web
You’re offline. This is a read only version of the page.
close

Privacy and cookie policy of MyTerna's website

Terna S.p.A., as Data Controller (hereinafter: "Terna" or the "Controller"), pursuant to Regulation (EU) 2016/679 (known as the General Data Protection Regulation", hereinafter the "Regulation") and Legislative Decree No. 196/2003 (known as the Personal Data Protection Code, hereinafter the "Privacy Code") undertakes to protect the online privacy of users of its websites and provides you with this Privacy Policy in order to inform you, pursuant to Art. 13 of the Regulation, on how your personal data will be processed when you use MyTerna website (hereinafter the "Site") and all applications accessible from the MyTerna homepage, either for consultation or for the use of specific services made available through the Site. Terna provides this information only for the above addresses and not for other websites that may be viewed by the user through links on the Site (in these cases please refer to the respective privacy policies). Your personal data shall be processed in compliance with the principles of fairness, lawfulness, transparency, limitation of purpose and storage, minimisation, accuracy, integrity, and confidentiality and also with the principle of accountability pursuant to Art. 5 of the Regulation. Your personal data will therefore be processed in accordance with personal data protection legislation and the confidentiality obligations provided. "Processing of personal data" means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.


***

1. DATA CONTROLLER AND DATA PROTECTION OFFICER

The Data Controller is Terna S.p.A., with headquarters at Viale Egidio Galbani 70, Rome, Italy. The Terna ("Data Protection Officer" or "DPO") can be contacted by email at dpo@terna.it or by ordinary post at the above address.

2. PERSONAL DATA TO BE PROCESSED

We hereby inform you that the personal data to be processed may consist of an identifier such as a name, an identification number, location data, an online identifier or one or more pieces of information that may identify you or make you identifiable, depending on the type of services requested (hereinafter simply "personal data").

The personal data processed through the Site are:

a) Browsing data
During normal operation, the computer systems and software procedures used for the functioning of the Site acquire personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected in order to be associated with identified data subjects but may by its nature, including through processing and association with data held by third parties, enable the identification of the user. This category of data includes IP addresses or the domain names of the computers used by users to connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and computer environment and to the devices used by the user to access the Site. This data is used exclusively to obtain anonymous statistical information on the use of the Site, to check its correct functioning and to identify anomalies and/or abuses. The data could be used to ascertain liability in the event of computer crimes to the detriment of the Site or third parties.

b) Data voluntarily provided by the user
Notwithstanding the reference to specific information on the processing of personal data pursuant to Art. 13 of the Regulation and any requests for consent that will be consecutively reported or displayed on the pages of the Site, dedicated to particular Services (such as, for example, the information available in the "Register" section of the Site), this Privacy Policy also applies to the processing of the data you have voluntarily entered in the various forms in the Site, such as, for example, the information request form in the "Contacts" section, through which you will be asked for your email address and to specify your request, which may possibly require further personal data. With regard to the content of your request for information, we ask you to enter only the personal data that is strictly necessary for the handling of your request in the aforementioned form, thus omitting irrelevant information and/or information that may fall within the special categories of personal data referred to in Art. 9 of the Regulation (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data uniquely identifying a natural person, or data concerning health, sex life or sexual orientation).

c) Cookies and other tracking technologies
A "cookie" is a small text file that can be stored in a dedicated space on the hard drive of the user's device (e.g., computer, tablet, smartphone, etc.) when they visit a website through their browser and may require the user's prior consent before being installed. Cookies ensure that the website remembers the user's actions and preferences (e.g., login details, language, font size, other display settings, etc.) so that they do not have to be indicated again when the user returns to the website or browses from one of its pages to another. Some operations may not be executable without the use of cookies, which are therefore technically necessary in certain cases for the functioning of the site itself. In accordance with legislation in force, the user's express consent is not always required for the use of cookies. In particular, consent is not required for technical cookies, which are essential for the functioning of the website or necessary to perform activities requested by the user (e.g., cookies used to transmit a communication on an electronic communications network or to the extent strictly required to provide a service requested explicitly by the user). Technical cookies, which do not require express consent for their use, as confirmed by the Italian Data Protection Authority (see the "Identification Measure for simplified procedures for information and the acquisition of consent for the use of cookies of 8 May 2014 and subsequent clarifications, hereinafter the "Measure") also include: • first-party and third-party analytical cookies - if tools are adopted that reduce the identifying power of the cookie and the user, and the third party does not cross-reference the information collected with other information it already possesses - used to collect aggregate information on the number of users and how they visit the site. • navigation or session cookies (used for authentication), which, if deactivated, will compromise the use of services accessible by login. • functionality cookies, which allow the user to browse according to certain criteria (e.g., language) in order to improve the service provided to the user. However, the user's prior consent is required for profiling cookies, i.e., those aimed at identifying the user's preferences and improving the user's browsing experience, and for third-party analytical cookies, if no tools are adopted to reduce the identifying power of the cookies and the third party cross-references the information collected with other information it already possesses.

