{"id":6904,"date":"2026-07-13T12:31:38","date_gmt":"2026-07-13T10:31:38","guid":{"rendered":"https:\/\/www.termogomma.it\/privacy-policy\/"},"modified":"2026-07-13T12:42:09","modified_gmt":"2026-07-13T10:42:09","slug":"privacy-policy","status":"publish","type":"page","link":"https:\/\/www.termogomma.it\/en\/privacy-policy\/","title":{"rendered":"Privacy policy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"6904\" class=\"elementor elementor-6904 elementor-6902\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4d6b175f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4d6b175f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3d52d23f\" data-id=\"3d52d23f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-316b0b90 elementor-widget elementor-widget-text-editor\" data-id=\"316b0b90\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\n<h3 class=\"wp-block-heading\">1. Privacy Policy of www.termogomma.it<\/h3>\n\n<h4 class=\"wp-block-heading\">Last updated: July 2026<\/h4>\n\n<h4 class=\"wp-block-heading\">1.1 Data Controller<\/h4>\n\n<p class=\"wp-block-paragraph\">The data controller is ATP S.p.A., VAT No.\u00a0IT 00551760366, with registered office at Via Austria 12\/14\/16, 41122 Modena (MO) \u2013 Italy.<\/p>\n\n<p class=\"wp-block-paragraph\">Controller\u2019s email contact: atp@atpgroup.it.<\/p>\n\n<p class=\"wp-block-paragraph\">Any contact details of the Data Protection Officer (DPO), if appointed, are made available upon request and\/or published on the Controller\u2019s website.<\/p>\n\n<h4 class=\"wp-block-heading\">1.2 Categories of data processed<\/h4>\n\n<p class=\"wp-block-paragraph\">The Application collects, autonomously or through third parties, the following categories of personal data:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Identification and contact data: name, surname, email address, username, company name.<\/li>\n\n<li>Website usage data: technical information about the device, access logs, interactions with pages, IP address and other online identifiers.\u00ec<\/li>\n\n<li>Cookies and other trackers: necessary, experience and marketing cookies, as described in the Cookie Policy.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">Data may be provided directly by the user or collected automatically during use of the website. As a rule, all requested data are necessary to provide the services; if data are optional, this is clearly indicated.<\/p>\n\n<h4 class=\"wp-block-heading\">1.3 Purposes of processing and use of Artificial Intelligence (AI)<\/h4>\n\n<p class=\"wp-block-paragraph\">Users\u2019 data are processed for the following purposes:<\/p>\n\n<ol class=\"wp-block-list\">\n<li>Provision of the web service (website management, response to requests, account registration, authentication).<\/li>\n\n<li>Compliance with legal obligations and management of possible legal proceedings.<\/li>\n\n<li>Security and abuse prevention, including management of system logs.<\/li>\n\n<li>Analytics and compilation of aggregate statistics on website usage.<\/li>\n\n<li>Display of content from external platforms (e.g.\u00a0Google Maps, Google Fonts, Font Awesome).<\/li>\n\n<li>Tag management and technical tracking tools.<\/li>\n<\/ol>\n\n<p class=\"wp-block-paragraph\">In addition, the Controller uses AI systems in the corporate environment, mainly on internal data, as follows:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>AI module integrated in the Panthera management system to facilitate order entry: it processes order data and stock data coming from the ERP.<\/li>\n\n<li>Corporate ChatGPT account (external generative AI provider) for:\n<ul>\n<li>analysis and re-elaboration of internal data (e.g.\u00a0customer classifications, code analysis, market analysis);<\/li>\n<\/ul>\n\n<ul class=\"wp-block-list\">\n<li>support in drafting textual content (e.g.\u00a0document drafts, internal reports).<\/li>\n<\/ul>\n<\/li>\n\n<li>Corporate Claude account, used by the Marketing department for assisted generation of marketing content, posts, website texts, internal reports and other promotional materials.<\/li>\n\n<li>AI-based MRP assistant: MRP data extracted from the ERP are processed by an AI system which generates Excel files for internal analysis.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">With regard to the website, the use of AI is relevant for privacy purposes only to the extent that:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>personal data of website users (e.g.\u00a0contact data, browsing data) are processed with the support of AI tools;<\/li>\n\n<li>website content (texts, images, suggestions) is generated or personalised through AI and such content affects users (e.g.\u00a0profiling, automated decision-making).<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">In such cases, the Controller ensures:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>that AI is used in accordance with the principles of privacy by design and privacy by default;<\/li>\n\n<li>that the user is informed when interacting with content generated or strongly influenced by AI, in line with the transparency obligations under the GDPR and the AI Act (Reg. (EU) 2024\/1689);<\/li>\n\n<li>that AI functionalities classified as high-risk under the AI Act are not used, unless a specific additional notice is provided.