Privacy policy

This Privacy Policy:

• is intended for the website www.tinext.com (hereinafter "Website") and applies in all cases in which reference is made or there is a link to this statement;
• is an integral part of the Website and the services we offer;
• is made to those who interact with the web services of the Website. 

The processing of your personal data will be based on principles of correctness, lawfulness, transparency, limitation of purpose and preservation, minimization and accuracy, integrity and confidentiality, as well as the principle of accountability. Your personal data will therefore be processed in accordance with the laws and confidentiality obligations in force.

We inform you that the personal data processed may be established - also depending on your decisions on how to use the services - from textual information, images or any other information suitable to make the individual identified or identifiable, depending on the type of services requested.

1. DATA CONTROLLER
The data controller is Tinext SA, with registered office at the Salita ai Ronchi 1, 6934 Bioggio.

2. PERSONAL DATA OBJECT OF TREATMENT
We inform you that the personal data processed may be established - also depending on your decisions on how to use the services - by an identifier such as the name, an identification number, one or more elements characteristic of your identity suitable to make the interested party identified or identifiable, depending on the type of services requested (hereinafter only "personal data").

The personal data processed through the Website are as follows:
a. Navigation data
During their normal operation, the computer systems and software procedures used to operate the website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects and the Data Controller will not attempt in any way to relate the data contained in the protocols of its servers with the people who visited the website. However, such data, through processing and merging with data held by third parties, by their very nature could make it possible to identify users. As an example, this category of data includes IP addresses or domain names of the computers used by users connecting to the Website, Uniform Resource Identifier (URI) sequences of the requested resources, the time of request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters related to the user's operating system.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website, in order to check its correct functioning, identify anomalies and/or abuses, as well as to better structure the Website itself. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Website or third parties.
b. Data provided voluntarily by you
Except for the reference to specific information, this Privacy Policy is also intended for the processing of data voluntarily provided by you through the Website. In particular, you can provide data by filling in the form (hereinafter “form”) to subscribe to the newsletter, requesting information, services or products, as well as data sent by you via e-mail. In this regard, we invite you not to include in the formscontained within the Website information that may fall within the category of particularly personal data pursuant to art. 9 of the Regulations (for example, data referring to your political opinions, your religious convictions or your state of health).
c. Third party data provided voluntarily by you
In the use of particular services, personal data processing may be processed by third parties, which you have provided to the Data Controller. With respect to these assumptions, you are the independent data controller, assuming all the legal obligations and responsibilities. In this sense, you give on the point the widest indemnity with respect to any claim, request for compensation for damage from treatment, which should be received by the Data Controller from third parties, whose personal data have been processed through your use of Website services in violation of the rules on the protection of personal data applicable. In any case, if you provide or otherwise treat personal data of third parties in the use of the Website, guarantees from now - assuming all related liability - that this particular hypothesis of treatment is based on the prior acquisition - on your part - of the consent of the third party to the processing of information concerning him.
d. Cookie
The information on cookies are available at the following link.

3. PURPOSE OF THE TREATMENT
Your personal data will be processed, where necessary with your consent, for the following purposes:

3.1. fulfill any obligations under applicable laws, regulations or Community legislation, as well as satisfy requests from authorities;

3.2. allow navigation of the Site and the provision of the services of the Data Controller, in addition to the purposes strictly connected and / or instrumental and / or necessary for the fulfillment of contracts entered into with the data subject;

3.3. to find specific requests addressed to the Data Controller in order to provide the information, services or products requested, as well as respond to messages sent by you;

3.4. send the newsletter signed by you, without prejudice to the possibility of unsubscribing from the list of recipients, by selecting the appropriate link in each message;

3.5. for statistical purposes, without it being possible to trace your identity.

The processing of your data may be carried out using manual, computerized and telematic tools, also through automated methods designed to store, manage and transmit them; will take place through appropriate tools, as far as is reasonable and in the state of the art, to guarantee security and confidentiality through the use of suitable procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination.

The data are stored in computerized, electronic, and - in a residual - paper archives, with full assurance of the security measures provided by the legislator.

Specific security measures are observed to prevent data breach, illicit or incorrect use and unauthorized access.

4. LEGAL BASIS AND OBLIGATORY NATURE OR OPTIONAL FACULT
The purpose set out in section 3.1 represents a legitimate processing of personal data as it is necessary to fulfill a legal obligation to which the data controller is subject. In fact, once the personal data have been transferred, it is indeed necessary to comply with legal obligations to which the Data Controller is subject.

