New attacks in Italy, reported data breaches, AI and cybersecurity

The role of ISO certifications in ACN cloud qualification: security and quality for the Public Administration

 View all

 

 

Information pursuant to the GDPR 679/2016 personal data protection regulation – Reports on the accessibility of the Telsy S.p.A. website.

 

Pursuant to Article 13 of Regulation 2016/679/EU (General Data Protection Regulation – hereinafter GDPR), Telsy S.p.A., hereinafter referred to as Telsy, provides the following information regarding the processing of personal data provided by the data subject in reports relating to accessibility (hereinafter referred to as “accessibility reports”) in relation to its digital products and services (e.g., mobile applications and websites), in accordance with the provisions of Law 4/2004, Legislative Decree 82/2022, and the AgID (Agency for Digital Italy) Guidelines on digital accessibility.

In particular, Legislative Decree 82/2022 transposed EU Directive 2019/882 on accessibility (known as the European Accessibility Act), supplementing and updating Law 4/2004 (the so-called Stanca Law), which already imposed certain obligations on public administrations and private entities offering services to the public through websites or mobile applications. The European Accessibility Act imposes a series of more detailed rules and requirements for numerous digital products and services in various sectors (including e-commerce, electronic communications services, transport, banking services, and culture), with the aim of improving accessibility for people with disabilities, thus ensuring their full social and professional participation.

 

1) Categories of personal data

Telsy will process the personal data provided by the data subject in accessibility reports sent to the following dedicated email address: segnalazioni_acessibilita@telsy.it

The data strictly necessary for the management of reports belong to the category of common data referred to in Article 4, point 1, of the GDPR: personal data (name, surname, and, where applicable, date of birth), contact details (email address and, where applicable, landline and/or mobile phone number).

 

2) Purpose of processing and legal basis

The personal data provided by the data subject will be processed by TIM to manage and respond to reports concerning any problems relating to the accessibility of its digital products and services (including websites and mobile applications) or improvements to be made to them. Responses to reports will be provided within 30 days of receipt. In addition, the data, after aggregation and anonymization, may be processed for statistical purposes and to improve the accessibility of its digital products and services.

The legal basis for the processing is the need to fulfill the legal obligations (referred to in the introduction) to which the Data Controller is subject (Article 6, paragraph 1, letter c) of the GDPR).

The provision of personal data is necessary for the purposes referred to in this point 2); failure to provide such data, or providing partial or inaccurate data, could make it impossible to manage accessibility reports.

 

3) Storage of personal data

Telsy will store personal data for a period of time not exceeding the achievement of the purposes for which it is collected or subsequently processed, i.e. for the time necessary to manage and respond to the report received and, in any case, no later than 1 year from the date of the final response to the report.

 

4) Methods and logic of processing

Data processing will be carried out manually and/or using IT and telematic tools, with data organization and processing logic related to the purposes indicated above and, in any case, in such a way as to guarantee security and confidentiality.

 

5) Data controller, Data Protection Officer, and categories of persons authorized to process data at Telsy

The data controller for personal data as a business group is TIM S.p.A., with registered office at Via Gaetano Negri, No. 1 – 20123 Milan. TIM has appointed a Data Protection Officer, who can be contacted by writing to the following address: Via Gaetano Negri, No. 1 – 20123 Milan. Personal data will be processed by employees of the relevant TIM departments, who have been appointed as persons authorized to process personal data and have received adequate operating instructions in this regard.

Telsy S.p.A., with registered office in Corso Svizzera, no. 185, 00149 Turin, has set up a specific contact point with the email address dpo.telsy@telecomitalia.it

 

6) Categories of third parties to whom the data may be disclosed or who may become aware of it

Some personal data processing may also be carried out by third parties, including TIM Group companies, to whom TIM or Telsy entrust certain activities (or part thereof) in order to pursue the purposes referred to in point 2). These third parties may also be established abroad, in EU or non-EU countries; in the latter case, the transfer of data is carried out by virtue of the existence of a decision by the European Commission on the adequacy of the level of data protection in the non-EU country or on the basis of the appropriate and adequate safeguards provided for in Articles 46 or 47 of the GDPR (e.g., signing of the “standard clauses” for data protection adopted by the European Commission) or the additional conditions for the legitimacy of the transfer provided for in Article 49 of the GDPR. These parties will operate as independent Data Controllers or will be designated as Data Processors and are essentially included in the following categories: a) IT service providers; b) Consultants and law firms; c) Authorities (e.g., AgID, Privacy Guarantor), Judicial Authorities, and any other public entity entitled to request data.

 

7) Rights of data subjects

Data subjects may exercise their rights under Articles 15 to 22 of the GDPR at any time, as applicable (e.g., access data relating to accessibility reports, request their deletion, object to their use for legitimate reasons), by writing to segnalazioni_acessibilita@telsy.it. Or to the following specific contact point with email address dpo.telsy@telecomitalia.it.

Further information on accessibility can be found on the access web page.

In addition, the data subject has the right to lodge a complaint with the Data Protection Authority (Article 77 of the GDPR) or, alternatively, to take legal action before the competent judicial authority (Article 79 of the GDPR) if they believe that the processing of their personal data violates current legislation.

 

Telsy S.p.A.

 

Edition November 2025 – Telsy information on accessibility reporting