Website Privacy Policy

HinX Srl – VAT No. 10914180962, with registered office at Via Vincenzo Monti, 32, 20123 Milan (MI), in its capacity as Data Controller (hereinafter, the “Controller”), informs you, pursuant to Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (hereinafter, the “Privacy Code”) and Articles 13 and 14 of EU Regulation 2016/679 (hereinafter, “GDPR”), that your personal data will be processed in accordance with the principles of lawfulness, fairness and transparency, and only for the purposes and using the methods described below, collecting only the data strictly necessary for the processing.

1. Subject of the Processing

This Privacy Policy describes how the website https://hinx.it/ is managed in relation to the processing of users’ personal data.
“Processing of personal data” means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, whether or not contained in a database, such as collection, recording, organization, structuring, storage, processing, selection, blocking, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction.

1.1 Types of Data Collected

Pursuant to EU Regulation 679/2016, by using our services, you agree that our Company may collect certain personal data. This notice aims to inform you about the types of data we collect, why, and how we use them.

1.1.1 Data Provided by the User

Our website collects personal data through IT systems and software procedures necessary for its operation, as well as through the contact form and newsletter subscription pop-up. We may request the following data, by way of example:

• First name and last name
• Email address
• Phone number

1.1.2 Data Automatically Collected from the Website

We also collect the following data via our website:

• Technical data: such as IP address, browser type, device information, and approximate location of the device used
• Data collected through cookies or similar technologies. For more information on the types of cookies used and how to disable them, please refer to our Cookies Policy.

2. Purpose and Legal Basis of Processing

a) The personal data you provide is processed by the Controller for the following service-related purposes:

• To enable access to the website https://hinx.it/
• To respond to information requests
• To perform the requested service

Legal basis: the execution of a contract or pre-contractual measures.

b) Your data may also be processed to:

• Collect statistical data on site usage (e.g., most visited pages, number of visitors by time of day, geographical origin) and improve the website experience
• Defend our rights in legal proceedings

Legal basis: the legitimate interest of the Controller.

c) With your prior consent, your data may also be processed via our website to:

• Carry out direct marketing activities, through traditional means (postal mail, phone calls) or automated means (email, SMS, MMS, fax, automated calls), for sending promotional material, newsletters, and informational and/or promotional communications related to services and/or events promoted by the Controller, as well as market and statistical research
• Promote, via traditional or automated means, advertising material and informational/promotional communications relating to services and/or events promoted by our commercial partners.

3. Processing Methods

The processing of your personal data will be carried out through the operations set forth in Article 4(2) of the GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, restriction, communication, erasure, and destruction of data. Your personal data will be processed both on paper and by electronic and/or automated means.

4. Access to and Disclosure of Data

Your data may be accessed, for the purposes described in Section 2 and, with your consent, for those under Section 2(c), by employees and collaborators of the Controller, in their capacity as authorized personnel and/or internal data processors and/or system administrators.

Furthermore, the Controller may disclose your data for the above purposes to supervisory bodies, judicial authorities, law enforcement agencies, public bodies, and other authorities where disclosure is required by law. These parties will process the data as autonomous data controllers.

Your personal data will not be disseminated.

5. Data Retention Period

The data collected via the website is retained for as long as strictly necessary to fulfill the stated purposes. After that period, the data will be deleted or anonymized, unless further retention is required (e.g., for legal or security purposes in case of abuse). In such cases, the Controller will retain the data for the time necessary to comply with legal obligations and/or to assert or defend a legal right.
Data collected for the purposes under point 2(c) will be retained for 2 years from the last interaction with us.

6. Data Transfers

Your personal data is not transferred outside the European Union. However, should such a transfer be necessary, we will ensure compliance with applicable legal requirements, including:

• Transfers to non-EEA countries that the European Commission has deemed to offer adequate protection: in such cases, your data may be transferred on that basis
• For transfers to non-EEA countries without an adequacy decision, we may rely on a specific derogation or enter into specific agreements providing adequate safeguards (e.g., Standard Contractual Clauses approved by the European Commission)

7. Nature of Data Provision

The provision of data for purposes a) and b) is mandatory to comply with legal and contractual obligations and to pursue the legitimate interests of the Controller. Failure to provide such data, in whole or in part, may make it impossible to access or use the requested service.

For the purposes under point c), data provision is optional and failure to provide it will not affect the availability of services.

For consequences related to rejecting or removing cookies, please refer to the Cookie Policy.

8. Data Subject Rights and How to Exercise Them

You may, at any time and under the conditions set out in Articles 15 et seq. of the GDPR, exercise the following rights:

• Obtain confirmation as to whether or not your personal data is being processed and access a copy
• Request the update, rectification, or integration of your data
• Request the erasure of your data, where permitted by law
• Object, in whole or in part, to the processing of your personal data
• Request restriction of processing in case of violation, request for rectification, or objection
• Request data portability for data provided based on consent or contract
• Withdraw consent where applicable
• In the case of fully automated profiling, obtain human intervention from the Controller, express your opinion, and contest the decision

If you believe your rights have been violated, you may file a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

To exercise your rights, contact the Controller at the following email address: info@hinx.it.

Last updated: June 19, 2025