Netalyx
Compliance · Legal hub

Privacy Policy

Last reviewed: 01/05/2026

1. Data Controller

The data controller is Netalyx S.r.l., with registered offices in Italy. For any privacy-related enquiries, you may contact us at: privacy@netalyx.com.

2. Legal Basis and Purposes of Processing

We process your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 (as amended by D.Lgs. 101/2018). The legal bases for processing include:

  • Contractual necessity: to provide services you have requested, process orders, manage your account, and deliver training courses.
  • Legitimate interest: to improve our services, ensure network security, prevent fraud, and conduct analytics.
  • Consent: for marketing communications, newsletters, and non-essential cookies.
  • Legal obligation: for tax, accounting, and regulatory compliance (e.g., electronic invoicing via SDI).

3. Categories of Personal Data Collected

We may collect and process the following categories of personal data:

  • Identity data: name, surname, job title, company name
  • Contact data: email address, phone number, postal address
  • Account data: username, password (hashed), account preferences
  • Transaction data: purchase history, invoicing details, VAT number (Partita IVA), Codice Fiscale
  • Technical data: IP address, browser type and version, operating system, device identifiers
  • Usage data: pages visited, time spent on site, navigation paths, course progress
  • Communication data: support tickets, booking requests, newsletter preferences

4. How We Collect Your Data

We collect personal data through:

  • Direct interactions (forms, account registration, bookings, purchases, support requests)
  • Automated technologies (cookies, server logs, analytics tools)
  • Third-party sources (technology partners, public business registries)

5. Data Sharing and Recipients

We may share your personal data with:

  • Service providers: hosting providers, payment processors, email delivery services, analytics providers — all bound by data processing agreements (DPA)
  • Technology partners: when required for service delivery (e.g., Cisco, Juniper, AWS, Azure)
  • Tax authorities: as required by Italian law for electronic invoicing (Agenzia delle Entrate / SDI)
  • Legal authorities: when required by law or to protect our legal rights

We do not sell your personal data to third parties.

6. International Data Transfers

Some of our service providers operate outside the European Economic Area (EEA). In such cases, we ensure adequate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: for the duration of the account plus 12 months after deletion
  • Transaction data: 10 years (Italian tax and accounting obligations)
  • Marketing data: until consent is withdrawn
  • Analytics data: 26 months (anonymised after this period)
  • Support tickets: 3 years after resolution

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15 GDPR) — obtain a copy of your personal data
  • Right to rectification (Art. 16 GDPR) — correct inaccurate data
  • Right to erasure (Art. 17 GDPR) — request deletion of your data ("right to be forgotten")
  • Right to restriction (Art. 18 GDPR) — limit processing in certain circumstances
  • Right to data portability (Art. 20 GDPR) — receive your data in a structured, machine-readable format
  • Right to object (Art. 21 GDPR) — object to processing based on legitimate interest or direct marketing
  • Right to withdraw consent (Art. 7 GDPR) — withdraw consent at any time without affecting prior processing

To exercise any of these rights, please submit a request via our Data Subject Access Request (DSAR) form or email us at privacy@netalyx.com.

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.

10. Data Protection Officer

For questions about this policy or our data practices, contact our Data Protection Officer at: dpo@netalyx.com.

11. Supervisory Authority

You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it.

12. Changes to This Policy

We may update this Privacy Policy periodically. The revised version will be posted on this page with an updated "Last reviewed" date. We encourage you to review this policy regularly.

chevron_left Back to home