Version: 1.7 – date: 23.06.2025
(Information on the processing of personal data in accordance with Article 13 of EU Regulation 2016/679)
Dear User,
Diennea S.r.l., with registered office in Faenza (48018 – RA), Viale G. Marconi n. 30/14, VAT number 02243600398, in its capacity as Data Controller (hereinafter “Diennea” or the “Data Controller”) considers privacy and the protection of personal data to be one of the main objectives of its activity. This document has been drawn up in accordance with Article 13 of EU Regulation 2016/679 (hereinafter: “Regulation”) in order to inform you of our privacy policy; we therefore invite you to read this Privacy Policy carefully before communicating any personal data to the Data Controller, as it contains important information on the protection of your personal data.
This Privacy Policy:
– is provided for the website tbd.it (hereinafter referred to as the “Website”)
– forms an integral part of the Site and the services we offer;
– is provided in accordance with Article 13 of the Regulation to those who interact with the services of the Website.
The processing of your personal data will be based on principles of correctness, lawfulness, transparency, purpose and storage limitation, minimisation and accuracy, integrity and confidentiality, as well as the principle of accountability set out in Article 5 of the Regulation. Your personal data will therefore be processed in accordance with the provisions of the Regulation and the confidentiality obligations set out therein.
By processing of personal data, we refer to any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or amendment, extraction, examination, use, communication by transmission, distribution or any other form of making available, comparison or interconnection, restriction, erasure or destruction.
TABLE OF CONTENTS
1. Data Controller and Data Protection Officer (DPO)
2. Personal Data subject to processing
a. Navigation data
b. Special categories of personal data
c. Data provided voluntarily by the user
d. Third-party data provided voluntarily by the user
e. Cookies
3. Purpose, legal basis and mandatory or optional nature of processing
4. Recipients of Personal Data
5. Transfer of Personal Data
6. Storage of Personal Data
7. Rights of the data subject
8. Amendments
1. Data Controller and Data Protection Officer (DPO)
The Data Controller is Diennea, as specified above. The Data Controller’s property has a Data Protection Officer (DPO). The DPO is available for any information regarding the processing of personal data by Diennea, as well as to provide you with a list of data processors who process personal data, at the following email address: dpo@diennea.com.
2. Personal Data subject to processing
Following navigation of the Website, we inform you that Diennea will process personal data that may consist of an identifier such as a name, an identification number, an online identifier or one or more elements characteristic of your physical, physiological, psychological, economic, cultural or social identity that make the data subject identifiable or identifiable (hereinafter only “Personal Data”);
The Personal Data processed through the Website are as follows:
a. Browsing data
The computer systems and software procedures used to operate the Site acquire, during their normal functioning, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the Site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, to allow – given the architecture of the systems used – the correct provision of services, for security reasons and to ascertain responsibility in the event of hypothetical computer crimes against the Site or third parties; and is normally deleted after sixty days.
b. Special categories of personal data
When using the “Work with us” section of the Website, you may be asked to provide Personal Data that fall within the special categories of personal data as defined in Article 9 of the Regulation, namely “[…] data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning a person’s health or sex life or sexual orientation”. Any processing of such data shall be carried out in accordance with Article 9(2)(a) of the Regulation, therefore with your explicit consent and in accordance with the authorisations in force at the time regarding Personal Data Protection Officers. In this regard, unless strictly necessary, we ask you not to provide this type of information. Otherwise, if you decide to provide it, you will be asked to give your specific consent in accordance with current legislation on Personal Data Protection.
c. Data provided voluntarily by the user
The Website offers users the option to voluntarily provide personal information through, for example, registration on contact forms, the optional, explicit and voluntary sending of emails to the addresses indicated on the Website, etc. This Privacy Policy also applies to the processing of Personal Data provided voluntarily through the Website.
d. Third-party data provided voluntarily by the user
When using certain services on the Website, the Personal Data of third parties that you send to Diennea may be processed. In such cases, you are the independent Data Controller, assuming all obligations and responsibilities under the law. In this regard, you hereby grant the broadest indemnity with respect to any dispute, claim, request for compensation for damage resulting from processing, etc. that may be brought against Diennea by third parties whose Personal Data has been processed through your use of the functions of the Site in violation of the applicable rules on the protection of Personal Data.
In any case, if you provide or otherwise process Personal Data of third parties when using the Website, you hereby guarantee – assuming all related liability – that this particular type of processing is based on an appropriate legal basis in accordance with Article 6 of the Regulation, which legitimises the processing of the data in question.
e. Cookies
Definitions, characteristics and application of the legislation
Cookies are small text files that the websites visited by the user send to their computer or mobile device and are then transmitted back to the same websites on the next visit. Thanks to cookies, a website can remember the user’s actions and preferences (such as login details, language selection, font size, other display settings, etc.) so that they do not need to be indicated again when the user returns to the website or navigates from one page to another. Cookies are therefore used to perform computer authentication, session monitoring and storage of information regarding the activities of users who access a site and may also contain a unique identification code that allows the user’s navigation within the site to be traced for statistical or advertising purposes. While browsing a website, the user may also receive cookies from websites or web servers other than the one being visited (so-called “third-party” cookies). Some operations could not be performed without the use of cookies, which in certain cases are therefore technically necessary for the website to function.
