Google Analytics Cookies: The Site utilizes Google Analytics cookies for collecting aggregated statistical information about user behavior. These cookies cannot be used to identify specific individuals. More information about the usage of Google Analytics cookies can be found at https://www.google.it/policies/privacy/. Google provides a browser plugin to prevent the collection and use of your data by sites utilizing its analytics service. For further information, please visit https://tools.google.com/dlpage/gaoptout.

4. Liability for the operation of third-party cookies.

4.1. In this regard, it refers, verbatim, to what is stated in the Measure of 8.5.2014 by the Privacy Guarantor: “There are several reasons why it is not possible to impose on the publisher the obligation to provide information and obtain consent for the installation of cookies on their site, even for those installed by 'third parties'. First of all, the publisher should always have the tools and the economic-legal capacity to fulfill third-party obligations and should therefore also be able to verify each time the correspondence between what is declared by third parties and the purposes they actually pursue with the use of cookies. This is made very difficult by the fact that the publisher often does not know directly all the third parties that install cookies through their site and, therefore, not even the logic underlying the related processing. Furthermore, it is not uncommon for intermediaries to intervene between the publisher and the third parties, playing the role of licensors, making it very complex for the publisher to control the activities of all parties involved. Third-party cookies could then be modified over time by third-party providers, and it would be impractical to ask publishers to keep track of these subsequent changes.”

5. Browser settings.

5.1. THD highlights the user's ability to delete and block the operation of cookies described in the previous art. 3 at any time using the specific setting functionalities available within the browser used: in this regard, THD adds that, should the user decide to deactivate the technical cookies referred to in art. 2.1. point i), the quality and speed of the services and functionalities provided and made available by the Site could worsen. 

5.2. Enabling or disabling cookies. Below are some brief instructions and the corresponding links to specific instructions on how to change cookie settings through browser tools, particularly referencing the four most widely used browsers:

Microsoft Internet Explorer

Click the Tools icon in the top right corner and select Internet Options. In the pop-up window, select Privacy. Here you can adjust cookie settings, adjusting the level of use among the various options available.

https://support.microsoft.com/it-it/windows/eliminare-e-gestire-i-cookie-168dab11-0753-043d-7c16-ede5947fc64d#:~:text=Per%20eliminare%20i%20cookie,Web%20e%20quindi%20scegliere%20Elimina.

Google Chrome

Click the Customize and control Google Chrome icon; in the top right corner and select Settings. At this point, select Show advanced settings and subsequently, in the Privacy section, click on Content settings. In the pop-up window that opens, by clicking Manage exceptions, you can modify cookie settings by selecting or deselecting cookies to keep active or to block.

https://support.google.com/chrome/bin/answer.py?hl=it&answer=95647&p=cpn_cookies

Mozilla Firefox

From the drop-down menu in the top left corner, select Options. In the pop-up window, select Privacy. Here you can adjust cookie settings.

https://support.mozilla.org/it/kb/Eliminare%20i%20cookie

Safari

From the settings drop-down menu in the top right corner, select Preferences. Select Security and here you can adjust cookie settings. We will store your cookie preferences using a specific technical cookie with the characteristics specified in the previous table.
If you do not use any of the browsers listed above, select “cookies” in the relevant section of the browser help section to discover where the cookie folder is located and how to manage it.

