Identity and contact details of the Data Controller

Data Protection Officer (DPO)

The Company has appointed a Data Protection Officer. You can contact the DPO at: dpo@tt-services.it

Purposes and legal bases for processing

Data generated by website access

Computer systems and software procedures used to operate the websites acquire, during normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. Examples include domain names, IP addresses, operating system, device type and browser used. These data are not accompanied by additional personal information and are used to:

• obtain anonymous statistical information about website use;
• manage technical and security needs related to site operation;
• establish liability in case of alleged cybercrimes.

Legal basis: the necessity to provide the website functionality following the User’s access.

Data voluntarily provided by the User

Personal data provided by the User via forms are collected and processed for the following purposes:

• management of customer relations;
• administrative purposes and fulfilment of legal obligations (e.g., accounting, tax, judicial requests);
• with specific consent, sending periodic newsletters and invitations to events by email;
• where applicable, the use of the quotation tool in accordance with the sales terms and conditions.

Legal basis: performance of a contract to which the User is a party or the adoption of pre-contractual measures at the User’s request; for certain activities (e.g., marketing/newsletters) the legal basis is the User’s explicit consent.

Defense of legal claims

User data may be processed when necessary to ascertain, exercise or defend the rights of the Data Controller or other companies within the Trust Technology Service S.r.l. group in judicial proceedings.

Details on categories of personal data processed

Support and contact management

Purpose: handling support or contact requests received via email or contact forms.
Personal data collected: surname, name, email, company, industry, city, phone number.

Email address and messaging management

Purpose: managing databases of email addresses, telephone contacts or other contact types used to communicate with the User.

Legitimate interest and processing without consent

The Controller may process personal data without the User’s consent in specific circumstances, for example:

• in the event of extraordinary corporate transactions (mergers, transfers, disposals), to allow due diligence and preparatory activities. Only strictly necessary data will be processed and, where possible, in aggregated/anonymous form.

Nature of data provision

Except as specified for website access data, the provision of personal data is:

• for purposes of customer relations, administrative obligations and quotation management: optional, but refusal prevents the Company from fulfilling contractual obligations or responding to information requests;
• for marketing/newsletters: optional and conditional on explicit consent; refusal prevents the Company from sending promotional communications.

Recipients of personal data

To pursue the purposes described above, the Controller may communicate User data to third parties, such as:

• public authorities and administrative bodies to comply with legal obligations (in which case consent is not required by law);
• companies, entities or associations, including parent, subsidiary or affiliated companies under Article 2359 of the Italian Civil Code, or those under common control, as well as consortiums, business networks and temporary business associations, strictly for administrative/accounting purposes.

The Controller will ensure that any communication of personal data is limited to what is strictly necessary to achieve the relevant purpose. Personal data are stored in the Controller’s databases and processed only by authorized personnel who receive appropriate instructions. Data will not be disclosed to third parties except as specified and within the indicated limits.

International data transfers

In the context of contractual relationships between Trust Technology Service S.r.l. and its subsidiaries, or among subsidiaries, User personal data may be transferred outside the EU and may be included in shared databases managed by third parties inside or outside the Trust Technology Service S.r.l. group. Processing of such data will be bound to the purposes for which they were collected and will comply with confidentiality and security standards under applicable data protection laws.

Whenever personal data are transferred outside the EU, the Controller will adopt appropriate contractual safeguards, including the Standard Contractual Clauses adopted by the European Commission, to ensure an adequate level of protection.

Data retention

• Customer relations: 12 months;
• Administrative and legal obligations (e.g., accounting, tax, judicial requests): 10 years;
• Newsletters and event invitations (with explicit consent): 5 years for profiling activities (unless revoked) and 10 years for periodic communications;
• Quotation tool: 10 years if the offer is accepted; otherwise, data retained for 3 months.

Data subject rights

As a data subject, the User may exercise the following rights with respect to personal data processed by the Controller:

• Right of access: obtain confirmation of the existence of personal data and receive clear information about processing, origin, purpose and recipients;
• Right to rectification: obtain correction of inaccurate data;
• Right to erasure (where applicable) or anonymization and blocking of unlawfully processed data;
• Right to restriction of processing and data portability (where applicable);
• Right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) if the User believes their rights have been violated.

To exercise these rights, Users may write to the Data Protection Officer at: dpo@tt-services.it.