller in compliance with applicable regulations.

The legal basis for processing is rooted in the provision of services by the Company, the management and facilitation of the website, the handling of reserved areas on the website, and, where applicable, your consent to the processing of your Data.

Open Fiber processes your Data to pursue the following purposes:

  • SENDING A REQUEST TO BECOME AN OPEN FIBER PARTNER: If you choose to register in the “Become a Partner” section, the Data will be processed by the Data Controller, with your prior and explicit consent, for the purpose of your registration and subsequent access to dedicated services.
  • REQUEST FOR TERMINATION/LEAD-IN SEGMENT BY OPERATORS: If you decide to request information regarding the fibre optic termination segment or lead-in duct, the Data will be processed by the Data Controller, with your prior and specific consent, in order to respond to your request and provide the requested information.
  • ACCESS TO THE SUPPLIERS AREA: If you choose to access the suppliers area, the Data will be processed by the Data Controller, following your explicit consent, to: Allow access to the reserved “Suppliers Area” section of the https://openfiber.it/ website;
  • Manage the registration process for the Open Fiber supplier list;
  • Identifiy and select suppliers (companies and professionals) interested in working with Open Fiber;
  • Assess the suitability of the economic operator for collaboration with Open Fiber.
  • ACCESS TO THE CAREERS SECTION: If you choose to register and create an account in the “Careers” section of the openfiber.it website, your Data may be processed by the Data Controller, with your explicit consent, to review your Curriculum Vitae and assess your application.
  • CONTACT US: If you choose to contact us through the “Contact Us” section of the openfiber.it website, your Data may be processed by the Data Controller, with your explicit consent, to respond to your inquiry and provide the requested information.
  • SOCIAL NETWORK: the website https://openfiber.it/ provides access to Open Fiber’s social media pages. In this context, as further detailed in the site’s “Cookie Policy,” third-party cookies may be installed on the Open Fiber website.

Nature of the Processing

In relation to the purposes set out in point 1) of the paragraph above, the provision of your Data and consent to their processing is mandatory. Failure to provide consent will prevent Open Fiber from allowing you to submit your request to become an Open Fiber partner.

In relation to the purposes set out in point 2) of the paragraph above, the provision of your Data and consent to their processing is mandatory. Failure to provide consent will prevent Open Fiber from responding to your request for information regarding termination/lead-in by operators.

In relation to the purposes set out in point 3) of the paragraph above, the provision of your Data and consent to their processing is mandatory. Failure to provide consent will make it impossible for Open Fiber to: Allow access to the reserved “Suppliers Area” section of the https://openfiber.it/ website;

  • Manage the registration process for the Open Fiber supplier list;
  • Identify and potentially select you among the companies and professionals interested in working with Open Fiber;;
  • Assess the suitability of the Economic Operator for collaboration with Open Fiber.

In relation to the purposes set out in point 4) of the paragraph above, the provision of your Data and consent to their processing is mandatory. Failure to provide consent will prevent Open Fiber from proceeding with the evaluation of your application.

In relation to the purposes set out in point 5) of the paragraph above, the provision of your Data and consent to their processing is mandatory. Failure to provide consent will prevent Open Fiber from responding to your requests for information.

In this context, it is specified that the processing may also be carried out to comply with legal and regulatory obligations, and, more generally, with applicable legislation from time to time.

Processed Data

The Data processed by the Data Controller includes those provided by the user while navigating the openfiber.it website, when registering for or using the services offered by Open Fiber, and/or when submitting their Curriculum Vitae in the “Work with us” section.

Methods of Data Processing and Storage

Data is processed by the Data Controller in accordance with the provisions of the applicable legislation. The Data Controller processes the Data using computerised and/or telematic tools, employing organisational and logical methods that are strictly aligned with the purposes outlined in this information notice. Appropriate security measures are adopted to prevent unauthorised access, disclosure, modification, or destruction of the Data, as well as to protect against Data loss and unlawful or improper use. The Company is committed to processing the Data in accordance with the principles of fairness, lawfulness, and transparency, ensuring that Data collection is limited to what is necessary and accurate for processing, and that access is restricted to authorised personnel only. The management and storage of the Data acquired will be carried out in archives or on servers located within the European Union, owned by the Data Controller and/or by third-party companies appointed as external Data processors, and, in any case, currently located in Italy.

