PRIVACY POLICY

Last update October 2024

Introduction

At Delta-Ti safeguarding your personal data, privacy, and confidentiality is of the utmost importance. As part of our commitment to protecting the information entrusted to us, we implement all necessary measures to ensure the highest level of data security and compliance with applicable regulations.

The Data Controller responsible for processing your personal information is Delta-Ti Impianti S.p.A. headquartered at Via Albenga, 92 10098 Rivoli (TO), Italy, hereinafter referred to as “Delta-Ti” or “Controller.”

For any inquiries or requests related to the processing of your personal data, you may contact us at info@delta-ti.it or send a written request to our registered office.

1. Data Controller

The Data Controller for the personal data collected through this website is Delta-Ti Impianti S.p.A. located at Via Albenga 92, 10098 Rivoli (TO), Italy, VAT number 01219870019, REA number 497576.

2. Data we collect

We collect various types of data through:

• Personal Information: Provided via contact forms, including name, email address, phone number, and any additional data shared voluntarily.
• Technical Data: Automatically collected information such as IP address, browser type, and operating system for security purposes.
• Navigation data: The information systems and software procedures used to operate this website acquire, during their normal course of operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but due to its nature, it could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of the computers used by users who connect to the website, the URIs (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.
• Data voluntarily provided by the user: The voluntary submission of personal data through the forms on the website (e.g., the Contact section) involves the acquisition of such data. This includes the user’s name, surname, email address, phone number, and any other information entered in the message.
• Cookies: The website uses technical cookies and, with the user’s consent, profiling cookies to improve the browsing experience and analyze website traffic. More information about the use of cookies can be found in the Cookie Policy section.

3. Purposes of Data Processing

The collected data is processed for the following purposes:

• Website navigation: Navigation data is processed to ensure the proper functioning of the website and for security purposes.
• Responding to information requests: The data voluntarily provided through contact forms is used to respond to user inquiries.
• Administrative and accounting purposes: If necessary, the data may be used to comply with legal or accounting obligations.
• Direct and indirect marketing: With explicit consent, the data may be processed to send marketing communications or promotional material about Delta-Ti’s services.
• Statistical analysis: Data collected through analytical cookies is used to generate anonymous statistics to improve the service and analyze website usage.
• Compliance: To ensure compliance with NIS2 requirements, including the safeguarding of essential services and critical infrastructure.
• Cybersecurity: In line with NIS2, to monitor and mitigate potential cybersecurity risks, ensuring the integrity and security of the services we provide to critical sectors.
• Website Analytics: To improve website performance and user experience through anonymized traffic analysis.

4. Legal Basis for Data Processing

Personal data is processed in accordance with the EU Regulation 2016/679 (“GDPR”) and Italian Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (“Italian Data Protection Code”). The legal bases for processing are:

• User consent: For marketing and profiling purposes, data processing occurs only with the user’s explicit consent.
• Pre-contractual measures: For information requests submitted through contact forms.
• Legal obligations: For accounting or fiscal purposes.
• Legitimate interest of the Controller: To ensure website security and proper functioning.

5. Data Processing Methods

Personal data is processed using both automated and manual tools, in compliance with the security measures required by the GDPR to prevent unauthorized access, disclosure, modification, or destruction of data.

6. Disclosure of Data to Third Parties

Personal data may be disclosed to:

• External parties: Delta-Ti may share personal data with external service providers for website hosting, email management, and analytics services (e.g., Google Analytics for collecting anonymous user data and browsing behavior).
• Subsidiaries or affiliates: Data may be transferred within the Delta-Ti group.
• Competent authorities: To comply with legal obligations or upon request from a judicial authority.

These external parties process the data as data processors appointed by Delta-Ti or, in some cases, as independent data controllers.

7. Transfer of Data to Third Countries

Some services used (such as Google Analytics) may involve data transfers to third countries, specifically the United States. This transfer is carried out in compliance with the adequacy decisions of the European Commission or other safeguards provided by the GDPR, such as standard contractual clauses.

8. User Rights

You have the following rights under GDPR:

• Access: Request a copy of your data.
• Rectification: Correct any inaccuracies.
• Erasure: Request deletion of your data, where permissible.
• Restriction: Request restricted processing in certain cases.
• Objection: Object to the processing of your data in certain circumstances.
• File a complaint with the supervisory authority (in Italy, the Data Protection Authority).

Requests related to user rights can be submitted via email to info@delta-ti.it or to the company’s registered office.

