INFORMATION PROCESS OF PERSONAL DATA (GDPR 679/2016)
T.net S.p.A. exercises two different roles in relation to its users in relation to the new EU Regulation
For the following services T.net has the role of “Data Controller”
- Cloud Mail
- Cloud Bag
- Cloud PBX, Telephony and Voice Over IP services
- Broadband Connectivity Services Accounting
- Cloud IaaS
- Cloud DCaaS
- Infrastructure & Engineering WEB Services
- Senior Safety
- Sanità Digitale
While for the following it has the role of “Data Processor”
When you use our services, you entrust us with your information. With this document we intend to explain to you that your data are processed exclusively for the purposes envisaged by the provision of the commissioned service or for the obligations and provisions imposed by law.
If prescribed or necessary for the protection of your SaaS or PaaS services, the appropriate security measures apply to the protection of your data and their protection against external attacks. With “by desing” protection systems and consistent with the risk assessments carried out on the data processed, the data of the data subjects will be safeguarded.
As required by current legislation on data protection, pursuant to art. 5 of EU Regulation
679/2016, personal data will be processed in a lawful, correct and transparent way towards the interested party. Collected for specific, explicit and legitimate purposes; adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. They are
collected in an exact manner and, if necessary, updated, respecting the fundamental rights and freedoms, as well as the dignity of the interested party, with particular reference to privacy, personal identity and the right to protection of personal data. This information is subject to updates and / or changes by the Data Controller, which will be publicized on the website as regards the processing of visitor data. Instead it will be directly accessible to T.net Users
through the appropriate “privacy” link reachable from profile.
In the event of a breach of personal data, the data controller shall notify the competent supervisory authority of the violation and, if the data breach represents a high risk for
the rights and freedoms of natural persons, the controller shall disclose the violation to whom it may concerned.
Data Controller is T.net S.p.A., P. IVA 03979950874, registered office in Roberto
Lepetit Street, 8/10 – 20124 Milan.
Data Protection Officer
Data Protection Officer is reachable at the following contact points at the registered office in
Roberto Lepetit Street, 8/10 – 20124 Milan
Tel.: +39 02 97 084 111
Fax.: +39 02 97 084 444 pec: firstname.lastname@example.org
All reports in terms of non-compliance, possible violations or ex-requests must be addressed to the DPO. Art 17 (right to cancel your personal data)
SCOPE OF THE PROCESSING
With this document we explain what we do with the data you entrust us when you use our services, why we use your data, why we collect, store and protect it.
As described in the introduction our services are extensive and can be used in various ways. For some interested we are the “Controller” for others only the “Processor”, but we would like to point out that all data you provide us are used only for the performance of the services and for the obligations required by law and currentregulations.
With this document we illustrate:
- The collected data and the purposes we have
- How to use this data
- How to access, modify and delete thisinformation
We have tried, inspired by the principles of the Regulation, to keep the terms of the discussion broad and easy to understand, but the type of services that we deliver obliges us to cite terms such as IP Address, Browser, Log, Accounting, Cookie, Internet of Things (IOT). On these important terms we put the references in Italian to Wikipedia in order to allow you a more agile understanding. If we do not succeed, because for T.net the protection of your data is primary and all our customers, large or small, should know our ways to process the data and respect your privacy, we have put an address for your mail to contact us for any specific problem and request for specific clarification.
We collect data on how you use our services in relation to billing requirements and legal requirements, but we do not make any record of the related content in terms, for example, of websites users visited if your service is a Broadband connection, but only the IP address user, of the access and end times of navigation.
For the Cloud Services, we only register the allocated resources, the IPs and (if for consumption) the possible times of use, but not how the resources have been used.
We therefore do not collect information on the services used by the interested parties in terms of how they are used, such as for example. if a video is viewed, an application downloaded, etc.
If the user has given his consent and receives our mails we monitor:
- Opening the email
- Any click on the links present
- The type of device from which it is opened (desktop, mobile, etc.)
- The IP from which the email is opened
On SaaS, Cloud Bags, Cloud Mail, Cloud PBX, Cloud PaaS we monitor anomalous device activity both for security reasons and for detecting abnormal shutdowns, system activity, incorrect hardware settings, types of browsers used, device types used, date and time of the requests and any reference operations that generated the anomaly.
