Terna S.p.A., as Data Controller (hereinafter: "Terna" or the "Controller"), pursuant to Regulation (EU) 2016/679 (known as the General Data Protection Regulation", hereinafter the "Regulation") and Legislative Decree No. 196/2003 (known as the Personal Data Protection Code, hereinafter the "Privacy Code") undertakes to protect the online privacy of users of its websites and provides you with this Privacy Policy in order to inform you, pursuant to Art. 13 of the Regulation, on how your personal data will be processed when you use MyTerna website (hereinafter the "Site") and all applications accessible from the MyTerna homepage, either for consultation or for the use of specific services made available through the Site.
Terna provides this information only for the above addresses and not for other websites that may be viewed by the user through links on the Site (in these cases please refer to the respective privacy policies).
Your personal data shall be processed in compliance with the principles of fairness, lawfulness, transparency, limitation of purpose and storage, minimisation, accuracy, integrity, and confidentiality and also with the principle of accountability pursuant to Art. 5 of the Regulation. Your personal data will therefore be processed in accordance with personal data protection legislation and the confidentiality obligations provided.
"Processing of personal data" means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
***
1. DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is Terna S.p.A., with headquarters at Viale Egidio Galbani 70, Rome, Italy.
The Terna ("Data Protection Officer" or "DPO") can be contacted by email at dpo@terna.it or by ordinary post at the above address.
2. PERSONAL DATA TO BE PROCESSED
We hereby inform you that the personal data to be processed may consist of an identifier such as a name, an identification number, location data, an online identifier or one or more pieces of information that may identify you or make you identifiable, depending on the type of services requested (hereinafter simply "personal data").
The personal data processed through the Site are:
a) Browsing data
During normal operation, the computer systems and software procedures used for the functioning of the Site acquire personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected in order to be associated with identified data subjects but may by its nature, including through processing and association with data held by third parties, enable the identification of the user. This category of data includes IP addresses or the domain names of the computers used by users to connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and computer environment and to the devices used by the user to access the Site. This data is used exclusively to obtain anonymous statistical information on the use of the Site, to check its correct functioning and to identify anomalies and/or abuses. The data could be used to ascertain liability in the event of computer crimes to the detriment of the Site or third parties.
b) Data voluntarily provided by the user
Notwithstanding the reference to specific information on the processing of personal data pursuant to Art. 13 of the Regulation and any requests for consent that will be consecutively reported or displayed on the pages of the Site, dedicated to particular Services (such as, for example, the information available in the "Register" section of the Site), this Privacy Policy also applies to the processing of the data you have voluntarily entered in the various forms in the Site, such as, for example, the information request form in the "Contacts" section, through which you will be asked for your email address and to specify your request, which may possibly require further personal data. With regard to the content of your request for information, we ask you to enter only the personal data that is strictly necessary for the handling of your request in the aforementioned form, thus omitting irrelevant information and/or information that may fall within the special categories of personal data referred to in Art. 9 of the Regulation (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data uniquely identifying a natural person, or data concerning health, sex life or sexual orientation).
c) Cookies and other tracking technologies
A "cookie" is a small text file that can be stored in a dedicated space on the hard drive of the user's device (e.g., computer, tablet, smartphone, etc.) when they visit a website through their browser and may require the user's prior consent before being installed. Cookies ensure that the website remembers the user's actions and preferences (e.g., login details, language, font size, other display settings, etc.) so that they do not have to be indicated again when the user returns to the website or browses from one of its pages to another.
Some operations may not be executable without the use of cookies, which are therefore technically necessary in certain cases for the functioning of the site itself.
In accordance with legislation in force, the user's express consent is not always required for the use of cookies. In particular, consent is not required for technical cookies, which are essential for the functioning of the website or necessary to perform activities requested by the user (e.g., cookies used to transmit a communication on an electronic communications network or to the extent strictly required to provide a service requested explicitly by the user). Technical cookies, which do not require express consent for their use, as confirmed by the Italian Data Protection Authority (see the "Identification Measure for simplified procedures for information and the acquisition of consent for the use of cookies of 8 May 2014 and subsequent clarifications, hereinafter the "Measure") also include:
• first-party and third-party analytical cookies - if tools are adopted that reduce the identifying power of the cookie and the user, and the third party does not cross-reference the information collected with other information it already possesses - used to collect aggregate information on the number of users and how they visit the site.
• navigation or session cookies (used for authentication), which, if deactivated, will compromise the use of services accessible by login.
• functionality cookies, which allow the user to browse according to certain criteria (e.g., language) in order to improve the service provided to the user.
However, the user's prior consent is required for profiling cookies, i.e., those aimed at identifying the user's preferences and improving the user's browsing experience, and for third-party analytical cookies, if no tools are adopted to reduce the identifying power of the cookies and the third party cross-references the information collected with other information it already possesses.
