Open Fiber S.p.A., with registered office in Via Certosa 2, 20155, Milan MI, Italy, VAT No. 09320630966, as data controller (hereinafter “Data Controller” or “Open Fiber”), informs you, pursuant to Article 13 EU Regulation No 679/2016 (hereinafter also “General Data Protection Regulation” or “GDPR”) that your personal data (hereinafter “Data” or “the Data”) provided through the above form may be processed in the manner and for the purposes indicated below.
- Purpose and Legal Basis of the Processing
Your Data, such as, for example, personal data, contact data, data relating to the R.O.C., will be processed (for the definition of ‘processing’, see Article 4, paragraph 2 of the GDPR) for the following purposes:
- registration in the “Operators Reserved Area*” [ORA] section of the www.openfiber.it website;
- Signing and execution of contracts for Open Fiber sales services;
- for the performance of marketing activities, market research, commercial communication, direct sales related to the Services offered by OpenFiber. This activity may be carried out either by sending advertising, informative or promotional material or invitations to take part in initiatives, events and offers, or by using “traditional” methods (e.g., paper mail and/or operator calls), or by using “automated” contact systems (e.g., SMS and/or MMS, messages via social whatsapp, telephone calls without operator, e-mail, fax, interactive applications), pursuant to Article 130 c. par. 1 and 2 of the Code, as amended.
The legal basis for the processing referred to in points a) and b) is Article 6 c..1 lett. b) of the GDPR, while for the purposes of points c) the legal basis is consent pursuant to Article 6 c.1 lett. a) of the GDPR.
- Data Retention Periods
Your data will be stored according to the following criteria:
- for the purposes referred to in point a) registration in the “Operators Reserved Area” section for a period necessary to complete the file and, in the event of suspension of the same, 90 days of receipt of the email
- for the purpose referred to in point b) – signing contracts for Open Fiber sales services – the data will be kept for the entire duration of the relationship and in any case for a period necessary to achieve the purposes for which they are processed.
- In any event, personal data will be kept for no longer than is necessary to fulfil any legal obligations.
- for the purposes referred to in points c) until the withdrawal of consent, which can be exercised through the appropriate method indicated on the communications of Open Fiber or by writing to firstname.lastname@example.org.
- How the Data is Used
Data is processed through paper media and electronic tools. Appropriate measures are used to ensure the security and confidentiality of the Data. The measures aim at preventing unauthorised access, loss or destruction, in accordance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR. The Data may be processed by internal or external, persons specifically authorised and committed to confidentiality.
- Scope of Data Movement
The Data may be processed by third party companies that carry out activities on behalf of the Data Controller, in their capacity as external data processors (by way of example but not limited to: credit institutions, professional firms, suppliers/consultants that manage and/or participate in the management and/or maintenance of the electronic and/or telematic tools used by us, insurance companies for the provision of insurance services, for the time strictly necessary for the optimal performance of such service). Your Data will be made accessible only to those within Open Fiber who need it in relation to the fulfilment of their duties or hierarchical position. Such persons shall be properly instructed to avoid loss, destruction, unauthorised access or unauthorised processing of the Data. Without your express consent (pursuant to Article 6 lett. b) and c) of the GDPR), the Data Controller may disclose your Data to supervisory bodies, judicial authorities as well as to all other entities to which disclosure is mandatory under an express provision of law.
- Nature of Data Provision
The provision of your Data for the purposes outlined in points (a) and (b) is mandatory. Your refusal and/or the provision of inaccurate and/or incomplete information with reference to points (a) and (b) would prevent, respectively, your registration in the “Operators Reserved Area” section of the website www.openfiber.it and the impossibility for Open Fiber to provide the services requested.
- Data Dissemination
The Data will not be disseminated.
- Transfer of Data Abroad
The Data will not be transferred outside the European Union. In any event, it is understood that the Data Controller may move the servers outside the EU if necessary. In this case, the Data Controller hereby assures that the transfer of data outside the EU will take place in accordance with Articles 44 et seq. of the GDPR and the applicable legal provisions by entering into agreements, if necessary, that guarantee an adequate level of protection.
- Controller and Data Protection Officer (DPO)
The Data Controller is Open Fiber S.p.A., with registered office in Via Certosa 2, 20155, Milan MI, Italy, VAT No. 09320630966. Open Fiber has appointed a Data Protection Officer (DPO) pursuant to Article 37 of the GDPR who can be contacted at the following address: email@example.com. For the management of the files Open Fiber S.p.A. may make use of third-party companies that will act as data processors.
- Exercise of Rights
We inform you that, as a Data subject (“Data Subject”), you may exercise the rights under the GDPR, namely: a) the right, pursuant to art. 15, to obtain confirmation as to whether or not your Data are being processed and, if so, to obtain access to the Data and to the following information: (i) the purposes of the processing (ii) the categories of Data concerned; (iii) the recipients or categories of recipients to whom the Data have been or will be disclosed, in particular whether third countries or international organisations; (iv) where possible, the expected period of retention of the Data or, if this is not possible, the criteria used to determine this period; v) the existence of the data subject’s right to request from the Controller the rectification or erasure of the Data or the restriction of their processing or to object to their processing; vi) the right to lodge a complaint with a supervisory authority, pursuant to art. 77 et seq. of the GDPR; vii) where the Data are not collected from the Data Subject, all available information on their origin; viii) the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4) of the GDPR, and, at least in such cases, meaningful information on the logic involved, as well as the significance and envisaged consequences of such processing for the Data Subject (ix) the right to be informed of the existence of appropriate safeguards under Article 46 of the GDPR relating to the transfer, if the Data is transferred to a third country or an international organisation; b) the Data Subject shall also (where applicable) have the possibility to exercise the rights under Articles. 16-21 of the GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object). We inform you that Open Fiber undertakes to respond to your request within one month at the latest from receipt thereof. This deadline may be extended depending on the complexity or number of requests and Open Fiber will explain the reason for the extension within one month of your request. The outcome of your request may be provided to you in writing either in hard copy or electronically.
- Methods of Exercising Rights
The Data Subject may at any time exercise the above-mentioned rights and request an updated list of data processors by sending a request to the following e-mail addresses: firstname.lastname@example.org or email@example.com.
If you believe that the processing of your Data is in breach of the provisions of the Regulation, you have the right to lodge a complaint with the Italian Data Protection Authority [Garante Privacy], as provided for by Article 77 of the Regulation, or to take legal action (Article 79 of the Regulation), following the procedures and instructions published on the official website of the Authority: www.garanteprivacy.it