THRON manages two different kinds of users: contacts (who access content) and platform users (who access the THRON control panel).
The term “personally identifiable information” (PII) generally refers to the identifiability of information relating to a user, such as name, address, phone number and email address.
THRON does not collect contacts’ PII unless users intentionally choose to divulge such information, providing it through customer interfaces or applications, for example, filling in forms or text boxes.
THRON’s customers must comply with regulations, informing users and obtaining their consent to collect PII.
THRON collects information which is not personally identifiable (“Non-PII”), to identify computers with which it has already had prior interaction. For example, by using Non-PII, THRON can identify a computer that has previously viewed content.
Through the collection and use of Non-PII, we offer a range of services that allow our customers to show their users the most useful and relevant content on their websites, and to avoid showing the same content on too many occasions to the same people.
THRON collects the first names, surnames and email addresses of platform users in order to provide them with access and permission to manage passwords.
We may disclose a user’s Non-PII to a third party where we are legally obliged to do so and in order to investigate, prevent or take action against suspicious or prohibited activities (including, for illustrative purposes but not limited to, fraud and situations involving potential threats to any individual’s physical safety).
Furthermore, if permitted by applicable law, we may also divulge and provide access to a user’s PII and Non-PII to our service providers and partners who work with us. However, such providers and partners are not authorized to use the information for purposes beyond the provision of services to THRON.
THRON’s terms and conditions stipulate (paragraph no. 20) that THRON is responsible for the processing of customer data. Only the customer has control over such data (being the owner of the data).
The European General Data Protection Regulation (GDPR) will come into force from May 2018. THRON already respects the Italian privacy law on which the GDPR has been largely based. Therefore, from a security point of view, it already adheres to the regulation. THRON is currently undergoing the further steps required to be completely in line with the GDPR by the date on which it will officially be made effective (May 2018).
As far as development standards are concerned, we follow the most up-to-date best practices to protect consumer data.
Some key aspects:
THRON never stores its customer’s password (indeed, you will never be able to retrieve your password, but can only replace it). The password database contains one-way dashes, so that THRON can be aware of whether or not you have performed a correct authentication. However, a potential hacker would never be able to retrieve your password, should data be stolen from our database.
We would like to remind you that databases are based on an encrypted archive. All authentication requests use only HTTPS protocol.
We do not allow vulnerability assessments or penetration tests to be performed in our production environment so as to protect our customers.
However, you can contact firstname.lastname@example.org to arrange for a penetration test in a dedicated environment that is identical to the official one. The dedicated environment has the same architecture, the same software versions and the same configuration as that of the product, and will be created specifically to carry out the assessment.
THRON is a SaaS cloud native. Therefore, all environments are managed through automation, and can be dynamically supplied and removed.
In accordance with the law, THRON must report any attack or threat detected to the local authorities. For this reason, it is mandatory to request authorization before performing any kind of test (vulnerability scanning or attempts to exploit the system) in order to differentiate tests from genuine attacks. The results of the assessments must be shared with THRON.
THRON has been developed on the basis of OWASP best practices
Yes. THRON has full industrial and intellectual property rights over the entire platform. Where services are performed by third parties / technological partners, THRON has acquired the relevant rights for commercial use.
THRON Marketplace contains applications designed by THRON as well as others designed by partners. Each supplier is responsible for guaranteeing the SLA and security relating to its own applications. Make sure that you always check the supplier and the terms and conditions stipulated for each application. .
Yes. All you have to do is send an email to email@example.com, specifying your identity (for example, email) and the THRON team will remove any trace of your data from its systems.
You can also stop monitoring of your information at any moment. Please read the privacy statement and, subsequently, the extended policy, inserting the data requested in this example link: https://[yourdomain]-cdn.thron.com/shared/assets/privacy/extendedprivacy.html
THRON has been designed for cloud architecture. It uses self-provisioning components that are able to dynamically adapt and scale in order to combat certain service interruptions and unexpected loads.
Each infrastructure component is in excess or makes up part of a cluster with automatic "master promotion". This means that service continuity is always followed automatically.
THRON’s Terms and Conditions define the SLA that we guarantee to our customers, proof of our commitment to operational continuity.