Data security & privacy FAQs

Does THRON collect personal data? If so, which? 

THRON manages two different kinds of data subjects: contacts (who access content) and platform users (who access the THRON control panel).

The term “personally identifiable information” (PII) generally refers to the identifiability of information relating to a user, such as name, address, phone number and email address. THRON does not collect contacts’ PII unless users intentionally choose to divulge such information, providing it through customer interfaces or applications, for example, filling in forms or text boxes. Being Data controller, THRON’s customers must inform users and manage consent to collect PII to comply with General Data Protection Regulation.

THRON collects information which is not personally identifiable (“Non-PII”), to identify computers with which it has already had prior interaction. For example, by using Non-PII, THRON can identify a computer that has previously viewed content. Through the collection and use of Non-PII, we offer a range of services that allow our customers to show their users the most useful and relevant content on their websites, and to avoid showing the same content on too many occasions to the same people.

THRON collects user’s first names, surnames and email addresses used in the console in order to execute the THRON service delivery.

Who can access my data?

We may disclose a user’s Non-PII to a third party where we are legally obliged to do so and in order to investigate, prevent or take action against suspicious or prohibited activities (including, for illustrative purposes but not limited to, fraud and situations involving potential threats to any individual’s physical safety). Furthermore, if permitted by applicable law, we may also divulge and provide access

to a user’s PII and Non-PII to our service providers and partners who work with us. However, such providers and partners are not authorized to use the information for purposes beyond the provision of services to THRON.

  • THRON’s customers: THRON’s customers (who are the “owners of the data”) have access to data relating to contacts for the purposes indicated in the Privacy Policy. The “parties responsible for their processing” are authorized to access such data in order to carry out their duties.
  • THRON authorized staff: THRON’s technical and qualified staff have access to Content Intelligence data, but only for software and platform maintenance.
  • Public authorities: all data may be handed over to public authorities should it be required by law.

  • Circulation: users’ personal information is not circulated. However, some details such as nicknames and/or profile images, and any other information published by users on their profiles, or through other service communication channels, will be accessible to other users. This occurs as soon as the user concerned decides to take part in the blog or access the community. Some personal information provided by the user may also be circulated during certain events, for example, online competitions or promotions.

Who owns my users’ data? 

THRON’s terms and conditions state (paragraph no. 20) that THRON is Data processor appointed by the Data Controller (THRON’s Customer). This means that data intellectual property and ownership is THRON Customer’s but data is being stored in THRON to allow data processing. You can check the extended privacy policy and opt-out from device tracking at: https://[yourdomain]

Where is data stored?

Ireland, Europe.

Is THRON prepared for the GDPR?

THRON complies with European General Data Protection Regulation (GDPR). You can explore details about which data is collected, processing purposes, where data is stored and how data is protected from unauthorized access and loss in the extended privacy policy available on each THRON instance.

Extended privacy policy is available on url like: https://[yourdomain] , such as: .

Does THRON keep and process my data securely?

As far as development standards are concerned, we follow the most up-to-date best practices to protect consumer data.

Some key aspects:

  • Data in transit: the transmission of data is encrypted (HTTPS protocol).
  • Archived data: archives and databases use encrypted archiving thanks to the Key Management System.
  • THRON is a multi-tenant system, which means that all customer information is logically divided within the same physical infrastructure.
  • Access to data is protected by “access control” and features full inspection capabilities.
  • Our processes and technologies comply with Italian regulations regarding privacy and security.

Discover more

Is THRON autentication secure?

THRON never stores its customer’s password (indeed, you will never be able to retrieve your password, but can only replace it). The password database contains one-way dashes, so that THRON can be aware of whether or not you have performed a correct authentication. However, a potential hacker would never be able to retrieve your password, should data be stolen from our database.

We would like to remind you that databases are based on an encrypted archive. All authentication requests use only HTTPS protocol.

Can I perform a vulnerability assessment or a penetration test? 

In accordance with the law, THRON must report any attack or threat detected to the local authorities. For this reason, it is mandatory to request authorization before performing any kind of test (vulnerability scanning or attempts to exploit the system) in order to differentiate tests from genuine attacks. The results of the assessments must be shared with THRON.

We do not allow vulnerability assessments or penetration tests to be performed in our production environment so as to protect our customers. However, you can contact to arrange for a penetration test in a dedicated environment that is identical to the official one. The dedicated environment has the same architecture, the same software versions and the same configuration as that of the product, and will be created specifically to carry out the assessment. THRON is a SaaS cloud native.

Therefore, all environments are managed through automation, and can be dynamically supplied and removed.

Does THRON observe development standards?

THRON has been developed on the basis of OWASP best practices

Discover more

Does THRON have full intellectual property rights over the services it provides? 

Yes. THRON has full industrial and intellectual property rights over the entire platform. Where services are performed by third parties / technological partners, THRON has acquired the relevant rights for commercial use.

Is THRON the guarantor of all Marketplace applications? 

THRON Marketplace contains applications designed by THRON as well as others designed by partners. Each supplier is responsible for guaranteeing the SLA and security relating to its own applications. Make sure that you always check the supplier and the terms and conditions stipulated for each application. .

Discover more

Can I ask THRON to remove or provide me my data? 

If you will to erase or download your data we suggest you to direct your request to the Data Controller, so that you can have a complete scope of the data.

You can exercise your rights regarding THRON data removal or collection by writing an email to, please note that to performing any action regarding your data we will require proof of your identity.

You can also stop monitoring of your information at any moment. Please read the privacy statement and, subsequently, the extended policy, inserting the data requested in this example link: https://[yourdomain]

How does THRON manage the high availability of services?

THRON has been designed for cloud architecture. It uses self-provisioning components that are able to dynamically adapt and scale in order to combat certain service interruptions and unexpected loads.

Each infrastructure component is in excess or makes up part of a cluster with automatic "master promotion". This means that service continuity is always followed automatically.

THRON’s Terms and Conditions define the SLA that we guarantee to our customers, proof of our commitment to operational continuity.

Discover more

Would you like to know more about
data security and privacy?
Contact our specialist!