PRIVACY AND COOKIE POLICY OF JOBS TERNA PORTAL
Terna S.p.A., as Data Controller (hereinafter: "Terna" or the "Controller"), pursuant to Regulation (EU) 2016/679 (known as the General Data Protection Regulation", hereinafter the "Regulation") and Legislative Decree No. 196/2003 (known as the Personal Data Protection Code, hereinafter the "Privacy Code") undertakes to protect the online privacy of users of its websites and provides you with this Privacy Policy in order to inform you, pursuant to Art. 13 of the Regulation, on how your personal data will be processed when you use the Jobs Terna Portal (hereinafter the "Site") and all applications accessible from the Jobs Terna Portal, either for consultation or for the use of specific services made available through the Site.
Terna provides this information only for the above addresses and not for other websites that may be viewed by the user through links on the Site (in these cases please refer to the respective privacy policies).
Your personal data shall be processed in compliance with the principles of fairness, lawfulness, transparency, limitation of purpose and storage, minimisation, accuracy, integrity, and confidentiality and also with the principle of accountability pursuant to Art. 5 of the Regulation. Your personal data will therefore be processed in accordance with personal data protection legislation and the confidentiality obligations provided.
"Processing of personal data" means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
***
1. DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is Terna S.p.A., with headquarters at Viale Egidio Galbani 70, Rome, Italy.
The Data Protection Officer (or "DPO") can be contacted by email at dpo@terna.it or by ordinary post at the above address.
2. PERSONAL DATA PROCESSED
We hereby inform you that the personal data to be processed may consist of an identifier such as a name, an identification number, location data, an online identifier or one or more pieces of information that may identify you or make you identifiable, depending on the type of services requested (hereinafter simply "personal data").
The personal data processed through the Site are:
a) Browsing data
During normal operation, the computer systems and software procedures used for the functioning of the Site acquire personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected in order to be associated with identified data subjects but may by its nature, including through processing and association with data held by third parties, enable the identification of the user. This category of data includes IP addresses or the domain names of the computers used by users to connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and computer environment and to the devices used by the user to access the Site. This data is used exclusively to obtain anonymous statistical information on the use of the Site, to check its correct functioning and to identify anomalies and/or abuses. The data could be used to ascertain liability in the event of computer crimes to the detriment of the Site or third parties.
b) Data voluntarily provided by the user
Notwithstanding the reference to specific information on the processing of personal data pursuant to Art. 13 of the Regulation and any requests for consent that will be consecutively reported or displayed on the pages of the Site, dedicated to particular Services (such as, for example, the information available in the "Register" section of the Site), this Privacy Policy also applies to the processing of the data you have voluntarily entered in the various forms in the Site, such as, for example, the information request form in the "Contacts" section, through which you will be asked for your email address and to specify your request, which may possibly require further personal data. With regard to the content of your request for information, we ask you to enter only the personal data that is strictly necessary for the handling of your request in the aforementioned form, thus omitting irrelevant information and/or information that may fall within the special categories of personal data referred to in Art. 9 of the Regulation (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data uniquely identifying a natural person, or data concerning health, sex life or sexual orientation).
c) Cookies and other tracking technologies
A "cookie" is a small text file that can be stored in a dedicated space on the hard drive of the user's device (e.g., computer, tablet, smartphone, etc.) when they visit a website through their browser and may require the user's prior consent before being installed. Cookies ensure that the website remembers the user's actions and preferences (e.g., login details, language, font size, other display settings, etc.) so that they do not have to be indicated again when the user returns to the website or browses from one of its pages to another.
Some operations may not be executable without the use of cookies, which are therefore technically necessary in certain cases for the functioning of the site itself.
In accordance with legislation in force, the user's express consent is not always required for the use of cookies. In particular, consent is not required for technical cookies, which are essential for the functioning of the website or necessary to perform activities requested by the user (e.g., cookies used to transmit a communication on an electronic communications network or to the extent strictly required to provide a service requested explicitly by the user). Technical cookies, which do not require express consent for their use, as confirmed by the Italian Data Protection Authority (see the Guidelines on the use of cookies and other tracking tools – 10 June 2021) also include:
- first-party and third-party analytical cookies - if tools are adopted that reduce the identifying power of the cookie and the user, and the third party does not cross-reference the information collected with other information it already possesses - used to collect aggregate information on the number of users and how they visit the site.
- navigation or session cookies (used for authentication), which, if deactivated, will compromise the use of services accessible by login.
- functionality cookies, which allow the user to browse according to certain criteria (e.g., language) in order to improve the service provided to the user.
However, the user's prior consent is required for profiling cookies, i.e., those aimed at identifying the user's preferences and improving the user's browsing experience, and for third-party analytical cookies, if no tools are adopted to reduce the identifying power of the cookies and the third party cross-references the information collected with other information it already possesses.
