{"id":18327,"date":"2025-04-24T11:30:54","date_gmt":"2025-04-24T09:30:54","guid":{"rendered":"https:\/\/www.thron.com\/?page_id=18327"},"modified":"2025-10-29T09:05:43","modified_gmt":"2025-10-29T08:05:43","slug":"privacy-legal","status":"publish","type":"page","link":"https:\/\/www.thron.com\/en\/privacy-legal\/","title":{"rendered":"Privacy 2025"},"content":{"rendered":"\n<div class=\"wp-block-group alignfull has-dark-purple-thron-color has-purple-thron-background-color has-text-color has-background is-layout-constrained wp-block-group-is-layout-constrained\">\n<section id=\"block-faq-block_e8e95d3d8eccee0883835c0b000995fb\" class=\"block-faq\">\n    <div class=\"block-faq__lista\">\n                    <div class=\"block-faq__box\">\n                <div class=\"block-faq__domanda aperto\">\n                                            <div class=\"block-faq__icona\">\n                            <i class=\"fa-classic fa-solid fa-circle\" aria-hidden=\"true\"><\/i>                        <\/div>\n                    \n                    <h4>Privacy Policy<\/h4>\n                <\/div>\n\n                <div class=\"block-faq__risposta\">\n                    <div class=\"fabric-editor-block-mark fabric-editor-alignment\" data-align=\"center\">\n<h4 id=\"Privacy-Notice-pursuant-to-Article-13-of-EU-Regulation-679-2016\" data-renderer-start-pos=\"1\"><strong data-renderer-mark=\"true\">Privacy Notice pursuant to Article 13 of EU Regulation 679\/2016<\/strong><\/h4>\n<\/div>\n<p data-renderer-start-pos=\"76\"><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">THRON SPA, <\/span>registered office at Via dei Contarini 5\/A, 35016 Piazzola sul Brenta (PD), VAT No. 03586990289, email <a href=\"mailto:privacy@thron.com\">privacy@thron.com<\/a>, tel <strong>+390495599777<\/strong>, as the data controller (hereinafter, the \u201c<strong data-renderer-mark=\"true\">Controller<\/strong>\u201d),<span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\"> pursuant to Article 13 of EU Regulation 679\/2016 (hereinafter, the \u201c<\/span><strong data-renderer-mark=\"true\"><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">GDPR<\/span><\/strong><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">\u201d), as subsequently amended and supplemented, provides the following information to the data subjects (hereinafter, the \u201c<\/span><strong data-renderer-mark=\"true\"><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">Data Subject<\/span><\/strong><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">\u201d) regarding the processing of personal data collected and processed.<\/span><\/p>\n<h4 id=\"Types-of-Data-Purpose-of-Processing-and-Retention\" data-renderer-start-pos=\"544\"><strong data-renderer-mark=\"true\">Types of Data, Purpose of Processing and Retention<\/strong><button class=\"cc-wf6gg8\" type=\"button\" data-testid=\"anchor-button\" aria-hidden=\"true\"><\/button><\/h4>\n<p data-renderer-start-pos=\"599\"><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">The following types of data are collected in relation to the regular business activities pursued in the legitimate interest of the Controller. <\/span><\/p>\n<ol class=\"ak-ol\" start=\"1\" data-indent-level=\"1\">\n<li>\n<p data-renderer-start-pos=\"750\"><em data-renderer-mark=\"true\"><strong data-renderer-mark=\"true\"><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">Anonymous browsing data<\/span><\/strong><\/em><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">: no personal data is intentionally collected, although incidental collection cannot be ruled out. Browsing information is derived from automatic processing of technical cookies and no further processing is performed. Any additional data is removed.<\/span><\/p>\n<\/li>\n<li>\n<p data-renderer-start-pos=\"1065\"><em data-renderer-mark=\"true\"><strong data-renderer-mark=\"true\"><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">Data provided for information requests<\/span><\/strong><\/em><strong data-renderer-mark=\"true\"><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">:<\/span><\/strong><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\"> only the contact data provided to respond to the request is collected and <\/span>removed from the systems within one year after the re<span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">quest is closed.