On our websites and portals, we monitor cookies, as specified below, to uniquely identify the user, session and account of the interested party.
For Clients who use the MAPI CloudMail’s services, for the sole purpose of security, we detect the access position by accessing the mobile or fixed device, but requesting its consent, directly from the installed email application.
In this regard, to protect the information to which the party grants access, such as messages, photos, address book, agenda we oblige the user to specify a PIN to access the device.
Data Controller does not use or exercise any processing in relation to these data, which are recorded on multiple databases whose access is protected through procedures that restrict the persons with access to such data and record all requests on appropriate unalterable syslogger.
Pursuant to Article 9, paragraph 1 of Regulation 679/2016, no personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data relating to health or sexual orientation is memorized, detected or in some way traced by our systems.
For issues related to Accounting, invoicing and legal obligations to the Authorities, the IP assigned to the data subject and the relative access and end time of the connection are recorded.
With regard to the SaaS Services provided in the healthcare sector and for which T.net S.p.A. is the “Data Processor”, appropriate protection and access systems “WAF” or Web Application Firewall have been suitably prepared. Any access of T.net representatives for assistance, debugging and maintenance functions are recorded and stored on unalterable logs.
SUBJECTS TO WHICH THE DATA MAY BE COMMUNICATED OR THAT THEY CAN COME TO KNOWLEDGE AS STAFF
The processing of personal data connected to the web services of the T.net sites takes place at the offices of T.net S.p.A. and are only handled by personnel in charge of processing accessing the systems through unique credentials and all accesses and related activities are stored on unalterable logs.
The personal data provided by users who request dispatch of informative material, data on electronic traffic, cookies or proposals for applications are used only to perform the service or provision requested and are communicated to third party suppliers and / or employees only if this is necessary for this purpose. The data will be processed by the company T.net S.p.A. and may be transmitted to companies connected to the same for the purpose of providing the services.
Personal data are processed using automatic and non-automatic tools, for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
RIGHTS OF DATA SUBJECT
The interested party has the right to obtain from the Data Controller access to personal data and the following information:
- a) the purposes of the processing;
- b) the categories of personal data in question;
- c) the recipients to whom the personal data have been or will be communicated;
- d) when possible, the retention period;
- e) the right to request the correction or deletion of data (right to be forgotten) or the limitation of processing or, finally, to oppose the processing itself;
- f) the right to withdraw consent. However, this does not affect the lawfulness of the processing based on consent before revocation;
- g) the right to receive, in a structured, commonly used and automatically readableform, personal data concerning him / her (portability);
- h) the existence of an automated decision-making process; i) the right to lodge a complaint with a supervisory authority. Furthermore, T.net will provide at the data subject:
- a) the identity and contact details of the data controller;
- b) contact details of the person in charge of data protection (DPO), reachable at the certified electronic e-mail email@example.com
- c) any legitimate interests pursued by the data controller
- d) where applicable, the intention of the data controller to transfer personal dataabroad.
We inform Users that, with the exception of navigation data, the communication of data is optional, however any refusal to supply them, or the lack of consent to their processing, may not allow T.net S.p.A. to ensure the timely and correct handling of the request for contact or the provision of the service forwarded by the data subject.
Pursuant to the combined provisions of art.8 of the EU Regulation 679/2016 and art.2- quinquies of the D.L. 101/2018, laying down the provisions about the Privacy Code, a minor of fourteen years of age may give consent to the processing of personal data when related to the direct offer of services by an information company.
With regard to the aforementioned services, the processing of personal data of a minor below the age of fourteen shall be lawful only when provided by those bearing parental responsibility.
We point out that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 GDPR 2016/679, the retention period of the personal data of the interested party is established for a period of time not exceeding the achievement of the purposes for which they are collected and processed and in compliance with the times prescribed by law.
SECURITY OF INFORMATION COLLECTED ON THE SITES AND PORTALS
All information collected on the site is stored and maintained in secure facilities that restrict access to authorized personnel only. The website is checked regularly to check for security breaches, and to ensure that all information collected is safe from those who intend to view
it without authorization. T.net S.p.A. adheres to all security measures described by applicable laws and regulations and to all appropriate measures according to the currently most advanced criteria, to ensure and guarantee the confidentiality of users’ personal data, and to minimize as far as possible the dangers of unauthorized access, removal, loss or damage to users’s personal data.