Cookies used by the site

 

Website Cookie type and owner Purpose Technical name Persistence time Category (first/third part)
my.terna.it Technical/Necessary – Terna Identifies a user session [1] GRID.Internet.ApplicationCookie Session First part
my.terna.it Technical/Necessary – Terna Forgery token used for CRSF protection for GRID. RequestVerificationToken Session First part
my.terna.it Technical/Necessary – Terna Temporarily used for asynchronous downloads.

It is created on click and deleted when the download finishes after a few seconds

fileDownloadToken Session First part
my.terna.it Technical/Necessary – Terna Used for verification of CSRF tokens to avoid replay attacks.

Because the cookie is managed by the framework, the end part of the name may change randomly.

__RequestVerificationToken_L3N1bnNldA2

 

Session First part
my.terna.it Technical/Necessary – Terna Used to identify the users' session on the server. ASP.NET_SessionId Session First part
my.terna.it Technical/Necessary – Terna Used to maintain the users' session on the server. JsessionId Session First part
my.terna.it Technical/Necessary – Terna Used for user recognition TOKEN Session First part
my.terna.it Technical/Necessary – Terna Used for user recognition OperatoreIdScelto Session First part
my.terna.it Technical/Necessary – Terna Used for user recognition ProfiloIdScelto Session First part
google.com Technical/Necessary Used to provide protection against spam _GRECAPTCHA Session Third part
my.terna.it Technical/Necessary – Dynatrace Measures server latency for performance monitoring dtLatC Session First part
my.terna.it Technical/Necessary – Dynatrace Used as intermediate storage for actions that span a page. This cookie is used to store the names of user actions, such as Click login, on different pages. This is necessary because loading pages involves restarting the JavaScript code, so all contextual information must be stored in cookies. dtSA Session First part
my.terna.it Technical/Necessary – Dynatrace Track a visit through multiple requests. dtCookie Session First part
my.terna.it Technical/Necessary – Dynatrace Specifies the session timeout. rxvt Session First part
my.terna.it Technical/Necessary – Dynatrace Contains visitor ID to correlate sessions. rxVisitor Session or permanent First part
my.terna.it Technical/Necessary – Dynatrace Required to identify correct endpoints for beacon (or pixel tag) transmission; includes session ID for correlation. dtPC Session First part
my.terna.it Technical/Necessary – Power Pages Used by the antiforgery system. __RequestVerificationToken Session First part
my.terna.it Technical/Necessary – Power Pages Used to identify user sessions. A user session starts when a user browses website for the first time. And ends when the session is closed. Configure authentication can be used to change session expiry time span. .AspNet.ApplicationCookie Session First part
my.terna.it Technical/Necessary – Power Pages Stores preview ON/OFF mode used in classic CMS system for website administrators. adxPreviewUnpublishedEntities Session First part
my.terna.it Technical/Necessary – Power Pages Used in basic form actions to store alert message to be shown on redirection. adx-notification Session First part
my.terna.it Technical/Necessary – Power Pages Added automatically by Azure websites and ensures that requests are load balanced between different sites. Doesn't store any of user information. You see either the ARRAffinity or ARRAffinitySameSite cookie depending on your browser. ARRAffinity

