According to EU Regulation 2016/679 (GDPR) and Legislative Decree 196/03 (as amended)
Information version: 2.0 dated 25/05/2018
This Policy describes the types of data that we can collect and process through the use of the AI + platform and / or pages managed by OPENAI describing their collection, use, maintenance, protection and disclosure practices.
- Holder of the treatment
OpenAi Srl, with registered office in Via A. Ramazzotti, 20 – 20900 Monza (MB) – P.IVA 10516730966, email: firstname.lastname@example.org, (hereinafter also referred to as, “OPENAI” or the “Owner”), guarantees compliance with the regulations on the protection of personal data by providing the following information about the processing of data communicated or in any case collected during the use of the AI + platform (the “platform” or “AI +”), of other digital marketing platforms .
Data controller: the natural person, the legal person, the public administration and any other body, association or body to which, also jointly with another owner, the decisions regarding the purposes, the methods of processing personal data and the tools used, including the information security profile.
Data processor: the person, the company, the body, the association or the body to which the owner entrusts, also externally, for the particular experience or ability, management and control tasks of data processing.
End-User or Interested: these terms refer to those who browse through one of the web pages managed by OPENAI, is a customer, or potential such, of OPENAI (having purchased the products and mailings directly in the stores or by correspondence services offered) uses an APP managed by OPENAI, is contacted or enters data through one of the digital marketing or artificial intelligence platforms used by OPENAI such as “AI +” or directly within one of the OPENAI offices. In the case of minors, the provisions indicated in Art. 2-quinquies of Legislative Decree 196/03 (with the changes made by Legislative Decree 101/18).
AI +: one of the artificial intelligence platforms used by OPENAI.
Chatbot: chat bot, chatbot or workbot, is a software designed to simulate a conversation with a human being. The main purpose of these software is to simulate human behaviour and are used for various purposes such as online help, to answer the FAQs of users who access a site etc.; the Owner may offer within its web spaces the possibility for end-users and customers to interact with a chatbot to offer the services requested by the end-user, improve the user experience with the disclosure of information (description of services, products, promotions, etc.) and to acquire contact information.
Websites: the websites or web pages managed by OPENAI.
Personal Data: we consider personal any information that is sent voluntarily and that personally identifies someone, including contact information, such as name, e-mail address, company name, address, telephone number and other information about you or your business. Personal Information may also include information about any transaction, whether free or paid, information that is available on the Internet, such as from Facebook, LinkedIn, Twitter and Google, or information available publicly. When the end user registers or logs in through one of his social channels, based on the configurations of his social accounts, some data is shared with the AI + platform or one of the OPENAI websites. In addition, we also consider credit or debit card numbers, personal financial account information, passport numbers or other identity documents to be particularly important.
Sensitive data: we consider sensitive data of racial or ethnic origin, conditions or information on physical or mental health, judicial or health, biometric.
Navigation Information: refer to the information present on your computer and visits to this website (and other web pages managed by OPENAI) such as the IP address, the geographical position, the type of browser, the reference source, the duration of the visit and the pages viewed.
Consent: this refers to the free expression of will of the interested party with whom he expressly accepts a specific treatment of his personal / sensitive data, of which he has been previously informed by the Data Controller.
- Data processed, purposes and legal bases of the treatment
Data generated by accessing the site
During their normal operation, the IT systems and software procedures used to operate the websites managed by OPENAI and the AI + artificial intelligence platform acquire some personal data whose transmission is implicit in the use of Internet communication protocols.
This data (such as for example domain names, IP addresses, operating system used, type of browser device used for the connection) are not accompanied by any additional personal information and are used for:
- I) obtain anonymous statistical information on the use of the platform;
- II) manage needs to control how it is used;
III) ascertain responsibility in case of hypothetical computer crimes.
The legal basis that legitimizes the processing of such data is the need to make the site functions usable following user access.
Data voluntarily provided by the user
Personal information, which includes the name, postal address, e-mail address, telephone number, IP address or any other identification to contact the data subject online or offline or any other information that can be attributed directly or indirectly to the data subject and which will be provided by the interested party itself through the registration procedure which can take place in paper form and directly, through the acquisition of data on the occasion of joining one of the Fidelity Cards proposed by the holder, or through online forms, are collected and processed for the following purposes:
- for the execution of the contract: in the case of a subscription or the stipulation of a contract between OPENAI and the counterparty (end-user). This includes administrative purposes, the management of payments and for the fulfilment of legal obligations such as those of an accounting, fiscal nature, or to process requests from the judicial authority;
- in the presence of specific consent, for marketing activities such as the periodic sending, via e-mail, of newsletters and advertising material and to receive updates on our activities, reports, promotional communications and invitations to events, training courses, webinars, special promotions, participate in market research and analysis or commercial communication with automated contact methods, or through remote communications (e.g. via mobile and fixed networks, with sms, mms etc) and traditional (paper mail);
- in the presence of specific consent, for the communication or transfer of your data to subsidiaries or third parties operating in the insurance, banking, financial, tourism, publishing, food, industrial, gas, water, energy, as well as other services sectors in general, because they inform you – by telephone or by sending commercial information by paper mail, e-mail or SMS – of opportunities to purchase or provide services.
- in the presence of specific consent, the data will be processed for profiling purposes, in particular for the creation of a commercial profile and / or for the analysis of preferences, habits or consumption choices, also through the crossing of such personal data with other information collected through profiling cookies that may be accepted. The processing of your personal data for profiling purposes will take place with tools and methods, better provided for in paragraph 5 below (Processing methods).
