Legal Notice

INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679 ("GDPR")

1. Who is responsible for the processing of personal data (i.e. who decides the purposes and methods of processing) and how to contact them

In addition to being processed by Omnitel Comunicaciones S.L., with registered office at C/ Colquide 6 Edificio Prisma, portal 2, 1ºA - 28231 Las Rozas de Madrid (Spain), e-mail dpo@grupo-omnitel.es (hereinafter, the "Company"), your data will be communicated by the latter to the operating holding company of the Digital360 Iberia S.L. group, with registered office in Madrid, Calle Alcalá 93 – 28009, email privacidad@digital360.it (hereinafter, "Digital360"), which will process them as an independent data controller.

2. Purpose and legal basis of data processing and data retention period

For what purpose are the data processed?	What is the legal basis for the processing?	How long do we keep the data?
a) Your personal data is incorporated into the CRM system of Digital360 Iberia Group. Such data may be processed by the Company, at the request of the data subject, to send him/her the white paper or to allow him/her to register and participate in an event, as well as to respond to his/her request for information/contact.	Execution of a contract to which the interested party is a party.	For the time necessary to send you the content, respond to your request or manage the registration, without prejudice to its conservation for the additional purposes indicated below.
b) Your data will be processed in order to contact you, by automated and/or traditional means, to check your interest in services related to the request made or downloaded content offered by the companies indicated: - Adjudicaciones Tic S.L.C. - Business Publications Spain S.L. - Omnitel Communications, LLC. - Omniprotic Unipessoal LTDA.	Legitimate interests pursued by the Company or by a third party.	For 5 years, without prejudice to the possible opposition of the interested party.
c) To enable the Company to carry out direct marketing activities by sending, through automated (e.g., email) and/or traditional (e.g., telephone) contact methods, promotional communications about initiatives, services, products or events of the companies of the following companies: - Adjudicaciones Tic S.L.C. - Business Publications Spain S.L. - Omnitel Communications, LLC. - Omniprotic Unipessoal LTDA.	Legitimate interests pursued by the Company or by a third party.	For 5 years, without prejudice to the possible opposition of the person concerned even by clicking on the "unsubscribe" link present in each communication.
d) For Digital360 to carry out direct marketing activities by sending, through automated (e.g., email) and/or traditional (e.g., telephone) contact methods, promotional communications about initiatives, services, products or events of the companies of the following companies: - Adjudicaciones Tic S.L.C. - Business Publications Spain S.L. - Omnitel Communications, LLC. - Omniprotic Unipessoal LTDA.	Legitimate interests pursued by Digital360 or a third party.	For 5 years, without prejudice to the possible opposition of the person concerned even by clicking on the "unsubscribe" link present in each communication.
Once the above-mentioned retention periods have elapsed, the data will be destroyed, erased or made anonymous, in a manner compatible with the technical procedures for erasure and backup, without prejudice to the purpose of the data controller to protect its rights and interests, also with a view to enforcing liability.

3. Nature of data provision

The provision of personal data is necessary to process your request.

4. Data recipients

The data are processed by employees of the Company belonging to the corporate functions assigned to the achievement of the purposes indicated above, who have been authorized to process the data and have received appropriate operational instructions.

The data are processed, on behalf of the Company, by third parties providing instrumental services to the same, designated as processors in accordance with Article 28 of the GDPR, such as, for example, companies providing IT services or in the field of marketing and communication, as well as companies of the Group to which the data controllers belong.

The data may be processed by third parties acting as autonomous data controllers entitled to receive the data, such as public authorities or professional offices.

5. Transfer of data outside the EU

Data may be transferred to entities established outside the European Union (EU) or the European Economic Area (EEA), in particular to the United States, a country considered appropriate by the European Commission within the limits of the "EU-US Data Protection Framework" of July 10, 2023.

When the entities to which the data are transferred are located in a "third country" without an adequacy decision, the standard contractual clauses (SCCs) referred to in Article 46(2)(c) of the GDPR will be stipulated, a copy of which can be obtained by contacting the Company at the contact points indicated in section 1 above.

6. Rights of interested parties

Data subjects may exercise their rights under Articles 15 to 22 of the GDPR by contacting the data controllers at the contact points indicated in paragraph 1, and in particular by contacting

• obtain confirmation as to whether or not personal data concerning them are being processed and, if so, request access to such data and to the information referred to in Article 15 of the GDPR (the purposes of the processing, categories of personal data, etc.);
• obtain the rectification of inaccurate data or the integration of incomplete data in accordance with Article 16 of the GDPR;
• request the erasure of personal data in the cases provided for in Article 17 of the GDPR, if the data controllers no longer have the right to process them^[1];
• obtain the restriction of processing (i.e. temporary storage of data), in the cases provided for in Article 18 of the GDPR.^[2];
• to object at any time to the processing of personal data concerning him/her for reasons of legitimate interest;
• object at any time to receiving promotional communications from the data controllers (also by clicking on the "unsubscribe" link at the bottom of each e-mail);
• if the processing is based on consent or a contract and is carried out by automated means, request to receive the data in a structured, commonly used, and machine-readable format, as well as, if technically possible, to transmit it to another controller without hindrance, in accordance with Article 20 of the GDPR ("right to portability").

In any case, they have the right to lodge a complaint with the competent supervisory authority of the Member State in which they habitually reside or work or of the State in which the alleged violation has occurred.

7. How to contact the data protection officer (DPO)

You may contact the Company's DPO by writing to

You can contact Digital360 Iberia's DPO by writing to dpo@digital360.it

 

^[1] The data subject has the right to obtain the deletion of his or her data, in particular in the following cases.

1. the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
2. the data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) and if there is no other legal basis for the processing
3. the data subject objects to the processing pursuant to Article 21.1 and there are no other legitimate grounds for the processing, or objects to the processing pursuant to Article 21.2;
4. the personal data have been unlawfully processed;
5. the personal data must be deleted in order to comply with a legal obligation under Union or Member State law that applies to the controller
6. the personal data have been obtained in connection with the provision of information society services referred to in Article 8.1.

^[2] The hypotheses under which it is possible to obtain treatment limitation are as follows.

1. the data subject contests the accuracy of the personal data, during a period of time that allows the controller to verify the accuracy of the data;
2. the processing is unlawful and the data subject opposes the deletion of the data and requests instead the restriction of their use;
3. the controller no longer needs the data for the purposes of the processing, but the data subject needs the data for the formulation, exercise or defense of claims;
4. the data subject has objected to the processing in accordance with Article 21.1 of the GDPR, while verifying whether the legitimate grounds of the controller outweigh those of the data subject.