Last updated: 13/11/2024
This Privacy Policy is provided pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR") and applicable national laws, including Legislative Decree 196/2003 as amended ("Italian Privacy Code"). It outlines how Twini S.r.l. (hereinafter referred to as the "Data Controller" or the "Company") processes the personal data of customers who purchase access to the "Twini AI" software and services.
1. Data Controller
Twini S.r.l.
Registered Office: Via Pietro Paleocapa 7, 20121 Milan (MI), Italy
Tax Code and Registration Number: 13697330960
REA Number: MI - 2739354
Email: twini@pec.it
Website: www.twini.ai
For any requests or inquiries regarding the processing of personal data, please contact us at the email address above.
2. Types of Personal Data Collected
The Company may collect and process the following categories of personal data:
Identification Data: Name, surname, company name, tax code, VAT number, address, email address, telephone number.
Payment Data: Bank account details, credit card information, billing address.
Usage Data: Information regarding the use of the "Twini AI" software and services.
Technical Data: IP address, login data, browser type and version, time zone setting, and other technology on devices used to access our services.
Provision of Personal Data
The provision of personal data is necessary to enter into and perform the contract for the use of our software and services. Failure to provide such data may make it impossible for us to provide the requested services.
3. Purposes of Data Processing and Legal Basis
The Company processes personal data for the following purposes:
a. Execution of the Contract and Provision of Services
Purpose: To fulfill contractual obligations and provide access to the "Twini AI" software and services.
Legal Basis: Article 6(1)(b) GDPR – processing is necessary for the performance of a contract to which the data subject is a party.
b. Compliance with Legal Obligations
Purpose: To comply with legal, regulatory, and tax obligations.
Legal Basis: Article 6(1)(c) GDPR – processing is necessary for compliance with a legal obligation.
c. Customer Support
Purpose: To provide customer support and respond to inquiries, requests, or issues.
Legal Basis: Article 6(1)(b) GDPR – performance of a contract.
d. Improvement of Services
Purpose: To analyze usage data to improve our software and services.
Legal Basis: Article 6(1)(f) GDPR – legitimate interests pursued by the controller to enhance services.
e. Marketing Communications (Soft Opt-in)
Purpose: To send promotional communications about our products and services similar to those already purchased by the customer.
Legal Basis: Article 6(1)(f) GDPR and Article 130(4) of the Italian Privacy Code – legitimate interest.
Note: Customers have the right to object at any time to the processing of personal data for marketing purposes.
f. Marketing with Consent
Purpose: To send newsletters and promotional communications about our products and services, including those not similar to those already purchased.
Legal Basis: Article 6(1)(a) GDPR – consent of the data subject.
Note: Consent is optional and can be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.
g. Legal Defense
Purpose: To establish, exercise, or defend legal claims.
Legal Basis: Article 6(1)(f) GDPR – legitimate interest.
h. Automated Decision-Making and Profiling
Purpose: Currently, the Company does not engage in automated decision-making processes, including profiling, that produce legal effects concerning the data subject or similarly significantly affect them.
Legal Basis: Not applicable.
4. Methods of Processing and Retention Period
Personal data are processed using both manual and automated means, ensuring appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction.
Retention Periods:
Contractual Data: Retained for the duration of the contract and for 10 years thereafter to comply with legal obligations.
Marketing Data: Retained until consent is withdrawn or the data subject objects to processing.
Legal Defense: Retained for the duration of any legal proceedings and for the applicable limitation period.
5. Security Measures
The Company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in compliance with Article 32 GDPR. These measures include:Encryption of data where appropriate.
Regular testing and evaluation of the effectiveness of security measures.
Restricted access to personal data to authorized personnel only.
6. Data Recipients
Personal data may be disclosed to:Authorized Personnel: Employees and collaborators who have been duly authorized and trained.
Service Providers: Third-party companies that provide services on our behalf (e.g., IT services, payment processing), acting as data processors pursuant to Article 28 GDPR.
Professional Advisors: Lawyers, accountants, and other professionals for consultancy purposes.
Public Authorities: When required by law or to protect our rights.
All third parties are bound by contractual obligations to keep personal data confidential and to use it only for the purposes for which we disclose it to them.
7. International Data Transfers
Personal data are generally processed within the European Economic Area (EEA). If data are transferred outside the EEA, we ensure that adequate safeguards are in place, such as:Adequacy Decisions: Transfer to countries deemed to provide an adequate level of protection by the European Commission.
Standard Contractual Clauses: Use of standard contractual clauses approved by the European Commission.
You may request further information or a copy of the safeguards by contacting us.
8. Rights of the Data Subjects
Data subjects have the following rights:Right of Access: Obtain confirmation of whether personal data concerning them are being processed and access such data.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of personal data under certain conditions.
Right to Restriction: Request restriction of processing under certain circumstances.
Right to Data Portability: Receive personal data in a structured, commonly used format and transmit them to another controller.
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint: Lodge a complaint with a supervisory authority, such as the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
Exercising Your RightsTo exercise your rights, please contact us at:Email: twini@pec.it
Address: Twini S.r.l., Via Pietro Paleocapa 7, 20121 Milan (MI), Italy
We will respond to your request within one month, extendable by two further months if necessary, considering the complexity and number of requests.
9. Contact Information
For any questions or concerns about this Privacy Policy or our data processing practices, please contact:
Data Controller: Twini S.r.l.
Email: twini@pec.it
Address: Via Pietro Paleocapa 7, 20121 Milan (MI), Italy
Website: www.twini.ai
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review our Privacy Policy periodically to stay informed about how we are protecting your personal data.