THRON manages two different kinds of data subjects: contacts (who access content) and platform users (who access the THRON control panel).
The term “personally identifiable information” (PII) generally refers to the identifiability of information relating to a user, such as name, address, phone number and email address. THRON does not collect contacts’ PII unless users intentionally choose to divulge such information, providing it through customer interfaces or applications, for example, filling in forms or text boxes. Being Data controller, THRON’s customers must inform users and manage consent to collect PII to comply with General Data Protection Regulation.
THRON collects information which is not personally identifiable (“Non-PII”), to identify computers with which it has already had prior interaction. For example, by using Non-PII, THRON can identify a computer that has previously viewed content. Through the collection and use of Non-PII, we offer a range of services that allow our customers to show their users the most useful and relevant content on their websites, and to avoid showing the same content on too many occasions to the same people.
THRON collects user’s first names, surnames and email addresses used in the console in order to execute the THRON service delivery.
We may disclose a user’s Non-PII to a third party where we are legally obliged to do so and in order to investigate, prevent or take action against suspicious or prohibited activities (including, for illustrative purposes but not limited to, fraud and situations involving potential threats to any individual’s physical safety). Furthermore, if permitted by applicable law, we may also divulge and provide access
to a user’s PII and Non-PII to our service providers and partners who work with us. However, such providers and partners are not authorized to use the information for purposes beyond the provision of services to THRON.
As far as development standards are concerned, we follow the most up-to-date best practices to protect consumer data.
Some key aspects:
THRON never stores its customer’s password (indeed, you will never be able to retrieve your password, but can only replace it). The password database contains one-way dashes, so that THRON can be aware of whether or not you have performed a correct authentication. However, a potential hacker would never be able to retrieve your password, should data be stolen from our database.
We would like to remind you that databases are based on an encrypted archive. All authentication requests use only HTTPS protocol.
In accordance with the law, THRON must report any attack or threat detected to the local authorities. For this reason, it is mandatory to request authorization before performing any kind of test (vulnerability scanning or attempts to exploit the system) in order to differentiate tests from genuine attacks. The results of the assessments must be shared with THRON.
We do not allow vulnerability assessments or penetration tests to be performed in our production environment so as to protect our customers. However, you can contact firstname.lastname@example.org to arrange for a penetration test in a dedicated environment that is identical to the official one. The dedicated environment has the same architecture, the same software versions and the same configuration as that of the product, and will be created specifically to carry out the assessment. THRON is a SaaS cloud native.
Therefore, all environments are managed through automation, and can be dynamically supplied and removed.
THRON has been developed on the basis of OWASP best practices
Yes. THRON has full industrial and intellectual property rights over the entire platform. Where services are performed by third parties / technological partners, THRON has acquired the relevant rights for commercial use.
THRON Marketplace contains applications designed by THRON as well as others designed by partners. Each supplier is responsible for guaranteeing the SLA and security relating to its own applications. Make sure that you always check the supplier and the terms and conditions stipulated for each application. .
If you will to erase or download your data we suggest you to direct your request to the Data Controller, so that you can have a complete scope of the data.
You can exercise your rights regarding THRON data removal or collection by writing an email to email@example.com, please note that to performing any action regarding your data we will require proof of your identity.
You can also stop monitoring of your information at any moment. Please read the privacy statement and, subsequently, the extended policy, inserting the data requested in this example link: https://[yourdomain]-cdn.thron.com/shared/assets/privacy/extendedprivacy.html
THRON has been designed for cloud architecture. It uses self-provisioning components that are able to dynamically adapt and scale in order to combat certain service interruptions and unexpected loads.
Each infrastructure component is in excess or makes up part of a cluster with automatic "master promotion". This means that service continuity is always followed automatically.
THRON’s Terms and Conditions define the SLA that we guarantee to our customers, proof of our commitment to operational continuity.