<\/span><\/p>\n<\/li>\n<li>\n<p data-renderer-start-pos=\"1264\"><em data-renderer-mark=\"true\"><strong data-renderer-mark=\"true\"><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">Authenticated browsing data<\/span><\/strong><\/em><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">: browsing data is matched with user account data to improve the user experience and ensure accountability for performed operations. The <\/span>data<span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\"> is stored in the sys<\/span>tems for one year, then either anonymized for statistical purposes or permanently deleted, unless required by law for different purposes.<\/p>\n<\/li>\n<li>\n<p data-renderer-start-pos=\"1725\"><em data-renderer-mark=\"true\"><strong data-renderer-mark=\"true\"><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">CVs<\/span><\/strong><\/em><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">: are managed by the HR department for recruitment purposes and processed only for the period stated in the CV itself. If no duration is indicated, the CV is deleted.<\/span><\/p>\n<\/li>\n<li>\n<p data-renderer-start-pos=\"1913\"><em data-renderer-mark=\"true\"><strong data-renderer-mark=\"true\"><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">Supplier data<\/span><\/strong><\/em><strong data-renderer-mark=\"true\"><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\">:<\/span><\/strong><span class=\"fabric-text-color-mark\" data-renderer-mark=\"true\" data-text-custom-color=\"#333333\"> collected for fulfilling contractual obligations and may include personal contact details. In such cases, processing is specific to that purpose and data is retained for one additional year after the contract ends, <\/span>unless legally required to retain it for other purposes.<\/p>\n<\/li>\n<\/ol>\n<p>The information referred to in Article 13 of the Regulation, in cases of unsolicited CVs sent by candidates for employment purposes, is provided at the first useful contact following receipt of the CV. For the purposes referred to in Article 6, paragraph 1, letter b) of the Regulation, consent to process personal data in the CV is not required (Article 111-bis of Legislative Decree 196\/03).<\/p>\n<p>In relation to recruitment activities, the Controller may process personal data, including so-called \u201cspecial categories of data\u201d as defined by the Regulation, strictly to the extent necessary for legitimate and defined purposes.<\/p>\n<h4 id=\"Disclosure-of-the-Data-Subjects-Personal-Data\" data-renderer-start-pos=\"3047\"><strong data-renderer-mark=\"true\">Disclosure of the Data Subject\u2019s Personal Data<\/strong><button class=\"cc-wf6gg8\" type=\"button\" data-testid=\"anchor-button\" aria-hidden=\"true\"><\/button><\/h4>\n<p data-renderer-start-pos=\"3098\">For the purposes of processing outlined above, and within the scope strictly relevant to them, personal data will or may be disclosed to:<\/p>\n<ol class=\"ak-ol\" start=\"1\" data-indent-level=\"1\">\n<li>\n<p data-renderer-start-pos=\"3270\">parties involved in recruitment activities aimed at entering into an employment or service contract;<\/p>\n<\/li>\n<li>\n<p data-renderer-start-pos=\"3410\">external consultants engaged in activities related to the processing, appointed as external data processors.<\/p>\n<\/li>\n<li>\n<p data-renderer-start-pos=\"3535\">parties who are entitled by law to access the personal data.<\/p>\n<\/li>\n<\/ol>\n<p data-renderer-start-pos=\"3642\">Personal data will never be disseminated or transferred to third countries outside the European Union.<\/p>\n<h4 id=\"Security-Measures\" data-renderer-start-pos=\"3769\"><strong data-renderer-mark=\"true\">Security Measures<\/strong><button class=\"cc-wf6gg8\" type=\"button\" data-testid=\"anchor-button\" aria-hidden=\"true\"><\/button><\/h4>\n<p data-renderer-start-pos=\"3790\">All processing is carried out through the adoption of appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with the principles and modalities set out in Articles 5 et seq. and 32 et seq. of the Regulation, as well as the related measures issued by the Privacy Authority. Security measures are part of a broader information protection system for which the Controller has adopted and certified international standards <strong>ISO\/IEC 27001:2022<\/strong> and <strong>ISO\/IEC 27018\/2019<\/strong>.