In relation to the different purposes for which they are collected, the Data will be retained for the time strictly necessary to achieve those purposes and, in any case, in compliance with applicable legal provisions.

The Company will also ensure that Data is not retained indefinitely by periodically verifying whether the interest of the Data Subject in its retention still exists.

Recipients and Data Processors

The Data collected will not be disclosed or communicated to third parties, except in cases specified in this notice and/or as required by law, and in any event, in a manner permitted by law. Data will be processed within the scope and for the purposes described by employees of the Company. Some Data processing may also be carried out by third parties appointed as external Data processors, whom the Data Controller engages or may engage for managing the contractual relationship, providing services, and meeting the organisational needs of its business. In particular, the Data may be communicated, for example, to:

  • Public and private entities that are entitled to access the Data by virtue of legal, regulatory, or EU provisions, within the limits set forth by these regulations;
  • Parties that require access to the Data for purposes related to the contractual relationship between the parties, to the extent strictly necessary for the performance of ancillary tasks (such as banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, postal couriers, and shipping companies);
  • Consultants, to the extent necessary for the performance of their professional duties.

The updated list of external Data Processors is available at the Data Controller’s head office and can be provided to the Data Subject upon request by email to: privacy@openfiber.it

Transfer of Data abroad

Data will not be transferred outside the European Union. However, the Data Controller reserves the right, if necessary, to relocate servers to countries outside the EU. In such cases, the Data Controller ensures that any transfer of Data outside the EU will be carried out in compliance with Articles 44 and following of the GDPR, as well as other applicable legal provisions, by entering into agreements that guarantee an adequate level of protection, if required.

Rights of Data Subjects

As a Data Subject, we inform you that you may exercise your rights under the GDPR, namely:

  • The right, pursuant to Art. 15 of the GDPR, to obtain confirmation as to whether or not Data relating to you are being processed and, if so, to access the Data and the following information (i) the purposes of the processing; (ii) the categories of Data concerned; (iii) the recipients or categories of recipients to whom the Data have been or will be disclosed, particularly if they are in third countries or international organisations;
    (iv) where possible, the expected retention period of the Data or, if not possible, the criteria used to determine this period; (v) the existence of the Data Subject’s right to request rectification or erasure of the Data, restriction of its processing, or to object to its processing from the Data Controller; (vi) the right to lodge a complaint with a supervisory authority, pursuant to Art. 77 ff. of the GDPR; (vii) if the Data were not collected from the Data Subject, any available information about their source; (viii) the existence of automated decision-making processes, including profiling, as referred to in Art. 22(1) and (4) of the GDPR, and, at least in such cases, meaningful information about the logic involved, as well as the significance and potential consequences of such processing for the Data Subject; (ix) the right to be informed of the existence of appropriate safeguards as defined in Article 46 of the GDPR regarding the transfer of Data, if they are transferred to a third country or international organisation;
  • The Data Subject shall also have the right (where applicable) to exercise their rights under Articles 16-21 of the GDPR, including the Right to rectification, the Right to be forgotten, the Right to restriction of processing, the Right to Data portability, and the Right to object.

The Data Subject may exercise the right to object to processing at any time by writing to the following e-mail address: privacy@openfiber.it

Open Fiber is committed to responding to the Data Subject’s requests within one month, except in cases of particular complexity, which may require up to three months. In any event, the Data Controller will inform the Data Subject of the reason for the delay within one month of the request. The outcome of the request will be provided in writing or electronically. In the case of a request for rectification, erasure, or restriction of processing, the Data Controller commits to notifying each recipient of the Data about the outcome of the request, unless this proves impossible or involves a disproportionate effort.

Open Fiber has appointed a Data Protection Officer (DPO) in accordance with Article 37 of the GDPR, who can be contacted at the following address: dpo.of@openfiber.it

Amendments to this Notice

The Data Controller reserves the right to modify this Privacy Policy at any time, by notifying users through the openfiber.it website. We encourage you to consult this page, using the date of the last modification indicated at the end of the document as a reference. If you do not accept the changes made to this Privacy Policy, you may request the Data Controller to delete your Data. Unless otherwise specified, the previous version of the Privacy Policy will continue to apply to the Data collected up to the date of the changes.