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">Currently, Termogomma does not use AI for the creation of deepfakes nor for high-risk systems and does not carry out automated processing resulting in solely automated decisions with significant legal effects on the user, unless otherwise indicated in the future.<\/p>\n\n<h4 class=\"wp-block-heading\">1.4 Legal bases of processing<\/h4>\n\n<p class=\"wp-block-paragraph\">The Controller processes users\u2019 personal data only if at least one of the following legal bases applies:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Performance of a contract or pre-contractual measures, for example handling user requests or registration to website services.<\/li>\n\n<li>Compliance with legal obligations, including tax, accounting, cybersecurity obligations and cooperation with public authorities.<\/li>\n\n<li>Legitimate interest of the Controller, for example:\n<ul>\n<li>improving the efficiency of internal processes through AI applied to corporate data and contact data;<\/li>\n<\/ul>\n<ul>\n<li>preventing fraud or misuse of the website;<\/li>\n<\/ul>\n\n<ul class=\"wp-block-list\">\n<li>carrying out internal analyses and statistics on service usage, balancing corporate interests with data subjects\u2019 rights.<\/li>\n<\/ul>\n<\/li>\n\n<li>User consent, required in particular for:\n<ul>\n<li>certain marketing data processing activities;<\/li>\n<\/ul>\n\n<ul class=\"wp-block-list\">\n<li>use of non-strictly necessary cookies\/trackers, as described in the Cookie Policy.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">Where AI is used on data that do not constitute personal data (purely corporate, technical or aggregated data not relating to identified or identifiable natural persons), the GDPR does not apply.<\/p>\n\n<p class=\"wp-block-paragraph\">If in future AI is used for profiling or automated decision-making that significantly affects data subjects, the Controller will provide additional information describing the logic involved and the consequences for data subjects, pursuant to the GDPR.<\/p>\n\n<h4 class=\"wp-block-heading\">1.5 Recipients and providers (including AI providers) \u2013 Data processors<\/h4>\n\n<p class=\"wp-block-paragraph\">Personal data may be accessed by:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Internal staff of the Controller (administration, sales, marketing, legal, IT, system administration) authorised to process data.<\/li>\n\n<li>Technical service providers and consultants (hosting providers, IT companies, communication agencies, ERP\/MRP solution providers) appointed, where necessary, as data processors pursuant to Article 28 GDPR.<\/li>\n\n<li>AI service providers (e.g.\u00a0providers of ChatGPT, Claude and AI modules integrated in the ERP and MRP assistant), acting as processors or sub-processors for personal data processing activities on behalf of the Controller.<\/li>\n\n<li>Public and judicial authorities, when required by law or by administrative or judicial orders.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">The up-to-date list of data processors and AI providers can be requested from the Controller at any time.<\/p>\n\n<h4 class=\"wp-block-heading\">1.6 Data transfers to third countries<\/h4>\n\n<p class=\"wp-block-paragraph\">When the use of AI systems or digital services involves a transfer of personal data to countries outside the European Union or to international organisations, the Controller ensures that the conditions of Chapter V of the GDPR are met, by adopting one of the adequacy mechanisms or safeguards provided for (adequacy decisions, standard contractual clauses, supplementary measures, etc.).<\/p>\n\n<p class=\"wp-block-paragraph\">The Controller informs the user, within this notice, if data are transferred to third countries and, where applicable, provides references to the safeguards adopted for such transfers.<\/p>\n\n<h4 class=\"wp-block-heading\">1.7 Methods of processing and security (including AI \u2013 privacy by design)<\/h4>\n\n<p class=\"wp-block-paragraph\">Data are processed by electronic and\/or automated means, according to organisational procedures and logic strictly related to the stated purposes. The Controller adopts appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in line with the following principles:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Privacy by design and privacy by default, integrating data protection into the design of systems and processes, including AI-based systems.<\/li>\n\n<li>Data minimisation, limiting processing to data strictly necessary for the purposes indicated.<\/li>\n\n<li>Accountability, with ongoing monitoring of the effectiveness of protection measures and risk assessment in relation to technological developments.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">Depending on the circumstances, such measures may include pseudonymisation, access restrictions, encryption, database segmentation and staff training.<\/p>\n\n<h4 class=\"wp-block-heading\"><a>1.8 Place of processing<\/a><\/h4>\n\n<p class=\"wp-block-paragraph\">Data are processed at the Controller\u2019s operating premises and at the premises of other parties involved in the processing (providers and processors). AI-based processing may be carried out on the cloud infrastructures of AI providers or on the Controller\u2019s local systems, in compliance with the safeguards described above.