OPERA’s updated Privacy Policy and GDPR

BACKGROUND

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA), adopted in April 2016, and enforceable starting on 25 May 2018. The mentioned  EU Directive regulates the processing of personal data regardless of whether such processing is automated or not ( Personal data is: “any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity” (art. 2 a of GDPR).

This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system. This Regulation basically comes to establish that the Personal data should not be processed at all, except when certain conditions are met.

These conditions must fall only into three categories: transparency, legitimate purpose, and proportionality.

The responsibility for compliance rests on the shoulders of the “controller” or the potential “collector of the data, meaning by controller the natural or artificial person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.

Since Opera srl (hereafter “OPERA”) is a legal entity, is a potential collector of the personal data of employees and experts, therefore OPERA is recipient of observance of that directive GDPR Privacy Statement.

Privacy Statement

OPERA is committed to protecting the privacy of its users and for this reason has recently updated its Privacy Policy in order to comply with the new EU Regulation for General Data Protection (GDPR).

The purpose of this Privacy Statement is to define the new privacy policy with regards to the collection and use of any Personal data by OPERA through its website (as found at the URL http://www.opera-italy.eu) or through its daily operations.

This privacy statement was last modified on the 25th of May 2018 and is effective immediately. In case this statement will be amended, notifications of any modification will be posted on the website home page.

Use of Personal Data:

For the sole purpose of its activities OPERA keeps a database of experts.

• The purpose of our database is to inform and propose to registered experts on available cooperation opportunities corresponding to their field of professional activity;

• The information that you provide serves our internal purposes only; it will be used for identifying possible candidates for our offers and/or projects. Your CV will not be included in any of our offers/proposals/letters of interest without your prior consent;

• Should an expert be contracted for an ongoing project or for the preparation of a tender, the CV of the expert with the information it contains will be shared among the concerned parties for the unique purpose of the mission / tender / contract.

• Part of the data is accessed by OPERA’s staff based outside of the European Economic Area (EEA).

• Any financial data is only used for the purpose of honoring the contracts with the relevant party or to respect Italian legal obligations.

Confidentiality:

• The information you provide will not be transmitted to third parties unless you previously authorize us to do so and for the unique purpose of proposing you missions and projects;

• Third parties in this context might include one of our Clients or the OPERA SRL, or one of our consortium partners and this in the unique purpose and process of bidding or implementing projects in the context of service contracts in the development cooperation sector

Data Retention:

OPERA does not keep Personal data for longer than is necessary for the purposes for which it was collected and processed.

• Your data will be kept in our records as long as it is regularly updated, unless you explicitly request the removal of your registration from our database by sending an email to operasoc@legalmail.it. We send periodic emails reminding our experts to update their profile;

• Deletion requests of all personal information will be processed within 30 days from the initial request;

• Should your data in our database of experts be outdated and is older than 15 years, we will erase your record from our database. The duration of keeping outdated data will be revised with time;

• Information on experts contracted by OPERA or its partners for an assignment will remain in our records for legal and fiscal purposes as per the Belgian Law and for audit purposes as per the procedures of our Clients.

Security

OPERA handles all Personal data in accordance with the terms of this Privacy Policy and the legal obligations applicable to the processing of Personal data.

• The information you provide is saved internally on OPERA servers. It is protected by the same security parameters as our entire information system and is strictly by no means published on the web;

• Our website does not collect cookies;

• OPERA optimizes the security of the Personal data by i.a. using encryption, firewalls, password protections and limiting the access to the Personal data.

• OPERA has adopted adequate measures to protect all the Personal data against accidental or unlawful destruction, loss, alteration, un authorized disclosure of, or access to, Personal data transmitted, stored or otherwise processed.

However, the transmission of information via the internet can never be completely secure and the provision of Personal data remains at one’s own risk at all times.

If you have the impression that your Personal data is not adequately protected or if there are indications of abuse, please write at operasoc@legalmail.it

User rights with regard to Personal data

Experts and Individuals working in organizations have the right to:

1) access their data;

2) rectify their data;

3) have their data erased;

4) restrict the processing of their data;

5) transmit their data to another party (portability);

6) object

To exercise any of the above-mentioned rights, an email to operasoc@legalmail.it should be sent.