Download the privacy policy in pdf format

As required by Article 13 of the European Union’s Data Protection Regulation 2016/679 (hereinafter the “General Data Protection Regulation” or “GDPR”), the Data Subject (user of the Company’s social media pages) must be informed, prior to the processing of personal data (hereinafter “Data”), that the Data collected through social media platforms (Facebook and Instagram) will be processed by the Company using computerized and/or telematic tools for the purposes outlined in this notice.

To this end, the Data Subject is subject to the Privacy Policy prepared by Open Fiber S.p.A. (hereinafter also ‘Open Fiber’ or ‘the Company’ or ‘the Data Controller’).

Data Controller and Data Protection Officer

The Data Controller is Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966. 

Pursuant to Articles 37 et seq. of the GDPR, the Company has appointed a Data Protection Officer, who can be contacted at the following e-mail address: dpo.of@openfiber.it. For more information on the rights of the Data Subject, please refer to the section titled “Rights of the Data Subject” in this notice. 

Legal Basis and Purpose of Processing 

The Data collected are processed by the Controller in compliance with applicable regulations. 

The legal basis for the processing is the legitimate interest, pursuant to Article 6(1)(f) of Regulation (EU) No. 2016/679 

Open Fiber processes your Data to pursue the following purposes:

  • To respond to user requests; 
  • To perform Corporate Reputation Assessments  

The Data Subject may exercise the right to object to processing at any time by writing to: privacy@openfiber.it 

Processed Data 

The Data processed by the Controller includes all public Data on social networks (Facebook and Twitter) that will be collected in the following cases: 

  • A user posts a comment under an Open Fiber Facebook post or tweet without tagging or mentioning Open Fiber;  
  • A user comments under a Facebook post or tweet from another account that has tagged or mentioned Open Fiber;
  • A user creates a Facebook post or tweet on the Open Fiber page; 
  • A user sends a private message to Open Fiber; 
  • A user shares a tweet from Open Fiber by creating a retweet. 

Methods of Data Processing and Storage 

Data is processed by the Data Controller in accordance with the provisions of the applicable legislation. The Data Controller processes the Data using computerised and/or telematic tools, employing organisational and logical methods that are strictly aligned with the purposes outlined in this information notice. Appropriate security measures are adopted to prevent unauthorised access, disclosure, modification, or destruction of the Data, as well as to protect against Data loss and unlawful or improper use. The Company is committed to processing the Data in accordance with the principles of fairness, lawfulness, and transparency, ensuring that Data collection is limited to what is necessary and accurate for processing, and that access is restricted to authorised personnel only. The management and storage of the Data acquired will be carried out in archives or on servers located within the European Union, owned by the Data Controller and/or by third-party companies appointed as external Data processors, and, in any case, currently located in Italy. 

In relation to the different purposes for which they are collected, the Data will be retained for the time strictly necessary to achieve those purposes and, in any case, for no longer than 30 days, except in exceptional cases that may require a longer processing period. 

The Company will also ensure that Data is not retained indefinitely by periodically verifying whether the interest of the Data Subject in its retention still exists. 

Recipients and Data Processors 

The Data collected will not be disclosed or communicated to third parties, except in cases specified in this notice and/or as required by law, and in any event, in a manner permitted by law. Data will be processed within the scope and for the purposes described by employees of the Company. Some data processing may also be carried out by third parties appointed as external Data processors, whom the Data Controller engages or may engage for managing the contractual relationship, providing services, and meeting the organisational needs of its business.  

The updated list of external Data processors is available at the Data Controller’s head office and can be provided to the Data Subject upon request by email to: privacy@openfiber.it

Transfer of Data abroad

Data will not be transferred outside the European Union. However, the Data Controller reserves the right, if necessary, to relocate servers to countries outside the EU.  In such cases, the Data Controller ensures that any transfer of Data outside the EU will be carried out in compliance with Articles 44 and following of the GDPR, as well as other applicable legal provisions, by entering into agreements that guarantee an adequate level of protection, if required. 