Cookies used by the site
| Sito Web |
Tipo di cookie e proprietario |
Finalità |
Nome tecnico |
Tempo di persistenza |
Categoria (prima/terza parte) |
| myterna.terna.it |
Technical / necessary |
Session cookie used by sites with Java Server Pages (JSP) pages to allow the server to maintain an anonymous user session. |
JSESSIONID |
Session |
1st Part |
| myterna.terna.it |
Technical / necessary |
Allows you to save the user's preferred language |
MyTernaLocaleCookie |
Session |
1st Part |
| myterna.terna.it |
Technical / necessary |
User response token, provided by the client-side integration of the reCAPTCHA module with a validity of 2 minutes to allow access to the site. |
captchaToken |
120s |
1st Part |
| myterna.terna.it |
Statistical - Google Analytics |
Register a unique ID to generate statistical data on how the visitor uses the site - NOTE: cookie introduced only if the 'Chrome' browser is used. |
_ga |
2 years |
3rd Part |
| myterna.terna.it |
Technical / necessary |
Used to store session information of an authenticated user. |
ASP.NET_SessionId |
Session |
3rd Part |
| myterna.terna.it |
Technical / necessary |
Identifies a user session. A user session starts when a user accesses the portal for the first time and ends when the session is closed. |
BIDATA.Internet.ApplicationCookie |
Session |
1st Part |
| myterna.terna.it |
Technical / necessary |
Identifies a user session. A user session starts when a user accesses the portal for the first time and ends when the session is closed. |
GRID.Internet.ApplicationCookie |
Session |
1st Part |
| myterna.terna.it |
Technical / necessary |
Identifies a user session. A user session starts when a user accesses the portal for the first time and ends when the session is closed. |
SunSet.ApplicationCookie |
Session |
1st Part |
| main.b2cadmin.ext.azure.com |
Technical / necessary |
Contains user membership data between tenants. Tenants a user is a member of and the membership level (administrator or user) |
x-ms-cpim-admin |
End of the browser session |
1st Part |
| b2clogin.com, login.microsoftonline.com, branded domain |
Technical / necessary |
Used to address requests to the appropriate production instance. |
x-ms-cpim-slice |
End of the browser session |
1st Part |
| b2clogin.com, login.microsoftonline.com, branded domain |
Technical / necessary |
Used to track transactions (number of authentication requests on Azure AD B2C) and the current transaction. |
x-ms-cpim-trans |
End of the browser session |
1st Part |
| b2clogin.com, login.microsoftonline.com, branded domain |
Technical / necessary |
Used to maintain the SSO session. This cookie is set as persistent, when Keep Me Signed In is enabled. |
x-ms-cpim-sso:{Id} |
End of the browser session |
1st Part |
| b2clogin.com, login.microsoftonline.com, branded domain |
Technical / necessary |
Used to maintain request status |
x-ms-cpim-cache:{id}_n |
End of the browser session (authentication with success) |
1st Part |
| b2clogin.com, login.microsoftonline.com, branded domain |
Technical / necessary |
Forgery token used for CRSF protection. For more information, read the Cross-Site Forgery Request Tokens section. |
x-ms-cpim-csrf |
End of the browser session |
1st Part |
| b2clogin.com, login.microsoftonline.com, branded domain |
Technical / necessary |
Used for Azure AD B2C network routing. |
x-ms-cpim-dc |
End of the browser session |
1st Part |
| b2clogin.com, login.microsoftonline.com, branded domain |
Technical / necessary |
Context |
x-ms-cpim-ctx |
End of the browser session |
1st Part |
| b2clogin.com, login.microsoftonline.com, branded domain |
Technical / necessary |
Used to store membership data for the resource provider tenant |
x-ms-cpim-rp |
End of the browser session |
1st Part |
| b2clogin.com, login.microsoftonline.com, branded domain |
Technical / necessary |
Used to store the forwarding cookie. |
x-ms-cpim-rc |
End of the browser session |
1st Part |
3. PURPOSE OF THE PROCESSING
Your personal data will be processed, with your consent where necessary, for the following purposes, where applicable:
3.1. to allow browsing of the Site, interaction with its content, registration on and access to the reserved area and the provision of all other services made available by the Controller, including the management of the Site's security; with regard to the processing of data for the purpose of collecting applications in the "Register" section of the Site, please refer to the specific information shown therein concerning the processing of personal data pursuant to Art. 13 GDPR.
3.2. to manage and respond to specific requests made to the Controller, such as information requests forwarded by filling in the relevant contact forms on the Site.
3.3. to fulfil any obligations under applicable laws, regulations, or EU legislation, or comply with requests from the authorities.
3.4. to meet any defensive requirements related to the detection, prevention, mitigation, and investigation of fraudulent or illegal activities in relation to the services provided on the site.
