Please enable JS

Privacy Policy

Privacy Policy / Privacy Policy

General Premise

Titanium International Group S.r.l., a long-established distributor of titanium and aeronautical products on the Italian market, as well as one of the most highly qualified companies on the international scene, engages in activities of trade, import, export, storage and processing, also on a commission basis, of unfinished parts in titanium and its alloys, special steels and nickel alloys. The company operates out of its headquarters, located at Via Europa 15, Sala Bolognese. 

Declaration of company policy for data security

Titanium International Group S.r.l. considers data security a critical factor with regard to its trade practices and the performance of services of cutting to customers’ technical specifications.
The management of data security has as its primary objective the protection of data to safeguard the legacy represented by the company’s knowledge, that of its clients and of the physical persons whose personal data are used.
For the characteristics of the services that Titanium International Group S.r.l. offers its clients, and for the value represented by data in its business, the data security policy is a fundamental strategic priority.
The data security policy defines and organizes the confidentiality, integrity and availability of data and services.
The data security polity of Titanium International Group S.r.l. Consists of a set of activities which include:
  • identification of primary assets, 
  • risk management and the management of systems and networks, 
  • the identification of vulnerabilities and incidents, 
  • control of accesses, management of privacy and compliance, 
  • damage assessment and all the other aspects that could affect the management of data security.
In its pursuit of this goal, T.I.G. takes an approach by design, devoting particular attention to the management and maintenance of its technological, physical, logical and organizational structure.
Titanium International Group S.r.l.  therefore commits its organization to developing and maintaining a system of data security management in the sphere of the activities performed and services provided, to ensure the availability, integrity and confidentiality of data.

All persons employed by and/or collaborating with Titanium International Group S.r.l.  are committed to complying with the following principles:
1.    Confidentiality: to ensure that data are accessible only to duly authorized persons and/or processes and are not made available or disclosed to unauthorized persons or entities;
2.    Integrity: to safeguard the consistency of data from unauthorized amendments, and guarantee that they do not undergo changes or erasures due to errors or voluntary actions, but also following malfunctions or damages to  technological systems;
3.    Availability: to ensure that the authorized users have access to the data and architectural elements associated thereto, when required, and to protect the totality of data in the guarantee of access, usability and confidentiality;
4.    Privacy: to guarantee the protection and control of personal data.
The Management is profoundly committed to a great responsibility toward all the personnel employed by and with Titanium International Group S.r.l.  in ensuring the strict compliance of their work to attend, with the maximum attention, to the duties assigned to them.
In particular, this goal is pursued through the commitment to guarantee the following:
  • compliance with the laws and regulations in force;
  • operating efficiency and the reliability of the processes of product development and related services;
  • the conditions of health and safety in the workplace for employees and collaborators;
  • the continuity and effectiveness of the organizational and operational processes to prevent and reduce to a minimum the impact of voluntary or involuntary incidents affecting data security relative to the information managed;
  • the protection of media made available and their correct use;
  • the confidentiality, correctness and availability of the information managed by Titanium International Group S.r.l., and the protection of intellectual property;
  • the application of appropriate measures to protect data from any process/product/service malfunctions.


The Data Management System (DMS)

To implement its data security polity, Titanium International Group S.r.l. has developed and is committed to maintaining a system of secure data management in accordance with the requisites specified in standard ISO/IEC 27001 for the management of data security in the sphere of its business.
In the sphere of management of the services it offers, Titanium International Group S.r.l., ensures: 
  • compliance with the levels of security established through implementation of the DMS;
  • compliance with the legislation in force and international standards of security for its technological and organizational infrastructure;
  • it will always select reliable partners from the standpoint of data security and the protection of personal data.
The data security policy of Titanium International Group S.r.l. applies to all internal personnel and those of any third parties that collaborate in data management, as well as all processes and resources involved in the design, production, provision and continuous supply of services.
The data security policy of Titanium International Group S.r.l. is an effective and concrete commitment on the part of the organization toward its clients and third parties, to guarantee the security of physical, logical and organizational data and any tools used to process data in all its activities.
Briefly, the data security polity of Titanium International Group S.r.l.  ensures that:
1.    the organization is fully aware of the data managed and can determine their critical level case by case, to facilitate the implementation of adequate levels of protection;
2.    access to data is made in a secure manner, to prevent unauthorized processing or use without the necessary rights;
3.    the organization and third parties collaborate in processing the information, applying procedures as needed in respect of the appropriate levels of security;
4.    the organization and any third parties who collaborate in processing the data are adequately trained and have full awareness of the problems relative to security;
5.    any malfunctions and incidents having repercussions on the information system, the services and levels of company security are promptly recognized and correctly managed through efficient systems of prevention, communication and reaction with a view to minimizing their impact on the business;
6.    access to the main office and individual departments is permitted exclusively to authorized personnel, to protect the security of the areas and assets therein;
7.    compliance with the requisites of law and with the security commitments detailed in contracts with third parties;
8.    discovery of anomalous events, incidents and vulnerabilities of the information system with a view to respecting the security and availability of services and data;
9.    corporate business continuity and disaster recovery, through the application of established security procedures; 
10.    processing of personal data, in cases in which Titanium International Group S.r.l.  operate as Data Controller, as well as in those in which it operates on behalf of third parties as Data Processor, is done in respect of the European Regulation on the Protection of Personal Data, GDPR 679/2016.
The data security policy is constantly updated and tested, through annual reviews, to ensure its continuous improvement. It is shared with the organization, third parties and clients, through its publication on the company website.