9. Data Retention Period

Personal data will be retained for the time necessary to fulfill the purposes for which it was collected and subsequently deleted or anonymized. In particular:

• Navigation data will be retained for a maximum of 365 days.
• Data voluntarily provided through contact forms will be retained for as long as necessary to respond to inquiries.
• Profiling cookies will be retained for a maximum of 12 months, unless consent is withdrawn.

In cases where retention is not legally required, data may be securely deleted upon user request.

10. Data Confidentiality and Cybersecurity (NIS2)

Delta-Ti treats all personal and sensitive data with strict confidentiality. Data transmitted through forms and banners is protected by confidentiality agreements and will not be shared with third parties unless required by law. Under NIS2, we have implemented enhanced cybersecurity protocols to prevent unauthorized access, disclosure, or destruction of personal data, especially data related to critical sectors.

All collected data is stored securely and is used only for the specific purposes for which it was provided. We also perform regular risk assessments in accordance with NIS2 to ensure the protection of both personal and industrial data.

11. Data Sharing and Transfers

Personal data will not be shared with third parties, except when required by law or in compliance with NIS2, such as sharing relevant information with national authorities in case of significant cybersecurity incidents.

12. Security Measures

In compliance with NIS2, Delta-Ti has implemented strict cybersecurity measures to protect your data from unauthorized access or breaches. These measures include encryption, secure data storage, and regular security audits.

13. Third-Party Service Providers and Data Processing

Delta-Ti partners with several third-party service providers to maintain and improve the website’s functionality. These include services such as:

• Google Analytics (for website performance and user behavior tracking),
• Vimeo (for video content delivery),
• Hosting providers (to ensure the website remains operational).

When interacting with third-party services, personal data (such as IP address, usage patterns, or preferences) may be transmitted to or collected by these external entities. Delta-Ti ensures that these third parties comply with GDPR and NIS2 obligations to protect user data. However, the exact usage of data by these third parties is subject to their own privacy policies.

14. Data Sharing with Third Parties

While Delta-Ti does not share personal data with unauthorized third parties, certain interactions on the website (such as watching a Vimeo video or analytics tracking via Google Analytics) may involve the transfer of anonymized or technical data to external systems.

Consequences of Third-Party Data Usage:

• Analytics: Data collected via Google Analytics is anonymized and aggregated, meaning it cannot be used to personally identify individual users. However, this data provides insights into how users interact with the website, potentially influencing decisions about content and layout to improve user experience.
• Video Hosting: If users interact with embedded content from Vimeo, certain user data (e.g., IP address, device information) may be shared with Vimeo for the purpose of delivering the video content. Users should be aware that Vimeo may set cookies and track interactions based on its own terms.
• Hosting Providers: The website’s hosting providers may have access to certain technical data to ensure proper functioning of the website. This data is securely processed under strict data protection agreements in compliance with both GDPR and NIS2.

Mitigation Measures:

• Data Anonymization: Wherever possible, personal data is anonymized to prevent the identification of individual users.
• Data Minimization: Only essential data is shared with third-party providers to reduce the risk of exposure or misuse.
• Third-Party Audits: Delta-Ti conducts periodic audits and requires assurances from its service providers regarding their compliance with GDPR and NIS2 standards.

Risks and Consequences:

• Data Breaches: In the event of a breach affecting a third-party provider (e.g., Vimeo or Google), anonymized technical data such as IP addresses or device information could potentially be exposed. However, Delta-Ti ensures that any breaches are reported in accordance with GDPR and NIS2.
• Data Profiling by Third Parties: Some third parties (e.g., Google) may use collected data to build anonymized profiles of user activity across the internet. Users can manage consent settings or choose not to engage with such third-party services to mitigate the impact of data profiling.

15. Incident Reporting under NIS2

In compliance with NIS2, Delta-Ti has established procedures to report significant cybersecurity incidents that affect critical infrastructure or the confidentiality of user data. This includes:

• Immediate Reporting: Any data breaches or incidents involving third-party service providers that compromise critical services or user privacy will be reported to national authorities (such as the Italian Data Protection Authority and CSIRT Italia).
• Impact Mitigation: Upon discovering a cybersecurity incident, Delta-Ti will take immediate steps to mitigate the impact on users and critical infrastructure, which may include temporarily suspending interactions with third-party providers if necessary.

16. Changes to the Privacy Policy

This Privacy Policy may be subject to changes and updates over time. Users will be informed of any substantial changes through notices published on the website.

17. Contact Information

For any inquiries or to exercise your rights, please contact: info@delta-ti.it