ARRAffinitySameSite

Session First part
my.terna.it Technical/Necessary – Power Pages Used to maintain the session of a logged in user to avoid repeated sign-in. ASP.NET_SessionId Session First part
my.terna.it Technical/Necessary – Power Pages Stores the default language of the user accessing website within a session and across webpages. The cookie is deleted after session closes. ContextLanguageCode Session First part
my.terna.it Technical/Necessary – Power Pages Critical service cookie to analyze service usage anonymously and aggregated for statistical purpose. Dynamics365PortalAnalytics 90 days First part
my.terna.it Technical/Necessary – Power Pages Stores a value to indicate if the current moment is in daylight saving time. isDSTObserved Session First part
my.terna.it Technical/Necessary – Power Pages Indicates whether a specified date and time falls in the range of daylight saving time. isDSTSupport Session First part
my.terna.it Technical/Necessary – Power Pages Stores the timezonecode field value of CRM timezonedefinition table for the current timezone. timeZoneCode Session First part
my.terna.it Technical/Necessary – Power Pages Stores the timezone difference between UTC and Local browser time. timezoneoffset Session First part
my.terna.it Technical/Necessary – Power Pages Used to identify internal maker sessions when site is in private mode. This cookie isn't dropped once site is made public. PrivateModeLoginCookie Session First part
my.terna.it Technical/Necessary – Power Pages Used to associate a Client session with an ID Token, and to mitigate replay attacks. OpenIdConnect.nonce.xxxxxx Session First part
my.terna.it Technical/Necessary – Power Pages Used to identify user sessions in external sign in scenarios. AspNet.ExternalCookie Session First part
main.b2cadmin.ext.azure.com Technical/Necessary – AzureB2C Contains the membership data of users among tenants. The tenants of which a user is a member and the membership level (administrator or user). x-ms-cpim-admin

 

End of browser session First part
b2clogin.com, login.microsoftonline.com, branded domain Technical/Necessary – AzureB2C Used to direct requests to the appropriate production instance. x-ms-cpim-slice End of browser session First part
b2clogin.com, login.microsoftonline.com, branded domain Technical/Necessary – AzureB2C Used to track transactions (number of authentication requests on Azure AD B2C) and the current transaction. x-ms-cpim-trans End of browser session First part
b2clogin.com, login.microsoftonline.com, branded domain Technical/Necessary – AzureB2C Used to maintain the SSO session. This cookie is set as persistent when Keep Me Signed In is enabled. x-ms-cpim-sso:{Id} End of browser session First part
b2clogin.com, login.microsoftonline.com, branded domain Technical/Necessary – AzureB2C Used to maintain the status of the request x-ms-cpim-cache:{id}_n End of browser session (successful authentication) First part
b2clogin.com, login.microsoftonline.com, branded domain Technical/Necessary – AzureB2C Forgery token used for CRSF protection. For more information, read the Cross-Site Forgery Request Token section. x-ms-cpim-csrf End of browser session First part
b2clogin.com, login.microsoftonline.com, branded domain Technical/Necessary – AzureB2C Used for Azure AD B2C network routing. x-ms-cpim-dc End of browser session First part
b2clogin.com, login.microsoftonline.com, branded domain Technical/Necessary – AzureB2C Context x-ms-cpim-ctx End of browser session First part
b2clogin.com, login.microsoftonline.com, branded domain Technical/Necessary – AzureB2C Used to store membership data for the resource provider tenant x-ms-cpim-rp End of browser session First part
b2clogin.com, login.microsoftonline.com, branded domain Technical/Necessary – AzureB2C Used to store the forwarding cookie x-ms-cpim-rc End of browser session First part

 

 

[1] A user session begins when a user logs in to the portal for the first time and ends when the session is closed.

3. PURPOSE OF THE PROCESSING

Your personal data will be processed, with your consent where necessary, for the following purposes, where applicable: 3.1. to allow browsing of the Site, interaction with its content, registration on and access to the reserved area and the provision of all other services made available by the Controller, including the management of the Site's security; with regard to the processing of data for the purpose of collecting applications in the "Register" section of the Site, please refer to the specific information shown therein concerning the processing of personal data pursuant to Art. 13 GDPR. 3.2. to manage and respond to specific requests made to the Controller, such as information requests forwarded by filling in the relevant contact forms on the Site. 3.3. to fulfil any obligations under applicable laws, regulations, or EU legislation, or comply with requests from the authorities. 3.4. to meet any defensive requirements related to the detection, prevention, mitigation, and investigation of fraudulent or illegal activities in relation to the services provided on the site. Specific security measures are taken to prevent loss, unlawful or incorrect use of data and unauthorised access.

