Privacy Policy

Privacy Information Notice in accordance with Articles 13 and 14 of Regulation (EU) 2016/679

Thux S.r.l, with registered office at Via Dante Alighieri, No. 99, 20096, Limito di Pioltello (MI), VAT number 11900420156 - phone: 02.00644600 - email: amministrazione@thux.it, as the Data Controller (hereinafter referred to as 'the Company' or 'the Controller'), hereby provides the following information regarding the processing of personal data that will be carried out in connection with users accessing its institutional website through a telematic connection starting from the address: http://thux.it (hereinafter referred to as 'the Site').

As is commonly known, through the Internet service provider, it is possible to trace back to the real and sensitive data of an individual from the IP address of a computer.

In this regard, please note that this notice is provided only for the Site and not for other websites that may be consulted through hyperlinks or widgets (e.g., social networks) published on the Site but referring to resources external to the Controller's domain or to processing that may result from the voluntary submission of messages.


1. Categories of Data Subjects and Processed Personal Data

The Data Controller processes personal data of individuals (identified or identifiable) who visit and consult the Site or who voluntarily engage in interactions with the Controller within the same (hereinafter referred to as 'Users').

The personal data processed include:

  1. Browsing Data: The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of Internet communication protocols. This category of data includes: IP addresses or domain names of the computers and terminals used by Users, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters related to the user's operating system and computer environment.

  2. Communicated Data: The optional, explicit, and voluntary sending of messages through the completion and submission of forms on the Site and/or to the contact addresses of the Company or to institutional profiles/pages on social media (where this possibility is provided) involves the acquisition of the User's contact data necessary to respond, as well as any other personal data included in the registration form or in communications. Specific information will be published on the Site pages containing the form or prepared for the provision of specific services.

  3. Cookies and Other Tracking Systems: For more information about the types of cookies used, their management, and purposes, please refer to the cookie policy on the Site: link to the cookie policy.

2. Purposes of Processing and Legal Bases:

The Data Controller processes the Personal Data collected within the context of the Site for the purposes and based on the legal bases indicated in the following table:

  What are the PURPOSES of the processing? What are the LEGAL BASES for the processing?
1) Fulfillment of a legal obligation connected to civil, fiscal, and administrative provisions, European legislation, rules, codes, or procedures approved by competent Authorities and other Institutions, as well as to respond to requests from the competent administrative or judicial authority and, more generally, from public entities in compliance with legal requirements. Fulfillment of a legal obligation to which the Data Controller is subject.
2) Enforcing and defending its own rights, also through extrajudicial initiatives and through third parties, as well as preventing and detecting fraudulent activities or abuse of the Site (for potentially criminal purposes, such as identity theft, cybercrimes, etc.). Pursuit of the legitimate interests of the Data Controller.
3) To allow Users to access the Site and navigate optimally, as well as to manage requests received through the Site. Execution of pre-contractual measures adopted upon the User's request.
4) Restricted to the browsing data of Users under point 1, sub a), for the purpose of ensuring the security of the Data Controller's systems and obtaining statistical information on the use of the Site (such as the most frequently visited pages, the average time spent on each page), as well as for monitoring and administering the operation of the Site and improving the services provided. Pursuit of the legitimate interests of the Data Controller.
5) To manage the contact section of the website and, therefore, to respond to any user requests received through the completion of forms or via the sending of communications to the Data Controller's email address. Execution of pre-contractual measures adopted upon the User's request.


3. Obligation to provide the requested data and consequences of failure to provide them

Unless otherwise specified for browsing data (and, in the relevant policy, for the management of cookies), the user is free to provide their personal data (via forms - on pages that allow it - or through other means to the Data Controller's contacts) for the purpose of requesting information or receiving commercial communications.

However, it should be noted that failure to provide them, even partially, may prevent the Data Controller from fulfilling the User's requests and from carrying out communication and marketing activities, as well as complying with any related obligations.


