General Privacy Policy — OpenIndustria

Effective Date: December 1st, 2025

 This policy describes how OpenIndustria, located at Via del Carmine 11 — 20121 Milan (Italy), email: segreteria@openindustria.com, processes the personal data of users who consult or interact with the website openindustria.com, in accordance with Regulation (EU) 2016/679 (“GDPR”) and current Italian data protection legislation.

1. Types of data processed

OpenIndustria may process:

  • Data provided voluntarily by the user: (e.g., name, surname, email, telephone number, profession, messages sent via forms or email).

  • Navigation data: (IP address, browser used, connection logs, pages visited, session duration, interactions with the site).

  • Technical cookies and, upon acceptance, analytical and profiling cookies: (see Cookie Policy).

No category of “special” data pursuant to Art. 9 GDPR is collected unless voluntarily included by the user in transmitted messages.

2. Purposes and legal bases of the processing

The data are processed for the following purposes and legal bases:

Consent provided may be revoked at any time without prejudice to the lawfulness of processing already carried out.

3. Processing methods and security measures

Data are processed using computer tools and, where necessary, paper-based methods, through technical and organizational measures suitable to ensure:

  • confidentiality

  • integrity

  • availability

  • resilience of systems and services

Access to data is allowed only to authorized personnel.

 4. Recipients of the data

Data may be communicated to:

  • technical, management, cybersecurity, or hosting service providers (as data processors)

  • consultants or institutional partners, if necessary for the indicated purposes

  • public authorities, only when required by a legal obligation

Data are not disseminated or sold to third parties.

 5. Transfer of data to extra-EU countries

Should a transfer to countries outside the European Economic Area become necessary, it will take place in compliance with Chapter V GDPR, adopting adequate safeguards such as:

  • Standard Contractual Clauses

  • Adequacy decisions of the European Commission

6. Retention period

Data will be stored for the time strictly necessary for the purposes for which they are collected or for additional periods imposed by regulatory obligations or for the protection of rights in cour6.

7. Rights of the data subject

The user, as a data subject, may exercise at any time the rights recognized by Artt. 15–22 GDPR, specifically:

  • Right of access to data (Art. 15 GDPR): Obtain confirmation as to whether or not personal data concerning them are being processed and receive a copy of the processed data, as well as information relating to the processing.

  • Right to rectification (Art. 16 GDPR): Rectify or update inaccurate personal data or complete incomplete ones.

  • Right to erasure — “right to be forgotten” (Art. 17 GDPR): Obtain the erasure of their personal data when: i) data are no longer necessary for the purposes collected, ii) consent is revoked and there is no other legal basis, iii) the subject objects to the processing and no legitimate interests of the controller prevail, iv) data are processed unlawfully, v) there is a legal obligation to erase.

  • Right to restriction of processing (Art. 18 GDPR): Request the suspension of processing when the accuracy of the data is contested, the subject objects to the processing, or the processing is unlawful but retention is preferred.

  • Right to data portability (Art. 20 GDPR): Receive personal data in a structured, commonly used, and machine-readable format and, if technically feasible, transmit them to another controller.

  • Right to object (Art. 21 GDPR): Object at any time to processing based on the legitimate interest of the controller, including profiling. In the case of direct marketing, the objection automatically applies to the connected profiling.

  • Right not to be subjected to decisions based solely on automated processing (Art. 22 GDPR): Particularly decisions that produce legal effects concerning them or significantly affect their person. (OpenIndustria does not carry out such processing) .

  • Right to withdraw consent (Art. 7 GDPR): Consent can be revoked at any time, without prejudice to the lawfulness of the processing already carried out before the withdrawal.

  • Right to lodge a complaint with the Supervisory Authority (Art. 77 GDPR): If the subject believes that a processing operation occurs in violation of data protection regulations.

Requests and rights can be exercised by writing to: segreteria@openindustria.com.

8. Changes to this policy

OpenIndustria may modify this policy to adapt it to regulatory updates or site changes. In such a case, the validity date will be updated and the new version will be published on the site.