Cookies used by the site
For further information regarding the functioning of third-party cookies used by the site and/or the data retention terms envisaged for them, please visit the information pages of the respective providers, accessible via the links shown in the table below.
Cookie | Persistence | HttpOnly | Secure | SameSite | Contains Personal Data | Purpose and Usage | When Set | Lifespan | |
---|---|---|---|---|---|---|---|---|---|
Employee Central Payroll | SAP_SESSIONID_ | Session | Yes | Yes | None | No | Security session logon ticket. See 1899896 for more information. | When a user logs in. | Browser session |
Employee Central Payroll | MYSAPSSO2 | Session | Yes | Yes | None | No | SAP proprietary login ticket for authentication. | When a user logs in. | Browser session |
Employee Central Payroll | cookie_payroll | Persistent | Yes | Yes | No | Used for user login session stickiness. | When a user opens the Employee Central Payroll URL. | 3 minutes | |
Employee Central Payroll | sap-usercontext | Session | Yes | None | No | Persists login language and login client during session. | When a user logs in. | Browser session | |
HXM Suite | route | Session | Yes | Yes | None | No | Internal traffic routing. | When a user visits a page. | Browser session |
HXM Suite | JSESSIONID | Session | Yes | Yes | None | No | Used to keep the login information. | When a browser session starts. | Browser session |
HXM Suite | ECJSESSIONID | Session | Yes | Yes | None | No | Used to keep the login information like JSESSIONID, except this cookie is for Employee Central. | When a user uses an Employee Central functionality. | Browser session |
HXM Suite | zsessionid | Session | Yes | Yes | None | No | Cross application session management. | When a browser session starts. | Browser session |
HXM Suite | BIGipServer | Session | No | No | None | No | Internal traffic routing. | When a browser session starts. | Browser session |
HXM Suite | OptierRQUUID | Persistent | No | No | No | Troubleshooting and analysis. | Created for every page response. | 30 seconds | |
HXM Suite | cookie_clickjack_token | Session | Yes | Yes | No | Used for clickjacking filter. The cookie keeps a security token for clickjacking prevention. | When a browser session starts. | Browser session | |
HXM Suite | loginMethodCookieKey | Configurable | Yes | Yes | None | No | Authentication. The cookie indicates whether the login method is SSO or PWD. | When a user logs in. | PWD: browser session SSO: 2 years |
HXM Suite | deeplinkCookieKey | Session | Yes | Yes | No | Deep link redirection. | When a user directly accesses a page through a deep link where authentication is required for the page. The cookie is removed after the redirection for authentication occurs. | Browser session or after the redirection for authentication occurs | |
HXM Suite | assertingPartyCookieKey | Persistent | Yes | Yes | None | No | Authentication. The cookie is used to keep the SAML asserting party name. The value is provided by customer. Normally, it is a domain name used to identify the party. | Created when SAML SSO is used. | 2 years |
HXM Suite | ms_cookie_set | Session | No | No | No | Used for Media Service. This cookie is used to detect if a browser allows third-party cookies when a widget is rendered in iFrame mode. The value is boolean. | When a Media Service widget is rendered. | Browser session | |
HXM Suite | bizxCompanyId | Persistent | Yes | Yes | No | To remember the company ID of the current login. | Created when a valid company is provided by the user. | 1 year | |
HXM Suite | bizxThemeId | Session | Yes | Yes | No | To remember the logged-in user's preferred theme ID, whose corresponding theme data contains logo information. When the user logs out or loses the login session in a browser session (such as a browser window), the server knows what the user's preferred theme is. | Created when a user logs in or changes the theme. | Browser session | |
HXM Suite | Persistent | No | No | No | Used for trouble shooting and analysis. | Created for every page response. | 1 minute | ||
HXM Suite | perflog-version | Session | No | No | No | Used for trouble shooting and analysis. | When the user adds the query parameter ?perflog-version to the URL. | Browser session | |
Learning | BIGipServerP_ | Session | No | Used for internal traffic routing. | Set by the VIP in the Ops landscape. | Browser session | |||
Learning | DEEP_URL | Session | No | To support deep link to pages with SSO. | When a user directly accesses a page through a deep link where authentication is required for the page. The cookie is only valid for the redirection and expires immediately. | Browser session Expires immediately | |||
Learning | JSESSIONID | Session | Yes | Yes | No | Used for session management. | When a user visits the Learning site. | Browser session | |
Learning | SKIP_LMS_MAINT_NOTIFY | Session | No | Used for maintenance management. | When a user visits the Learning site during the maintenance period. | Browser session | |||
Learning | SITE_ID | Session | No | To keep track of the current Learning external site ID. | When user uses the Learning external site functionality. | Browser session | |||
Learning |
| Session | No | To keep track of current launched course information. These cookies are intended for external content integration. Data provided for external content.
