1. INTRODUCTION

Your privacy is important for HTA. We have therefore developed a Privacy Policy concerning the way in which we collect, use, disclose, transfer and store your data. We invite you to read this document to learn about our privacy protection criteria and to let us know if you have any questions.

With this document HTA provides you, pursuant to articles 13 and 14 of European Regulation no. 2016/679, concerning the protection of real persons and the processing of personal data (hereinafter "GDPR"), some information on the processing of your personal details that are requested whenever you come in contact with HTA with relation to the use of the HTA website https://www.hta-it.com the services offered by HTA and HTA applications (hereinafter simply "App").

Our Rules on privacy explain:

• Data collected and purpose.
• Mode of use of said information.
• The options that we offer, including the manner of accessing and updating the information.

This document is also drawn up considering the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, on cookies, and the provisions of the Authority for the Protection of Personal Data "Identification of simplified modes for information and the acquisition of consent for the use of cookies" of 8 May 2014 of the recommendations and explanations supplied by Work Group art. 29 in the "Opinion no.2/2013 on the applications for smart devices", and in the "Opinion 13/2011 on delocalisation services".

2. PROCESSED DATA

2.1 Data necessary for using the website and for using the applications

Personal information is data that can be used to identify or contact a given person, to offer better services to all our customers/users. You might be asked to provide your data whenever you come in contact with HTA or with a company affiliated to HTA. Here are some types of personal data that HTA might collect, and the respective uses:

Access data collected anonymously: The I.T. systems and software procedures used for the operation of the website and of all HTA applications, during normal operation, collect some personal data even without the user being registered; the transmission of these data is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified parties, but which, for its very nature, could, through processing and association with data held by third parties, allow the users to be identified. This data category includes the IP address or domain name of the device you use, the operating system, the model and make of the device, the mobile phone operator, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters related to the operating system and I.T. environment of your device. These data, collected anonymously through the use of cookies or web beacons, are used only to obtain anonymous statistical information on the use of the application and of the website and to check that they are working properly.

Data supplied voluntarily by the user: If you choose to register and create your own account for using the site and applications connected to HTA products, we ask you to send and/or supply some personal information with which you can be personally identified, including your name and surname, e-mail address, year of birth, tax code, user name and password, telephone and postal address, which are necessary for the creation and management of the Users/Customers/users master file (hereinafter CRM supported with the automatic answer system). The user is responsible for the exactness of the personal information sent/supplied to HTA. In these cases, you will be asked for explicit authorization for the processing of the data supplied (for example on the registration page, on the intervention sheet or at the time of requesting telephone assistance). Among the data processed there are also the information, data and videos, collected from your HTA devices and the respective applications which may be kept, if the service is activated, for a certain period on special Cloud storage units not run directly by HTA but located in European territory or in countries of which the privacy policy is recognized by the EU.

Data on position: When HTA applications and services are used, we could collect and process information on your position and on the position of your systems. If you activated the delocalization services at the time of installing the system or application, and if you expressly consented to the processing of delocalization data, the applications, when active, will acquire the data on the geographical position of the HTA system and/or of your appliance (GPS, Wi-Fi, GSM network). However, you can decide later to deactivate the delocalization services of your appliance by accessing the special sector dedicated to localization authorization in the operating system of your device (Android or IOS). From that moment it will no longer be able to collect delocalization data for the use of the service. If you did not activate the delocalization services at the time of installation, if you did not consent to the processing of delocalization data at the time of registration, or if you decide to deactivate the delocalization services, you will not be able to use some functions of the applications.

Information that we collect from third parties: We can also collect information on you from third parties, including information from our partners (installers, etc.) and from other partners; from social media services (for example, but without limitation, Facebook, LinkedIn, Instagram) consistently with your settings on said services; and from third party sources. We can add this information to data that we already have in our archives and share it with others based on the policy established in this Note. The supply of registration data is optional (art. 6 lett. b), e) GDPR), however the failure to supply them may prevent your registration and the use of the functions of the HTA applications and account, as well as the provision of services (art. 7 GDPR). HTA and its affiliates may share these data and use them in accordance with this privacy policy. They may also combine them with other data to supply and improve products, services, contents and advertising materials. You are not required to supply the personal data that we request; however, if you decide not to supply them, in many cases we will not be able to offer you our products or services, or reply to your questions. The data could be used to ascertain criminal responsibilities, where required by the competent authorities.