Access policies
Titanium International Group S.r.l. guarantees that any physical or digital access is authorized, controlled and monitored on the basis of the following criteria:
1.    access is authorized for assigned personnel only for the information necessary (principle of minimum knowledge or ‘need to know’);
2.    access is authorized for assigned personnel only for the information specific to the duties assigned (work-related function);
3.    access to the structure and departments is authorized for assigned personnel.
Access to the premises of Titanium International Group S.r.l.  is authorized, controlled and monitored in line with company policy.

Responsibility of personnel
Titanium International Group S.r.l.  undertakes to make all the personnel aware of their obligations to:
1.    guarantee compliance with the regulations, laws and rules of a cogent nature in force, whether contractual or voluntary, deemed applicable in the sphere of the DMS;
2.    protect the confidentiality, integrity and availability of the data managed by Titanium International Group S.r.l., the intellectual property and heritage of Titanium International Group S.r.l., or entrusted to the company by third parties;
3.    take care of the material property, systems and resources of Titanium International Group S.r.l.;
4.    safeguard and manage appropriately any information and data regarding the activities assigned to them;
5.    contact the Management, the Data Security Manager and/or other competent authorities in case of effective or suspected data breaches;
6.    report any need to amend the procedures relative to the management of data security.

Third party responsibility
Titanium International Group S.r.l. undertakes, with regard to third parties, to:
1.    formalize its commitment to confidentiality and non-disclosure of the data processed in the areas of its competence;
2.    protect the resources and physical and intellectual data to which they may have access in the performance of their assigned duties;
3.    guarantee full compliance with the requisites of the DMS in their behavior and operation.

Conservation
Titanium International Group S.r.l.   stores the data in Italy and only on its own systems, does not export data outside Italy or transfer it to third parties (except at the explicit request of the legal authorities). Data are stored at sites that are constantly monitored, with accesses limited by badge and logged.

Transfer
The transfer of data between the data center and the customer’s office is always made in an encrypted format.

Access to management portals
Access to the management portals is protected with adequate security measures (password, two-factor authentication, IP address from which access is made), in excess of those required by law. Access logs are kept as required by law (inalterability guaranteed by a time stamp according to the European EIDAS standard). Attempts at access are identified and reported immediately to the client via e-mail; any accounts attacked are also blocked temporarily.

Data breaches
Any breaches of personal data are communicated as required by law within 72 hours to the Guarantor for the Protection of Personal Data, and to the data subjects themselves.

Incidents and non-conformity
Titanium International Group S.r.l. Implements a system of incident management in accordance with standards ISO 27035 and ISO 20000-1 which provide for immediate reporting to the client in the most appropriate way (text message or email), calling attention to any non-conformity connected to the events, application of appropriate corrective actions to prevent repetition of the incidents, production of a post mortem report to be sent to the client, and periodical review of incidents, to be performed by the security manager.

Risk Assessment
The management portal makes available, at the client’s request, an advanced system for the assessment of the level of data security, identifying any elements of risk. The system uses a questionnaire to identify the threats to the confidentiality, integrity and availability of the data and assesses the level of risk on the basis of the type of data.
 

In conclusion

Titanium International Group S.r.l.  undertakes to:
  • Adopt a secure system of data management in accordance with the requisites of Standard UNI CEI EN ISO/IEC 27001:2024.
  • Keep the system constantly monitored for conformity to the cogent standards and laws applicable and voluntary, as well as the pertinent contractual obligations in the sphere of application of the DMS;
  • Guarantee the means and resources best suited to its maintenance and continuous improvement, in particular as regards mitigation/reduction of the level of risk to data security and adoption of the measures most appropriate to prevent anomalous and emergency situations;
  • Ensure that all personnel are aware of the obligations and responsibility of each in the management of data security and of the consequences in case of events, whether caused maliciously or due to negligence, relative to the unauthorized use, alteration or destruction of critical information.
    
Sala Bolognese, 09/18/2024                                                                           The Management