Fea Otp Privacy Policy

This information notice supplements the Company's general information notice, provided pursuant to the EU Regulation 2016/679 (“GDPR”), regarding the processing of personal data. Pursuant to Article 13 GDPR, in relation to the processing of your personal data carried out through the use of the OTP Advanced Electronic Signature Service (“FEA”), Wonderful Italy S.r.l. with registered office in Via Vigevano, 35 - 20144 - Milan, VAT 09902710962, e-mail info@wonderfulitaly.eu, as the Data Controller (the “Controller”), informs you of the following:

Purpose of processing

Wonderful Italy S.r.l. must acquire certain personal data (the “Data”) concerning you as a interested party (the “Interested Party”) and that are processed for purposes related to the provision of the OTP Advanced Electronic Signature Service, according to the conditions of lawfulness provided for ex art. 6 GDPR. The Data provided are used by Wonderful Italy S.r.l. in order to execute the requested service, including through manual, computerized and telematic tools for the mere realization of the purpose itself and, in any case, in such a way as to ensure the security and confidentiality. The legal basis for processing for the above-mentioned purposes is Art. 6, para, (c) of the GDPR ("processing is necessary for compliance with a legal obligation to which the subject to by the data controller") and the processing pertains to Data strictly necessary for the purpose of the services you have requested. The activation of the OTP Advanced Electronic Signature Service involves the processing of personal identification data of the signer (e.g., first and last name, mobile phone number, e-mail address, etc.), in accordance with the provisions of the Prime Minister's Decree 22.02.2013 “Technical rules on the generation, affixing and verification of signatures advanced, qualified and digital electronic signatures.” In particular, the processing is carried out for the identification, activation, management of the Service and the fulfillments referred to in DPCM. 22.02.2013. For the purposes related to the provision of the OTP Advanced Electronic Signature Service, the processing of your personal data is necessary; if you do not wish to provide your data for said purposes, it will not be possible to provide you with the OTP Advanced Electronic Signature Service. The Holder shall in any case make available to the Data Subject alternative ways of signing (e.g. handwritten signature of paper documents). The Data Controller also advises that if it intends to further process personal data for a purpose other than that for which it was collected, prior to such further processing it will provide the Data Subject with information regarding that different purpose and any further relevant information, collecting specific consent where appropriate. For the purposes stated above and within the relevant limits, your data may be made available by means of communication to other parties if this is necessary for the proper management of the existing relationship with you or to fulfill a legal obligation to which the Data Controller is subject. The personal data will also be processed by the company In.Te.S.A. S.p.a. with registered office in Strada Pianezza, 289 - 10151 - Torino (TO) as data processor ex art. 28 GDPR for the activities referred to in the OTP Advanced Electronic Signature Service.

Mode of treatment

Your Data is used only in ways and procedures strictly necessary to provide you with the services you have requested. We also use the same methods when we communicate for these purposes some of this Data to other parties for as indicated above. For certain services, we use Subjects who perform tasks of a technical or organizational nature on our behalf duly appointed as Data Processors. In particular, your Data may be communicated to the provider of the OTP Advanced Electronic Signature Service and to the subjects whose cooperation the Data Controller may use for the provision of the Service and, in particular, for the performance of archiving activities and digital storage services of the signed documents. Without the need for express consent ex art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the indicated purposes to Supervisory Bodies, Judicial Authorities as well as to those subjects to whom the communication is obligatory by law for the fulfillment of the said purposes. These subjects will process the data in their capacity as autonomous data controllers. Your data will not be disseminated. Personal data will be stored for as long as necessary to manage the OTP Advanced Electronic Signature Service, as well as to fulfill specific obligations imposed by current regulations (at least 20 years in deference to the provisions of Article 57 of the Prime Minister's Decree 22.02.2013). Personal data are not stored on servers located outside the European Union. It is in any case understood that the Data Controller, should it become necessary, will have the right to move the servers outside the EU as well. In this case, the Data Controller assures as of now that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

Rights under Art.15 et seq. of EU reg. 679/2016

In your capacity as a data subject, you have the rights under Article 15 GDPR, namely the rights to: - obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and its communication in intelligible form; - obtain information on: a) the origin of the personal data; b) the purposes and methods of the processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the data controller, data processors and the designated representative pursuant to Art. 3, paragraph 1, GDPR; e) the subjects or the categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or appointees; - obtain: a) the updating, rectification or, when interested, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept in relation to the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected; - oppose, entirely for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection.

Where applicable, it also has the rights under Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.