Privacy policy

Tinext Experience SA, as the Data Controller (hereinafter “Controller”), considers privacy and the protection of personal data an important aspect of its activities. For this reason, it processes personal data both in accordance with the Swiss Federal Data Protection Act (FADP, September 25, 2020) and with the provisions of EU Regulation 679/2016, General Data Protection Regulation (hereinafter “GDPR”).

We therefore invite you, before providing any personal data to the Controller, to carefully read this Privacy Policy as it contains very useful information regarding the protection of your personal data.

This Privacy Policy:

  • applies to the website https://experience.tinext.com (hereinafter the “Site”) and to all instances where it is referenced or linked;

  • forms an integral part of the Site and the services we offer;

  • is addressed to those interacting with the Site’s web services, pursuant to Art. 13 of the GDPR and Art. 19 of the FADP. 

The processing of your personal data will follow the principles of good faith and proportionality, fairness, lawfulness, transparency, purpose and storage limitation, data minimization and accuracy, integrity, and confidentiality, as well as accountability. Your personal data will therefore be processed in compliance with current legal provisions and confidentiality obligations.

We inform you that the personal data processed may consist, depending on how you use the services, of textual information, photographs, or any other information suitable to identify or make the data subject identifiable.

1. DATA CONTROLLER
The Data Controller is Tinext Experience SA, Viale Serfontana 7, 6834 Morbio Inferiore (hereinafter “Controller”).

2. DATA PROCESSED AND PURPOSES OF PROCESSING
To allow you to use the Site and its services, the Controller must collect and process some of your personal data. Personal data refers to any information related to an identified or identifiable individual, such as name, contact details, and IP addresses. As for mere browsing of the Website, the types of data processed and the specific information regarding cookies are described below. 

We inform you that the processed personal data may include identifiers such as name, ID number, or characteristics of your identity, depending on the services requested (hereinafter simply “personal data”).

The personal data processed via the Site include:

a. Browsing Data

In the course of their normal operation, the IT systems and software procedures used to operate the Site acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, and the Controller will not attempt to link the server logs to identified individuals. However, by their very nature, such data could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server response, and other parameters related to the user’s operating system.

These data are used solely to obtain anonymous statistical information on the use of the Site, to check its correct functioning, identify anomalies and/or abuses, and to improve the structure of the Site itself. The data could be used to ascertain responsibility in case of computer crimes against the Site or third parties.

  • Purpose of processing: browsing the Site. Data provision is mandatory as it is automatically collected to allow browsing.

  • Legal basis: Legitimate interest of the Controller.

  • Retention period: for the browsing session only.

b. Data provided by the user for information requests

Unless otherwise specified, this Privacy Policy also applies to the processing of data voluntarily provided by you through the Site. In particular, you may provide data through the contact form (hereinafter “Form”) for service and product information, registration to events organized by Tinext, or via email.

You are kindly requested not to include in the Forms or email messages any information falling within the special categories of personal data under Art. 9 of the GDPR (e.g., political opinions, religious beliefs, or health status), or any personal data worthy of particular protection under Art. 5 para. 1(c) FADP.

  • Purpose: to respond to the data subject as requested. Providing name, surname, email, company, and how you heard about Tinext is mandatory to send the request. Job title is optional.

  • Legal basis: performance of pre-contractual and contractual measures.

  • Retention period: contact data collected to handle requests are retained for 2 years.

c. Data Provided for Marketing Purposes

By filling in the appropriate form, you may provide your name, surname, and email address in order to receive newsletters, informational, promotional, commercial, and advertising materials, or information about events, initiatives, and courses promoted by the Controller.

  • Purpose: direct marketing. Providing name, surname, email, and company is mandatory to send the request. Job title is optional.

  • Legal basis: consent of the data subject.

  • Retention period: until withdrawal of consent, via the link provided in each message or by emailing [email protected].

d. Cookies

Information on the cookies served by the Site is available at the following link.

3. RECIPIENTS OF PERSONAL DATA
Tinext does not sell, transfer, or otherwise disclose your data. Personal data may be shared with recipients who will process the data as data processors, for the purposes stated in section 2 of this Privacy Policy. In particular, data may be shared with:

  • Individuals, companies, or professional firms providing assistance and consulting to the Controller in accounting, administrative, legal, tax, and financial matters;

  • Entities delegated to perform technical maintenance, IT system management services, or website support;

  • Companies providing newsletter services;

  • Parent, subsidiary, and affiliated companies of the Controller, strictly for administrative-accounting purposes or organizational, commercial, administrative, financial, and accounting activities;

  • Authorities or bodies to whom data must be communicated under legal obligations or court orders.

4.  TRANSFERS OF PERSONAL DATA
Your personal data is processed in the country where the Controller is based and in Italy.

If transferred to other EU countries, in accordance with Art. 16 et seq. of the FADP and Art. 8 et seq. of the OFADP, the destination country must be listed in Annex 1 of the OFADP, meaning the country is recognized by the Federal Council as having adequate data protection legislation.

In the absence of such safeguards, transfers are allowed only in compliance with Art. 17 of the FADP and Art. 8 et seq. of the OFADP. Such transfers will be explicitly communicated to the data subject.

5. RIGHTS OF THE DATA SUBJECT
The data subject has the following rights:

1) Right of access: to obtain confirmation of whether personal data is being processed and information on the processing purposes, methods, data recipients, retention criteria, data origin (if not collected from the data subject), and any automated decision-making; the Controller provides a copy of the personal data processed;

2) Right to rectification and completion of incomplete data, including by providing a supplementary statement;

3) Right to erasure, with limitations where processing is necessary for the establishment, exercise, or defense of legal claims;

4) Right to restriction of processing;

5) Right to withdraw consent, without affecting the lawfulness of processing based on consent before its withdrawal;

6) Right to object to processing for legitimate reasons, including direct marketing;

7) Right to data portability;

8) Right to object to automated decision-making, including profiling;

9) Right to lodge a complaint with a supervisory authority.

The data subject may also bring actions regarding the protection of personality, requesting prohibition of specific processing, data disclosure, or data deletion, under Art. 32 para. 2 of the FADP. These rights can be exercised by emailing: [email protected]. The Controller will respond within 30 days or communicate when the information will be provided. Requests are free of charge, unless a disproportionate cost is involved.

6. CONSENT OF MINORS
To access services provided through the Site, users must be over sixteen years of age. Consent for personal data processing of minors under sixteen is valid only if given by a person holding parental responsibility.

7. AUTOMATED DECISION-MAKING
The Controller does not use automated decision-making processes, including profiling.

8. CONTROLLER’S REPRESENTATIVE
To provide a contact person located in the European Union for any issues regarding data processing, the Controller has appointed, under Art. 27 GDPR:

Tinext Italia S.r.l.

Via Borghi 8, Gallarate

Email: [email protected]

9. CHANGES
The Controller reserves the right to amend or update this Privacy Policy, in whole or in part, due to changes in applicable laws. Before using the Site or related channels (email, phone, social media, etc.), users should verify the latest version of this policy.

10. CONTACTS
For any inquiries, please send an email to: [email protected]