| When a user launches a content. | Browser session | |||
Learning |
| Session | Yes | Data provided for external content.
| Configurable By default, these cookies are not set. | Browser session | |||
Learning | loginModeCookie | Session | No | To keep track of the current login mode, whether it is native login or integrated login. | When a user logs in. | Browser session | |||
Learning | TENANT_AUTH_COOKIE | Session | No | Akamai authentication cookie for iContent hosted courses. | When user launches the iContent courses. | Browser session | |||
Learning | LT | Session | No | To keep track of the login role, whether it's an admin or a user. | When a user logs in. | Browser session | |||
Onboarding | SessionId | Session | Yes | Yes | None | No | Standard ASP.NET cookie for application server session management. | When user logs into the Onboarding site. | Browser session |
Onboarding | .ASPXROLES | Session | Yes | Yes | None | No | Standard ASP.NET cookie used to cache role names. | When user logs into the Onboarding site. | Browser session |
Onboarding | QASF_SF | Session | Yes | Yes | None | No | Standard form authentication ticket cookie. | When user logs into the Onboarding site. | Browser session |
Onboarding | LAST_ACCOUNT_SFQA | Session | Yes | Yes | None | No | Stores the last logged-in account name. | When user logs into the Onboarding site. | Browser session |
Onboarding | _REDIRECTCOOKIE_ | Session | Yes | Yes | None | No | Used to make sure sessionId cookie is always new when user logs in. | When user logs into the Onboarding site. | Browser session |
Onboarding | LOGIN_DETAILS | Session | Yes | Yes | None | Yes | Stores encrypted UserName, ProxyUserName, Locale, and referrer URL information from HXM Suite. | When user logs into the Onboarding site. | Browser session |
Onboarding | EP_SignOut | Persistent | No | Stores the logout URL of the Onboarding application. This information is used to propagate logout from application when user logs out from Employee Portal. | When user logs into Employee Portal. | 1 day | |||
Onboarding | FedAuth | Persistent | Yes | Yes | None | No | Standard Sharepoint cookie in Employee Portal. It contains a reference to the SAML token that SharePoint stores in its token cache. The SAML token contains the claims issued to the user by any external identity and federation providers, and by the internal SharePoint security token service (STS). | When user logs into Employee Portal. | 5 days |
Onboarding | WSS_FullScreenMode | Session | No | Standard Sharepoint cookie in Employee Portal. | Browser session | ||||
Onboarding | stsSyncIconPath | Session | No | Standard Sharepoint cookie in Employee Portal. | Browser session | ||||
Onboarding | stsSyncAppName | Session | No | Standard Sharepoint cookie in Employee Portal. | Browser session | ||||
People Analytics | SAC-OEM-AUTHTOKEN | Session | Yes | Yes | No | For People Analytics integration. | When a user creates, edits, or runs a Story report in Report Center. | Browser session | |
People Analytics | SAC-OEM-CSRFTOKEN | Session | Yes | Yes | No | For People Analytics integration. | When a user creates, edits, or runs a Story report in Report Center. | Browser session | |
People Analytics | JSESSIONID (BIRT Server) | Session | Yes | Yes | No | BIRT server session management. | When a user runs a Table report in Report Center. | Browser session | |
route | Session | No | A standard cookie used for session stickiness between the organization's public career site generated by Career Site Builder, and pages generated by SAP SuccessFactors Recruiting, such as Candidate Profile. The cookie is required and can't be disabled. | When a user visits the career site. | Browser session | ||||
careerSiteCompanyId | Session | No | Used by Akamai to send the request to the correct data center. The cookie is required. If disabled, users can no longer access the site. | When a user visits the career site. | Browser session | ||||
JSESSIONID | Session | Yes | Yes | No | Career Site Builder cookie. Single cookie placed on the users device during their session so the server can identify the user. This cookie replaces the RMK0, RMK1, and RMK4 cookies. This cookie is required for login. | When a user visits a Career Site Builder site. | Browser session | ||
| Session | No | Third-party cookie in Career Site Builder set by LinkedIn as an OAuth token. For details, go to Cookie Policy. | When a user uses the LinkedIn widget. | Browser session |
PRIVACY AND COOKIE POLICY OF JOBS TERNA PORTAL
3. PURPOSE OF THE PROCESSING
Your personal data will be processed, with your consent where necessary, for the following purposes, where applicable:
3.1. to allow browsing of the Site, interaction with its content, registration on and access to the reserved area and the provision of all other services made available by the Controller, including the management of the Site's security; with regard to the processing of data for the purpose of collecting applications in the "Register" section of the Site, please refer to the specific information shown therein concerning the processing of personal data pursuant to Art. 13 GDPR.
3.2. to manage and respond to specific requests made to the Controller, such as information requests forwarded by filling in the relevant contact forms on the Site.