3. PURPOSES OF PROCESSING AND LEGAL BASIS

By legal basis of processing we mean the source/origin/justification of processing after consent of the party concerned in accordance with art. 4 of the GDPR.

3.1 Your data will be processed:

• for the technical management of the HTA systems and of the applications;
• for the management of your registration;
• to allow you to use the functions of the applications;
• to send you news;
• for marketing activity;
• to fulfil the legal obligations to which the Data Controller is subject.

With relation to these purposes, the legal basis of processing is the execution of a contract in which the person concerned is a party, the execution of precontractual measures adopted on the request of the same, or the satisfaction of a request of the party concerned.

3.2 HTA will process your data, following your specific consent.

With relation to these purposes, the legal basis is the consent of the parties concerned. Consent to the processing of personal data is purely optional, while it remains understood that, in the absence of such consent, you will not be able to use the services and the applications.

Personal data:

• The personal data that we collect allow us to keep you up to date on the adverts for the latest HTA products, the software updates and the coming events. If you do not want to be included in our mailing list, you can remove your name at any time.
• We also use personal data to develop, supply and improve our products, services, contents and advertising materials, and to prevent losses and frauds.
• Personal data, including the date of birth, can be used to check the identity, facilitate user identification, and establish which services are appropriate. For example, the date of birth can be used to establish the age of the holders of HTA ID accounts.
• We can use your personal data periodically to send important notices, such as communications concerning modifications to our terms, as well as to our conditions and policies. Since this information is important for your interaction with HTA, it is not possible to deactivate the receipt of these communications.
• We can also use personal data for internal purposes, for checks, data analysis and research to improve products, services and communications with HTA customers/users.
• If you take part in a competition or similar promotions, we can use the data you supply to manage these activities.

Non-personal data:

The data collected anonymously or that are not in such a form as to allow a direct association with a specific individual, purely as an example the profession, language, postcode, telephone dialling code, the unique identification code of the device, reference ORL, place and time zone in which a HTA product is used in order to have a better understanding of the conduct of customers/users and to improve our products, services and advertising materials, are collected by us, transferred and disclosed for any purpose.

4. PERIOD OF STORAGE

Your data will be processed for the whole duration of the contract and/or validity of the account and for the period contemplated by the law on taxation. With reference to personal data processed for marketing purposes, they will be kept in accordance with the principle of proportionality and until the purposes of processing have been completed, or until specific consent is withdrawn by the party concerned, if this occurs previously.

5. METHODS OF PROCESSING AND THEIR USE

5.1 Processing

The data will be processed with the following methods, respecting their necessary safety and confidentiality: collection of data from the party concerned, collected and recorded for determined, explicit and legitimate purposes and used in further processing operations in terms compatible with these aims; processing will be carried out with the aid of electronic and automated instruments (data collected via computer, directly from the interested party). Data processing is based on principles of correctness, lawfulness and transparency in conformity with the provisions of the GDPR; it may be carried out either manually or using automated methods suitable to store them, process them and transmit them and suitable technical and organisational measures will be applied, as reasonable and commensurate with the state of the art, to guarantee, among other things, the safety, confidentiality, integrity, availability and resilience of the systems and services, avoiding the risk of loss, destruction, unauthorised access or disclosure, or any illegal use, as well as applying reasonable measures to delete or promptly correct any incorrect data with respect to the purposes for which they are processed.

5.2 Use

Access to data: Your data can be made accessible for the purposes described in art. 3: (i) to employees and collaborators of HTA or of companies in the Group in Italy and abroad, in their capacity as appointees and/or internal data supervisors and/or system administrators; (ii) to third party companies or other subjects (for example, banks, professional studios, consultants, insurance companies for the supply of services, etc.) who perform outsourced activities on behalf of HTA, in their capacity as external data supervisors.