<\/p>\n<h4 id=\"Data-Subjects-Rights\" data-renderer-start-pos=\"4372\"><strong data-renderer-mark=\"true\">Data Subject&#8217;s Rights<\/strong><button class=\"cc-wf6gg8\" type=\"button\" data-testid=\"anchor-button\" aria-hidden=\"true\"><\/button><\/h4>\n<p data-renderer-start-pos=\"4398\">The Data Subject may exercise the rights provided under Articles 15 to 22 of the Regulation as set out in Article 12 of the Regulation, which specifically include the right to:<\/p>\n<ul class=\"ak-ul\" data-indent-level=\"1\">\n<li>\n<p data-renderer-start-pos=\"4585\">obtain confirmation from the Controller as to whether or not personal data concerning them is being processed, and if so, access the personal data and the information referred to in Article 15 of the Regulation;<\/p>\n<\/li>\n<li>\n<p data-renderer-start-pos=\"4824\">have inaccurate personal data rectified and incomplete data completed, including by providing a supplementary statement, pursuant to Article 16 of the Regulation;<\/p>\n<\/li>\n<li>\n<p data-renderer-start-pos=\"5029\">obtain from the Controller the erasure of personal data without undue delay, where one of the grounds in Article 17 of the Regulation applies;<\/p>\n<\/li>\n<li>\n<p data-renderer-start-pos=\"5218\">obtain restriction of processing from the Controller when one of the conditions set out in Article 18 of the Regulation is met.<\/p>\n<\/li>\n<\/ul>\n<p data-renderer-start-pos=\"5361\">Data Subjects who believe that the processing of their personal data violates the Regulation have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it), pursuant to Article 77 of the Regulation, or to seek judicial remedy (Article 79 of the Regulation).<\/p>\n<p data-renderer-start-pos=\"5703\">To obtain a detailed and constantly updated list of the parties to whom the Data Subject\u2019s personal data may be disclosed and\/or to exercise the rights referred to in Articles 15 to 22 of the Regulation, the Data Subject may contact the Controller using the contact details provided above.<\/p>\n<p data-renderer-start-pos=\"6025\">Notice updated in <strong>April 2025<\/strong><\/p>\n                <\/div>\n            <\/div>\n                    <div class=\"block-faq__box\">\n                <div class=\"block-faq__domanda \">\n                                            <div class=\"block-faq__icona\">\n                            <i class=\"fa-classic fa-solid fa-circle-exclamation\" aria-hidden=\"true\"><\/i>                        <\/div>\n                    \n                    <h4>Security Measures<\/h4>\n                <\/div>\n\n                <div class=\"block-faq__risposta\">\n                    <h4 class=\"\" data-start=\"135\" data-end=\"166\">THRON Security Measures<\/h4>\n<p data-prosemirror-content-type=\"node\" data-prosemirror-node-name=\"paragraph\" data-prosemirror-node-block=\"true\" data-pm-slice=\"1 1 []\">Security is deeply embedded in THRON\u2019s identity. The platform, designed from the outset as cloud-native, is built on the robust infrastructure of Amazon Web Services (AWS) and integrates Akamai\u2019s global content delivery network. This ensures high performance and continuous protection of REST APIs through an active Web Application Firewall. Thanks to this structured setup, THRON offers a safe, high-performing, resilient environment that complies with the most rigorous data protection standards.<\/p>\n<h4 data-prosemirror-content-type=\"node\" data-prosemirror-node-name=\"heading\" data-prosemirror-node-block=\"true\"><strong data-prosemirror-content-type=\"mark\" data-prosemirror-mark-name=\"strong\">Security and Compliance Certifications<\/strong><\/h4>\n<p data-prosemirror-content-type=\"node\" data-prosemirror-node-name=\"paragraph\" data-prosemirror-node-block=\"true\">THRON complies fully with the General Data Protection Regulation (GDPR) and holds internationally recognized certifications. The <strong>ISO 27001:2022<\/strong> standard confirms the robustness of our information security management system, while <strong>ISO 9001:2015<\/strong> certifies our commitment to process quality. For cloud-related security, THRON adheres to <strong>ISO 27017:2015<\/strong> for cloud service controls and <strong>ISO 27018:2019<\/strong> for personal data protection in virtualized environments. These certifications reflect our ongoing and tangible commitment to safeguarding privacy and ensuring the security of our solutions. For more, visit our <a href=\"https:\/\/www.thron.com\/it\/sicurezza\/\">official Trust Portal<\/a>.<\/p>\n<h4 data-prosemirror-content-type=\"node\" data-prosemirror-node-name=\"heading\" data-prosemirror-node-block=\"true\"><strong data-prosemirror-content-type=\"mark\" data-prosemirror-mark-name=\"strong\">Data Protection and Secure Architecture<\/strong><\/h4>\n<p data-prosemirror-content-type=\"node\" data-prosemirror-node-name=\"paragraph\" data-prosemirror-node-block=\"true\">All data flowing through the platform is protected by advanced encryption based on the <strong>AES-256<\/strong> algorithm, both in transit and at rest. Communication is safeguarded by <strong>TLS\/SSL<\/strong> protocols to ensure privacy between users and the platform. Access to the production environment follows the principle of least privilege and is monitored with strict multi-factor authentication and administrative controls. The infrastructure relies on Amazon S3 for storage, offering <strong>99.999999999%<\/strong> data durability and automated backups to ensure protection even in critical situations.