Privacy for the operator
Information on operator data processing pursuant to art. 13 of Regulation (EU) 2016/679
concerning the use of personal data provided by you or in any case acquired by us in the future in the performance of the service and for the purposes of Presidential Decree 26/2022.
Identification details of the data controller
The data controller is the Ministero delle Imprese e del Made in Italy (Ministry of Enterprises and Made in Italy) – Direzione Generale per i Servizi di Comunicazione Elettronica, Radiodiffusione e Postali, (General Department for Electronic, Radio broadcasting and Postal Communication Services) with registered office in Rome, viale America no. 201.
Identification details of the external data processor
The External Data Processor is the Ugo Bordoni Foundation, in the person of its Chairman and current legal representative, with registered office in Rome, viale del Policlinico no. 147, in its capacity as manager of the Public opt-out registry.
Data protection officer
Pursuant to Art. 37 of Regulation (EU) 2016/679, the Data Protection Officer (DPO) of the Ministry of Enterprises and Made in Italy is Paola Picone, who can be contacted at the following addresses: e-mail: email@example.com, firstname.lastname@example.org; telephone: 0647052039 | via V. Veneto, no. 33, 00187 – Rome (ITALY).
Purpose of processing
The processing of data is aimed at: a) allowing initial access to the Public opt-out registry pursuant to and for the purposes of Article 5 of Presidential Decree 26/2022 and the management of all subsequent phases of the manager/operator relationship as governed by the regulations and by the General Terms and Conditions of Contract in force; b) the actual provision of the service relating to the registry itself; c) the storage of access operations pursuant to Article 8, paragraph 5, of Presidential Decree 26/2022; d) the implementation and maintenance of the systems through which the service is provided; e) the billing of the costs of access to the Public opt-out registry, pursuant to Art. 6 of Presidential Decree 22/2022 and 4 of the Service Contract; f) the handling of any complaints, disputes and requests for assistance; g) the prevention of fraud and management of arrears; h) the protection and possible recovery of credit, also through third parties; i) the sending of notices and/or the exercise of the power of inspection and/or control by institutional subjects.
The legal basis for the processing of personal data is the exercise of the public powers of the data controller pursuant to Presidential Decree 26/2022, in accordance with Article 6(1)(e) of Regulation (EU) 2016/679.
Methods of processing
The processing of the data you provide is carried out by means of manual, computerised and telematic tools, with logics and methods strictly related to the performance of the service and the purposes of Presidential Decree 26/2022 and the current “General Contractual Terms and Conditions governing access to the Public opt-out registry by operators pursuant to Article 1, paragraph 1, letter c), of Presidential Decree no. 26 of 27 January 2022”.
The data will be processed in accordance with the rules of confidentiality and security provided for by law, including in the event of any disclosure to third parties.
However, you are invited to enter your data in accordance with the requirements set out in the procedure described on www.registrodelleopposizioni.it and in the General Contractual Terms and Conditions.
In compliance with Art. 8 of Presidential Decree 22/2022, records of any event of access, updating of the lists and disconnection carried out by the operators, when accessing the system and updating the lists on the basis of the data contained in the Public opt-out registry, are kept by the registry manager for twenty-four months from the moment of their generation, according to the criteria of completeness, integrity, unalterability and verifiability. These records are protected by the manager of the Public opt-out registry against unauthorised access, so that they can only be accessed for inspection purposes by the Data Protection Authority or by the judicial authority.
Mandatory nature of conferment
The data you provide are compulsory for the achievement of the above-mentioned purposes; failure to provide them, or providing them in part or incorrectly, may make it impossible for us to provide the services requestedrity.
Scope of communication and dissemination
Your data may be communicated in compliance with Regulation (EU) 2016/679 to the employees in charge of the processing for purposes functional to the activity of the Ugo Bordoni Foundation as manager of the Public opt-out registry.
They may also be communicated in compliance with Regulation (EU) 2016/679: a) to the Data Protection Authority for the exercise of the power of inspection and/or control under Article 12 of Presidential Decree 26/2022; b) to public authorities and/or supervisory and control bodies entitled to request the data in accordance with the law; c) to judicial authorities; d) to consultants, legal experts and law firms appointed by the Data Controller or Data Processor for the purposes described herein.
Transfer of personal data outside the European Union
Your personal data will be processed by the operator of the Public opt-out registry within the territory of the European Union.
Should it become necessary, due to technical and/or operational issues, to use entities located outside the European Union, or should it become necessary to transfer some of the collected data to technical systems and cloud-managed services located outside the European Union, the processing will be carried out in accordance with the provisions of Regulation (EU) 2016/679 and updated processing information will be provided.
All necessary precautions will be taken in order to ensure the protection of personal data by basing such transfer: a) on adequacy decisions of third country recipients expressed by the European Commission; b) on adequate safeguards expressed by the third country recipient pursuant to Article 46 of Regulation (EU) 2016/679; c) on the exceptions relating to specific situations set out in Article 49 of Regulation (EU) 2016/679.
Rights of the data subject
With reference to the processing of your personal data as per Presidential Decree 26/2022, Regulation (EU) 2016/679 gives data subjects the following rights:
a) right of access (Art. 15 of Regulation (EU) 2016/679), i.e. to obtain in particular:
- confirmation of the existence of personal data,
- the origin and the categories of personal data, the purpose and method of their processing,
- the approach applied in case of processing by electronic means,
- the identification details of the Data Controller, of the Data Processor and of the persons or categories of persons to whom the data have been or may be communicated,
- the retention period,
- rectification, erasure or restriction of the processing of personal data,
- the right to opt-out to their processing,
- the right to lodge a complaint with the Data Protection Authority;
b) right of rectification (Art. 16 of Regulation (EU) 2016/679;
c) right to restriction of processing (Art. 18 of Regulation (EU) 2016/679);
d) right to opt-out (Art. 21 of Regulation (EU) 2016/679).
In relation to the processing of data concerning you, you may use the contacts in this document to exercise your rights.