4. Processing Methods

Personal Data will be processed by means of both manual and automated tools, exclusively by authorized individuals who have been specifically instructed for this purpose.


5. Recipients/Categories of Recipients of Personal Data

♦ User Personal Data may be disclosed to:

-Authorized individuals within the Data Controller's organization (employees or collaborators);

-Third-party service providers to the Data Controller (including IT service providers, hosting providers, web editors, as well as companies or entities providing legal and insurance services) who may, if necessary, act as data processors;

-Third-party companies and professionals appointed to assert the Data Controller's rights, interests, and claims arising from the relationship with Users;

-Government authorities, judicial or administrative authorities, public and private entities, including as a result of inspections and checks;

-Entities that may access the data under provisions of law, secondary legislation, or community legislation.

Only the category of recipients is indicated, as it is subject to continuous updates. To obtain the updated list of recipients, Users can contact the Data Controller directly, using the contact details provided in paragraph 9 of this notice.


6. Retention Periods for Personal Data

The Data Controller will retain Personal Data for the time strictly necessary for the purposes for which they were collected. Specifically, the Data Controller will retain:

Browsing data of Users (indicated in paragraph 1, letter a) for the duration of the browsing session and in any case for no longer than seven days, unless there are malfunctions in the systems, in which case they will be retained until the issue is resolved;

- Data communicated by Users (indicated in paragraph 1, letter b) Regarding personal data communicated through the completion of forms on the website, for the time necessary to process the relevant request;

-Personal Data the processing of which is necessary in relation to legal obligations for the duration required by law;

- And in any case, for the purposes outlined in paragraph 2, number 2, for a maximum period equal to the expiration of the relevant statute of limitations plus a prudential period of six months, in order to ensure the Company's right to defense with respect to potential future legal or administrative disputes.

In all cases, after the respective terms have elapsed, all Personal Data will be deleted or anonymized. It is understood that the indicated terms may be extended in cases where storage for a subsequent period is required in the event of disputes, requests from competent authorities, or in accordance with applicable regulations.


7. Transfer of personal data to a third country or to an international organization

In the context of the above-mentioned purposes, it is possible that your data may be transferred to countries within the EU.


8. Rights

Users, under the circumstances, may exercise the following rights with respect to the Data Controller:

Right of access: allows Users to obtain from the Data Controller confirmation as to whether or not personal data concerning them is being processed, and, if so, to gain access to their personal data;

Right to rectification: allows Users to obtain the rectification or integration of inaccurate or incomplete Personal Data;

Right to erasure: allows Users to obtain, in cases provided for by the regulations, the erasure of their personal data;

Right to restriction of processing: allows Users to obtain, in cases provided for in Article 18, paragraph 1 of the GDPR, the restriction (i.e., marking of personal data stored with the aim of limiting its processing in the future) of the processing of their personal data;

Right to data portability: allows Users - in cases where processing is carried out by automated means on the basis of a contract or consent - to receive their personal data concerning them in a structured, commonly used, and machine-readable format and, where technically feasible, to transmit those data to another data controller.

Furthermore, Users have the right:

to object to the processing of their Personal Data for the purposes set out in paragraph 2;

and, if they believe that the processing of their Personal Data carried out through this Website is in violation of the GDPR, to lodge a complaint pursuant to Article 77 of the GDPR with the national supervisory authority of the Member State where the Data Subject has their habitual residence or place of work or where the alleged violation of their rights occurred (if that state is Italy, the relevant authority to contact is the Italian Data Protection Authority) or to bring the matter before the appropriate courts (Article 79 of the GDPR).


9. Contacts

To exercise all these rights, the data subject can submit a specific request by contacting the Data Controller using the following methods:

10. Changes

The privacy notice has been updated on 10/10/2022.

The Company reserves the right to partially or fully modify this notice or update its content, for example, due to changes in applicable law. Therefore, the Company encourages the User to regularly check the notice to be informed of the latest updated version, so as to always be informed about the collection and use of Personal Data.