3.3. to fulfil any obligations under applicable laws, regulations, or EU legislation, or comply with requests from the authorities.
3.4. to meet any defensive requirements related to the detection, prevention, mitigation, and investigation of fraudulent or illegal activities in relation to the services provided on the site.
Specific security measures are taken to prevent loss, unlawful or incorrect use of data and unauthorised access.
4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING
The legal basis for the processing of personal data for the purposes referred to in section 3.1 and 3.2 is Art. 6, para. 1, letter b) of the Regulation (the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), since the processing is necessary for the provision of the services you have requested. The collection and transfer of personal data for these purposes is optional, but failure to transfer it would prevent the activation of the services requested.
The purpose referred to in Section 3.3 constitutes legitimate processing of personal data within the meaning of Art. 6, para. 1, letter c) of the Regulation (the processing is necessary for the fulfilment of a legal obligation to which the Controller is subject). Once the personal data has been transferred, the processing is indeed necessary for compliance with legal obligations that bind the Controller.
The processing referred to in section 3.4 is performed in order to meet any defensive needs of the Controller pursuant to Articles 6.1.f and 9.2.f of the Regulation.
5. RECIPIENTS OF PERSONAL DATA
Your personal data may be shared, for the purposes of section 3 of this Privacy and Cookie Policy, with:
5.1. persons authorised by the Controller to process personal data pursuant to Articles 29 and 2-quaterdecies of Legislative Decree 193/2003 ("Privacy Code") (e.g., staff responsible for Site management, information system management, etc.).
5.2. third parties who, as service providers (e.g., hosting providers or entities tasked with technical maintenance activities), typically act as data processors pursuant to Art. 28 of the Regulation. The Controller keeps an up-to-date list of the appointed data processors and guarantees that the data subject will be able to view it at the offices indicated above or upon request at the addresses indicated above.
5.3. Terna group companies based both in the EU and outside the EU, as autonomous data controllers for administrative purposes on the basis of legitimate interest pursuant to Art. 6.1.f and Recitals 47 and 48 of the Regulation.
5.4. persons, entities, or authorities to whom your personal data is required to be transferred by virtue of legal provisions or orders of the authorities.
Such persons are hereinafter collectively referred to as "Recipients".
6. TRANSFERS OF PERSONAL DATA
Some of your personal data may be shared with Recipients outside the European Economic Area. The Controller ensures that the processing will be regulated in accordance with the provisions of Chapter V of the Regulation and authorised on the basis of specific decisions of the European Union. All necessary precautions will therefore be taken in order to guarantee total protection for personal data, with transfers based on one of the measures provided by the articles from 44 to 49 GDPR. Further information can be obtained upon request from the Controller and/or the DPO at the abovementioned addresses.
7. STORAGE OF PERSONAL DATA
The personal data processed for the purposes under section 3.1. and 3.2. will be stored for the time strictly necessary to achieve said purposes, in compliance with the principle of minimisation set out in Art. 5, para. 1, letter c) of the GDPR.
Personal data processed for the purposes under in section 3.3. will be stored as long as required by the specific obligation or applicable law.
In general, the Controller reserves the right to store your data for the time necessary to fulfil any further binding legal obligations or to meet any defence requirements.
Further information on the data retention period and the criteria used to determine this period can be obtained by sending a written request to the Data Controller at the addresses shown in the "Contacts" section of this policy.
8. DATA SUBJECTS RIGHTS
You have the right to access personal data concerning you at any time, pursuant to Articles 15-22 of the Regulation. Specifically, you may request the rectification (Art. 16), erasure (Art. 17), restriction (Art. 18) and portability of data (Art. 20), or not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way (Art. 22), as well as the withdrawal of any consent you have given (Art. 7, para. 3).
You may also submit a request to object to the processing of your personal data pursuant to Art. 21 of the Regulation, in which you shall give evidence of the grounds for the objection. The Controller reserves the right to evaluate your request, which may not be accepted if there are legitimate reasons for the processing that prevail over your interests, rights, and freedoms.
Requests should be addressed in writing to the Controller at the addresses shown in the "Contacts" section of this policy
You have the right to lodge a complaint with the competent supervisory authority (Italian Data Protection Authority), pursuant to Art. 77 of the Regulation, if you believe that the processing of your data is unlawful or to take legal action pursuant to Art. 79 of the Regulation.
9. AMENDMENTS
The Controller reserves the right to amend or merely update the content, partially or completely, also because of changes in applicable legislation. The Controller therefore invites you to visit this section regularly in order to be aware of the most recent and updated version of the Privacy Policy so that you can always be fully up to date on the data collected and how it is used by Terna.
10. CONTACT DETAILS
To exercise the above rights or to make any other request, please write to the Controller at privacy@terna.it.
You may also contact the Data Protection Officer at: dpo@terna.it .