Data communication: Without the necessity of express consent (pursuant to art. 6 lett. b) and c) GDPR), HTA may communicate your data for the purposes described in art. 3 to judicial Authorities and to subjects to whom communication is obligatory by law for achieving said purposes. These subjects will process the data in their capacity as autonomous data controllers.

Transfer of data: Your registration data will be stored in your HTA devices and in the devices that use the applications. HTA may communicate your data for the purposes described in art. 3 without the necessity of express consent (pursuant to art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR).
Personal data are stored on servers located in the European Union. In any case it remains understood that, where necessary, HTA, as data controller, shall have the faculty to transfer the servers also outside the EU. In this case, the Controller ensures forthwith that the transfer of data outside the EU will take place in conformity with the applicable provisions of the law, after stipulating the standard contractual clauses envisaged by the European Commission.

6. RECIPIENTS OF THE DATA

6.1

Your data will be processed by the employees and collaborators of HTA who carry out the activities linked to the pursuit of the aims indicated above. Said employees have been designated data processing appointees and have received adequate operating instructions for the purpose.

6.2

HTA shares users' personal data with companies that provide services such as data processing, data storage, clearing of the orders of customers/users, home-delivery of products, management and improvement of the data of customers/users, assistance of customers/users, evaluation of the interest in our products and services, market researches or surveys of user satisfaction. These companies are obliged to protect your data and could be located wherever HTA operates.

7. YOUR RIGHTS

In relation to the processing of personal data by HTA, you can request access to the data concerning you, correct or delete them as per art.17 of the GDPR, integrate incomplete data, or limit their processing; you can ask to receive the data in a structured form, commonly used and legible with an automatic device, and, if technically feasible, to transmit them to another data controller without impediments if there are the conditions for exerting the right to portability contemplated in art. 20 of the GDPR (processing is based on consent pursuant to art. 6.1 lett. a) or art. 9.2, lett. a) or on contract pursuant to art. 6.1, lett. b) of the GDPR and is carried out with automated instruments; you can withdraw the consent given at any time for the purposes described above in art. 3 and oppose processing, in whole or in part, in the cases allowed; you can lodge a complaint with the Authority and exert all the other rights recognised by the applicable discipline (art. 16-21 GDPR).

These rights may be exerted by sending a written communication to the address given below or an e-mail to: privacy@hta-it.com, or by using the access tools available in each application.

8. Cookie management and similar technologies

The websites managed by HTA S.r.l. use cookies and similar technologies (hereinafter "cookies") to ensure the proper functioning of the pages and to improve the user navigation experience. Cookies are small text files sent to the user's device and stored by the browser, then retransmitted to our web pages during subsequent visits.

The activation methods for non-technical cookies vary based on the legislation in force in the country from which the user accesses our services:

• Where required by local regulations (as in the case of the EU territory), the installation of non-technical cookies occurs exclusively subject to express consent (Opt-in).
• In other jurisdictions, installation may occur by default, without prejudice to the user's right to withdraw consent or object to the processing (Opt-out) at any time.

For the HTA-IT.COM website, the dedicated Cookie Policy can be consulted at the following link: cookie-policy-www-hta-it-com.html

Users may modify their cookie preferences at any time via:

• the cookie management panel, where available on the site;
• their own browser settings (noting that disabling technical cookies may compromise the site's functionality).

9. INFORMATION NOT CONTAINED IN THIS POLICY

Further information on the processing of Personal Data may be requested from HTA at any time, using the contact information.

10. MODIFICATIONS TO THIS PRIVACY POLICY

As Data Controller, HTA reserves the right to make modifications to this privacy policy at any time, informing the Users on this page. You are therefore requested to consult this page frequently, taking as reference the date of the last modification shown at the foot. If he does not accept the modifications made to this privacy policy, the User is required to cease using this Application and he can ask HTA to remove his personal data. Unless otherwise specified.

11. DATA CONTROLLER AND CONTACT DATA

The Data Controller is HTA s.r.l. - Via del Mella, 77 - 25131 Brescia - Italy / e-mail: (privacy@hta-it.com).

Latest update: April 2026