Specific security measures are taken to prevent loss, unlawful or incorrect use of data and unauthorised access.
4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING
The legal basis for the processing of personal data for the purposes referred to in section 3.1 and 3.2 is Art. 6, para. 1, letter b) of the Regulation (the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), since the processing is necessary for the provision of the services you have requested. The collection and transfer of personal data for these purposes is optional, but failure to transfer it would prevent the activation of the services requested.
The purpose referred to in Section 3.3 constitutes legitimate processing of personal data within the meaning of Art. 6, para. 1, letter c) of the Regulation (the processing is necessary for the fulfilment of a legal obligation to which the Controller is subject). Once the personal data has been transferred, the processing is indeed necessary for compliance with legal obligations that bind the Controller.
The processing referred to in section 3.4 is performed in order to meet any defensive needs of the Controller pursuant to Articles 6.1.f and 9.2.f of the Regulation.
5. RECIPIENTS OF THE PERSONAL DATA
Your personal data may be shared, for the purposes of section 3 of this Privacy and Cookie Policy, with:
5.1. persons authorised by the Controller to process personal data pursuant to Articles 29 and 2-quaterdecies of Legislative Decree 193/2003 ("Privacy Code") (e.g., staff responsible for Site management, information system management, etc.).
5.2. third parties who, as service providers (e.g., hosting providers or entities tasked with technical maintenance activities), typically act as data processors pursuant to Art. 28 of the Regulation. The Controller keeps an up-to-date list of the appointed data processors and guarantees that the data subject will be able to view it at the offices indicated above or upon request at the addresses indicated above.
5.3. Terna group companies based both in the EU and outside the EU, as autonomous data controllers for administrative purposes on the basis of legitimate interest pursuant to Art. 6.1.f and Recitals 47 and 48 of the Regulation.
5.4. persons, entities, or authorities to whom your personal data is required to be transferred by virtue of legal provisions or orders of the authorities.
Such persons are hereinafter collectively referred to as "Recipients".
6. TRANSFERS OF PERSONAL DATA
Some of your personal data may be shared with Recipients outside the European Economic Area. The Controller ensures that the processing will be regulated in accordance with the provisions of Chapter V of the Regulation and authorised on the basis of specific decisions of the European Union. All necessary precautions will therefore be taken in order to guarantee total protection for personal data, with transfers based on a) adequacy decisions of third country recipients expressed by the European Commission, b) adequate guarantees expressed by third-party recipients pursuant to Art. 46 of the GDPR, c) the adoption of corporate binding rules. Further information can be obtained upon request from the Controller and/or the DPO at the abovementioned addresses.
7. TORAGE OF PERSONAL DATA
The personal data processed for the purposes under section 3.1. and 3.2. will be stored for the time strictly necessary to achieve said purposes, in compliance with the principle of minimisation set out in Art. 5, para. 1, letter c) of the GDPR.
Personal data processed for the purposes under in section 3.3. will be stored as long as required by the specific obligation or applicable law.
In general, the Controller reserves the right to store your data for the time necessary to fulfil any further binding legal obligations or to meet any defence requirements.
Further information on the data retention period and the criteria used to determine this period can be obtained by sending a written request to the Data Controller at the addresses shown in the "Contacts" section of this policy.
8. RIGHTS OF THE DATA SUBJECT
You have the right to access personal data concerning you at any time, pursuant to Articles 15-22 of the Regulation. Specifically, you may request the rectification (Art. 16), erasure (Art. 17), restriction (Art. 18) and portability of data (Art. 20), or not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way (Art. 22), as well as the withdrawal of any consent you have given (Art. 7, para. 3).
You may also submit a request to object to the processing of your personal data pursuant to Art. 21 of the Regulation, in which you shall give evidence of the grounds for the objection. The Controller reserves the right to evaluate your request, which may not be accepted if there are legitimate reasons for the processing that prevail over your interests, rights, and freedoms.
Requests should be addressed in writing to the Controller at the addresses shown in the "Contacts" section of this policy
You have the right to lodge a complaint with the competent supervisory authority (Italian Data Protection Authority), pursuant to Art. 77 of the Regulation, if you believe that the processing of your data is unlawful or to take legal action pursuant to Art. 79 of the Regulation.
9. AMENDMENTS
The Controller reserves the right to amend or merely update the content, partially or completely, also because of changes in applicable legislation. The Controller therefore invites you to visit this section regularly in order to be aware of the most recent and updated version of the Privacy Policy so that you can always be fully up to date on the data collected and how it is used by Terna.
10. CONTACT DETAILS
To exercise the above rights or to make any other request, please write to the Controller at privacy@terna.it.
You may also contact the Terna Data Protection Officer at: dpo@terna.it .
