Logo Tenacta Group SpA unipersonale

Wistleblowing

In compliance with Legislative Decree 24/2023, Tenacta Group has implemented a Whistleblowing system through which employees or other subjects involved in various capacities with the Company can report illegal activities and irregularities that they come to learn of in the course of activities on its behalf. All reports relevant to this system are specifically listed within the Policy for managing reports.

Tenacta Group ensures the confidentiality of the whistleblower's identity, the privacy of the information contained in the reports, and protects whistleblowers against any retaliatory or discriminatory acts. To this end, it is not permitted to use devices, company network, and email to access the platform and submit the report.

The privacy policy is available at the following link. To proceed with submitting a relevant whistleblowing report, click here.

Privacy Policy

Disclosure on the processing of personal data

This page describes the methods used for processing of personal data of users who consult this website. The disclosure conforms to the current legislation on personal data set forth in Regulation (EU) 2016/679, and is valid only for this website and not for other websites that may be consulted by the user through our links.

The Data Controller

Data relating to identified or identifiable persons may be processed after consulting the site. The Data Controller is Tenacta Group SpA unipersonale, with its registered office in via Piemonte 5/11, 24052 Azzano San Paolo (Bergamo), VAT no. and Tax Code: 02734150168 C.C.I.A.A. of Bergamo E.A.I. no. 318318 – Share Capital €20,640,000 fully paid-up.

Place of data processing

Processing related to the web services is only handled by technical personnel of the Department in charge of processing, or by persons in charge of occasional maintenance operations. No data deriving from the web service is communicated or disclosed.

Purpose and legal basis of the processing

The personal data provided by the users who submit requests or intend to use services or products offered through the site, as well as receive further specific content, are only used to fulfil the requests or perform the service or provision requested and are only communicated to third parties if necessary. The legal basis of these processes is the need to provide feedback to the requests of the interested parties or to carry out activities in line with the agreements defined with the interested parties.

With the specific consent of the user, the data can be used for commercial communication activities related to offers of other products or services offered by the controller. The legal basis of this process is the consent that is freely expressed by the interested party.

Besides these assumptions, user browsing data are kept for the time that is strictly necessary to manage the processing activities within the limits established by law.

Types of processed data

Browsing data

The IT systems and software procedures used to run the site acquire certain personal data during their regular operation, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties but, by its very nature, it may allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website, to check that it functions correctly and are deleted after being processed. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site. Data provided voluntarily by the user The optional, explicit and voluntary sending of e-mails to the addresses listed on the site entails the subsequent acquisition of the sender's address, which is necessary to respond to the requests, as well as any other personal data included in the message.

Cookies

Cookies refer to a textual element that is inserted into the hard disk of a computer only after authorisation. Cookies are intended to streamline the web traffic analysis or indicate when a specific site is visited and allow web applications to send information to individual users. No personal data of users are acquired by the site in this regard. Cookies are not used to transmit personal information, nor are any kind of so-called persistent cookies used, i.e. user-tracking systems. So-called session cookies are strictly limited to being used to transmit session identifiers (consisting of random numbers generated by the server), which are necessary to allow the site to be explored safely and efficiently. The so-called session cookies used in the site, prevent other IT techniques from being used, which could potentially compromise user browsing privacy and do not allow personal identifying data of the user to be acquired.

Optional provision of data

Besides that specified for browsing data, the user is free to provide personal data to request the services offered by the Controller. Failure to provide such data may make it impossible to fulfil the request.

Data processing methods and storage duration

Personal data are processed with automated tools for as long as is strictly necessary to fulfil the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorised access. The data are stored for as long as is strictly necessary to fulfil the purposes indicated in this disclosure and will be deleted at the end of this period, unless the data must be stored for legal obligations or to assert a legal claim.

Rights of the interested parties

Within the limits and under the conditions set forth by law, the Controller is obliged to fulfil the requests of the interested party regarding personal data concerning them. In particular, based on current legislation:

  1. The interested party has the right to obtain confirmation from the data controller whether personal data concerning them are currently being processed, and in this case, to obtain access to the personal data and the following information:
    • the purposes of the processing;
    • the personal data categories in question;
    • the recipients or categories of recipients whom the personal data have been or will be communicated to, in particular, recipients in third countries or international organisations;
    • whenever possible, the intended storage period of the personal data or where this is not possible, the criteria used to determine this period;
    • the existence of the right of the individual to request the data controller to correct or delete personal data or restrict the processing of personal data concerning them or oppose their processing;
    • the right to lodge a complaint with a supervisory authority;
    • if the data are not collected from the individual, all information available on their origin;
    • the existence of an automated decision-making process, including profiling
  2. The individual has the right to obtain from the data controller the correction of inaccurate personal data concerning them without undue delay. Considering the purposes of the processing, the individual has the right to have incomplete personal data completed, also by providing an additional declaration.
  3. The individual has the right to obtain from the data controller the deletion of personal data concerning them without undue delay and the data controller is obliged to delete the personal data without undue delay, within the limits and in accordance with the cases set forth by current regulations. The data controller informs each of the recipients whom the personal data have been transmitted to of any corrections or cancellations or restrictions in the processing within the limits and in the manners set forth by current regulations.
  4. The individual has the right to obtain the processing restriction from the data controller.
  5. The individual has the right to receive the personal data, which they have provided to a controller, in a structured, commonly used and machine-readable format, and to transmit them to another data controller without hindrance from the controller to which the personal data have been provided.

To exercise the above mentioned rights, the individual must submit a request using the following contact points through which the Data Protection Officer can also be contacted: Tenacta Group SpA unipersonale Via Piemonte 5/11, 24052 Azzano San Paolo (BG) or to the following address dpo@tenactagroup.com.

 
This version of the disclosure on the processing of personal data was updated on 17 May 2018.