The legal basis for processing personal data for the purposes set out in sections 3.2, 3.3 and 3.4 is the need to implement a contract of which the data subject is a party or of pre-contractual measures taken at the request of the same, as the processing they are necessary for the provision of services. The provision of personal data for these purposes is optional, but failure to provide it would make it impossible to activate the services requested. With particular reference to the processing of your data belonging to particular categories (such as, for example, data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, union membership, as well as genetic data, biometric data, intended to uniquely identify a natural person, data related to health or sex life or sexual orientation), in the denied hypothesis in which, despite our contrary warning, we communicate them to us, it finds a legal basis in your express consent.

Finally, it is specified that the treatment referred to in section 3.5 is not performed on personal data; therefore it can be freely carried out by the Data Controller. 

5. ADDRESS OF PERSONAL DATA
Tinext does not sell, transfer or otherwise transmit your personal data to third parties.

Personal data may be shared, for the purposes set out in section 3 of this Privacy Policy, with:

5.1. subjects that typically act as data processor, namely: i) persons, companies or professional firms that provide assistance and advice to the Data Controller in accounting, administrative, legal, tax and financial matters; ii) subjects delegated to carry out technical maintenance activities; iii) credit institutions, insurance companies and brokers; iv) data controller related parties, limited to the pursuit of administrative-contractual purposes and / or connected to the performance of organizational, commercial, administrative, financial and accounting activities;

5.2. subjects, bodies or authorities to whom it is mandatory to communicate your personal data in accordance with the provisions of law or orders of the authorities;

5.3. persons authorized by the Data Controller to process personal data necessary to perform activities strictly related to the provision of services, which are committed to confidentiality and adopt GDPR-compliant standards. 

6. TRANSFERS OF PERSONAL DATA
Your personal data are processed in the country where the Data Controller is located, as well as in Italy. For greater clarity, we inform you that Switzerland is a country in which personal data can be processed and transferred also in accordance with the GDPR, as it guarantees adequate protection to the standard required by European standards, pursuant to art. 45 of Regulation (EU) 2016/679. In fact, the European Commission adopted the Decision of 26 July 2000, in which it established that Swiss legislation offers a level of protection appropriate to European standards. According to the Regulation, this decision remains valid "until they are amended, replaced or repealed by a Commission decision". The Data Controller also ensures that the processing of your personal data by the Recipients takes place in compliance with the Rules. 

7. STORAGE OF PERSONAL DATA
Personal data processed for the purposes set out in section 3.1 will be kept until the time required by the specific obligation or applicable law.

Personal data processed for the purposes set out in sections 3.2, 3.3 and 3.4 will be kept for the time strictly necessary to achieve the aforementioned purposes, in execution of the services you have chosen. In any case, as these are treatments performed for the provision of services, the Data Controller will keep personal data for the period of time provided and allowed for the fulfillment of contractual, administrative, fiscal or judicial requirements.

8. RIGHTS OF THE INTERESTED PARTY
They are recognized:

1) the right of access, or to obtain from the Data Controller confirms whether or not personal data is being processed, as well as obtaining information on the purposes and methods of processing, the recipients of the data, the criteria used to determine the period data retention, the source of the data (if not collected from interested party), as well as the existence of an automated decision-making process; the Data Controller provides a copy of the personal data being processed;

2) the right to obtain the correction and integration of incomplete personal data, including by providing an additional declaration;

3) the right to cancel data; this right may find limits in the event that the processing is necessary for the assessment, exercise or defense of a right in court;

4) the right to obtain from the Data Controller the limitation of processing;

5) the right to withdraw consent, in cases where it was previously provided without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation;

6) the right to object, for legitimate reasons, to the processing of personal data, even in the case of processing for direct marketing purposes;

7) the right to data portability;

8) the right to oppose an automated decision-making process concerning individuals, including profiling;

9) the right to lodge a complaint with a supervisory authority. If your requests are groundless or excessive, the Data Controller may charge a fee or refuse to fulfill the request. These rights may be exercised by sending an e-mail to the address provided by the Data Controller.

9. EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS
There is no automated decision-making process for customer profiling.

10. REPRESENTATIVE OF THE DATA CONTROLLER OF THE TREATMENT
In order to provide an interlocutor for all matters concerning the processing, the Data Controller appointed as a representative established in the EU pursuant to art. 27 Regulation (EU) 2016/679, which is a member of our internal Legal Office, reachable at the e-mail address privacy@tinext.com.

11. CHANGES
The Owner reserves the right to modify or simply update the content of this Privacy Policy, in part or completely, also due to changes in the applicable legislation. The Data Controller will inform you of such changes and they will be binding as soon as they are published on the Website. The Data Controller therefore invites you to regularly visit this section to take cognizance of the most recent and updated version of the Privacy Policy, in order to be always updated on the collected data and on the use made of it by the Data Controller.  

12. CONTACTS
To exercise the above rights or for any other request you can send an e-mail to privacy@tinext.com.