Policy Statement Regarding The Processing Of Personal Data
This policy statement describes the way in which Olivetti - in its capacity as Data Controller - collects, uses, shares and conserves personal data in compliancy with (EU) Regulation 2016/679 of the European Council and Parliament of 27 April 2016 (General Data Protection Regulation).
For questions relating to this privacy statement, or the way in which the personal data of a data subject (customers, suppliers, employees etc..) is managed by the Data Controller - exercising your recognised rights in this respect - and for all questions associated with how information is processed, please contact the Group’s Data Protection Officer, Olivetti Data Officer (“DPO Telecom Italia Group, c/o TIM S.p.A. Via Gaetano Negri n.1- 20123 Milan”), using either of the addresses given here:
1. Data Controller
The Data Controller is Olivetti S.p.A. – with HQ at Via Jervis, 77 - 10015 Ivrea (TO).
2. Purposes for which data processing is necessary
Your personal data may be processed for the purposes forming an integral part of the contractual relationships established between the parties, a few of which are described below just as examples, and not exhaustively:
- production, maintenance and/or support activities related to connectivity, products and/or equipment, as well as delivery of products and/or equipment;
- collection and analysis of results, for example, by means of measurements of a technical nature and/or interviews, questionnaires and focus groups;
- management of associated administrative activities and of any requests, claims or legal actions;
- to permit business partners to fulfil their contractual obligations with respect to Users. These obligations depend on whether the User has purchased or acquired goods, services or coupons of a promotional/commercial value offered by business partners or participants in offers, prizes, competitions or other programmes and activities, promoted or offered on our behalf, or by other Suppliers on behalf of said business partner.
Apart from the purposes described above, the data may also be processed to fulfil obligations prescribed by law, regulations or EU standards, as well as the provisions of Supervisory Authorities active in the sector. The transfer of your data is necessary for the above-mentioned purposes; failure to submit this data, or the submission of partial or inexact data could result in the impossibility to initiate or continue with the contractual activities referred to above.
3. Data conservation
The personal data collected for the purpose covered by this policy statement will be conserved until consent is withdrawn, apart from cases where the same information is subject to other types of processing by the same Data Controller, or a longer period conservation is not required or permitted by law.
4. Processing logic and methodology
Data is processed manually (for example, using hard copies) and/or by means of IT and telematic instruments. Your personal data, including traffic data, is organised and processed in a manner that is suitable to meet the purposes mentioned above, while at the same time ensuring that the data and communications remain safe and confidential. The IT systems and software will be configured in a way to minimise the use of personal and identification data that is not necessary for the purposes of the processing indicated above.
Your personal data may be processed by Olivetti also to provide services to customers, such as support, information, publicity, promotions and sales. Employees and operators, acting under the direct authority of their respective “Delegated Controllers”, are termed “Data Processors”. To accomplish these tasks they are provided with adequate operating instructions, also from Third-party subjects to which Olivetti delegates certain activities (entirely or in part), in order to fulfil the purposes indicated in Point 2).
In this case, said subjects will act in the capacity of autonomous Data Controllers, or otherwise will be designated as Data Officers or Data Processors.
If Data Officers or Processors are designated, Olivetti will provide them with appropriate operating instructions, in particular emphasising the minimum safety measures necessary to ensure the confidentiality and security of data.
The Third-party subjects referred to above belong essentially to one of the following categories:
- subjects to which Olivetti delegates installation/maintenance of plants and/or IT/telematic systems and/or the delivery, installation/maintenance of equipment and products;
- subjects (e.g. call centres) which Olivetti entrusts with customer support and information services or customer satisfaction surveys;
- research project partners (also outside Italy)
- Italian Media Regulatory Authority (AGCOM) and every other public subject having a legal right to request such data;
5. Rights of the data subject
5.1 Article 15 (right to access), 16 (right to rectify) of EU 2016/679 Regulation
Data subjects have the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed and, if so, to obtain access to the personal data and the following information:
- purpose of the processing;
- categories of personal data involved;
- recipients or categories of recipients to which the personal data has been or will be communicated, in particular if the recipients are in third countries or international organisations;
- envisaged period for which the personal data will be conserved or, if this is not possible, the criteria used for determining this period;
- existence of the right of the data subject to ask the controller to rectify or delete their personal data, restrict its processing or oppose its processing altogether;
- existence of the right to lodge a complaint with a supervisory authority;
5.2 Article17 (right to erasure, right to be forgotten) of EU 2016/679 Regulation
The data subject has the right to obtain from the data controller erasure of their personal data without any unjustifiable delay. The data controller, in turn, is obliged to erase the personal data without any unjustifiable delay, if any of the following conditions exist:
- personal data is no longer necessary for the purpose for which it has been collected or processed;
- data subject withdraws their consent in relation to the processing, in conformity with Article 6, Paragraph, Letter a) or Article 9, Paragraph 2, Letter a) of EU 2016/679 Regulation, and no other legal justification exists for its processing;
- data subject opposes the processing pursuant to Article 21, Paragraph 1 of EU 2016/679 Regulation, and no overriding legal justification exists for proceeding with processing, or the data subject opposes processing pursuant to Article 21, Paragraph 2 of EU 2016/679 Regulation;
- personal data has been processed illegitimately;
- personal data must be erased to fulfil a legal obligation provided for in the laws of the European Union or the member state to which the data controller is subject;
- personal data has been collected in relation to the service offer of the IT company, as in Article 8, Paragraph 1 of EU 2016/679 Regulation
5.3 Right as in Article18 (right to restrict processing) of EU 2016/679 Regulation
The data subject has the right to obtain from the data controller a restriction in the processing of their personal data when one of the following conditions applies:
- data subject contests the accuracy of the personal data held, for the period necessary to allow the data controller to verify the accuracy of the related personal data;
- processing has no legal grounds and the data subject opposes erasure of their personal data asking, on the other hand, that its use be restricted;
- although the data controller no longer needs the data for processing purposes, the personal data is necessary for the data subject to ascertain, exercise or defend a right in a court of law;
- data subject opposes processing pursuant to Article 21, Paragraph 1, of EU 2016/679 Regulation while waiting to verify the existence of any overriding legitimate reasons of the data controller with respect to those of the data subject.
5.4 Right as in Article 20 (data portability) of EU 2016/679 Regulation
The data subject possesses the right to receive in a structured, commonly-used format, readable by an automatic device, the personal data they have provided to Olivetti, the Data Controller, and also the right to transmit this data to another Data Controller without hindrance by Olivetti.