<\/p>\n\n<h4 class=\"wp-block-heading\"><a>1.9 Retention period<\/a><\/h4>\n\n<p class=\"wp-block-paragraph\">Personal data are retained for the time necessary to achieve the purposes for which they were collected. In particular:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>data processed for contractual purposes: retained for the duration of the relationship and, thereafter, for the period required by civil, tax and accounting legislation;<\/li>\n\n<li>data processed on the basis of legitimate interest: retained for the time necessary to pursue such interest, in line with the principles of minimisation and proportionality;<\/li>\n\n<li>data processed on the basis of consent: retained until consent is withdrawn;<\/li>\n\n<li>technical and security logs: retained for the period necessary to ensure system security and to establish potential liabilities, in accordance with internal policies and sector regulations.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">Once the retention period has expired, data are deleted or anonymised; after that point, rights of access, erasure, rectification or portability can no longer be exercised with respect to non-existent data.<\/p>\n\n<h4 class=\"wp-block-heading\">1.10 Data subjects\u2019 rights<\/h4>\n\n<p class=\"wp-block-paragraph\">Within the limits of the law, users may exercise the following rights:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Withdrawal of consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.<\/li>\n\n<li>Right to object to processing based on legitimate interest, including objection to processing for direct marketing purposes.<\/li>\n\n<li>Right of access, to know whether processing is being carried out and to receive a copy of the data.<\/li>\n\n<li>Right to rectification of inaccurate or incomplete data.<\/li>\n\n<li>Right to restriction of processing, in specific circumstances.<\/li>\n\n<li>Right to erasure (right to be forgotten), in the cases provided for by the GDPR.<\/li>\n\n<li>Right to data portability, to receive data in a structured format and transfer them to another controller.<\/li>\n\n<li>Right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) if they consider their rights to have been infringed.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">Users may also request clarification on the legal basis for any data transfers to third countries and on the measures adopted to protect their data in such contexts.<\/p>\n\n<h4 class=\"wp-block-heading\">1.11 Exercising rights<\/h4>\n\n<p class=\"wp-block-paragraph\">Requests to exercise the above rights may be sent to the Controller using the contact details indicated in this policy. Such requests are free of charge and will be handled within one month, subject to extension in complex cases, with appropriate communication to data subjects.<\/p>\n\n<h4 class=\"wp-block-heading\">1.12 Further information on AI use and system logs<\/h4>\n\n<p class=\"wp-block-paragraph\">Personal data may be used by the Controller for judicial protection in the event of misuse of the website or related services.<\/p>\n\n<p class=\"wp-block-paragraph\">The Controller may collect system logs and other technical data (e.g.\u00a0IP address) for maintenance, security and analysis of website operation.<\/p>\n\n<p class=\"wp-block-paragraph\">If additional AI-based assistants that interact directly with website users are developed (e.g.\u00a0chatbots, dynamic recommendations, personalised content generation), the Controller will update this notice by specifying:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>that the user is interacting with an AI system;<\/li>\n\n<li>the logic governing the system and its potential impact on the user\u2019s rights, in accordance with the GDPR and the AI Act.<\/li>\n<\/ul>\n\n<h4 class=\"wp-block-heading\">1.13 Changes to this privacy policy<\/h4>\n\n<p class=\"wp-block-paragraph\">The Controller reserves the right to amend this privacy policy at any time, by giving notice on this page and, where technically and legally feasible, through the Application or by notifying users using the available contact details.<\/p>\n\n<p class=\"wp-block-paragraph\">Where changes are based on user consent, the Controller will, where required, collect new consent.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>1. Privacy Policy of www.termogomma.it Last updated: July 2026 1.1 Data Controller The data controller is ATP S.p.A., VAT No.\u00a0IT 00551760366, with registered office at Via Austria 12\/14\/16, 41122 Modena (MO) \u2013 Italy. Controller\u2019s email contact: atp@atpgroup.it. Any contact details of the Data Protection Officer (DPO), if appointed, are made available upon request and\/or published [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":"","_members_access_role":[],"_members_access_error":""},"class_list":["post-6904","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.termogomma.it\/en\/wp-json\/wp\/v2\/pages\/6904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.termogomma.it\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.termogomma.it\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.termogomma.it\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.termogomma.it\/en\/wp-json\/wp\/v2\/comments?post=6904"}],"version-history":[{"count":0,"href":"https:\/\/www.termogomma.it\/en\/wp-json\/wp\/v2\/pages\/6904\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.termogomma.it\/en\/wp-json\/wp\/v2\/media?parent=6904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}