PRIVACY POLICY ON PERSONAL DATA PROCESSING

pursuant to art. 13 EU Regulation 2016/679

Website

2025 Edition

This policy has been drafted to integrate previous ones and does not constitute a replacement for them.

Pursuant to art. 13 of Regulation (EU) 2016/679 (GDPR), this policy concerns your personal data, i.e., information related to you, processed by Terranova within the scope of the website https://www.terranovasoftware.eu/.

1. DATA CONTROLLER

1.1. The Data Controller is TERRANOVA S.r.l., with registered office in Via Ferdinando Bartolommei 4 - 50129 Florence (FI), VAT no./Tax ID/R.I.FI no. 06139270489 - REA no. FI 603578.

1.2. Contact information: a) tel: 055 5386700; b) email address: info@terranovasoftware.eu.

2. DATA PROCESSED, PURPOSES AND LEGAL BASIS OF PROCESSING, NATURE OF PROVISION, RETENTION PERIOD

2.1 In this paragraph, in relation to each purpose, the following will also be indicated: the personal data processed, the legal basis of the processing, the nature of the provision, and the retention period.

1. Website Navigation. Personal data processed: personal data implicitly transmitted during the use of internet communication protocols (IP, domain names of the computers used to connect to the site, addresses in URI - Uniform Resource Identifier - notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and the user's computer environment). Purpose: to allow navigation and consultation of the website. Legal basis: art. 6.1 letter f) GDPR, as the processing is necessary for the pursuit of the legitimate interest of the controller. Nature of provision: necessary to browse the website. Retention period: for the entire duration of the browsing session in relation to the data collected during it and for a maximum period of seven (7) days, except for a further period if necessary for the ascertainment of responsibility for any computer crimes.
2. Contact Us. Personal data processed: name, surname, email address, company reference, telephone number, type of request, as well as all other information that you voluntarily provide. Purpose: to respond to requests for information. Legal basis: art. 6.1 letter b) GDPR, as the processing is necessary for the performance of a contract to which the data subject is party or for the execution of pre-contractual measures adopted at the request of the same. Nature of provision: necessary to make requests for information. Retention period: for the entire duration necessary to respond to your requests for information.
3. Newsletter. Personal data processed: name, surname, company reference, user's email address. Purpose: subscription to the newsletter service to send updates on products, events, and special offers. Legal basis: the explicit, free, and informed consent of the data subject, pursuant to art. 6.1 letter a) GDPR. Consent can be revoked at any time by writing to the controller at one of the contact points indicated in this policy. The revocation of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can stop receiving newsletters at any time, through the link found at the bottom of each message received via email or through a specific written request to the controller at one of the contact points. Nature of provision: optional. Retention period: until the user revokes consent and in any case no later than 24 months.
4. Work with us. Personal data processed: name, surname, telephone number, email address, role applied for, place of work, information on how the company was known, CV. Purposes: a) analysis and evaluation of the application for possible selection and for future selections; b) personnel selection, stipulation of a possible employment contract, carrying out training courses and internships; c) possible request for references, by contacting third parties, such as, for example, universities, former employers, schools, etc.; d) ensuring compliance with the minimum hiring percentages reserved for members of protected categories pursuant to Law 68/99. Legal basis: for the purposes referred to in points a), b) and c), the execution of pre-contractual measures adopted at the request of the data subject, pursuant to art. 6.1 letter b) GDPR; for the purpose referred to in point d), the fulfillment of legal obligations to which the Data Controller is subject, pursuant to art. 9.2 letter b) GDPR. Nature of provision: necessary to apply for a job position. Retention period: 12 (twelve) months from the receipt of the curriculum vitae, unless the hiring procedure is initiated.
5. Event Registration. Personal data processed: name, surname, email address, company reference, corporate function, telephone number. Purpose: to register the user for the requested event. Legal basis: art. 6.1 letter b) GDPR, as the processing is necessary for the performance of a contract to which the data subject is party or for the execution of pre-contractual measures adopted at the request of the same. Nature of provision: necessary to make requests for information. Retention period: for the time necessary to register the user for the requested event.
6. Fraud Prevention. Personal data processed: behavior on the website, including IP addresses. Purpose: security and prevention of fraudulent conduct, for which the controller uses an automatic control system that involves the detection and analysis of user behavior on the site associated with the processing of personal data, including the IP address. Legal basis: art. 6.1 letter f) GDPR, as the processing is necessary for the pursuit of the legitimate interest of the controller. Nature of provision: necessary to browse the website. Retention period: seven (7) days, unless an anomaly occurs. In that case, the data will be retained until the behaviors are ascertained and, in the event of legal action, until the end of the same.

