THUX CODE S.r.l., with registered office at Via Dante Alighieri, no. 99, 20096, Limito di Pioltello (MI), VAT no. 14012250966 - tel. +39 02.00644600 - email: amministrazione@thux.it, as Data Controller (hereinafter, the "Company" or the "Controller"), provides the following information regarding the processing of personal data that will be carried out when users access its corporate website via an online connection from the address: http://thuxcode.it (hereinafter, the "Site").
As is known, through the Internet service provider, it is possible to trace the real and sensitive data of a natural person from the IP address of a PC.
In this regard, please note that the information is provided only for the Site and not for other websites that may be consulted via hyperlinks or widgets (e.g., social networks) published on the Site, but which refer to resources outside the Data Controller's domain or to processing that may result from the voluntary sending of messages.
The Data Controller processes the personal data of natural persons (identified or identifiable) who visit and consult the Site or who voluntarily interact with the Data Controller within it (hereinafter, the "Users").
The personal data processed are:
The Data Controller processes the Personal Data collected in the context of the Site for the purposes and pursuant to the legal bases indicated in the following table:
|
What are the PURPOSES of the processing?
|
What are the LEGAL BASIS for the processing? | |
|---|---|---|
| 1) | Fulfillment of a legal obligation related to civil, fiscal, and administrative provisions, EU legislation, standards, codes, or procedures approved by competent authorities and other institutions, as well as to respond to requests from the competent administrative or judicial authority and, more generally, from public entities in compliance with legal formalities. | Fulfillment of a legal obligation to which the Data Controller is subject. |
| 2) | Assert and defend your rights, including through out-of-court actions and through third parties, as well as prevent and detect fraudulent activity or abuse of the Site (for potentially criminal purposes, such as identity theft, computer crimes, etc.). | Pursuit of the legitimate interest of the Data Controller. |
| 3) | To allow Users to access the Site and navigate it optimally and manage requests received through the Site. | Execution of pre-contractual measures taken at the User's request. |
| 4) | Limited to the browsing data of Users referred to in paragraph 1, point a), for the security purposes of the Data Controller's systems and to obtain statistical information on the use of the Site (such as the most frequently visited pages of the Site, the average time spent on each page), as well as to monitor and manage the functioning of the Site and improve the services provided. | Pursuit of the legitimate interest of the Data Controller. |
| 5) | To manage the contact section of the site and therefore to respond to any user requests received through the completion of any forms or by sending communications to the Data Controller's email address. | Execution of pre-contractual measures taken at the User's request. |
Except as specified for browsing data (and, in the specific policy, for cookie management), the user is free to provide their personal data (via forms - on pages that allow it - or by other means to the Data Controller's contact details) to send information requests or to receive commercial communications.
It is understood that failure to provide such data, even partially, may prevent the Data Controller from fulfilling the User's requests and from carrying out communication and marketing activities, as well as fulfilling any related obligations.
Personal Data will be processed using both manual and automated computerized tools exclusively by authorized and specifically trained persons.
For the purposes indicated in this policy:
to third-party service providers to the Data Controller (including IT service providers, hosting providers, web editors, as well as companies or individuals providing legal and insurance services) who will act, where applicable, as data controllers;
to third-party companies and professionals appointed to enforce the owner's rights, interests, and claims arising from the relationship with the Users;
Only the category of recipients is indicated, as it is subject to continuous updates. To obtain an updated list of recipients, Users may contact the Data Controller directly using the contact details indicated in section 9 of this policy.
Personal Data will be retained by the Data Controller for the time strictly necessary for the purpose for which it was collected; specifically, the Data Controller will retain:
the data communicated by the Users (indicated in paragraph 1, letter b)
and in any case, for the purposes referred to in paragraph 2, no. 2, for a maximum period equal to the statute of limitations for relevant actions, increased by a precautionary period of six months, in order to ensure the Company's right to defend itself against possible future disputes in court or administrative proceedings.