<\/p>\n<p>THRON is engineered for operational continuity even in the event of major failures. Its architecture is distributed across multiple AWS availability zones, keeping the platform running even during serious outages. The Recovery Time Objective (<strong>RTO<\/strong>) is set at 4 hours, while the Recovery Point Objective (<strong>RPO<\/strong>) is 1 hour, ensuring rapid restoration of services and user data.<\/p>\n<p>All cloud resources are hosted in isolated Virtual Private Clouds (VPCs) equipped with control systems that prevent unauthorized access.<\/p>\n<p>More details are available in our dedicated page: <a href=\"https:\/\/help.thron.com\/s\/article\/THRON-architecture-security-and-data-management-1659005157491\" target=\"_blank\" rel=\"noopener\">THRON architecture, security and data management<\/a><\/p>\n<h4 data-prosemirror-content-type=\"node\" data-prosemirror-node-name=\"heading\" data-prosemirror-node-block=\"true\"><strong data-prosemirror-content-type=\"mark\" data-prosemirror-mark-name=\"strong\">Proactive Protection and Monitoring<\/strong><\/h4>\n<p>THRON\u2019s approach to digital threat protection is multilayered. Defense against <strong>DDoS<\/strong> attacks combines Akamai\u2019s perimeter infrastructure, AWS auto-scaling, and advanced mitigation tools integrated with our <strong>Web Application Firewall<\/strong>. A 24\/7 in-house security team constantly monitors the system and is ready to act in case of anomalies or incidents. Vulnerabilities are identified through continuous automated scanning and annual penetration testing by independent experts.<\/p>\n<h4 data-prosemirror-content-type=\"node\" data-prosemirror-node-name=\"heading\" data-prosemirror-node-block=\"true\"><strong data-prosemirror-content-type=\"mark\" data-prosemirror-mark-name=\"strong\">Secure Development and Application Controls<\/strong><\/h4>\n<p>Security is embedded in every stage of our development lifecycle. Developers follow internationally recognized best practices such as <strong>OWASP<\/strong> and <strong>CIS<\/strong> benchmarks, using modern frameworks built to resist the most common threats. Application-level access management relies on a role-based access control system (RBAC) that clearly separates permissions between administrators, editors, contributors, and viewers. All sensitive operations are logged and can be reviewed via audit logs accessible to administrators, with up to 90 days of activity tracking.<\/p>\n<h4 data-prosemirror-content-type=\"node\" data-prosemirror-node-name=\"heading\" data-prosemirror-node-block=\"true\"><strong data-prosemirror-content-type=\"mark\" data-prosemirror-mark-name=\"strong\">Integrations and Identity Management<\/strong><\/h4>\n<p>THRON enables secure integration with enterprise systems through Single Sign-On (SSO) using <strong>SAML<\/strong> and <strong>OpenID<\/strong> with the <strong>OAuth 2.0<\/strong> protocol. Platform access is protected by two-factor authentication (2FA), and credential management is governed by strict password complexity and update policies.<\/p>\n<h4 data-prosemirror-content-type=\"node\" data-prosemirror-node-name=\"heading\" data-prosemirror-node-block=\"true\"><strong data-prosemirror-content-type=\"mark\" data-prosemirror-mark-name=\"strong\">Data Governance and Privacy<\/strong><\/h4>\n<p>Data handling in THRON follows a structured backup and retention policy that defines how long data is stored based on its classification. The platform ensures secure deletion and full data portability on customer request, fully aligned with GDPR principles. A formal procedure is in place to handle data subject requests such as access, export, or deletion, giving clients complete control and transparency.