There are various types of cookies, depending on their characteristics and functions, and these may remain on the user’s computer for different periods of time: so-called session cookies, which are automatically deleted when the browser is closed; so-called persistent cookies, which remain on the user’s device until a pre-set expiry date.
According to current Italian legislation, the user’s express consent is not always required for the use of cookies. In particular, “technical cookies” do not require such consent, i.e. those used for the sole purpose of transmitting a communication on an electronic communications network, or to the extent strictly necessary to provide a service explicitly requested by the user. In other words, these are cookies that are essential for the functioning of the website or necessary to perform activities requested by the user.
Among technical cookies, which do not require express consent for their use, the Italian Data Protection Authority (see Guidelines on cookies and other tracking tools – 10 June 2021, hereinafter referred to as the “Provision”) also includes “analytics cookies” where:
1) they are used solely to produce aggregate statistics relating to a single site or a single mobile application;
2) at least the fourth component of the IP address is masked for third parties; and
3) third parties refrain from combining the minimised analytical cookies with other processing (e.g. customer files or statistics on visits to other websites) or from transmitting them to other third parties. However, third parties are permitted to produce statistics with data relating to multiple domains, websites or apps that can be traced back to the same publisher or business group; and in the event that the data controller carries out the mere statistical processing of data relating to multiple domains, websites or apps attributable to it, using also unencrypted data, in compliance with the purpose limitation.
For “profiling cookies” on the other hand, i.e. those designed to create user profiles and used to send advertising messages in line with the preferences expressed by the user when browsing the web, prior consent from the user is required.
Types of cookies used by the Website and options for selecting/deselecting them
The Website uses the following cookies, which can be deselected, except for third-party cookies, for which you will need to refer directly to the relevant selection and deselection methods for the respective cookies, indicated via links:
• technical navigation or session cookies that are strictly necessary for the functioning of the Website or to allow you to use the content and services requested;
• technical analytical cookies, which are used to carry out statistical processing of data relating to multiple domains, websites or apps attributable to the Data Controller. These data may also be unencrypted, in accordance with the statistical purpose;
• functionality cookies, i.e. used to activate specific features of the Website and a series of selected criteria (e.g. language) in order to improve the service provided.
PLEASE NOTE: by disabling technical and/or functional cookies, the Website may become unviewable or some services or certain functions of the Website may become unavailable or may not function properly, and you may be required to modify or manually enter certain information or preferences each time you visit the Website.
• Third-party cookies, i.e. cookies from websites or web servers other than those of Diennea, used for the purposes of those third parties, including profiling cookies. Please note that these third parties, listed below with links to their privacy policies, are typically independent data controllers of the data collected through the cookies they serve; therefore, you should refer to their personal data processing policies, information notices and consent forms (selection and deselection of the respective cookies), as specified in the aforementioned Provision.
For the sake of thoroughness, we also want to mention that Diennea does its best to track cookies on its website.
These are regularly updated in the table at the following link, where we provide transparency on the cookies sent directly by Diennea and their purposes. For third parties that send cookies through our Site, we provide links to their privacy policies below: as already specified, we entrust these third parties with the responsibility of providing the information and obtaining your consent, as required by the Provision. This responsibility refers not only to cookies that third parties send directly, but also to any additional cookies that are sent through our Site due to the use of services that the third parties themselves use. With regard to these cookies, sent by service providers of the aforementioned third parties, Diennea has no control over them and is not aware of their characteristics or purposes.
Below are links to information about third-party cookies: GOOGLE
In detail, the cookies sent by Diennea through the Website are indicated at the following link: https://www.tbd.it/cookie/
How to view and edit cookies, including through your Browser
You can select which cookies to authorise through the procedure provided here: https://www.tbd.it/cookie/, as well as authorise, block or delete (in whole or in part) cookies through the specific functions of your browser: However, if all or some of the cookies are disabled, it is possible that the Website may not be accessible or that some services or certain functions of the Website may not be available or may not function properly and/or the user may be required to modify or manually enter certain information or preferences each time they visit the Website.
For more information on how to set your cookie preferences through your browser, please refer to the relevant instructions:
• Firefox
• Chrome
• Safari
You can also manage your choices in relation to third-party cookies using online platforms such as AdChoice.
