Privacy policy

INFORMATION FOR THE PROCESSING OF PERSONAL DATA pursuant to art. 13 and 14 of EU Regulation no. 2016/679 and art. 13 of Italian Legislative Decree no. 196/2003


XECH SRL with registered office in VIA CESARE AJRAGHI 30, 20156 Milan (hereinafter "Xech" or the "Data controller") constantly strives to protect the online privacy of its users.

This document has been drawn up pursuant to art. 13 of EU Regulation 2016/679 (hereinafter: "Regulation") in order to allow you to know our privacy policy, to understand how your personal information is managed when you use the site (hereinafter referred to as “Website").

The information and data provided by you or otherwise acquired in the context of the use of the services will be processed in compliance with the provisions of the Regulation and the confidentiality obligations that inspire the activity of the Data Controller. Processing will be based on the principles of lawfulness, correctness and transparency and on the protection of confidentiality and rights attributable to the data subject.


1. Data Controller

The Data Controller for processing via the Website is Xech as defined above and can be contacted at e-mail address


2. Personal data subject to processing

The following personal data is processed via the Website:


a. Navigation data

The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. Although the data items indicated above cannot be traced back to the identified users, they could allow for the identification of the users to whom they refer by means of reprocessing in conjunction with additional data held by third parties. This category of data includes the IP addresses or domain names of the computers utilised by the users that connect to the website, the URI (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code that indicates the status of the response given by the server (positive outcome, error, etc.) and other parameters relative to the user's operative system and IT environment. These data are only used to obtain anonymous statistical information on the use of the Website and to control its proper functioning, identify faults and/or abuse, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site or third parties: except for this eventuality, at present the data on web contacts do not persist for more than seven days.


b. Data provided voluntarily by the data subject

Any forms to be filled in on this site could include the sending and collection of data that are strictly necessary to comply with what is of interest and whose failure to indicate does not allow the request to be processed, whether optional or not strictly necessary to process the request.


c. Cookies

Definitions, features and regulatory application

Cookies are small text files that the sites visited by the user send and record on his computer or mobile device, to be then retransmitted to the same sites on the next visit.Thanks to cookies, a site remembers the user's actions and preferences (such as, for example, login data, the chosen language, font sizes, other display settings, etc.) so that they do not have to be indicated again when the user returns to visit this site or browse from one page to another. Cookies, therefore, are used to perform computer authentication, session monitoring and storage of information regarding the activities of users who access a site and may also contain a unique identification code that allows you to keep track of the user's navigation within of the site itself for statistical or advertising purposes. While browsing a site, the user can also receive cookies from sites or web servers other than the one s/he is visiting on his computer (so-called "third party" cookies). Some operations could not be carried out without the use of cookies, which in certain cases are therefore technically necessary for the same operation of the site.

There are various types of cookies, depending on their characteristics and functions, and these can remain on the user's computer for different periods of time: so-called session cookies, which are automatically deleted when the browser is closed; so-called persistent cookies, which remain on the user's equipment until a pre-established deadline.

According to current legislation in Italy, the user's express consent is not always required for the use of cookies. In particular, "technical cookies", meaning those used for the sole purpose of carrying out the transmission of a communication on an electronic communications network, or to the extent strictly necessary to provide a service explicitly requested by the user, do not require this consent. In other words, these are cookies that are indispensable for the functioning of the site or necessary to perform activities requested by the user.

Among technical cookies, which do not require an express consent for their use, the Italian Guarantor for the protection of personal data (see Provision on the Identification of simplified procedures for the information and the acquisition of consent for the use of cookies of May 8, 2014 and subsequent clarifications, hereinafter also only "Provision") includes:

  • "analytics cookies" when used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site itself,
  • navigation or session cookies (for authentication),
  • functional cookies, which allow the user to navigate according to a series of selected criteria (for example, the language, the products selected for purchase) in order to improve the service rendered to the same.

For "profiling cookies", on the other hand, meaning those aimed at creating user profiles and used in order to send advertising messages in line with the preferences expressed by the same in the context of surfing the net, a prior consent from the user is required.


Types of cookies used by the Site and the possibility of (de-) selection

The Website uses the following cookies which can be de-selected, except for third-party cookies for which the user must refer directly to the relative selection and de-selection of the respective cookies, indicated by means of links:

  • Technical navigation or session cookies and strictly necessary for the operation of the Website or to allow it to take advantage of the content and services requested.
  • Functional cookies, meaning those used to activate specific Website features and a series of selected criteria (for example, the language) in order to improve the service rendered.


In detail, the cookies sent through the Website are indicated below:


Function and purpose

Type of cookie and owner

Technical cookie name

Retention time


Used by the Azure infrastructure to provide the navigator with some features that facilitate navigation.