4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING

The legal basis for the processing of personal data for the purposes referred to in section 3.1 and 3.2 is Art. 6, para. 1, letter b) of the Regulation (the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), since the processing is necessary for the provision of the services you have requested. The collection and transfer of personal data for these purposes is optional, but failure to transfer it would prevent the activation of the services requested. The purpose referred to in Section 3.3 constitutes legitimate processing of personal data within the meaning of Art. 6, para. 1, letter c) of the Regulation (the processing is necessary for the fulfilment of a legal obligation to which the Controller is subject). Once the personal data has been transferred, the processing is indeed necessary for compliance with legal obligations that bind the Controller. The processing referred to in section 3.4 is performed in order to meet any defensive needs of the Controller pursuant to Articles 6.1.f and 9.2.f of the Regulation.

5. RECIPIENTS OF THE PERSONAL DATA

Your personal data may be shared, for the purposes of section 3 of this Privacy and Cookie Policy, with: 5.1. persons authorised by the Controller to process personal data pursuant to Articles 29 and 2-quaterdecies of Legislative Decree 193/2003 ("Privacy Code") (e.g., staff responsible for Site management, information system management, etc.). 5.2. third parties who, as service providers (e.g., hosting providers or entities tasked with technical maintenance activities), typically act as data processors pursuant to Art. 28 of the Regulation. The Controller keeps an up-to-date list of the appointed data processors and guarantees that the data subject will be able to view it at the offices indicated above or upon request at the addresses indicated above. 5.3. Terna group companies based both in the EU and outside the EU, as autonomous data controllers for administrative purposes on the basis of legitimate interest pursuant to Art. 6.1.f and Recitals 47 and 48 of the Regulation. 5.4. persons, entities, or authorities to whom your personal data is required to be transferred by virtue of legal provisions or orders of the authorities. Such persons are hereinafter collectively referred to as "Recipients".

6. TRANSFERS OF PERSONAL DATA

Some of your personal data may be shared with Recipients outside the European Economic Area. The Controller ensures that the processing will be regulated in accordance with the provisions of Chapter V of the Regulation and authorised on the basis of specific decisions of the European Union. All necessary precautions will therefore be taken in order to guarantee total protection for personal data, with transfers based on a) adequacy decisions of third country recipients expressed by the European Commission, b) adequate guarantees expressed by third-party recipients pursuant to Art. 46 of the GDPR, c) the adoption of corporate binding rules. Further information can be obtained upon request from the Controller and/or the DPO at the abovementioned addresses.

7. TORAGE OF PERSONAL DATA

The personal data processed for the purposes under section 3.1. and 3.2. will be stored for the time strictly necessary to achieve said purposes, in compliance with the principle of minimisation set out in Art. 5, para. 1, letter c) of the GDPR. Personal data processed for the purposes under in section 3.3. will be stored as long as required by the specific obligation or applicable law. In general, the Controller reserves the right to store your data for the time necessary to fulfil any further binding legal obligations or to meet any defence requirements. Further information on the data retention period and the criteria used to determine this period can be obtained by sending a written request to the Data Controller at the addresses shown in the "Contacts" section of this policy.

8. RIGHTS OF THE DATA SUBJECT

You have the right to access personal data concerning you at any time, pursuant to Articles 15-22 of the Regulation. Specifically, you may request the rectification (Art. 16), erasure (Art. 17), restriction (Art. 18) and portability of data (Art. 20), or not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way (Art. 22), as well as the withdrawal of any consent you have given (Art. 7, para. 3). You may also submit a request to object to the processing of your personal data pursuant to Art. 21 of the Regulation, in which you shall give evidence of the grounds for the objection. The Controller reserves the right to evaluate your request, which may not be accepted if there are legitimate reasons for the processing that prevail over your interests, rights, and freedoms. Requests should be addressed in writing to the Controller at the addresses shown in the "Contacts" section of this policy You have the right to lodge a complaint with the competent supervisory authority (Italian Data Protection Authority), pursuant to Art. 77 of the Regulation, if you believe that the processing of your data is unlawful or to take legal action pursuant to Art. 79 of the Regulation.

9. AMENDMENTS

The Controller reserves the right to amend or merely update the content, partially or completely, also because of changes in applicable legislation. The Controller therefore invites you to visit this section regularly in order to be aware of the most recent and updated version of the Privacy Policy so that you can always be fully up to date on the data collected and how it is used by Terna.

10. CONTACT DETAILS

To exercise the above rights or to make any other request, please write to the Controller at privacy@terna.it. You may also contact the Terna Data Protection Officer at: dpo@terna.it .