This page describes how the Tesi S.p.A. website is managed with reference to the processing of personal data of users consulting it, accessing the address https://tesisquare.com corresponding to the home page, navigating within it and using any services. The information is provided only for the website in question and not for any other websites that may be consulted by the user through links. Upon specific request of the user, Tesi S.p.A. reserves the right to provide at any time any further information relating to the collection and processing of personal data not contained in the present Privacy Policy.
1. Data controller
The Data Controller of personal data is Tesi S.p.A., with registered office in Via Mendicità Istruita 24, 12042 – Bra (CN), Italy, VAT no.: 02448510046, Telephone: +39 0172 476 301, E-mail: privacy@tesisquare.com
2. Contact details of the DPO
The Data Protection Officer (DPO) may be contacted by e-mail at dpo@tesisquare.com, or by telephone at +39 0172 476 301.
3. Purposes and legal bases for processing
Consultation of the site does not require the user to provide personal data. The voluntary forwarding of data (also contact data), information and requests, to Tesi S.p.A.’s electronic and/or physical addresses or through the compilation and sending of forms present on the site, the communication of one’s e-mail address, to subscribe to services, obtain information, answers or material; the provision of personal data on the occasion of webinars and/or events and/or promotional activities, in which Tesi S.p.A. participates in various ways, entail the subsequent acquisition and processing of the personal data themselves.
Personal data thus conferred may be processed for the following purposes and in compliance with the relative legal bases:
a) to answer questions or otherwise fulfil requests made by the data subject, so performing of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or for compliance with a legal obligation to which the controller is subject. The data subject’s consent is not required for these purposes, as provided for in Article 6 (B) and (C) of the GDPR.
b) Nor is the Data Subject’s consent required to process such data for direct marketing purposes, or for the legal protection of the Data Controller’s rights, as provided for in Article 6 (F) GDPR, since these are legitimate interests of the Data Controller. However, in the first case (processing for direct marketing purposes), the data subject may object, thereby preventing such activity from that point onwards.
c) Finally, the data subject’s data may be processed for commercial purposes (including profiling and sending commercial communications, including through newsletters), but only if the data subject has given his or her consent, pursuant to Article 6 (A) of the GDPR. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
4. Categories of recipients to whom personal data have been or will be disclosed
The personal data referred to in this information will be processed within the European Union, by internal personnel of the Data Controller, expressly authorised to the processing and adequately instructed, who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality, and may be communicated to the following categories of subjects:
a) other companies belonging to group of undertakings Tesi S.p.A. (including also those participated by Tesi S.p.A.);
b) external subjects trusted by the Data Controller who carry out, on behalf of the Data Controller, as data processors (bound on with regard to the controller by a specific contract ex art. 28 GDPR) or as autonomous data controllers, certain processing activities (such as, for example, administrative, accounting, tax or IT service companies), necessary for the execution of connected and consequent activities;
c) administrations or public authorities (Revenue Agency, Judicial or Public Security Authorities, etc.) for the fulfilment of legal obligations;
d) trade associations to which the Data Controller belongs and trade unions to which the Data Controller belongs.
Personal data are not subject to dissemination.
5. Period of retention of personal data
Personal data are stored only for the time strictly necessary to achieve the purposes for which they were collected and they will be erased when such purposes will have been achieved, without prejudice to any further data retention obligations provided for by law (and for the period provided for therein).
Data processed only for direct marketing purposes will be stored for a period not exceeding 24 months, while data processed for purposes of the legal protection of the Controller’s rights will be stored until the end of the period provided for by law.
Finally, personal data processed for commercial purposes will be stored and processed until the consent is withdrawn, subject however to periodic verification (within five years) of the existence of consent.
6. Nature of data provision and consequences of refusal
The provision of personal data requested in the forms or forms, marked with an asterisk, is necessary: without it, Tesi S.p.A. will not be able to supply what has been requested.
The provision of personal data not marked with an asterisk is optional: failure to provide such data will however allow the Controller to fulfil what has been requested.
7. Rights of the data subject
The EU Regulation guarantees the data subject the following rights with regard to the processing of personal data:
- right of access, with possible request for a copy of the processed data (Art. 15 GDPR);
- right to rectification of inaccurate personal data without undue delay as well as to have incomplete personal data completed (Art. 16 GDPR);
- right to erasure of personal data without undue delay – so-called ‘right to be forgotten – for one of the reasons indicated from (a) to (f) of Art. 17 GDPR;
- the right to restriction of processing for one of the cases indicated from (a) to (d) of Art. 18 GDPR;
- right to data portability (Art. 20 GDPR);
- right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her in accordance with Article 6(1)(e) or (f) GDPR, including profiling based on those provisions; or, if the data are processed for direct marketing purposes – to the processing of personal data concerning him or her carried out for such purposes, which includes profiling to the extent that it is related to such direct marketing.
The exercise of rights may be delayed, limited or excluded in the cases provided for in Article 2-undecies of Legislative Decree 196/03.
Requests should be addressed to Tesi S.p.A. Via Mendicità Istruita 24, 12042 – Bra (CN) Italy or by email to privacy@tesisquare.com.
Finally, the interested party’s right to apply to the Supervisory Authority (for Italy, the “Garante per la protezione dei dati personali”, www.garanteprivacy.it), also by lodging a complaint, if deemed necessary, for the protection of his/her personal data and rights, remains unaffected.
Version updated in March 2022