A)    MAIN

1)    to satisfy your requests regarding the Company and its services;

2)    set up a follow-up call with one of our representatives.

In these cases, the data processing is based on the need to fulfill pre-contractual measures adopted at your request – art. 6 § 1.b GDPR.

B)    ACCESSORY

1)    allow you to download the brochure relating to our services, on the basis of our legitimate interest (art. 6.1.f GDPR) to convey training and information content useful for any subsequent contacts;

2)    Marketing, consisting of: sending of advertising material, commercial communication, contents for direct sales, carrying out market research, administration of satisfaction questionnaires, recall campaigns (“Direct Marketing” purposes) concerning issues related to education, also through the Newsletter, on the basis of our legitimate interest (art. 6.1.f GDPR) to consolidate the commercial relationship with you.

3)    Fulfill the obligations established by the Applicable Regulations and/or orders given by Authorities, on the basis of the need to fulfill legal obligations (Article 6 § 1.c GDPR);

4)    ascertain, exercise and/or defend a right in the competent offices, on the basis of our legitimate interest in defending our right against the interested party (art. 6 § 1.f GDPR).

a)    subjects necessary for the execution of the activities connected and consequent to the provision of the site and the services requested (e.g. IT service providers), who act as Data Processors;

b)    internal personnel authorized by us, committed to confidentiality or subject to a legal obligation of confidentiality;

c)     organizations and Authorities, if and within the limits in which this is required by the applicable legislation or by their orders, or for the exercise, assessment and/or defense of a right in court.

1)    The Company’s site is located on servers hosted on S3 servers of Amazon Web Services EMEA sarl (“AWS Europe”) based in Paris, specifically in the “Ireland (Dublin) eu-west-1” sub-zone. AWS Europe is a Luxembourg company, controlled by Amazon Web Services Inc., a US company based in Seattle (WA); any transfer of Personal Data in the context of the AWS services is carried out on the basis of the Standard Contractual Clauses – pursuant to art. 46 § 3 of the GDPR; for more information see https://aws.amazon.com/it/compliance/data-privacy-faq/.

2)    to manage customer relationships we use Zoho’s “CRM” (Customer Relationship Manager), managed by Zoho Corporation BV (Beneluxlaan 4B, 3527 HT Utrecht, The Netherlands), controlled by https://www.zoho.com/privacy /zoho-group.html and https://www.zoho.com/legal/zoho-contracting-entities.html; any transfer of Personal Data in the context of the services is carried out on the basis of the Standard Contractual Clauses – pursuant to art. 46 § 3 of the GDPR; see https://www.zoho.com/crm/gdpr/.

In any case, we ensure that the transfer of Personal Data outside the European Union takes place only to countries that guarantee an adequate level of protection, for which there is an adequacy decision by the European Commission, or on the basis of one of the other guarantees provided for by chapter V of the GDPR.

We process the Data for ancillary purposes until you object to the data processing (initially or subsequently).

For accessory purposes (B) refusal to provide data is not envisaged but it is possible to object the data processing directly against the Company, as indicated in the “rights” (see below).

if I don’t?

If the refusal is in relation to accessory purposes, the only consequence is that we will not be able to send you the brochure or contact you for marketing communications.

In any case, the refusal to provide data for other purposes is not foreseen.

a)    access your data in our possession, and request a copy, except where the exercise of the right harms the rights and freedoms of other natural persons;

b)    request the rectification of any incomplete or inaccurate data;

c)     request the deletion of data, subject to the exclusions or limitations established by the Applicable Regulations (e.g. by art. 17 § 3 GDPR);

d)    request the limitation of data processing, where the conditions are met and subject to the exclusions established by art. 18 § 2 GDPR;

e)    request data portability (i.e. receive them in a structured format, commonly used and readable by an automatic device, in order to be able to transmit them to another Data Controller without impediments), to the extent that the Data Processing is based on consent or on the need to execute a contract where technically possible and except where the exercise of the right harms the rights and freedoms of other natural persons;

f)      lodge a complaint with the Data Protection Authority of your country, or of the place where the alleged violation occurred.

Right to objection

You can object to the data processing based on legitimate interest for the ancillary purposes (B), upon simple request, even initially, or for reasons connected to your particular situation (e.g. damage to honor, reputation, decency), save the demonstration by the Data Controller of a binding and prevailing legitimate interest pursuant to art. 21.1 GDPR, and unless the data processing is necessary for the assessment, exercise or defense of a right in court, by sending an email to privacy@opit.com.