<\/p>\n                <\/div>\n            <\/div>\n                    <div class=\"block-faq__box\">\n                <div class=\"block-faq__domanda \">\n                                            <div class=\"block-faq__icona\">\n                            <i class=\"fa-classic fa-solid fa-circle\" aria-hidden=\"true\"><\/i>                        <\/div>\n                    \n                    <h4>Cookie Policy<\/h4>\n                <\/div>\n\n                <div class=\"block-faq__risposta\">\n                    <div id=\"mainContent\">Cookies are text files containing minimal information sent to the browser and stored on the user\u2019s device each time a website is visited. With each connection, cookies send information back to the referring site. They are used to enhance site functionality, allow the user to navigate smoothly between pages, and ensure an optimal browsing experience at all times. Cookies can be installed:<\/div>\n<ol>\n<li>Directly by the website owner or operator (first-party cookies)<\/li>\n<li>By third parties not directly related to the visited website (third-party cookies). Unless otherwise specified, please note that these cookies are under the direct and exclusive responsibility of their respective operators. More information about their privacy practices and use can be found directly on the websites of those operators.<\/li>\n<\/ol>\n<div>Cookies can be classified into the following categories:<\/div>\n<ol>\n<li>Technical cookies. These are cookies necessary to enable navigation or provide a service requested by the user. Without them, certain operations would be impossible or significantly more complex and less secure. Therefore, prior informed consent from the user is generally not required. This category also includes cookies used exclusively for statistical purposes, such as analyzing visits and access to the site through aggregated data collection.<\/li>\n<li>Non-technical cookies (profiling and marketing). These cookies are used to track users&#8217; browsing behavior and build profiles based on their preferences, habits, choices, and more. The use of such cookies on users&#8217; devices is prohibited unless they have been properly informed and have given valid consent. When cookies are installed based on consent, that consent can be freely withdrawn at any time.<\/li>\n<\/ol>\n<p>Read the full Cookie Policy: <a href=\"https:\/\/www.iubenda.com\/privacy-policy\/7805610\/cookie-policy\" target=\"_blank\" rel=\"noopener\">https:\/\/www.iubenda.com\/privacy-policy\/7805610\/cookie-policy<\/a><\/p>\n                <\/div>\n            <\/div>\n                    <div class=\"block-faq__box\">\n                <div class=\"block-faq__domanda \">\n                                            <div class=\"block-faq__icona\">\n                            <i class=\"fa-classic fa-solid fa-circle\" aria-hidden=\"true\"><\/i>                        <\/div>\n                    \n                    <h4>ISO 9001: Quality Policy<\/h4>\n                <\/div>\n\n                <div class=\"block-faq__risposta\">\n                    <p class=\"aos-init aos-animate\" data-aos=\"fade-up\">At THRON spa, we are committed to delivering the highest level of quality in all aspects of our operations. We understand that quality is paramount for our customers and our own success. Therefore, we have established a comprehensive Integrated Management System (IMS) in compliance with ISO 9001 standards.<\/p>\n<p class=\"aos-init aos-animate\" data-aos=\"fade-up\">Our Quality Policy encompasses the following principles:<\/p>\n<ul class=\"wp-block-list aos-init aos-animate\" data-aos=\"fade-up\">\n<li><strong>Customer Focus:<\/strong><br \/>\nWe strive to understand and meet our customers\u2019 needs, requirements, and expectations. Customer satisfaction is our top priority, and we are dedicated to exceeding their expectations.<\/li>\n<li><strong>Continuous Improvement:<\/strong><br \/>\nWe are committed to ongoing improvement in all areas of our organization. We regularly review and enhance our processes, products, and services to ensure their effectiveness and efficiency.<\/li>\n<li><strong>Employee Engagement:<\/strong><br \/>\nOur employees are our most valuable asset. We encourage their active participation and engagement in quality improvement initiatives, as their expertise and dedication drive our success.<\/li>\n<li><strong>Compliance:<\/strong><br \/>\nWe adhere to all applicable legal and regulatory requirements. Our IMS ensures that our processes and products consistently meet these standards.<\/li>\n<li><strong>Accountability:<\/strong><br \/>\nWe hold ourselves accountable for the quality of our work. Through rigorous quality control and performance monitoring, we ensure the highest standards are maintained.<\/li>\n<li><strong>Communication:<\/strong><br \/>\nOpen and transparent communication is key to our success. We foster a culture of collaboration and effective communication within our organization and with our customers.<\/li>\n<li><strong>Risk Management:<\/strong><br \/>\nWe identify and manage risks that may affect the quality of our products and services. We take proactive measures to mitigate potential issues.<\/li>\n<li><strong>Innovation:<\/strong><br \/>\nWe encourage a culture of innovation that allows us to adapt to changing circumstances and embrace new technologies, methods, and approaches.