Rights of Data Subjects 

As a Data Subject, we inform you that you may exercise the following rights under the GDPR: 

  • The right, pursuant to Art. 15 of the GDPR, to obtain confirmation as to whether or not Data relating to you are being processed and, if so, to access the Data and the following information (i) the purposes of the processing; (ii) the categories of Data concerned; (iii) the recipients or categories of recipients to whom the Data have been or will be disclosed, particularly if they are in third countries or international organisations;
    (iv) where possible, the expected retention period of the Data or, if not possible, the criteria used to determine this period; (v) the existence of the Data Subject’s right to request rectification or erasure of the Data, restriction of its processing, or to object to its processing from the Data Controller; (vi) the right to lodge a complaint with a supervisory authority, pursuant to Art. 77 ff. of the GDPR; (vii) if the Data were not collected from the Data Subject, any available information about their source; (viii) the existence of automated decision-making processes, including profiling, as referred to in Art. 22(1) and (4) of the GDPR, and, at least in such cases, meaningful information about the logic involved, as well as the significance and potential consequences of such processing for the Data Subject; (ix) the right to be informed of the existence of appropriate safeguards as defined in Article 46 of the GDPR regarding the transfer of Data, if they are transferred to a third country or international organisation; 
  • The Data Subject shall also have the right (where applicable) to exercise their rights under Articles 16-21 of the GDPR, including the Right to rectification, the Right to be forgotten, the Right to restriction of processing, the Right to Data portability, and the Right to object. 

The Data Subject may at any time exercise the above-mentioned rights by sending a request to the following e-mail addresses: privacy@openfiber.it.

Open Fiber is committed to responding to the Data Subject’s requests within one month, except in cases of particular complexity, which may require up to three months. In any event, the Data Controller will inform the Data Subject of the reason for the delay within one month of the request. The outcome of the request will be provided in writing or electronically. In the case of a request for rectification, erasure, or restriction of processing, the Data Controller commits to notifying each recipient of the Data about the outcome of the request, unless this proves impossible or involves a disproportionate effort.

Open Fiber has appointed a Data Protection Officer (DPO) in accordance with Article 37 of the GDPR, who can be contacted at the following address: dpo.of@openfiber.it 

Amendments to this Notice  

The Data Controller reserves the right to modify this Privacy Policy at any time, by notifying users through the openfiber.it website. We encourage you to consult this page, using the date of the last modification indicated at the end of the document as a reference. If you do not accept the changes made to this Privacy Policy, you may request the Data Controller to delete your Data. Unless otherwise specified, the previous version of the Privacy Policy will continue to apply to the Data collected up to the date of the changes. 

Download the privacy policy in pdf format

Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966, in its capacity as Data Controller (hereinafter referred to as “Data Controller” or “Open Fiber”), informs you, pursuant to Article 13 EU Regulation No. 679/2016 (hereinafter also “General Data Protection Regulation” or “GDPR”) that your personal data (hereinafter referred to as “Data” or “the Data”) provided through the above form may be processed in the manner and for the purposes indicated below.

Purpose and Legal Basis of Processing 

The Data from your identity document, provided by you, will be processed for the following purposes: a) issuance of a personal badge for entry to Open Fiber premises; b) Access control to company premises; c) Security requirements.

The legal basis for the processing includes, by way of example, your explicit consent to the processing of the Data, as well as the necessity for the Controller to meet specific security obligations.

Personal Data Subject to Processing  

In particular, the Data in question includes all the information contained in your identity document.

Data Retention Periods  

The Data provided will be retained for as long as necessary to achieve the aforementioned purposes and for the duration required by applicable laws and regulations.

How Data Are Used  

The processing of Data is carried out using both paper and electronic means, with appropriate measures in place to ensure the security and confidentiality of the Data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR. Data may be processed by internal or external individuals who are specifically authorised and bound by a confidentiality obligation.

Scope of Data Circulation  

The Data may also be processed by third-party companies that perform activities on behalf of the Data Controller, acting as External Data Processors(for example, credit institutions, professional firms, suppliers or consultants who manage and/or assist in the management or maintenance of the electronic and/or telematic tools we use, insurance companies that provide insurance services, for the time strictly necessary to ensure optimal service performance). Your Data will only be accessible to staff members of the Company who require it to perform their roles or duties within the organisation.  Such personnel will be appropriately instructed to prevent the loss, destruction, unauthorised access, or improper processing of the Data.