https://support.apple.com/it-it/HT201265

6. Rights of the data subject.

6.1. In relation to the user's personal data, THD informs that the relevant data subject as per art. 4 no. 1) of the GDPR has the right to exercise the following rights which may be subject to the limitations provided for by articles 2 undecies and 2 duodecies of the Privacy Code: right of access per art. 15 of the GDPR: right to obtain confirmation of whether or not personal data concerning the data subject is being processed, as well as the information referred to in art. 15 of the GDPR (e.g. purpose of processing, retention period); right to rectification per art. 16 of the GDPR: right to correct, update, or complete personal data; right to erasure per art. 17 of the GDPR: right to obtain erasure, destruction, or anonymization of personal data, where the conditions listed in the same article apply; right to restriction of processing per art. 18 of the GDPR: right with distinctly precautionary connotation, aimed at obtaining the restriction of processing where the cases regulated by the same art. 18 apply; right to data portability per art. 20 of the GDPR: right to obtain the personal data provided to THD in a structured, commonly used, and machine-readable format (and, where requested, to transmit it directly to another Data Controller), where the specific conditions indicated in the same article apply (e.g. legal basis of consent and/or execution of a contract; personal data provided by the data subject); right to object per art. 21 of the GDPR: right to obtain the cessation of a specific personal data processing permanently; right to lodge a complaint with the Supervisory Authority (i.e., Italian Privacy Guarantor) per art. 77 of the GDPR: right to lodge a complaint where it is considered that the processing under review violates national and EU data protection law.

6.2. In addition to the rights described in the previous art. 6.1.), THD specifies that, concerning the personal data of the data subject, there is, where possible and relevant, the right to exercise, on one hand, the (sub)right provided by art. 19 of the GDPR (“The data controller shall communicate to each of the recipients to whom the personal data have been disclosed any rectification or erasure or restriction of the processing carried out in accordance with Article 16, Article 17(1), and Article 18, unless this proves impossible or involves a disproportionate effort. The data controller shall inform the data subject about those recipients if the data subject requests it”), considered related and connected to the exercise of one or more rights regulated by Article 16, 17, and 18 of the GDPR; on the other hand, THD specifies that, concerning the personal data of the data subject, there is, where possible and relevant, the right to exercise the right provided by Article 22 paragraph 1) of the GDPR (“The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them”), without prejudice to the exemptions set out in the following paragraph 2).

6.3. In compliance with art. 12 paragraph 1) of the GDPR, THD undertakes to provide users with the communications referred to in articles 15 to 22 and 34 of the GDPR in a concise, transparent, intelligible, and easily accessible form, using clear and plain language: such information will be provided in writing or by other means, including electronically where appropriate, or, at the request of the user, will be provided orally provided that the identity of the requester is proven by other means.

6.4. In compliance with art. 12 paragraph 3) of the GDPR, THD informs that it undertakes to provide users with information about the action taken on a request under articles 15 to 22 of the GDPR without undue delay and, in any event, within one month of receipt of the request; this period may be extended by 2 months if necessary, taking into account the complexity and number of requests (in such cases, the Controller undertakes to inform the user of such an extension and the reasons for the delay, within one month of receipt of the request).

6.5. The user may exercise the above-described rights (except for the right under art. 77 of the GDPR) at any time using the contact details illustrated in art. 7.

7. Contact details of the Data Controller.

7.1. THD can be contacted at the following address: privacy@thdlab.com

7.2. The Data Protection Officer (DPO) as per art. 37 of the GDPR, appointed by the Controller, can be contacted at the following address: dpo@thdlab.com

8. Recipients of Your Personal Data

The personal data processed will be known by the employees of the Controller THD, who will act as persons authorized to process personal data.
Additionally, your personal data will be processed by third parties belonging, by way of example, to the following categories:
a) Subsidiaries, parent companies, or affiliates of the Controller.
b) entities providing services for the management of the information system, including server hosting and backup services;
c) entities providing the Controller with advice on tax, legal, judicial, and compliance matters.
The entities belonging to the categories listed above operate, in some instances, in total autonomy as distinct data controllers, in other instances, as data processors specifically appointed by the Controller in compliance with article 28 of the GDPR.
Furthermore, pursuant to the Provision of the Guarantor for the protection of personal data of 27 November 2008 concerning “Measures and disclosures required from controllers carrying out processing with electronic means regarding the assignment of the Administrator functions”, as an interested party, you may also request from the Controller the identity of the System Administrators operating on the systems where your personal data is located.
The personal data processed by the Controller is not subject to dissemination.
THD does not intend to transfer your data to a country outside the European Union. However, should THD proceed with the transfer of your data outside the European Union in the execution of the above-listed purposes, the Controller will proceed with such a transfer only after having ensured the existence of one of the guarantees provided for by Articles 44 et seq. GDPR, so as to ensure an adequate level of protection for your data.