<\/li>\n<\/ul>\n<p class=\"aos-init aos-animate\" data-aos=\"fade-up\">By adhering to these principles, THRON spa is committed to delivering the highest quality products and services to our customers, maintaining the trust they have placed in us.<\/p>\n<p data-aos=\"fade-up\"><strong>THRON<\/strong><br \/>\n<strong>Chief Executive Officer (CEO)<\/strong><\/p>\n<p data-aos=\"fade-up\">Revision dated\u00a0<strong>30\/05\/2023<\/strong><\/p>\n                <\/div>\n            <\/div>\n                    <div class=\"block-faq__box\">\n                <div class=\"block-faq__domanda \">\n                                            <div class=\"block-faq__icona\">\n                            <i class=\"fa-classic fa-solid fa-circle\" aria-hidden=\"true\"><\/i>                        <\/div>\n                    \n                    <h4>ISO 27001: Information Security Policy<\/h4>\n                <\/div>\n\n                <div class=\"block-faq__risposta\">\n                    <p class=\"aos-init aos-animate\" data-aos=\"fade-up\">Protection of the company\u2019s information assets is a primary objective for safeguarding THRON\u2019s business and ensuring business continuity; it is also a contractual obligation toward stakeholders.<\/p>\n<p class=\"aos-init aos-animate\" data-aos=\"fade-up\">To this end, the Information Security Management System (ISMS) is established, designed by THRON\u2019s Information Security Manager (ISM) and based on:<\/p>\n<ol class=\"wp-block-list aos-init aos-animate\" data-aos=\"fade-up\">\n<li>policies and guidelines;<\/li>\n<li>organizational, physical, technological, and behavioral security measures;<\/li>\n<li>methodologies and methods to verify effectiveness and adequacy to business needs and legal requirements.<\/li>\n<\/ol>\n<p class=\"aos-init aos-animate\" data-aos=\"fade-up\">The Information Security Management System pursues the following objectives:<\/p>\n<ol class=\"wp-block-list aos-init aos-animate\" data-aos=\"fade-up\">\n<li>safeguard the legitimate interests of shareholders, employees, and all other stakeholders;<\/li>\n<li>ensure the protection of corporate information and the continuity of business activities, by making sure the intended protection level is implemented according to the criticality, risk, and value of the information to be protected;<\/li>\n<li>define a simple, consistent, and promptly updated reference model for the protection of corporate information, aligned with business strategies;<\/li>\n<li>retain documentary evidence of the systems designed and implemented, as well as of activities performed, for legal, tax, and operational purposes;<\/li>\n<li>comply with the requirements imposed by national and European directives on network and information security.<\/li>\n<\/ol>\n<h2 class=\"wp-block-heading aos-init aos-animate\" data-aos=\"fade-up\">General Principles<\/h2>\n<p class=\"aos-init aos-animate\" data-aos=\"fade-up\">The Information Security Management System is founded on the following principles:<\/p>\n<ul class=\"wp-block-list aos-init aos-animate\" data-aos=\"fade-up\">\n<li><strong>information is a corporate asset\u00a0<\/strong>that must be adequately protected in all stages of processing (from design to destruction);<\/li>\n<li><strong>cybersecurity<\/strong>\u00a0must be an integral part of every business process;<\/li>\n<li><strong>risk<\/strong>\u00a0cannot be eliminated entirely, but the objective is to contain it within an acceptable level (to guarantee continuity of the services provided);<\/li>\n<li>the\u00a0<strong>accountability<\/strong>\u00a0\u2013 one\u2019s own and toward others \u2013 of owners, suppliers, or users of information systems must be explicit;<\/li>\n<li><strong>external systems\u00a0<\/strong>are, by definition, not secure;<\/li>\n<li><strong>protections<\/strong>\u00a0should, where possible, be built in \u201clayers\u201d and consist of a balanced mix of technological and organizational measures;<\/li>\n<li><strong>\u201cmission-critical\u201d systems\u00a0<\/strong>must be segregated from systems with public access;<\/li>\n<li><strong>all data access must be authorized<\/strong>\u00a0according to the principles of \u201cneed-to-know\u201d and \u201cleast privilege.