This document describes how the site is managed in terms of the processing and confidentiality of users’ personal data. This information is also provided pursuant to Art. 13 of the GDPR 679/2016 – European Regulation on the Protection of Personal Data for those who interact with TESYA SPA’s web services – which can be accessed electronically at the following URL: https://www.tesya.com/ – which is the home page of the website.

This information applies only to this website and not to other websites that the user may access via links.

THE ‘DATA CONTROLLER’

Through visiting this website, data relating to identified or identifiable persons may be processed. The ‘Data Controller’ of any personal data processed following access to our website and of any other data used to provide our services, is TESYA SPA, with Italian Tax Code and VAT No. 00156280026 and with registered office in via Padana Superiore, 19 – 20055 Vimodrone (MI), Italy.

LOCATION OF DATA PROCESSING – DATA DISCLOSURE

The processing operations connected with this website’s services take place at the website provider’s registered office and are carried out only by the technical staff working in the office in charge of processing or by persons in charge of occasional maintenance operations.

Personal data provided by users who request information material to be sent/received (information, newsletters, brochures,

etc.) are used for the sole purpose of performing the service or provision requested and are not disclosed to third parties, except under the following possible circumstances:
• Commercial partners: website provider;
• Individuals, companies or professional firms providing assistance and advice to the Data Controller in accounting, administrative, legal, tax and financial matters;
• Entities whose right to access the data is recognised by law or by order of the authorities.

TYPES OF DATA PROCESSED

Browsing data

During their normal operations, the computer systems and software procedures used to operate this website acquire certain personal data, the submission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This data category includes the IP addresses of users’ computers that connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on site usage and to check that it is functioning correctly, and it is deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical cybercrimes against the website – other than under these circumstances, web contact data are currently not retained for more than seven days.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of emails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, which is necessary to reply to requests, as well as any other personal data included in the message. The data will only be kept for the purpose of sending out newsletters, brochures or information and will not be disclosed to any other party. We do not collect or use personal information about anyone visiting the Website. Visitors remain anonymous.

Newsletter

Visitors to the site can register for our newsletter service. Upon registration, the user’s email address will automatically be included in a list of contacts to whom email messages may be sent containing periodic updates with information, including of a commercial and promotional nature, relating to initiatives, events or promotions run by the data controller.

To subscribe to the Newsletter, you can use the subscription forms on the website by entering your name, surname, telephone number and email address. The data entered will only be used for the purposes of sending our email newsletter and will not be disclosed to third parties.

DATA RETENTION PERIOD OR CRITERIA FOR SPECIFYING THE PERIOD

In accordance with the provisions laid down in Article 5(1)(e) of EU Reg. 2016/679, the personal data collected will be stored in a form that allows the data subjects to be identified for a period of time not exceeding the fulfilment of the purposes for which the personal data are processed.

The retention periods for data of a personal nature supplied via the website depend on the purpose of the processing being carried out, in particular:

• purposes relating to technical browsing data to ensure the website functions properly – retained only for the related session, at the end of which the data are deleted;
• purpose of responding to a request for information/provision of requested services (maximum 12 months per contact request; 10 years for any administrative/accounting/financial documentation relating to the provision of a service);
• newsletters, marketing or general promotional communications via email (maximum 24 months – or until consent is revoked);
• administrative-accounting management purposes – 10 years, in accordance with legal requirements for the preservation of administrative/accounting/financial documentation.

OPTIONAL NATURE OF DATA PROVISION

Apart from the special conditions concerning browsing data, the user may choose to provide the data controller with the personal data contained in the request forms or specified when contacting the Office in order to make online bookings, request informative material or other communications. Failure to provide these data may mean that the requested information or services cannot be supplied.

PROCESSING METHODS

Personal data are processed by automated means during the period of time that is strictly necessary for achieving the purposes for which they were collected. Special security measures are taken to prevent loss, illegal or incorrect use of data and unauthorised access. There is no automated decision-making process for data processing.

DATA SUBJECT RIGHTS

The data controller is the company, TESYA SPA, in the person of its legal representative pro tempore, to whom you may apply at any time to exercise your rights as provided for by the GDPR 679/2016, in particular, the right to request access to and rectification or erasure of your personal data or restriction of the processing concerning you or to object to its processing, the right to obtain a copy of the personal data being processed, the right to data portability. The data subject has the right to receive the requested information without undue delay and, at the latest, within one month of receipt of the request, extendable, if necessary, by two months; the data subject also has the right to lodge a judicial appeal and complaint with the Supervisory Authority, i.e. the Data Protection Authority (www.garanteprivacy.it: Piazza Venezia No. 11 – 00187 Rome; garante@gpdp.it or protocollo@pec.gpdp.it).

The aforementioned rights may be exercised by making a request to the Data Controller at the following address: TESYA SPA, Italian Tax Code and VAT No. 00156280026, with registered office in Via Padana Superiore, 19 – 20055 Vimodrone (MI), Italy or by email: info@tesya.com

PERSONAL DATA TRANSFERS TO THIRD COUNTRIES

In pursuance of the above-mentioned purposes, TESYA SPA may communicate and have your personal data processed, in Italy or abroad, including countries not belonging to the European Union, by third parties with whom it has a business relationship: TESYA SPA will only provide said third parties with the information necessary to carry out the requested services, taking all measures to protect your personal data (Art. 44 GDPR).