PRIVACY POLICY

Last updated: 01-01-26

This Privacy Policy is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) by:

Colux S.r.l.
Registered office: Piazza degli Strozzi 1, 50123 Florence (FI), Italy
VAT No.: 07295650480
Email: info@colux.io
Certified Email (PEC): postmaster@pec.colux.io

In its capacity as Data Controller, Colux S.r.l. informs users of the website www.colux.io about the methods used to process personal data.

1. Types of Data Processed

Colux S.r.l. may process the following categories of personal data:

1.1 Browsing Data

The IT systems and software procedures used to operate the website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

These include:

• IP addresses

• Domain names of the devices used

• URIs of requested resources

• Time of request

• Method used in submitting the request to the server

• Size of the file obtained

• Numerical code indicating the status of the server response

• Other parameters relating to the user’s operating system and IT environment

Such data are used solely for the purpose of:

• Obtaining anonymous statistical information

• Ensuring the proper functioning of the website

• Preventing fraud or misuse

1.2 Data Voluntarily Provided by the User

The optional, explicit, and voluntary sending of messages to the contact addresses indicated on the website entails the acquisition of the sender’s contact details, as well as any personal data included in the communication.

This may include:

• First and last name

• Email address

• Telephone number

• Company affiliation

• Any other data contained in the message

1.3 Data Collected via Cookies

The website uses technical and analytical cookies and, subject to prior consent, profiling and marketing cookies, as further described in the Cookie Policy available on the website.

2. Purpose of Processing and Legal Basis

Personal data are processed for the following purposes:

a) Website navigation and operation
Legal basis: legitimate interest of the Data Controller.

b) Responding to information requests
Legal basis: performance of pre-contractual measures at the request of the data subject.

c) Compliance with legal obligations
Legal basis: legal obligation.

d) Marketing activities and promotional communications (where activated)
Legal basis: explicit consent of the data subject.

e) Statistical analysis and service improvement
Legal basis: consent (where required) or legitimate interest for anonymized data.

3. Processing Methods

Data processing is carried out using IT and telematic tools, in compliance with the principles of:

• Lawfulness

• Fairness

• Transparency

• Data minimization

• Integrity and confidentiality

Appropriate technical and organizational security measures are adopted to prevent unauthorized access, loss, or unlawful use of data.

4. Nature of Data Provision

The provision of data is:

• For website navigation → necessary for the operation of the website

• For requests submitted via forms or email → optional but necessary to receive a response

• For marketing purposes → optional

Failure to provide data may result in the inability to deliver the requested services.

5. Data Recipients

Personal data may be disclosed to:

• IT and hosting service providers

• Technical consultants

• Providers of analytics and marketing tools

• Competent authorities where required by law

Such parties act as Data Processors or independent Data Controllers.

6. Transfer of Data Outside the EU

Certain third-party services used (e.g., analytics or marketing tools) may involve the transfer of data to countries outside the European Union.

In such cases, transfers are carried out in compliance with the safeguards provided by the GDPR (e.g., Standard Contractual Clauses, adequacy decisions).

7. Data Retention Period

Personal data are retained for the time strictly necessary to achieve the purposes for which they were collected.

In particular:

• Contact data: for the time necessary to manage the request

• Data required for legal obligations: in accordance with statutory retention periods

• Marketing data: until consent is withdrawn

• Browsing data: as specified in the Cookie Policy

8. Rights of the Data Subject

The data subject may exercise the rights provided for under Articles 15–22 of the GDPR, including:

• Right of access

• Right to rectification

• Right to erasure

• Right to restriction of processing

• Right to object

• Right to data portability

• Right to withdraw consent at any time

Requests may be sent to:
info@colux.io

The data subject also has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

9. Changes to this Policy

Colux S.r.l. reserves the right to update this Privacy Policy at any time. Any changes will be published on this page with an indication of the update date.