When carrying on its business, Deltatre S.p.A. (hereinafter “Deltatre” or the “Company”) pays particular attention to the security and confidentiality of its customers’ personal data.
Deltatre is the ‘Controller’ of the personal data collected on this website/app collected by the Company.
The following categories of personal data relating to you may be collected:
Deltatre collects and processes your personal data in the following circumstances:
If you provide personal data on behalf of someone else, you must first ensure they have read this Privacy Policy.
Kindly help us to keep your personal data up-to-date by informing us of any changes. Any change in address should be promptly communicated to Deltatre in order to avoid problems in the use of our services.
The processing of personal data must be justified by one of the legal basis established by existing data protection regulations, as described below.
a) Operational management and strictly-related purposes, for access to the website, particularly secure areas.
Deltatre collects your Contact data and Use of the website to allow you to access your Personal Area, in particular for: activate any request made via the website, as well as to contact the Company, provide the required assistance and submit your application.
Legal basis for the processing: performance of a contract.
The provision of data is obligatory to enable us to respond to your requests; in the absence of the data, we will be unable to proceed.
b) Marketing to meet your needs or to inform you of promotions concerning products and/or services similar to the ones already required by you.
Deltatre may process your Contact data for marketing and advertising purposes, to inform you of promotional sales and/or initiatives via automated means of contact (email, SMS and other mass communication tools, etc.) and traditional contact methods (e.g. by telephone), such as for market research and statistical surveys, concerning products and/or services that you could reasonably expect to receive on the basis on your relationship with the controller and, in particular, concerning products and/or services similar to the ones already required by you.
Legal basis for the processing: Company’s legitimate interest to improve the communication and the relationship with you, especially by providing information with regard to product/services similar to the ones already required by you, that you would reasonably expect to receive.
c) To assess and patch any weakness and vulnerability in our systems and products.
We consider the security of our systems and products as a priority in our business. Therefore, we encourage researchers across the globe to report us any vulnerability or security issues they’ve discovered according to our Coordinated Vulnerability Disclosure Policy.
In this case, Deltatre will process your contact data (name and surname, email address) to receive and share information with you.
Legal basis for the processing: Company’s legitimate interest both to protect its own systems and products from vulnerability and weaknesses and to ameliorate its services and products
d) To inform you about company news which may include, for example, product updates, press releases, interviews;
Basis for the processing: Your explicit consent to receive the company newsletter. Without your consent, we will not send you the newsletter. Your consent to receive it can be withdrawn at any time. The withdrawal of your consent shall not affect any other possible relationship between you and the company.
e) Compliance with legally-binding requests by the legal authorities to discharge obligations of law, regulations or provisions
Deltatre collects your personal data to comply with legal obligations.
Legal basis for the processing: legal obligations, to which the Company must comply.
The Company has established a wide range of security measures to improve protection and keep the security, integrity and accessibility of your personal data.
All your personal data are stored on our secure servers (or on secure paper copies) or on those of our suppliers or commercial partners, and may be accessed and used based on our standards and our security policies (or equivalent standards for our suppliers or commercial partners).
The security measures we have adopted include:
Where we have provided you with (or you have chosen) a password to allow you to access our website, application or services, you are responsible for keeping this password secret and for complying with any other security procedure we inform you of. Please do not share your password with anyone.
We will keep your personal data only for the length of time necessary to achieve the purposes for which they were collected or for any other related and lawful purpose. Therefore, if your personal data are processed for two different purposes, we will keep the data until the lengthier purpose is achieved. However, we will cease to process the personal data collected for the purpose whose retention period has expired.
We limit access to your personal data to only those individuals who need to use them for the appropriate purposes.
When your personal data are no longer required, or when there is no longer any legal precondition for keeping them, they will be irreversibly anonymized (and in such a way may be stored) or securely destroyed.
The retention periods relating to the different purposes described above are indicated to follow:
a) Operational management and strictly-related purposes for access to the website: data processed for these purposes may be kept for the duration of the contract and in any case no longer than the subsequent 10 years.
b) Marketing to meet your needs or to inform you of promotions concerning products and/or services similar to the ones already required by you: data processed for marketing purposes may be kept for 24 months from the date on which you provided such data (except where you decline to receive further communications); for profiled marketing purposes, data will be kept for 12 months.
c) To assess and patch any weakness and vulnerability in our systems and products: we will keep your data for the time necessary to manage and patch the vulnerability/issue discovered starting from the moment we became aware of it and, in any case, for a period not longer than two years.
d) Company newsletter: data processed for this purpose may be kept for 24 months from the date on which you provided your consent, except where you decline to receive further communications, or however freely withdraw your consent: in this case, your personal data will be deleted without undue delay and, at last, within one month of receipt of your request.
e) In the event of disputes: should it be necessary for us to defend ourselves or take action or bring claims against you or third parties, we may keep the personal data we deem reasonably necessary for such purposes, for the length of time it takes to pursue the claim.
Your personal data may be accessed by duly-authorised employees and by external suppliers, appointed, if necessary, as data processors, who support us in providing services.
For the purposes of performance of contractual obligations, as described above in point a), and if such obligations necessarily require the involvement of another Deltatre Group company, your personal data may also be accessed by other Deltatre Group companies.
Please contact us privacy@deltatre.com if you would like to see a list of the data processors or other entities to which we communicate data.
As a globally active company, in order to carry out some processing activities, Deltatre may transfer your personal data to third parties located in countries that do not belong to the European Union (EU) or to the European Economic Area (EEA) (“Third Countries”).
Any transfer of personal data to Third Countries will be carried out according to applicable law. Where personal data are not transferred to Third Countries on the basis of an adequacy decision of the European Commission, standard contractual clauses approved by the European Commission will be adopted, possibly supplemented by additional measures, where necessary, to ensure that the level of protection is essentially equivalent to that guaranteed within the EU.
You can write to Deltatre at any time, contacting us at the e-mail address privacy@deltatre.com, asking information about the entities that will receive your personal data and a copy of the safeguards adopted for the transfer.
The contact details for Deltatre, in its capacity as Data Controller, and the Data Protection Officer (DPO) are the following: privacy@deltatre.com and DPO@deltatre.com. We have also local points of contact dpo.italy@deltatre.com; dpo.uk@deltatre.com; dpo.germany@deltatre.com.
Should you have any questions regarding our processing of your personal data, kindly use the “privacy” web form found in the “contacts” section of the website www.deltatre.com or contact here, asking for the Legal and Corporate Affairs Department.
Your Personal Data Protection Rights and Your Right to File Complaints Before the Supervisory Authorities
On certain conditions, you are entitled to request:
Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you performed by the controller where the processing is based on the legitimate interest. The objection to processing shall be sent to the following address: privacy@deltatre.com.
The exercising of the above rights is subject to certain exceptions that are intended to safeguard the public interest (e.g. the prevention or identification of crimes) and our interests (e.g. maintaining professional secrecy). Should you wish to exercise any of the above rights, we will check that you are entitled to do so and will usually respond within one month.
We endeavour to respond to any complaints or reports concerning the methods used to process your data. Nevertheless, should you wish, you may forward your complaints or reports to the authority responsible for data protection using the following contact details: Garante per la protezione dei dati personali - Email: garante@gpdp.it - Certified email address: protocollo@pec.gpdp.it.