Dear User,

This information is provided pursuant to and for the purposes of Legislative Decree June 30, 2003, n. 196, referred to in Article 13 (Personal Data Protection Code) and the EU Regulation 2016/679 on data protection (“GDPR”, General Data Protection Regulation EU 2016/679).

This page describes how personal data of users consulting the websites of Red Open SRL accessible online at the following addresses is processed:

– www.redopen.it
– www.humanimpact.tech
– www.redopenletter.it

This notice applies only to the websites listed and not to other websites that may be accessed by the user through links.

Contacts for Data Controller/Processor

Red Open SRL will process your personal data in accordance with the GDPR and the current personal data protection legislation.

For any information or to exercise the rights under Articles 7 to 10 of Legislative Decree 196/2003 and Articles 15 to 22 of the EU Regulation 2016/679, you can contact the Data Controller/Processor at the following addresses:

Red Open SRL

Via Valbrona 4/A – 20125 Milan


General Information Valid for Any Processing

All processing carried out through the above-mentioned websites is based on the principles of legality, fairness, and transparency.

At any time, you can exercise the rights outlined in the previously mentioned legal articles by making a specific request to the data controller or processor.

You can also request precise information about the entities processing data on behalf of the controller (Processors, Persons in charge, etc.).

During processing operations, an adequate level of protection and confidentiality will be ensured in accordance with Article 32 of the GDPR.

If the website intends to use personal information for purposes other than those outlined in this notice, specific consent from the User will be requested.

Type and Source of Personal Data, Purposes of Processing, Legal Basis for Processing, and Data Retention Period

When using or navigating the websites referred to in this notice, the following personal data may be processed:

Browsing Data

The computer systems and software procedures used to operate our websites collect, in their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This data category includes information on the services you viewed and/or used, as well as how you use them (for example, when you interact with our content) and the IP addresses or domain names of the computers and terminals you use, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters related to your operating system and computer environment.

This data, necessary for the use of web services, is also processed to:

– Obtain statistical information on the use of services (most visited pages, number of visitors by time slot or day, geographical areas of origin, etc.);
– Check the correct functioning of the services offered.

Browsing data does not persist for more than seven days and is deleted immediately after their aggregation (except where there is a need to investigate crimes by the Judicial Authority).

Cookies and Similar Technologies

Our websites use various technologies to collect and store information when you visit one of our services. These operations may involve the use of cookies and/or similar technologies to identify your browser or device; we also use these technologies to collect and store information when you interact with and/or purchase our services and/or the services of our partners.

For more information, we invite you to visit our Cookie Policy.

Data Provided by the User Through the Use of Site Features

This includes data processing for:

– Certain sections of the site (“request information” / “contacts” / “contact us”) require the user to fill in some personal data.

In this case, the legality of the processing derives from the consent expressed by the interested party, at the time of the free informed provision of their data, through a clear affirmative action (selection of a specific box).

The data will be processed exclusively to respond to the requests made by the user, and the provision of data is necessary to respond fully and correctly to the requests.

The data will be stored for periods compatible with the purpose of collection and then deleted. Data may be communicated to third parties only when it is functional to provide a correct response to the interested party.

The optional, explicit, and voluntary sending of emails to the addresses indicated on the websites entails the subsequent acquisition of the sender’s address, as well as any other personal data included in the message. These data will be used exclusively to respond to the requests made by the user.

The legality of the processing derives from the consent expressed by the interested party, at the time of the free informed provision of their data, considered in itself already as a clear affirmative action.

If it is deemed appropriate

to provide additional information, in addition to the present, specific summary notices will be progressively reported or displayed on the pages of the site set up for particular services on request.

The data will be stored for periods compatible with the purpose of collection and then deleted. Data may be communicated to third parties only when it is functional to provide a correct response to the interested party.

Subscription to the newsletter through the completion of the appropriate fields present on the dedicated page of the site involves the acquisition of name, surname, email address, and professional information.

In this case, the legality of the processing derives from the consent expressed by the interested party, at the time of the free informed provision of their data, through a clear affirmative action (selection of a specific box, or “check box”).

The data will be processed for sending promotional material, invitations to events, communications, and updates on products and services of ReD Open S.r.l., also through automated tools (in particular through the email address provided).

The interested party can at any time request the cancellation from this service, and therefore no longer receive the newsletter or other promotional communications, through the “Unsubscribe” option present at the bottom of any newsletter email received or by sending a specific request to the above address (dirittinpratica[at]redopen.it).

