According to the aforementioned legislation, the processing of data will be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights.

You are informed by Opitrad Srl, with registered office in Via Paolo da Cannobio, 37 – 20122 Milan (MI), as Data Controller, pursuant to articles 13 and 14 of the GDPR 2016/679, that your data will be processed according to the following methods and purposes:

1.  Subject of the processing

The Data Controller processes personal, identifying and non-sensitive data (in particular name, surname, tax ID code, VAT number, e-mail, telephone/cell phone number – hereinafter “personal data” or simply “data”) communicated to him or her.

2.  Purpose of the processing

The processing of your data has its legal basis in your consent and is carried out for the following purposes.

The communication of the Mandatory Data is necessary to Opitrad S.r.l in order:

  • to process the User’s request and to satisfy the relating administrative, accounting and tax obligations. In their absence it will be impossible to establish and/or proceed with the relationship.
  • to allow the sending of newsletters and/or mailing lists, for communications, organization of events and any additional services required;
  • to fulfil the pre-contractual, contractual and fiscal obligations (VAT tax register, etc.), arising from existing relationships;
  • to fulfil the obligations established by law, regulations, EU legislation or by an order of the Authority;
  • to exercise the rights of the Data Controller, for example the right of defence in court.

3. Processing methods

The processing of personal data is carried out by means of the operations indicated in art. 4 GDPR 2016/679 and art. 4 no. 2) GDPR and, namely, by means of: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are therefore subjected to both paper and electronic and/or automated processing.

4. Access to data

The data may be made accessible, for the purposes referred to in arts. 2.A) and 2.B):

  • to employees and collaborators of Opitrad S.r.l., of which the Controller forms part, in their capacity as persons in charge and/or internal managers of the processing and/or system administrators;
  • to Opitrad Srl, of which the Controller forms part (for example, for support activities in studying the feasibility of the customer’s project, for technical project management activities, for the storage of personal data, etc.).

5. Data communication

Without express consent (Article 6 letter b) and c) GDPR), the Data Controller may in any case communicate the data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities and to all the other entities to whom communication is mandatory by law for the accomplishment of the said purposes. Your information will not be disseminated.

6. Data transfer

The management and storage of personal data will be carried out on servers located on the premises of the Data Controller and/or the Data Supervisor.

The data will be subject to transfer outside the European Union and also to other countries in the world where Opitrad S.r.l. and its branches/consultants or companies operate. In any case, it is understood that the Data Controller, if necessary, will have the right to move the server’s location. In this case, the Data Controller hereby ensures that the data will be transferred in accordance with the provisions of law.

7. Nature of data provision and consequences of refusal to respond

It should be noted that, taking into account the purposes of the processing as set out above, the provision of data is mandatory and failure to provide them, or their provision in a partial or incorrect manner, may result in the impossibility of carrying out registration, enrolment for courses, communications and updates and of fulfilling the contractual obligations as provided for in the agreement.

8. Rights of the interested party

As the interested party, the rights are recognized as per art. 15 GDPR, namely the rights to:

  1. obtain confirmation as to the existence or otherwise of personal data, even if not yet registered, and their communication in an intelligible form;
  2. obtain the following indications:
    • origin of personal data;
    • purposes and methods of processing;
    • logic applied in case of processing carried out with the aid of electronic means;
    • identification details of the controller, of the supervisors and of the designated representative pursuant to art. 3 paragraph 1, GDPR 2016/679;
    • entities or categories of entities to whom the personal data may be communicated or who may learn about them as appointed representative in the territory of the State, managers or agents;
  3. obtain
    • updating, rectification or, when necessary, data integration;
    • cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed;
    • the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfilment proves impossible or involves a use of means manifestly disproportionate to the protected right;
  4. oppose, wholly or in part:
    • for legitimate reasons, the processing of personal data, if they are not relevant to the purpose of the collection;
    • the processing of personal data, for the purpose of sending advertising material through the use of automated call systems without the intervention of an operator by email and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the interested party to exercise the right to object even only partially. The interested party may decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.

Where applicable, you have the rights referred to in Articles 16-21 GDPR (right of rectification, right to be forgotten, right of limitation of processing, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.

9. Method of exercising rights

You may exercise your rights at any time by sending a document via:

  • registered mail with advice of receipt (A.R.) to Opitrad S.r.l., or by e-mail to

10. Minors

The data collected by the Data Controller are not intended for persons under the age of 18 and the Data Controller does not intentionally collect personal information about minors. Should information about minors be unintentionally registered, the Data Controller will delete them in a timely manner, on request by users.

11. Duration of processing

Personal data are kept for the entire duration of the relationship with Opitrad S.r.l., and in case of revocation and/or other type of termination of the relationship.

The Data Controller will process personal data for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship.

 12. Controllers, Supervisors and persons in charge

The Data Controller is Opitrad S.r.l..

The updated list of data supervisors and persons in charge is kept on the Data Controller’s premises.


Informativa Privacy ultima modifica: 2014-10-31T11:22:45+01:00 da Annalisa Occhipinti