9. Social plug-in and YouTube cookies

9.1. In compliance with the EDPB Guidelines No. 8/2020, THD also specifies the qualification of co-Controller of processing under Articles 4 no. 7) and 26 of the GDPR with some social media providers (e.g. Facebook; Linkedin, YouTube), owing to the installation, within the Site, of the related social plug-ins, easily visible and usable on the Site. In particular, we inform you that the Site contains YouTube videos which, although published in “YouTube no cookie” mode, may release cookies when the user activates them.

Correggio (RE), on January 10, 2026

THD S.p.A.
(through its temporary legal representative)

1 See Recital 30) of the GDPR (“Natural persons may be associated with online identifiers provided by their devices, applications, tools, and protocols, such as internet protocol addresses, cookie identifiers, or other identifiers such as radio frequency identification tags. These identifiers may leave traces which, in particular, when combined with unique identifiers and other information received by servers, may be used to create profiles of the natural persons and identify them”), and art. 122 paragraphs 1) and 2) of the Privacy Code (“1. The storage of information in the terminal equipment of a contractor or a user or the access to information already stored is permitted only on condition that the contractor or the user has expressed consent after being informed in simplified ways. This does not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary for the provider of an information society service explicitly requested by the contractor or user to provide such service. For purposes of determining the simplified methods referred to in the first period, the Guarantor also considers the proposals formulated by the most representative national consumer and economic associations involved, also for the purpose of ensuring the use of methods that ensure the effective awareness of the contractor or user. 2. For the purposes of expression of consent referred to in paragraph 1, specific configurations of computer programs or devices that are easy and clear to use for the contractor or user may be used…”); see also page 15) of the Measure n. 231 of 10.6.2021 signed by the Privacy Guarantor: “…there is no universally accepted semantic encoding system of cookies and other tracking tools yet to objectively distinguish, for example, technical ones from analytics or profiling cookies, except based on the indications provided by the owner themselves in the privacy policy […] the hope that quickly reach a general encoding.”

2 Cookies designed to collect and store data while a user accesses a website and disappear once the latter has closed the corresponding browsing session.

3 Cookies suitable for lasting for a predefined period (e.g. minutes; months; years).

4 Analytical cookies are generally used to evaluate the effectiveness of an information society service provided by a publisher, for website design, or to help measure its traffic (i.e., the number of visitors, possibly divided by geographical area, connection time slots).

5 See Guidelines mentioned, pages 13) and 14): “The structure of analytics cookies should then foresee the possibility that it refers to not just one, but multiple devices, so as to create reasonable uncertainty about the digital identity of the recipient. Usually, this effect is achieved by masking appropriate portions of an IP address within the cookie. Given the representation of version 4 IP (IPv4) addresses in 32 bits, which are usually represented and used as a sequence of four decimal numbers ranging from 0 to 255 separated by a dot, one of the measures that can be implemented to benefit from the exemption is masking at least the fourth component of the address, an option that introduces uncertainty in assigning the cookie to a specific data subject by 1/256 (about 0.4%). Similar procedures should be adopted concerning version 6 IP addresses (IPv6), which have a different structure and significantly larger address space (being comprised of binary numbers represented with 128 bits). The Guarantor also emphasizes the necessity that the use of analytics cookies be limited solely to the production of aggregated statistics and that they be used in relation to a single site or mobile application, so as not allow tracking of the person's browsing who uses different applications or navigates different websites. Therefore, it remains understood that third parties providing the publisher with the web measurement service must not combine the data, even thus minimized, with other processes (such as customer files or statistics for visits to other sites) or transmit them, in turn, to further third parties, under penalty of an unacceptable increase in user identification risks; except if statistics produced with minimized data concern multiple domains, websites, or apps referable to the same publisher or corporate group. However, even in the absence of the adoption of the prescribed minimization measures, the recourse to statistical analysis on multiple domains, websites, or apps attributable to the same owner can be considered lawful provided the latter processes such analysis data themselves, without such activities exceeding mere statistical counting, effectively becoming processing aimed at commercial decision-making.”

• Patients