1. INTRODUCTION
Your privacy is important for HTA. We have therefore developed a Privacy Policy concerning the way in which we collect, use, disclose, transfer and store your data. We invite you to read this document to learn about our privacy protection criteria and to let us know if you have any questions.
With this document HTA provides you, pursuant to articles 13 and 14 of European Regulation no. 2016/679, concerning the protection of real persons and the processing of personal data (hereinafter “GDPR”), some information on the processing of your personal details that are requested whenever you come in contact with HTA with relation to the use of the HTA website https://www.hta-it.com the services offered by HTA and HTA applications (hereinafter simply “App”).
Our Rules on privacy explain:
- Data collected and purpose.
- Mode of use of said information.
- The options that we offer, including the manner of accessing and updating the information.
This document is also drawn up considering the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, on cookies, and the provisions of the Authority for the Protection of Personal Data “Identification of simplified modes for information and the acquisition of consent for the use of cookies” of 8 May 2014 of the recommendations and explanations supplied by Work Group art. 29 in the “Opinion no.2/2013 on the applications for smart devices”, and in the “Opinion 13/2011 on delocalisation services”.
2. PROCESSED DATA
2.1 Data necessary for using the website and for using the applications
Personal information is data that can be used to identify or contact a given person, to offer better services to all our customers/users. You might be asked to provide your data whenever you come in contact with HTA or with a company affiliated to HTA. Here are some types of personal data that HTA might collect, and the respective uses:
Access data collected anonymously The I.T. systems and software procedures used for the operation of the website and of all HTA applications, during normal operation, collect some personal data even without the user being registered; the transmission of these data is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified parties, but which, for its very nature, could, through processing and association with data held by third parties, allow the users to be identified. This data category includes the IP address or domain name of the device you use, the operating system, the model and make of the device, the mobile phone operator, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters related to the operating system and I.T. environment of your device. These data, collected anonymously through the use of cookies or web beacons, are used only to obtain anonymous statistical information on the use of the application and of the website and to check that they are working properly.
Data supplied voluntarily by the user If you choose to register and create your own account for using the site and applications connected to HTA products, we ask you to send and/or supply some personal information with which you can be personally identified, including your name and surname, e-mail address, year of birth, tax code, user name and password, telephone and postal address, which are necessary for the creation and management of the Users/Customers/users master file (hereinafter CRM supported with the automatic answer system). The user is responsible for the exactness of the personal information sent/supplied to HTA. In these cases, you will be asked for explicit authorization for the processing of the data supplied (for example on the registration page, on the intervention sheet or at the time of requesting telephone assistance). Among the data processed there are also the information, data and videos, collected from your HTA devices and the respective applications which may be kept, if the service is activated, for a certain period on special Cloud storage units not run directly by HTA but located in European territory or in countries of which the privacy policy is recognized by the EU.
Data on position When HTA applications and services are used, we could collect and process information on your position and on the position of your systems. If you activated the delocalization services at the time of installing the system or application, and if you expressly consented to the processing of delocalization data, the applications, when active, will acquire the data on the geographical position of the HTA system and/or of your appliance (GPS, Wi-Fi, GSM network). However, you can decide later to deactivate the delocalization services of your appliance by accessing the special sector dedicated to localization authorization in the operating system of your device (Android or IOS). From that moment it will no longer be able to collect delocalization data for the use of the service. If you did not activate the delocalization services at the time of installation, if you did not consent to the processing of delocalization data at the time of registration, or if you decide to deactivate the delocalization services, you will not be able to use some functions of the applications.
Information that we collect from third parties We can also collect information on you from third parties, including information from our partners (installers, etc.) and from other partners; from social media services (for example, but without limitation, Facebook, LinkedIn, Instagram) consistently with your settings on said services; and from third party sources. We can add this information to data that we already have in our archives and share it with others based on the policy established in this Note. The supply of registration data is optional (art. 6 lett. b), e) GDPR), however the failure to supply them may prevent your registration and the use of the functions of the HTA applications and account, as well as the provision of services (art. 7 GDPR). HTA and its affiliates may share these data and use them in accordance with this privacy policy. They may also combine them with other data to supply and improve products, services, contents and advertising materials. You are not required to supply the personal data that we request; however, if you decide not to supply them, in many cases we will not be able to offer you our products or services, or reply to your questions. The data could be used to ascertain criminal responsibilities, where required by the competent authorities.
3. PURPOSES OF PROCESSING AND LEGAL BASIS
By legal basis of processing we mean the source/origin/justification of processing after consent of the party concerned in accordance with art. 4 of the GDPR.
3.1 Your data will be processed: for the technical management of the HTA systems and of the applications;
- for the management of your registration;
- to allow you to use the functions of the applications;
- to send you news;
- for marketing activity,
- to fulfil the legal obligations to which the Data Controller is subject.
