PRIVACY POLICY
Version of 18/02/2026

Pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”), TWENTY-NINE S.R.L. describes the methods of processing personal data of users who consult and use the website. This notice applies to processing activities connected to simple browsing of the website and the use of its functionalities, as further specified in the following sections. This notice does not concern third-party websites, pages or online services that may be reached via hyperlinks, plugins or widgets present on the website. Such external resources are autonomous with respect to the data controller; users are therefore invited to read the respective privacy notices.

1. DATA CONTROLLER AND CONTACT DETAILS

The data controller is TWENTY-NINE S.R.L., tax code and VAT number 04497790982, with registered office in Via Paderno 15/F – 25050 Rodengo Saiano (BS) – Italy.

For any request relating to the processing of personal data and for the exercise of the rights provided for by Articles 15-22 GDPR, it is possible to write to the e-mail address: privacy@twenty-nine.eu or to the certified electronic mail (PEC) address: twenty-nine@pec.it.

2. TYPES OF DATA PROCESSED

a) Browsing data

The IT systems and software procedures used for the operation of the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category includes, by way of example, IP addresses or domain names of the devices used, URI addresses of the requested resources, the time of the request, the method used for the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response and other parameters relating to the operating system and the user’s IT environment.

Such data are used solely for the purpose of obtaining anonymous statistical information on the use of the Website and to verify its correct functioning, as well as for system security and maintenance purposes.

b) Data voluntarily provided by the user

The Website contains contact sections that allow the user to send a message to the Data Controller, via a dedicated form, or to subscribe to the newsletter. In such cases, personal data (for example name, surname, e-mail address, telephone number and possible content of the message) are acquired following the voluntary submission by the user. The data collected are exclusively common personal data. Users are invited not to send, in their communications, personal data of third parties or special categories of data (for example data relating to health, religious beliefs or political opinions) that are not strictly necessary. For details, please refer to the specific notice provided with the contact form.

c) Cookies

The Website uses technical cookies and, subject to consent, analytical and profiling cookies, including third-party cookies, in order to ensure the correct functioning of the pages and improve the browsing experience. For detailed information on the types of cookies used, the purposes and the methods of managing preferences, please refer to the Cookie Policy available in the relevant section of the Website.

3. PURPOSES AND LEGAL BASIS OF PROCESSING

a) Browsing the Website

The legal basis for the processing of browsing data is the legitimate interest of the Data Controller, pursuant to Article 6, paragraph 1, letter f) of the GDPR, aimed at ensuring the correct functioning, security and integrity of the Website, as well as at processing anonymous statistics on the use of online services.

b) Management of communications received via form or e-mail

Data voluntarily provided by the user through the contact form are processed exclusively to respond to the requests sent or to provide information about the products or services of the Data Controller. The legal basis for the processing is the performance of pre-contractual measures adopted at the request of the data subject, pursuant to Article 6, paragraph 1, letter b) of the GDPR.

c) Subscription to the newsletter

Data provided for subscription to the newsletter service are processed in order to send periodic informational or promotional communications relating to the products, services and initiatives of TWENTY-NINE S.R.L. The legal basis for the processing is the explicit consent of the data subject pursuant to Article 6, paragraph 1, letter a) of the GDPR. The user may withdraw consent at any time, through the dedicated unsubscribe link included in each communication received or by writing to privacy@twenty-nine.eu or to the PEC address twenty-nine@pec.it.

4. CONSEQUENCES OF FAILURE TO PROVIDE PERSONAL DATA

The provision of browsing data and technical cookies is necessary to allow the correct technical functioning of the Website and the use of the related services; failure to provide such data makes it impossible to access or browse correctly. The provision of cookies other than technical ones is instead based on the user’s consent and may be withdrawn or modified through the cookie management section of the Website. The provision of data for subscription to the newsletter is optional: failure to give consent will result in the impossibility of receiving informational and promotional communications from the Data Controller, without any consequence on the use of the Website or access to other services. The provision of data for the contact section is optional; however, failure to provide the data does not allow the sending of the request.

5. METHODS OF DATA PROCESSING

The processing of personal data is carried out by means of manual, IT and telematic tools, with logic strictly related to the purposes indicated above and with security measures, technical and organizational, suitable to guarantee the confidentiality, integrity and availability of the data themselves, in compliance with Article 32 of the GDPR. The personal data collected will not be disseminated nor communicated to third parties for purposes other than those indicated. Data may be communicated to subjects providing technical assistance, hosting or IT support services and to subjects (consultants/suppliers) performing outsourcing activities on behalf of the Data Controller. Such subjects operate as Data Processors pursuant to Article 28 GDPR.

6. PERSONAL DATA RETENTION PERIOD

Personal data are retained for the time strictly necessary to achieve the purposes for which they were collected and in any case within the limits provided for by applicable regulations, taking into account the principles of proportionality and minimization set out in Article 5, paragraph 1, letter e) of the GDPR.

In particular:

• browsing data are retained for the period necessary for the technical operations of management and security of the Website;
• data voluntarily provided via form or e-mail are retained for the time necessary to process the request and manage any further related communications;
• data collected for subscription to the newsletter are retained until withdrawal of consent or, in any case, for a maximum period of 24 months from the last significant interaction with the communications sent. This period is deemed automatically renewed in the presence of conclusive behaviors by the data subject, such as opening messages, clicking on content or other interactions with the e-mails received.

After the periods indicated above have elapsed, the data will be deleted, except for any further retention necessary to comply with legal obligations or to protect rights before a court.

8. TRANSFER OUTSIDE THE EU

Personal data are processed within the European Economic Area (EEA). Should it become necessary, for technical or operational needs connected to the provision of IT, hosting, system maintenance or technical assistance services, to transfer data to Countries located outside the European Union, such transfer will take place exclusively in compliance with Articles 44 et seq. of Regulation (EU) 2016/679.

9. RIGHTS OF THE DATA SUBJECT

Pursuant to Articles 15 to 22 of the GDPR, the data subject has the right to:

– obtain confirmation of the existence or not of personal data concerning him or her and to access them (right of access);
– request rectification or updating of inaccurate data and integration of incomplete data (right to rectification);
– obtain erasure of personal data in the cases provided for by law (right to be forgotten);
– obtain restriction of processing in the presence of the conditions set out in Article 18 of the GDPR (right to restriction);
– receive personal data in a structured, commonly used and machine-readable format, and to transmit them to another data controller (right to data portability);
– object at any time, for reasons related to his or her particular situation, to the processing of personal data carried out on the basis of the legitimate interest of the Data Controller (right to object);
– withdraw consent at any time, without prejudice to the lawfulness of processing based on consent before withdrawal (right to withdraw consent);
– lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) or bring proceedings before the competent judicial authorities if he or she considers that his or her rights have been violated.

10. METHODS OF EXERCISING RIGHTS

To exercise the rights indicated above, the data subject may send a written request to TWENTY-NINE S.R.L. by e-mail to privacy@twenty-nine.eu or by certified electronic mail (PEC) to twenty-nine@pec.it. Alternatively, it is possible to send a communication by registered letter with return receipt to the following address: TWENTY-NINE S.R.L. – Via Paderno 15/F, 25050 Rodengo Saiano (BS) – Italy.

11. CHANGES

This privacy policy may be subject to changes. The latest updated version will be published on this page of the website