Dear visitor,

the undersigned Thinx S.r.l. (VAT n. 09709190962), with registered office in Via Borgazzi, 2 20122 Milan (contact details: telephone 02.82783531), in its capacity as Data Controller, pursuant to and in accordance with the European Regulation 2016/679 (GDPR), hereby informs you that, according to the aforesaid regulation, the processing of your personal data shall be based on the principles of fairness, lawfulness, transparency and protection of your privacy and rights.


Therefore, pursuant to Article 13 of the GDPR 2016/679, we hereby provide you the following information:


  1. Object of the processing

The Data Controller processes the personal identification data (for example name, surname, company name, address, telephone, e-mail, bank and payment details) – hereafter “personal data” or “data” – provided by you at the conclusion of agreements or during the pre-contractual stage with the Data Controller.


  1. Purposes for processing
  • a) Your personal data shall be processed for the purposes related to the conclusion of agreements with the Data Controller; to the compliance with contractual, pre-contractual and tax obligations resulting from existing relations with you; to the compliance with legislative obligation or obligations resulting from a regulation, from the community regulation or from an order of the authorities.
  • b) Your data may also be processed, subject to your specific and express consent, in order to send you newsletters, commercial communications and/or advertising material by e-mail, mail and/or text message and/or by telephone contacts, related to products or services provided by the Data Controller as well as in order to evaluate the degree of satisfaction about the quality of services; to send you commercial and/or promotional communications of third parties (for instance business partners, insurance companies etc…) by e-mail, mail and/or sms and/or telephone contacts.

Your data may also be processed for internal statistics and market research purposes.

Please note that, if you are already our customers, we may send you commercial communications related to services and products of the Data Controller similar to those that you have already used, unless you dissent.

The failure to provide personal data shall imply the impossibility, on our part, to execute agreements and other related requirements, as well as to manage mutual commercial relations properly.


  1. Legal basis

Your personal data shall be processed to execute an agreement entered into with you or to execute pre-contractual measures adopted upon your request.

Commercial and/or promotional communications related to products and services similar to those constituting the object of the existing contractual relationship are sent on the basis of your consent.


  1. Recipients of data

Your data may be disclosed to third parties for technical and operating requirements strictly related to the purposes set out above, and in particular to the following categories of parties:

  • a) bodies, professionals, companies or other entities entrusted by us with the processing with regards to compliance with administrative, accounting and management obligations related to the ordinary performance of our activity;
  • b) to public authorities and administrations for the purposes related to the compliance with legal obligations or to parties entitled to access them under provisions of law, regulations, community legislations;
  • c) banks, financial institutions or other parties to whom our company is required to transfer the aforesaid data in order to carry out its activity concerning compliance, on our part, with the contractual obligations undertaken to you.
  • d) suppliers of facilities and IT and telematic systems installation, support and maintenance services, as well as of all the other services functionally connected with and necessary to provide the services object of the Agreement.


  1. Data processing methods

Your personal data are processed through the operations specified in Article 4 n. 2) of the GDPR, more precisely: collection, registration, organization, retention, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.

Your personal data are subject to both paper and electronic and/or automated processing.


Each processing is carried out in compliance with the methods referred to in Articles 6 and 32 of the GDPR and through the adoption of the adequate safety measures provided for.


  1. Retention period

In compliance with the principles of lawfulness, data purpose limitation and minimization, pursuant to Article 5 of the GDPR, your data shall be retained for the period provided for by specific legal obligations of by the applicable regulation as well as for the necessary time in order to fulfil the aforementioned purposes.


  1. Nature of the provision of data and consequences in case refusal

The provision of data for the purposes referred to in Article 2.a) is compulsory.

In their absence, we shall not be able to provide the services object of the Agreement entered into with you or of the precontractual measures.


On the contrary, the provision of data for the purposes referred to in Article 2.b) is optional. Therefore, you may decide not to provide any data or to subsequently refuse to consent to the processing of the data already provided. In said case, you may not receive newsletters, commercial communications and advertising material related to the Services provided by the Data Controller. However, you shall still be entitled to the services referred to in Article 2.a).


  1. Rights of the interested party

In your capacity as interested party, you are entitled to the rights referred to in Article 7 of the Privacy Code and Article 15 of the GDPR, more precisely the rights to:

  1. Obtain the confirmation of the possible existence of personal data related to you, even though they have not been recorded yet, as well as their communication in an intelligible form;
  2. Obtain information about: a) the origin of your personal data; b) the processing purposes and methods; c) the methods applied in case of processing carried out through electronic instruments; d) the identification details of the data controller, of data processors and of the representative appointed pursuant to Article 5, paragraph 2 of the Privacy Code and to Article 3, paragraph 1, of the GDPR; e) the subjects or categories of subjects to whom your personal data may be disclosed or who can gain knowledge thereof in their capacity as appointed representative in the territory of the State, as persons in charge or appointed.
  3. Obtain: a) the update, rectification or, where it is in your interest, the integration of your data; b) the cancellation, transformation into anonymous form or blocking of the data processed in violation of the law, including those for which retention is not necessary with regards to the purposes for which the data were collected or subsequently processed; c) the declaration that the operations referred to under letters a) and b) were made known, also for what concerns their content, to those to whom the data were communicated or disclosed, save in the case where said requirement turns out to be impossible or it implies the use of clearly disproportionate means compared to the right protected.
  4. Object, in whole or in part: a) for legitimate reasons, to the processing of the personal data related to you, even though they are relevant for the purpose of their collection; b) to the processing of the personal data related to you for the purposes of sending advertising or direct selling material or to carry out market or commercial communication researches, also through automated systems.


Where applicable, you are also entitled to the rights referred to in Articles 16-21 of the DGPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as to the right to file a complaint with the Data Protection Authority.


You can exercise your rights at any time by contacting the Data Controller.


  1. Amendments

This privacy notice is in force from December the 15th2018. THINKX reserves the right to amend or simply update the content thereof, in whole or in part, also due to changes in the applicable regulation. Therefore, THINX recommends that you visit this section on a regular basis to take cognizance of the most recent and updated version of the policy in order to be always up-to-date about the data collected and about how THINX uses them.