With relation to these purposes, the legal basis of processing is the execution of a contract in which the person concerned is a party, the execution of precontractual measures adopted on the request of the same, or the satisfaction of a request of the party concerned.
3.2 HTA will process your data, following your specific consent.
With relation to these purposes, the legal basis is the consent of the parties concerned. Consent to the processing of personal data is purely optional, while it remains understood that, in the absence of such consent, you will not be able to use the services and the applications.
Personal data
- The personal data that we collect allow us to keep you up to date on the adverts for the latest HTA products, the software updates and the coming events. If you do not want to be included in our mailing list, you can remove your name at any time.
- We also use personal data to develop, supply and improve our products, services, contents and advertising materials, and to prevent losses and frauds.
- Personal data, including the date of birth, can be used to check the identity, facilitate user identification, and establish which services are appropriate. For example, the date of birth can be used to establish the age of the holders of HTA ID accounts.
- We can use your personal data periodically to send important notices, such as communications concerning modifications to our terms, as well as to our conditions and policies. Since this information is important for your interaction with HTA, it is not possible to deactivate the receipt of these communications.
- We can also use personal data for internal purposes, for checks, data analysis and research to improve products, services and communications with HTA customers/users.
- If you take part in a competition or similar promotions, we can use the data you supply to manage these activities.
Non-personal data
The data collected anonymously or that are not in such a form as to allow a direct association with a specific individual, purely as an example the profession, language, postcode, telephone dialling code, the unique identification code of the device, reference ORL, place and time zone in which a HTA product is used in order to have a better understanding of the conduct of customers/users and to improve our products, services and advertising materials, are collected by us, transferred and disclosed for any purpose.
4. PERIOD OF STORAGE
Your data will be processed for the whole duration of the contract and/or validity of the account and for the period contemplated by the law on taxation. With reference to personal data processed for marketing purposes, they will be kept in accordance with the principle of proportionality and until the purposes of processing have been completed, or until specific consent is withdrawn by the party concerned, if this occurs previously.
5. METHODS OF PROCESSING AND THEIR USE
5.1 Processing
The data will be processed with the following methods, respecting their necessary safety and confidentiality: collection of data from the party concerned, collected and recorded for determined, explicit and legitimate purposes and used in further processing operations in terms compatible with these aims; processing will be carried out with the aid of electronic and automated instruments (data collected via computer, directly from the interested party) Data processing is based on principles of correctness, lawfulness and transparency in conformity with the provisions of the GDPR; it may be carried out either manually or using automated methods suitable to store them, process them and transmit them and suitable technical and organisational measures will be applied, as reasonable and commensurate with the state of the art, to guarantee, among other things, the safety, confidentiality, integrity, availability and resilience of the systems and services, avoiding the risk of loss, destruction, unauthorised access or disclosure, or any illegal use, as well as applying reasonable measures to delete or promptly correct any incorrect data with respect to the purposes for which they are processed.
5.2 Use
Access to data
Your data can be made accessible for the purposes described in art. 3: (i) to employees and collaborators of HTA or of companies in the Group in Italy and abroad, in their capacity as appointees and/or internal data supervisors and/or system administrators; (ii) to third party companies or other subjects (for example, banks, professional studios, consultants, insurance companies for the supply of services, etc.) who perform outsourced activities on behalf of HTA, in their capacity as external data supervisors.
Data communication
Without the necessity of express consent (pursuant to art. 6 lett. b) and c) GDPR), HTA may communicate your data for the purposes described in art. 3 to judicial Authorities and to subjects to whom communication is obligatory by law for achieving said purposes. These subjects will process the data in their capacity as autonomous data controllers.
Transfer of data
Your registration data will be stored in your HTA devices and in the devices that use the applications. HTA may communicate your data for the purposes described in art. 3 without the necessity of express consent (pursuant to art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR).
Personal data are stored on servers located in the European Union. In any case it remains understood that, where necessary, HTA, as data controller, shall have the faculty to transfer the servers also outside the EU. In this case, the Controller ensures forthwith that the transfer of data outside the EU will take place in conformity with the applicable provisions of the law, after stipulating the standard contractual clauses envisaged by the European Commission.
6. RECIPIENTS OF THE DATA
6.1
Your data will be processed by the employees and collaborators of HTA who carry out the activities linked to the pursuit of the aims indicated above. Said employees have been designated data processing appointees and have received adequate operating instructions for the purpose.
6.2
HTA shares users’ personal data with companies that provide services such as data processing, data storage, clearing of the orders of customers/users, home-delivery of products, management and improvement of the data of customers/users, assistance of customers/users, evaluation of the interest in our products and services, market researches or surveys of user satisfaction. These companies are obliged to protect your data and could be located wherever HTA operates.