Data collected through the AI + Platform
In the context of data processing and about the sending of communications addressed to the customer, the data controller will also make use of the AI + platform itself, which, through statistical tracking systems, allows to detect the opening of a message, the clicks made on the hyperlinks contained within the email, from which IP address or with what type of browser the email is opened, and other similar details. The collection of such data is functional to the use of the platform and forms an integral part of the functionality of the message sending system.
The legal basis that legitimizes the processing of such data is the execution of a contract of which the interested party is a party.
3.1 The technologies that OPENAI and third parties that provide content and applications can use for this automatic data collection include:
The AI + platform and the websites managed by OPENAI use the following types of cookies:
The strictly necessary cookies are cookies that allow you to consult the AI + website, use its functions and access protected areas reserved for registered users. If the use of these cookies is disabled, some parts of the AI + platform may not be able to be used correctly.
Functional cookies and saving preferences are cookies that allow the AI + platform and the websites managed by OPENAI to record the choices (such as the user’s name, the choice of language and country, the font and size of the script, the passwords etc.), as well as visitor preferences (such as the pages visited, etc.), in order to facilitate the use of the platform and to be able to offer visitors a more relevant and personalized experience.
The AI + platform uses the following cookies:
Name Expiration Purpose Supplier
PHPSESSID End of navigation session Owner
Analytics 30 days tracking navigation Owner
- Nature of the provision
Apart from what is specified for navigation data and for data collected through the AI + Platform, the provision of data:
- with respect to the purposes referred to in point 3 in letter a), it is optional but any refusal will make it impossible for OPENAI to carry out the contractual commitments undertaken.
- with respect to the purposes referred to in point 3 in letters b), c) and d) membership is optional and the use of data for these purposes is strictly conditional on the release of an explicit consent by the customer or end-user. Any refusal to treatment, of all or part of them, will make it impossible for OPENAI to carry out the treatments for the purposes described.
- Processing methods and data retention times
The collected data will be processed using electronic or automated, IT and telematic tools, or through manual processing with logic strictly related to the purposes for which the personal data were collected and, in any case, in order to guarantee their safety in any case. The data are kept for the time strictly necessary for the management of the purposes for which the data are collected in compliance with current regulations and legal obligations.
In any case, OPENAI and the respective data processors appointed by you, apply rules that prevent the storage of data indefinitely and therefore limit the storage time in compliance with the principle of minimization of data processing by carrying out a periodic annual check on the processed data and the possibility of being able to delete them if no longer necessary for the intended purposes.
In the event of consent, the processing of personal data for profiling purposes will take place with data processing tools which, following a cross, will create a commercial and behavioural profile on the web. This data processing tool also relates the data collected during navigation on the web pages through the use of first-party profiling cookies accepted with the data collected through the previously specified methods.
- Subjects authorized to process, responsible and communicate the data
The processing of the collected data is carried out by personnel appointed by OPENAI for this purpose, identified and authorized for processing according to specific instructions given in compliance with current legislation.
The data collected, if it is necessary or instrumental for the execution of the indicated purposes, may be processed by third parties appointed as external processors, (whose updated list you can request it via email by writing to email@example.com) and, depending on of the cases, communicated to them as independent owners, namely:
- Companies of the OPENAI group for the purposes referred to in point 3 lett. a) and b);
- Persons, companies, associations or professional firms that provide assistance and advice to our Company, for the purposes referred to in point 3lett.a);
- Third parties’ suppliers of content and value-added services requested by the end-user;
- Companies, entities, associations that perform services connected and instrumental to the execution of the aforementioned purposes (market analysis and research service, credit card payments management, maintenance of IT systems).
- Public authorities, when the conditions are met.
The processors appointed by OPENAI will process the data only as indicated by OPENAI itself and are authorized to process it for different purposes for the purposes for which they were collected. All data will be used exclusively and limited to the purposes determined following the contracts signed.
Furthermore, the personal data collected and processed will never be disclosed.
- Transfer of personal data outside the EU
Your data may also be processed by IT service providers, in their capacity as Data Processors. If the same operated outside the European Union, OPENAI, in compliance with the legislation on the transfer of data in a non-European country, undertakes to stipulate, if necessary, agreements that guarantee an adequate level of protection and / or to sign the contractual clauses necessary.
- Rights of the interested person
At any time it is possible to access the data, confirm its existence, know its origin, oppose the processing or request the cancellation, modification or updating of all personal information collected by OPENAI, exercising the right to limitation of treatment and the right to data portability, by sending an e-mail to firstname.lastname@example.org using the email account chosen when registering for the services offered.
It is also possible to lodge a complaint with a supervisory authority (privacy guarantor).
- Details on data security
Personal data are protected by technical, IT, organizational, logistical and procedural security measures, against the risks of destruction or loss, even accidental, and of unauthorized access or unauthorized treatment. These measures are periodically updated based on technical progress, the nature of the data and the specific characteristics of the treatment, constantly checked and verified over time. These security measures correspond to the requirements that the Data Controller and the managers appointed by him have identified as adequate. Periodic “Risk Analysis” activities are conducted to verify adherence to the adopted security protocols and, if necessary, new security measures are introduced or updated as a result of organizational changes and technological innovations or changes in the type of data collected. Security measures are constantly checked and periodically checked.