The data will still be stored for a period of time compatible with the purpose of collection and then deleted. Data will in any case be deleted after 24 months from their acquisition, unless otherwise indicated by the User or for Legitimate Interest reasons related to the type of commercial communication carried out.

How Data is Processed

Your data will be processed using protected registration, analysis, and storage tools in accordance with the security guarantees provided by industry standards.

The processing of your data will be carried out by authorized and appropriately trained personnel, who will use computer systems and tools aimed at ensuring compliance with the principles stated by the laws on personal data protection and maintaining an adequate level of security aimed at the security and conservation of the data you provided.

With Whom Data is Shared

The Data Controller transmits personal data, processed according to this Information, in the following cases:

– Consent provided by the user themselves: in case of the need to share personal data with companies, organizations, and people outside those interested in managing the websites, specific authorization will always be requested from the user.
– Need for intervention by System Administrators: the domain administrator and/or third-party resellers providing service enjoyment assistance may have access to the personal data of the interested parties.
– In the context of contractual relationships related to the services offered: in the context of using the websites, Red Open S.r.l. shares information with its affiliates and/or companies and/or trusted individuals who operate on behalf of and on instructions from Red Open, as Data Processors or as independent data controllers, so that they process it based on the instructions provided by Red Open S.r.l. and in compliance with the Privacy rules applied by the same Website (as well as in compliance with other appropriate measures related to confidentiality and security).
– For legal reasons: personal information may be provided to companies, organizations, and/or third parties if access, use, protection, or disclosure of such information is necessary to:
– comply with applicable laws or regulations, comply with a judicial order and/or a mandatory government request;
– apply the current terms of service, including investigations regarding potential violations;
– detect, prevent, or otherwise address fraudulent activities or security or technical issues;
– protect the rights, property, and/or safety of the Owner, our Users, or the public interest, as required and permitted by law.

Furthermore, the Data Controller may share information that does not allow the identification of Users with its partners, for example, to show trends related to the general use of its services.

If the Data Controller should be involved in a merger, acquisition, and/or sale, it will continue to ensure the confidentiality of personal information and inform the Users concerned of the transfer of personal information or the application of Privacy rules different from those adopted here.

Where necessary, the communication of data will possibly be made only towards competent authorities, subjects of trust appointed by the Data Controller for the performance of technical and/or organizational tasks (provision of legal, accounting, tax, consulting services, etc.).

A complete list of the Data Processors and the third parties with whom the data are shared is available following an express request to the Data Controller at the address: dirittinpratica[at]redopen.it

Rights of the Interested Parties

Under Articles 7, 15, and following of the Regulation, as an Interested Party, you have the right to:

– Obtain confirmation of the existence or not of personal data concerning you, access their content, and request their communication in an intelligible form (right of access). In particular, you will have the right to ask for indications regarding:
– the origin of your personal data;
– the purposes and methods of processing;
– the logic applied in case of processing carried out with the aid of electronic

– the identifying details of the owner, the managers, and the designated representative pursuant to article 5, paragraph 2 Privacy Code and art. 3, paragraph 1 GDPR 2016/679;
– the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it as designated representative in the territory of the State, managers, or agents.
– request the updating, rectification, or integration of your data (right of rectification);
– request the attestation that the operations referred to in letters a) and b) have been brought to the knowledge, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right.
– request the cancellation, transformation into anonymous form, or blocking of data processed in violation of the law, including those for which conservation is not necessary in relation to the purposes for which the data were collected or subsequently processed (right to erasure and right to restriction);
– revoke consent at any time without affecting the lawfulness of the processing (right to withdraw consent);
– receive a copy of the personal data you have provided, in a structured, commonly used, and machine-readable format, and to transmit them to another data controller without hindrance (right to data portability);
– oppose the processing, in whole or in part (right to object):
a) for legitimate reasons to the processing of personal data concerning you, even if relevant to the purpose of the collection;
b) to the processing of personal data concerning you for the purpose of sending advertising material or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator, by email and/or through traditional marketing methods. It should be noted that the interested party’s right of opposition for direct marketing purposes through automated methods extends to traditional ones and that, in any case, the possibility for the interested party to exercise the right of opposition even only in part remains valid. Therefore, as an Interested Party, you may decide to receive only communications through traditional methods, or only automated communications, or none of the two types of communication.
– If applicable, you will also have the right to lodge a complaint with the supervisory authority (Privacy Guarantor).

To exercise your rights, you can send an email at any time to dirittinpratica[at]redopen.it

Last updated 01.05.2023