On this page we describe how the Tiesse S.p.A. website is managed, www.tiesse.com,in relation to the processing of personal data of users who browse and interact with the aforementioned site.
The information is provided to the interested parties regarding the protection of personal data and concern exclusively the site in question. With regard to the processing and protection of personal data of other websites, which can be reached and consulted through links from this site, the Data Controller of personal data is in no way responsible.
This document can be printed using the print command in the settings of any browser.
The data controller of personal data, collected by browsing the pages of the site and through the e-mail addresses firstname.lastname@example.org, email@example.com, firstname.lastname@example.org and email@example.com is Tiesse S.p.A. – Via Asti 4, 10015 Ivrea (TO) ITALIA (tel. +39 0125 230544 – fax +39 0125 631923), hereinafter simply indicatedto “Tiesse”, which determines the purposes and means of processing the collected data.
Personal data means any information that, directly or indirectly, also in connection with any other information, including a personal identification number, makes a natural person identified oridentifiable.
Place and Methods of Treatment
The Data Controller adopts the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is carried out using manual, computerized and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated below. In addition to the Data Controller, in some cases, the Data may be accessed by other parties involved in the organization of this site (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third-party technical service providers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.
The data are processed for the time necessary to achieve the purposes for which they are collected
This site is hosted on Aruba servers (Aruba S.p.A. www.aruba.it)located in Italy.
Purpose of the processing
The user’s personal data are collected in order to allow the Data Controller to provide the service, fulfill legal obligations, respond to requests or enforcement actions, protect their rights and interests (as well as those of Users or third parties), detect any malicious or fraudulent activity, contact the user and draw up analysis and statistics of use of the site.
Personal data, provided voluntarily by the user, for example by writing tothe e-mail addresses on the site, will be processed exclusively to respond to the requests of the interested party and therefore within the limits strictly necessary for the execution of information and response activities, legitimate interest of the owner, or for the conclusion or execution of a possible contract with the interested party, for which the data communicated are indispensable.
Personal data collected by Tiesse S.p.A. will be processed internally bythe company and will not be communicated to anyone other than Tiesse or therefore transferred to a country outside the European Union.
Duration of processing
In compliance with Article 5 paragraph 1 letter E) of EU Reg. 2016/679, the personal data collected will be processed for the time required by the purposes for which they were collected.
The storage times of personal data, provided through the website or by sending e-mails, depend on the purpose of the processing carried out, at the end oftheand whenthe data will be deleted:
- Technical navigation data suitable for the proper functioning of the website: stored for the relative browsing session
- Response or request for information / provision of services requested (maximum 12 months for contact request; 10 years for any administrative / accounting / financial documentation relating to the provision of a service);
- Data relating to newsletters, marketing or promotional communications in general via e-mail (maximum 24 months – until consent is revoked);
- Administrative-accounting management: 10 years as per the legal deadlines for the conservation of administrative/accounting/financial documentation.
The Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the duration of the processing, the data will be deleted and consequently the user will no longer be able to exercise the rights of access, cancellation, rectification and portability of personal data.
Data provided voluntarily by the user
The user is free to provide personal data to the Data Controller. The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site involves the acquisition of the coordinates of the sender’s address, as well as any other personal data included in the message and / or in the electronic form.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.
Communication and dissemination of the data collected
Tiesse will not disseminate, exchange or sell the user’s personal data with third parties without the consent of the interested party, this consent can be expressed through the banner that appears at the first entry on the site or through the “privacy settings” item.
The data may be disclosed to third parties as:
- Public authorities or institutions
- Service providers for the management of the information and IT system
- Firms, professionals or companies in assistance or consultancy relationships
- External Service Providers
Transfer of data abroad
The personal data of the interested party will not be transmitted to third countries. In the event that personal data are transferred to third countries or international organizations in the future, all the provisions of Chapter V (EU Regulation 2016/679) will be respected in order to ensure an adequate level of protection.
Rights of the interested party
1) At any time, the interested party has the right to have confirmation, by Tiesse, whether or not the processing of personal data concerning him is in progress and to know the following information (right of access):
- the purposes of data processing
- what are the data that are processed
- the recipients or categories of recipients to whom the data have been or will be communicated, in particular if the recipients are based in third countries or are international organisations;
- the data retention period that has been envisaged or the criteria used to determine that period;
In addition, the data subject may request:
2) the correction of inaccurate personal data concerning him, also by providing a supplementary declaration (right of rectification).
3) the cancellation of your personal data (“right to be forgotten”).