3. Purpose, legal basis and mandatory or optional nature of processing
Using automated and non-automated tools, your Personal Data will be processed for the following purposes and on the following legal bases, where applicable.
a. To enable the provision of requested services (e.g. contact requests, requests for information), to respond to specific requests addressed to Diennea, and to enable you to browse the Website (”Provision of services“).
b. Allow subscription to the newsletters of Diennea and its brand “t.bd” (“Newsletters”).
The legal basis for the processing of Personal Data for the purposes of providing services and newsletters is Article 6(1)(b) of the Regulation, as the processing is necessary for the provision of services, for responding to requests from the data subject and/or for subscribing to newsletters. The provision of Personal Data for these purposes is optional, but failure to provide such data may make it impossible to activate the requested services, respond to your requests or send newsletters. We inform you that you may always request to subscribe to or unsubscribe from one or more newsletters of the Data Controller by modifying and/or updating your privacy preferences on the “Edit profile” page accessible via the link at the bottom of the newsletters or by writing to privacy@diennea.com.
c. Carrying out marketing activities, such as conducting market surveys and research, including by requesting reviews, sending information and promotional material relating to the activities, products and services of Diennea and its brand “t.bd”, using “automated methods” via email, text messages and social networks (“Marketing”).
The processing carried out for marketing purposes is generally based on your consent pursuant to Article 6(1)(a) of the Regulation and Article 130, paragraphs 1 and 2 of the Privacy Code (Italian Legislative Decree 196/2003).
We inform you that the provision of your Personal Data for this purpose is optional and that you may decide at any time to withdraw your previously given consent by notifying the Data Controller without any formalities by modifying and/or updating your privacy preferences on the “Edit profile” page accessible via the link at the bottom of commercial emails or by writing to privacy@diennea.com, without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal. With regard to requests for reviews, we would like to point out that Diennea may ask you to post them on third-party websites; in this case, these third parties will process the personal data you provide as independent data controllers: we therefore invite you to consult the personal data processing policies of these third parties before posting any reviews or personal data.
d. Analysing preferences, habits, interests (e.g., interest in Diennea and its products and services by checking whether follow-up emails sent after events have been opened or not, as well as whether our newsletter has been opened or not, and checking clicks within such communications) and choices made through the use of the Website and the services offered, where applicable, using profiling cookies (”Profiling”) in order to share with you personalised commercial and promotional material and communications and, where applicable, in line with your interests (see section 3.c. above).
The processing carried out for profiling purposes is also based on your consent pursuant to Article 6(1)(a) of the Regulation, which may be collected through the cookie banner, or on the basis of Diennea’s legitimate interest pursuant to Article 6(1)(f) of the Regulation (e.g. to check whether follow-up emails for events and newsletters have been opened and whether links within them have been clicked). The provision of your Personal Data for these purposes is therefore entirely optional and does not affect the use of the services. If you wish to object to the processing of your Personal Data for this purpose, you may do so at any time by writing to privacy@diennea.com.
e. To fulfil any obligations under applicable laws, regulations or EU legislation, or to comply with requests from authorities (”Compliance”)
The processing of your Personal Data for Compliance purposes constitutes legitimate processing of Personal Data in accordance with Article 6(1)(c) of the Regulation.
f. Analyse your CV, assess the suitability of your profile for the positions available at Diennea, manage the recruitment process and contact candidates who have submitted their application via the “Work with us” section of the website (“Application management”). Your CV may be stored and further processed by Diennea to improve its personnel selection processes and organisational efficiency so that it can contact candidates who were not interviewed in the future, as well as candidates who were interviewed and received a positive evaluation but were not hired, and thus evaluate your CV in the future (“Optimising the selection process”).
The processing of your Personal Data for the purpose of managing applications is governed by Article 6(1)(b) of the Regulation, as it is necessary to evaluate your CV and start the selection process, as well as Article 111-bis of the Privacy Code, according to which consent is not required in cases where CVs are sent spontaneously by the data subjects. The provision of your Personal Data is optional, but failure to do so would make it impossible for Diennea to evaluate your profile or schedule interviews. Any processing of special categories of personal data as defined in Article 9 of the Regulation shall be carried out in accordance with Article 9(2)(a) of the Regulation (such as data concerning your health or political opinions), therefore subject to your explicit consent and in accordance with the authorisations in force at the time regarding the protection of personal data. In this regard, unless strictly necessary, we ask you not to provide this type of information. Otherwise, if you decide to provide it, you will be asked to give your consent in accordance with current legislation on the protection of personal data. If you do not give your consent to Diennea to process special categories of personal data relating to you, your Personal Data will be processed within the limits permitted by the pro tempore authorisation of the Data Protection Authority. Processing of Personal Data after the selection process, and in any case for a period not exceeding 12 months from receipt of the application for the purpose of optimising the selection process, finds its legal basis in the legitimate interest of the Data Controller (Article 6(1)(f) of the Regulation) to consider your profile for other job openings that match your CV, to make sure the Controller’s organisation runs smoothly and the HR department does its job well. The provision of your Personal Data for this purpose is optional, but failure to do so may make it impossible for the Data Controller to evaluate your CV, contact you for an interview or evaluate your CV for future job positions.
g. Statistical purposes, without it being possible to trace your identity (“Statistics”);
Please note that the processing of your Personal Data for Statistical purposes is not carried out on Personal Data and may therefore be freely carried out by Diennea.