Technical cookie





This cookie contains the user's session ID.


Session/temporary cookie





Used to hide the cookie bar after consent.


Technical cookie



1 year from creation

(when the "OK” button is clicked)


Cookie settings

The user has the option of blocking (in whole or in part) the technical and functional cookies through the specific functions of his browser.However, we inform you that not authorising technical cookies could make it impossible to use the Website, view its contents and take advantage of the related services. Inhibiting functional cookies may result in some services or certain functions of the Website being unavailable or not functioning properly and may be forced to modify or manually enter some information or preferences each time you visit the Website.

The choices made with reference to the cookies of the Website will in turn be recorded in a special cookie. This cookie may, however, in some circumstances not work properly: in such cases, we recommend that you delete unwanted cookies and inhibit their use also through the browser functions.

Your preferences regarding cookies will have to be reset if you use different devices or browsers to access the Website.


How to view and modify cookies through the browser

You can authorise, block or delete (in whole or in part) cookies through the specifications functions of your browser. For more information on how to set preferences on the use of cookies through the browser, you can consult the relevant instructions:


3. Processing purpose

The processing that we intend to carry out, with your specific consent where necessary, has the following purposes:

a. provide

i. access to the reserved Website area;

ii. the contact request by the Data Controller;

iii. Website browsing;

b. respond to service or information requests;

c. meet any legal, accounting and tax obligations.


4. Legal basis of the processing

The legal basis of the processing of personal data for the purposes referred to in section 3 is art. 6.1.b) of the Regulation as the processing is necessary for the provision of services or for the response of requests from the data subject.

Failure to provide personal data makes it impossible to activate the services provided by the Website and to respond to requests.

The purpose referred to in section 3.c represents a legitimate processing of personal data pursuant to art. 6.1.c) of the Regulation.Once the personal data have been provided, the processing is indeed necessary to fulfill a legal obligation to which the Data Controller is subject.


5. Recipients of personal data

Your personal data may be shared, for the purposes referred to in section 3, with:

a. subjects who typically act as data processors pursuant to art. 28 of the Regulation, that is: i) persons, companies or professional firms that provide assistance and advice to the Data Controller in accounting, administrative, legal, tax, financial and credit recovery matters relating to the provision of services; ii) subjects with whom it is necessary to interact for the provision of services (for example hosting providers) iii) or subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks); (collectively "recipients"); the list of data processors that process data can be requested from the Data Controller at the addresses indicated above

b. subjects, entities or authorities, independent data controllers, to whom it is mandatory to communicate your personal data pursuant to legal provisions or orders from the authorities;

c. persons authorised by the Data Controller to process personal data pursuant to art. 29 of the Regulation necessary to carry out activities strictly related to the provision of services, which are committed to confidentiality or have an adequate legal obligation of confidentiality (i.e. employees of the Data Controller).


6. Transfers of personal data

It should be noted that personal data will not be transferred to non-EU countries.


7. Data retention

Personal data processed for the purposes referred to in section 3 will be kept for the time strictly necessary to achieve those same purposes in compliance with the principles of minimisation and limitation of conservation pursuant to articles 5.1.e) of the Regulation.In any case, the Controller will process the Personal Data for the time necessary to fulfil contractual and legal obligations.Further information about the data retention period and the criteria used to determine this period can be requested by writing to the Data Controller at the addresses indicated above.


8. Rights of the data subject

Pursuant to articles 15 and following of the Regulation, you have the right to request at any time, access to your personal data, the correction or cancellation of the same, the limitation of processing in the cases provided for by art. 18 of the Regulation, obtain the data concerning you in an organised, commonly used format, readable by an automatic device, in the cases provided for by art. 20 of the Regulation.At any time, you can revoke ex art. 7 of the Regulation the consent given; propose a complaint to the pertinent supervisory authority (Guarantor for the protection of personal data) pursuant to art. 77 of the Regulation, by sending an e-mail to , if you believe that the processing of your data is contrary to the legislation in force.

You can make a request for opposition to the processing of your data pursuant to Article 21 of the GDPR in which to give evidence of the reasons that justify the opposition: the Data Controller reserves the right to evaluate the application, which may not be accepted in the case of the existence of binding legitimate reasons to proceed with the processing that prevails over your interests, rights and freedoms.Requests should be sent in writing to the Data Controller at the addresses indicated above.


9. Changes

The Data Controller reserves the right to modify or simply update the content of the privacy policy, in whole or in part, also by virtue of changes in the applicable legislation, and will inform users of such changes as soon as they are introduced and they will be binding as soon as they are published on the Website.


Last update: 15/11/2022