It is specified that the interested party has the right to obtain the cancellation of their personal data if one of the following reasons exists:
- the data are no longer necessary with respect to the purposes for which they were collected or otherwise processed by Tiesse;
- the interested party has revoked the consent on which the processing is based, if expressed after this collection and given for other specific purposes, and furthermore there is no legal basis for the processing of the data;
- the interested party has exercised the right to object to the processing – referred to in point 8 below – and Tiesse has no legitimate reason to continue processing the data; or the interested party has exercised the right to object to the processing if Tiesse processes the data for direct marketing purposes, including profiling, except of course for new information to the interested party before processing the data for this new purpose;
- the personal data of the interested party have been processed unlawfully;
- personal data must be deleted to comply with a legal obligation under European Union law or Italian law.
Continuing in the list of the rights of the interested party, he can also request:
4) the limitation of the processing when one of the following hypotheses occurs (right of limitation):
- the interested party disputes the accuracy of their personal data, for the entire period necessary for Tiesse to verify the accuracy of such data;
- the processing is unlawful and the interested party instead of opposing the cancellation of their data, asks instead that only its use be limited;
- Tiesse no longer needs to process the personal data of the interested party, but the data are necessary for the interested party to ascertain, exercise or defend a right in court;
- the interested party has exercised the right to object to the processing – referred to in point 8 below – and awaits the verification of the possible prevalence of legitimate reasons by Tiesse to continue processing the data;
When the interested party exercises the right to limit the processing, his personal data will be processed, except for storage, only with the consent of the interested party or for the assessment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
5) In particular, as anticipated above, Tiesse wants to bring to the attention of the interested party the right to object (right of opposition) to the processing of their personal data, at any time, for reasons related to his particular situation, in the event that:
- Tiesse needed to process the data for the performance of a task carried out in the public interest or in the exercise of official authority
- Tiesse needs to process the data for the pursuit of a legitimate interest of Tiesse itself or of third parties.
It should be noted, however, also for the purposes of exercising the right of opposition of the interested party, that the purposes of this collection of personal data of Tiesse are those set out above in the point “purpose and legal basis of the processing”; if, as the owner of the processing of personal data, you intend to process the data for a purpose other than that for which they were collected, before such processing, you will inform the interested party about these different purposes.
6) In case of conclusion of the contract with Tiesse, the interested party also has the right to receive in a structured format, commonly used and readable by electronic device, the personal data concerning him and that he has provided to Tiesse.
You have the right to transmit such data, including through Tiesse, to another data controller, if technically feasible (right to data portability).
Please note that the processing of the personal data of the interested party collected here will not involve any form of automated decision-making process, including profiling that produces legal effects concerning the interested party or that similarly significantly affect his person or that concern the particular categories of data of art. 9 of European Regulation 679/2016 (former sensitive data).
Exercise of rights
The above rights can be exercised by sending the request to the following e-mail address: firstname.lastname@example.org.
Complaint and judicial remedy
Without prejudice to any other administrative or judicial remedy, the interested party who considers that the processing concerning him is done in violation of the regulations on the protection of personal data has the right to lodge a complaint with the Italian Privacy Guarantor, or another Member State of the European Union in which he habitually resides or works.
Without prejudice to the above, the data subject also has the right to seek a judicial remedy if he or she considers that his or her rights have been infringed as a result of processing.
Cookies and web services
In order to improve the experience of using the website, cookies are used, which are text files (letters and / or numbers) that allow the web server to store on the user’s device (in particular in the browser), information to be reused during the same visit to the site (session cookies) or later, even after days (persistent cookies). Cookies are stored, based on user preferences, by the individual browser on the specific device used (computer, tablet, smartphone) and are used for different purposes: execution of computer authentication, monitoring of sessions, storage of information on specific configurations regarding users accessing the web server, storage of preferences, visibility statistics of the pages of the site, etc..
It is possible to set your privacy preferences so as not to store cookies, delete them after each visit or every time you close your browser, or even accept only the site’s own cookies www.tiesse.com and not those of third parties.
Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.
If the changes affect treatments whose legal basis is consent, the Data Controller will collect the User’s consent again, if necessary.
This site, in order to provide a better service to the user, may contain references to other websites (“Links”) in the form of links, images, videos, texts or features. The Data Controller declines all responsibilityfor the contents and materials accessible at thesesites or otherwise obtainable through them. Any information concerning the sites referred to by the links mustbeaddressedonly to the administrators of the sites in question.