TYPE OF DATA PROCESSED AND PURPOSE OF DATA PROCESSING PROVIDED VOLUNTARILY BY USERS
The voluntary, optional and explicit sending of data to T.net S.p.A. on the part of the user (on the occasion, for example, of the registration in the database of T.net Spa or the insertion of their data by filling in the appropriate “forms”, also in order to verify the possibility of accessing its services, as well as sending e-mail to the addresses indicated on this site), involves the subsequent acquisition of the sender’s address and the data provided by the same, for which the user also releases express consent to their processing. In case users enter or otherwise treat the data of third parties guarantee from now, assuming all related responsibility, to have previously provided to them the information referred to in Article. 12 of the Regulations and having acquired their consent to the processing.
The computer systems and software procedures used to operate this site acquire, in normal operation, some navigation data that are implicitly transmitted in the use of internet communication protocols. These are data relating to electronic traffic which by their nature are not immediately associated with identified data subjects, but through processing or association with data held by third parties could allow identification of users / visitors to the website (such as, for example, IP addresses, type browser and operating system used by the user, time required to access web pages). This data is used only for anonymous statistical information regarding website visits website visits or to verify the correct functionality of the website. These data are kept by the company T.net S.p.a. for the strictly necessary period and in any case in compliance with the current regulations in force.
GENERAL INFORMATION, DEACTIVATION AND MANAGEMENT OF COOKIES
Cookies are data that are sent from the website and stored by the internet browser on the computer or other device (for example, tablet or mobile phone) of the user. Technical cookies and third-party cookies may be installed on our website. In any case, the user can manage, or request general deactivation or cancellation of cookies, modifying the settings of his internet browser. This deactivation, however, may slow down or prevent access to some parts of the website. The settings to manage or disable cookies may vary depending on the internet browser used, therefore, for more information on how to perform such operations, we suggest you to consult the manual of your device or the “Help” function or “Help” of your internet browser. Below are the links to the Users that explain how to manage or disable cookies for the most popular Internet browsers.
Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage- cookies
The use of technical cookies, that is cookies necessary for the transmission of communications on the electronic communication network or cookies strictly necessary to the supplier to provide the service requested by the customer, allows the safe and efficient use of our website. Session cookies may be installed in order to allow and access to the reserved area of the portal as an authenticated user. Technical cookies are essential for the proper functioning of our website
and are used to allow users normal browsing and the opportunity to take advantage of the advanced services available on our website. The technical cookies used are distinguished in session cookies, which are stored exclusively for the duration of navigation until the browser is closed, and persistent cookies that are saved in the user’s device memory until their expiration or cancellation by the user itself. Our website uses the following technicalcookies:
- Technical browsing or session cookies, used to manage normal browsing and user authentication;
- Functional technical cookies, used to store customizations chosen by the user,such as, for example, the language;
- Technical analytics cookies, used to know how users use our website so that they can evaluate and improve their functioning.
THIRD PARTY COOKIES
Third-party cookies may be installed: these are cookies, analytical and profiling, Google Analytics, google maps, Twitter Linkedin and Facebook. These cookies are sent from the websites of the aforementioned third parties external to our site. The analytical cookies of third parties are used to detect information on the behavior of users on the website. The
survey takes place anonymously, in order to monitor the performance and improve the usability of the website. The third-party profiling cookies are used to create profiles related to users, in order to propose advertising messages in line with the choices expressed by the users themselves.
The use of these cookies is governed by the rules set by the third parties themselves, therefore, users are invited to view the privacy policies and indications to manage or disable
cookies published on the following web pages:
For Google Analytics cookies:
For Google map cookies:
indications to manage or disable cookies:
For Facebook cookies:
indications to manage or disable cookies: https://www.facebook.com/help/cookies/
For Twitter cookies:
indications to manage or disable cookies: https://www.twitter.com/help/cookies
For Linkedin cookies:
indications to manage or disable cookies: https://www.linkedin.com/help/cookies/
Information and requests regarding privacy can be directed to T.net S.p.A.
- by traditional e-mail to the mailbox: firstname.lastname@example.org
- by post office T.net S.p.a., Roberto Lepetit street, 8/10 – 20124 Milan at the attention of Data Processor Officer (DPO)
- by registered email email@example.com