In all cases, upon expiration of the respective deadlines, all Personal Data will be deleted or anonymized. It is understood that the indicated deadlines may be extended in cases where retention for a longer period is required due to potential disputes, requests from competent authorities, or pursuant to applicable legislation.
For the purposes set out above, your data may be transferred to EU countries.
Users, if the circumstances apply, may exercise the following rights against the Data Controller:
Right of access: allows Users to obtain confirmation from the Data Controller as to whether or not Personal Data concerning them is being processed and, where that is the case, to obtain access to their personal data;
Right to restriction of processing: allows Users to obtain, in the cases provided for by Art. 18, paragraph 1 of the GDPR, the restriction (i.e., the marking of stored personal data with the aim of limiting their processing in the future) of the processing of their personal data;
Right to data portability: allows Users - in cases where the processing is carried out by automated means on the legal basis of the contract or consent - to receive the personal data concerning them in a structured, commonly used and machine-readable format, limited to the data provided to the Data Controller, and similarly the right to transmit such data to another data controller.
Furthermore, Users have the right:
to object to the processing of their Personal Data for the purposes indicated in paragraph 2;
and, if they believe that the processing of their Personal Data carried out through this Site violates the provisions of the GDPR, to lodge a complaint pursuant to Art. 77 of the GDPR with the national supervisory authority of the European Union Member State in which the Data Subject has his or her habitual residence or place of work, or where the alleged violation of his or her rights occurred (if that State is Italy, the authority to which the Data Protection Authority may apply is the Italian Data Protection Authority), or to take appropriate legal action (Article 79 of the GDPR).
To exercise all rights, the interested party may submit a request by contacting the Data Controller as follows:
By mail to THUX CODE S.r.l. at Via Dante Alighieri, 99 – 20096 Pioltello (Milan);
By sending an email to amministrazione@thux.it
This privacy policy was updated on September 1, 2025.
The Company reserves the right to modify this policy in whole or in part or update its content, for example, following changes in applicable law. Therefore, the Company encourages Users to regularly consult the policy to review the latest version, so as to remain informed about how Personal Data is collected and used.
Owner: THUX CODE S.r.l., Via Dante Alighieri 99, 20096 Pioltello (MI), C.F./P.IVA 14012250966, PEC: thuxcode@pec.it.
Conversational content: text typed by the User in the widget and responses displayed.
Any contact information (e.g., email) will only be provided for recontact or follow-up purposes.
Legal protection/compliance (if applicable): legal obligation or legitimate interest (art. 6.1.c/f).
Optional; failure to provide conversational content will prevent the widget from being used.
No solely automated decisions are made that produce legal effects on the User (Article 22 GDPR). Technical/organizational measures are adopted to reduce the data processed (e.g., pseudonymization, filters to block sensitive data, and prompt injection).
The Data Controller's IT providers acting as Data Processors pursuant to Art. 28 GDPR (e.g., hosting/cloud, AI API tools, security monitoring); an updated list is available upon request using the contact information provided in section 9 of the Policy.
Processing with foreign components/clouds may involve transfers to countries outside the EEA. In such cases, the Data Controller applies the safeguards set forth in Chapter V of the GDPR (e.g., Standard Contractual Clauses, supplementary measures) or uses adequacy decisions where available.
Updated information on the countries and safeguards is provided upon request using the contact details in section 9.
Conversational content: for the time strictly necessary to provide the response and carry out technical protection/quality activities, and in any case no longer than 90 days, except for legal defense or security needs.
Upon expiration of the terms, the data is deleted or anonymized.
The rights indicated in paragraph 8 of the Policy (access, rectification, erasure, limitation, portability, objection, complaint to the Guarantor) remain unchanged. The User can request additional information on suppliers, third-party countries, and guarantees by writing to the contacts in paragraph 9.
The widget may use cookies/technical technologies necessary for its operation (e.g., storing conversation status). For details and any non-essential metrics, please refer to the Site's Cookie Policy.