\u201d<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading aos-init aos-animate\" data-aos=\"fade-up\">ISMS Model<\/h2>\n<p class=\"aos-init aos-animate\" data-aos=\"fade-up\">The Information Security Management System is structured across several interrelated layers of countermeasures to protect the confidentiality, integrity, and availability of information:<\/p>\n<ol class=\"wp-block-list aos-init aos-animate\" data-aos=\"fade-up\">\n<li><strong>organizational layer<\/strong>: identifies the allocation of responsibilities and roles in managing information protection;<\/li>\n<li><strong>technological layer<\/strong>, which comprises:\n<ol class=\"wp-block-list\">\n<li><strong>infrastructure layer<\/strong>: specifies how ICT systems (processing, transmission, and storage) must be designed and implemented to ensure an adequate level of security;<\/li>\n<li><strong>network layer<\/strong>: identifies defense mechanisms to manage access to the corporate network (both from inside and from remote workstations);<\/li>\n<li><strong>application layer<\/strong>: identifies defense mechanisms to manage access to applications and to the data processed by them;<\/li>\n<\/ol>\n<\/li>\n<li><strong>behavioral layer<\/strong>: identifies the rules to be followed by all personnel and any third parties interacting with THRON;<\/li>\n<li><strong>physical layer<\/strong>: identifies the physical protections to be implemented to safeguard devices, ICT equipment, and access to them;<\/li>\n<li><strong>legal layer<\/strong>: identifies the laws and regulations to be observed;<\/li>\n<li><strong>control layer<\/strong>: identifies the organizational and technological mechanisms that allow ongoing oversight of the overall level of information protection.<\/li>\n<\/ol>\n<p class=\"aos-init aos-animate\" data-aos=\"fade-up\">The principles set out above are detailed in the descriptive document of the Information Protection System (the \u201cInformation Security Protection Policy\u201d) and form the basis of specific Guidelines issued by the ISM, published on the internal company portal, and delivered through periodic training to all concerned.<\/p>\n<h2 class=\"wp-block-heading aos-init aos-animate\" data-aos=\"fade-up\">Scope of Application<\/h2>\n<p class=\"aos-init aos-animate\" data-aos=\"fade-up\">The Information Security Protection Policy applies to all THRON stakeholders and involves \u2013 and binds \u2013 all persons who need to access THRON\u2019s information system (including employees, partners, suppliers, and customers).<\/p>\n<p class=\"aos-init aos-animate\" data-aos=\"fade-up\">The architectural design of the information systems \u2013 both infrastructure and applications \u2013 must comply with and be consistent with the principles of THRON\u2019s Information Security Protection Policy from the design phase onward.<\/p>\n<p class=\"aos-init aos-animate\" data-aos=\"fade-up\">The same principles also apply to the use of corporate assets and resources.<\/p>\n<p data-aos=\"fade-up\"><strong>THRON<\/strong><br \/>\n<strong>Chief Executive Officer (CEO)<\/strong><\/p>\n<p data-aos=\"fade-up\">Revision dated\u00a0<strong>30\/09\/2023<\/strong><\/p>\n                <\/div>\n            <\/div>\n                    <div class=\"block-faq__box\">\n                <div class=\"block-faq__domanda \">\n                                            <div class=\"block-faq__icona\">\n                            <i class=\"fa-classic fa-solid fa-circle\" aria-hidden=\"true\"><\/i>                        <\/div>\n                    \n                    <h4>Copyright<\/h4>\n                <\/div>\n\n                <div class=\"block-faq__risposta\">\n                    <h4 data-renderer-start-pos=\"1\"><strong data-renderer-mark=\"true\">THRON 2025 \u00a9 THRON S.p.A. All rights reserved<\/strong><\/h4>\n<div>All information, data, ideas, layouts, designs, diagrams, and any combination thereof found on www.thron.com are the property of THRON S.p.A. and may be protected under international copyright laws and other intellectual property rights. Full or partial reproduction, as well as any other use of the information presented here\u2014including layouts, designs, and diagrams\u2014is not permitted without the prior written consent of THRON S.p.A.<\/div>\n                <\/div>\n            <\/div>\n            <\/div>\n<\/section>\n\n\n<div style=\"height:160px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":11,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-18327","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/pages\/18327","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/comments?post=18327"}],"version-history":[{"count":12,"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/pages\/18327\/revisions"}],"predecessor-version":[{"id":20700,"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/pages\/18327\/revisions\/20700"}],"wp:attachment":[{"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/media?parent=18327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}