Without your explicit consent, the Data Controller may disclose your Data to supervisory authorities, judicial bodies, and any other entities to which disclosure is mandatory under the law (pursuant to Art. 6(b) and (c) of the GDPR).

Nature of Provision  

We remind you that, with reference to the purposes outlined above, the provision of Data is mandatory. If you refuse to provide the Data, your badge will not be issued, and you will not be able to access Open Fiber sites.

Data Dissemination  

Your Data will not be disclosed to any unspecified persons.

Transfer of Data abroad  

Data will not be transferred outside the European Union. However, the Data Controller reserves the right, if necessary, to relocate servers to countries outside the EU. In such cases, the Data Controller ensures that any transfer of Data outside the EU will be carried out in compliance with Articles 44 and following of the GDPR, as well as other applicable legal provisions, by entering into agreements that guarantee an adequate level of protection, if required.

Video Surveillance 

Pursuant to Article 3.1 of the General Provision on Video Surveillance issued by the Data Protection Authority on 29 April 2004 and the General Provision on Video Surveillance of 8 April 2010, we inform you that a video surveillance system is in operation for the purpose of monitoring access and areas subject to potential risks. As this system involves automatic and generalised recording, individuals entering video-surveilled areas cannot avoid being filmed. The sole purpose of this surveillance is to ensure the safety of staff and third parties, protect the company’s assets, and assist in identifying perpetrators of offences, thereby facilitating the protection of violated rights in the event of unlawful actions.

Through the above-mentioned video surveillance system, Data concerning you, in the form of your images, may also be processed. We inform you that the processing of Data collected via the cameras is conducted in accordance with the provisions of the above-mentioned General Provisions on video surveillance. The Data collected will not be disclosed or shared and will be retained only for as long as is strictly necessary to achieve the aforementioned purposes, in compliance with applicable laws and regulations.

  • Data Controller and Data Protection Officer  

The Data Controller is Open Fiber S.p.A., with registered office in Largo Guido Donegani 2 – 20121 Milan, MI, Italy, VAT No. 09320630966.

Open Fiber has appointed a Data Protection Officer (DPO) in accordance with Article 37 of the GDPR, who can be contacted at the following address: dpo.of@openfiber.it.

Exercise of Rights  

We inform you that, as a Data Subject (“Data Subject”), you have the right to exercise your rights under the GPDR, including the following:

  1. a) The right, pursuant to Article 15 of the GDPR, to obtain confirmation as to whether or not Data concerning you is being processed and, if so, to access the Data and the following information: i) The purposes of the processing; ii) The categories of Data concerned; iii) The recipients or categories of recipients to whom the Data has been or will be disclosed, particularly if these recipients are in third countries or international organisations; iv) Where possible, the expected retention period of the Data or, if not possible, the criteria used to determine this period; v) The existence of the Data Subject’s right to request rectification or erasure of the Data from the Data Controller, restriction of its processing, or objection to its processing; vi) The right to lodge a complaint with a supervisory authority, pursuant to Articles 77 and following of the GDPR; vii) Where the Data was not collected directly from the Data Subject, all available information about its source; viii) The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and meaningful information about the logic involved, as well as the significance and expected consequences of such processing for the Data Subject; ix) The right to be informed of the existence of adequate safeguards, pursuant to Article 46 of the GDPR, concerning the transfer of Data, if the Data is transferred to a third country or international organisation.
  2. b) The Data Subject shall also have the right (where applicable) to exercise their rights under Articles 16-21 of the GDPR, including the Right to rectification, the Right to be forgotten, the Right to restriction of processing, the Right to Data portability, and the Right to object.

We inform you that Open Fiber is committed to responding to your request no later than one month from date of its receipt. This deadline may be extended depending on the complexity or number of requests, and Open Fiber will inform you of the reason for any extension within one month of your request. The outcome of your request may be provided to you in writing, either in hard copy or in electronic form.

Methods of Exercising Rights  

The Data Subject may exercise the aforementioned rights at any time and request an updated list of Data Processors by sending a request to the following email addresses: privacy@openfiber.it or dpo.of@openfiber.it.

Download the privacy policy in pdf format

In order not to receive any further communication from Open Fiber and to be removed from our systems click here.