4. Recipients of Personal Data
Your Personal Data may be shared, for the purposes set out in section 3 above, with (the “Recipients”):
a. subjects who typically act as data processors, namely: i) persons, companies or professional firms that provide assistance and advice to Diennea in administrative and legal matters relating to the provision of services; ii) subjects with whom it is necessary to interact for the provision of services (e.g. hosting providers); iii) or subjects delegated to perform technical maintenance (including maintenance of network equipment and electronic communication networks);
b. subjects, entities or authorities to whom it is mandatory to disclose your Personal Data pursuant to legal provisions or orders from authorities or in the event of reports of abuse in order to investigate complaints and identify the source of messages received from users;
c. persons authorised by Diennea to process Personal Data necessary to perform activities strictly related to the provision of services, who have committed themselves to confidentiality or have an adequate legal obligation of confidentiality (e.g. Diennea employees).
We remind you that if you post a review, your Personal Data may be disclosed by the operators of the platforms/websites used to publish the review; we advise you to consult the privacy policies of these third parties before providing your Personal Data.
5. Transfer of Personal Data
Your Personal Data may be shared with Recipients located outside the European Economic Area for the provision of services. Furthermore, it is not possible to exclude extra-EEA data transfers that may occur through the web application firewall solution that analyses web calls directed to this website to protect the web traffic of the page as part of the security policies adopted by Diennea. For further information, please contact the DPO: dpo@diennea.com.
6. Retention of Personal Data
Personal Data processed for the purposes of providing services and newsletters will be stored for the time strictly necessary to achieve those purposes. In any case, as this processing is carried out for the provision of services, Diennea will process Personal Data for as long as permitted by Italian law to protect its interests (Article 2946 of the Italian Civil Code and subsequent amendments).
Personal Data processed for Marketing and Profiling purposes will be processed until the end of one year from the withdrawal of your consent, or until you object in cases where the Data Controller has based the processing of your Personal Data on legitimate interest as described in point 3.d of this Privacy Policy.
Personal Data processed for compliance purposes will be retained for the time required by the specific obligation or applicable law.
With regard to processing for the purpose of managing applications, CVs submitted will be processed for the duration of the selection process and will be stored for a maximum period of 12 months from their submission in order to optimise the selection process. The Data Controller reserves the right to retain CVs deemed compatible with current or future job positions for a further 12 months, sending a request to update the personal data contained in the CV to the data subject to verify their willingness to have their CV retained in the Data Controller’s systems for a longer period: if no response is received to this communication and at the end of the 12th month, the CV will be deleted; if a positive response is received, however, the personal data of the data subject will be stored for a further 12 months and then deleted. If the candidate is recruited, their personal data will be stored and processed by Diennea in accordance with the privacy policy prepared for employees.
Further information regarding the data retention period and the criteria used to determine this period can be requested by writing to the DPO at the following address: dpo@diennea.com.
In any case, Diennea reserves the right to retain your Personal Data for the period of time required and permitted by Italian law to protect its interests (Article 2947(1)(3) of the Italian Civil Code).
7. Rights of data subjects
In accordance with Articles 15 et seq. of the Regulation, you have the right to request Diennea, at any time, to access to your Personal Data, the correction or deletion of the same, or to object to their processing pursuant to Article 21 of the Regulation, you have the right to request the limitation of processing in the cases provided for in Article 18 of the Regulation, as well as to obtain your data in a structured, commonly used and machine-readable format, in the cases provided for in Article 20 of the Regulation.
Requests should be sent in writing to the following address: privacy@diennea.com.
Consent to profiling through cookies can be revoked using the functions available here (qui). Any consent given for other purposes can be revoked by writing to privacy@diennea.com or using the “Amend profile” function available via the link at the bottom of commercial emails and newsletters.
In any case, you always have the right to submit a complaint to the competent Supervisory Authority (Garante per la Protezione dei Dati Personali), in accordance with Article 77 of the Regulation, if you believe that the processing of your Personal Data is contrary to the legislation in force.
8. Amendments
The Data Controller may amend or simply update this Privacy Policy of the Website, in part or in full, also due to changes in the laws and regulations governing this matter and protecting your rights. Such changes and updates to the Privacy Policy will be notified to users on the home page of the Website. We therefore invite you to visit this section regularly to review the most recent and updated version of this Privacy Policy so that you are always up to date on the information we collect and how we use it.