2.2. In relation to cookies, please refer to the cookie policy available in the specific section on this website.

2.3. Your personal data may be processed, if necessary and subsequently to your provision for the purposes referred to above, for ascertaining, exercising, or defending a right in court, based on the legitimate interest of the data controller (art. 6.1 letter f) GDPR).

3. POTENTIAL DATA RECIPIENTS

3.1. To provide the requested services, the Data Controller may entrust your personal data to various service providers, with whom they have drawn up a specific contract aimed at protecting your personal data and respecting data protection legislation. These are subjects identified as Data Processors, who may process your personal data on the basis of a specific assignment pursuant to art. 28 GDPR, following the instructions and directives provided by the Controller. In particular, these may be: a) individuals, companies, or professional firms that provide assistance and consultancy to the Controller; b) subjects with whom it is necessary to interact to allow website navigation, for example, the hosting service provider; c) subjects delegated to carry out technical assistance and maintenance activities for network devices and electronic communication networks.

The complete list of data processors is available by sending a request to the Controller at one of the contact points indicated in this policy.

3.2. The Controller may communicate your personal data to subjects, entities, or authorities to whom the communication is mandatory by law or by order of the authorities. These subjects will operate as independent data controllers.

3.3. Your personal data may be communicated and processed by persons authorized by the Controller to the processing pursuant to art. 29 GDPR, who have committed to confidentiality or have an adequate legal obligation of confidentiality, such as Company employees.

4. DATA TRANSFER TO EXTRA-EU COUNTRIES

4.1. Your personal data may be transferred to Extra-EU Countries based on the standard contractual clauses referred to in art. 46 GDPR. Should a transfer to organizations established outside the EEA become necessary, the controller ensures from now on that such transfer will be carried out according to the provisions defined by articles 44 to 50 GDPR.

4.2. In relation to cookies, please refer to the cookie policy available on this website.

5. RIGHTS OF THE DATA SUBJECT AND COMPLAINT

5.1. Regarding the data itself, the data subject, or a subject delegated in writing, can exercise the following rights, also by writing to the controller's contact points indicated in this policy: a) the right of access pursuant to art. 15 GDPR; b) the right to rectification pursuant to art. 16 GDPR; c) the right to erasure ("right to be forgotten") pursuant to art. 17 GDPR; d) the right to restriction of processing when one of the hypotheses provided for by art. 18 GDPR occurs; e) the right to receive certification that the operations carried out pursuant to articles 16, 17, and 18 GDPR have been brought to the attention of those to whom the data have been communicated, unless this proves impossible or involves a disproportionate effort (art. 19 GDPR); f) the right to data portability pursuant to art. 20 GDPR; f) the right to object to the processing of personal data pursuant to art. 21 GDPR; g) the right not to be subjected to a decision based solely on automated processing pursuant to art. 22 GDPR; g) the right to withdraw consent at any time pursuant to art. 7 GDPR; h) the right to lodge a complaint with a supervisory authority pursuant to art. 77 GDPR.

6. FURTHER INFORMATION

6.1. The Data Controller remains available for any need for clarification and, should the processing be modified compared to what is described in this document, the controller will provide an appropriate updated policy.

6.2 The protection of your data and compliance with the principles established by the legislation, with particular reference to the principle of transparency, are values of primary importance for us. We would be grateful if you would help us by reporting any misunderstandings of this document or suggesting improvements to the controller's references as indicated above.

7. DATA PROTECTION OFFICER (DPO)

8.1. The Data Protection Officer can be contacted at the following addresses for all matters relating to the processing of personal data and the exercise of rights deriving from the GDPR: a) telephone: 055750808; b) email: dpo.sicurdata@opendata.it.