7. YOUR RIGHTS
In relation to the processing of personal data by HTA, you can request access to the data concerning you, correct or delete them as per art.17 of the GDPR, integrate incomplete data, or limit their processing; you can ask to receive the data in a structured form, commonly used and legible with an automatic device, and, if technically feasible, to transmit them to another data controller without impediments if there are the conditions for exerting the right to portability contemplated in art. 20 of the GDPR (processing is based on consent pursuant to art. 6.1 lett. a) or art. 9.2, lett. a) or on contract pursuant to art. 6.1, lett. b) of the GDPR and is carried out with automated instruments; you can withdraw the consent given at any time for the purposes described above in art. 3 and oppose processing, in whole or in part, in the cases allowed; you can lodge a complaint with the Authority and exert all the other rights recognised by the applicable discipline (art. 16-21 GDPR).
These rights may be exerted by sending a written communication to the address given below or an e-mail to: privacy@hta-it.com, or by using the access tools available in each application.
8. USE OF COOKIES AND COOKIE POLICY
HTA and its partners use different technologies to collect and store information when you visit the HTA site or when HTA services and applications are used, which could envisage the use of cookies, web beacons, pixel tags or similar technologies to identify the user’s browser or device. We also use these technologies to collect and store information when the user interacts with the services that we offer to our partners, for example advertising services or functions of the HTA applications that could be shown on other sites.
Cookies
We use cookies to customise your experience on the HTA site and app, if a password is created, to memorise your password so that you do not have to enter it every time you visit the site or access the App. Cookies are small files that are transferred to the hard disk of the computer containing information on the user ID, the user preferences, the pages visited and the activities you carried out during use of the sites. We do not let the information stored in the cookies come in contact with any of your personal data sent to the sites. It is possible to block cookies or to eliminate cookies from the hard disk; however, if cookies are deactivated, it is not possible to access all the functions of the sites or of the applications. Some of our commercial partners and affiliates also use cookies to supply anonymous data and information concerning the use of the sites, of the applications and of our services. We have no access or control of these cookies; our privacy policy does not cover the use of these cookies. Some of our commercial partners (for example licensees and sponsors) could use cookies on our Site (in advertising banners) or on their sites that can be reached from ours by a link. We have no access or control of these cookies. You are not obliged to accept cookies from us, nor from any other website, and you can set your browser so that it does not accept cookies, even though in this case some functions of the Site might not be available.
Web Beacons
HTA or our monitoring services company also uses web beacons to collect information concerning e-mail addresses, the use of our sites and app, the special promotions or newsletters that we send, all by means of appropriate analysis portals. Web beacons are small graphic files incorporated in a web page or an e-mail that provide a presence on the web page or via e-mail and return the information to the home server from the user’s browser. The information collected by web beacons allows us to monitor statistically how many people open our e-mails, use our sites and services, the sites and communications of affiliates and sponsors, and the sites of advertisers and for what purposes. Our web beacons are not used to monitor your activity outside our sites or applications or those of our affiliates or sponsors. We do not connect personal information from web beacons to personal information without your consent, save in relation to our marketing activity, promotion or similar initiatives, alone or in collaboration with our commercial partners and affiliates.
Traffic data
We can automatically collect the following categories of information when you visit our website or the applications: (1) IP addresses; (2) domain servers; (3) types of computers that access the website; (4) types of web browsers used to access the website; (5) reference source that might have been sent to the website; and (6) other information associated with the interaction of the browser and of the website and app with the systems installed (collectively “data on the traffic and/or use of the systems”). We do not connect non-personal information from traffic data to personal information without your consent, save in relation to our marketing activity, promotion or similar initiatives, alone or in conjunction with our commercial partners and affiliates.
9. INFORMATION NOT CONTAINED IN THIS POLICY
Further information on the processing of Personal Data may be requested from HTA at any time, using the contact information.
10. MODIFICATIONS TO THIS PRIVACY POLICY
As Data Controller, HTA reserves the right to make modifications to this privacy policy at any time, informing the Users on this page. You are therefore requested to consult this page frequently, taking as reference the date of the last modification shown at the foot. If he does not accept the modifications made to this privacy policy, the User is required to cease using this Application and he can ask HTA to remove his personal data. Unless otherwise specified.
11. DATA CONTROLLER AND CONTACT DATA
The Data Controller is HTA s.r.l. – Via del Mella, 77 – 25131 Brescia – Italy / e-mail: (privacy@hta-it.com).
Latest update: Apr 2019
Company Data
HTA s.r.l.
Via del Mella, 77/79
Brescia (BS)
I-25131
Italy
Telephone: (+39)-030-3582920
Fax: (+39)-030-3582930
VAT No.: IT02173320173
Italian EEE Registry No.: IT08020000002169
Registered at Tribunale di Brescia No. 45323
R.E.A. No. 0328712