Privacy notice
Last updated: 2026-07-18
This notice is given under articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and, for visitors in the United Kingdom, under the UK GDPR and the Data Protection Act 2018. It is written to be read, not to be filed.
In brief
- This site sets no cookies. None at all — not functional ones, not analytics ones.
- There is no analytics, no pixel, no tag manager, no tracking of any kind.
- Nothing loads from a third-party server while you read. The typefaces are served from our own domain, so no request ever goes to Google Fonts.
- The only data you give us is what you type into a form, and we use it only to answer you.
- Beyond that, our host records the ordinary server log of every request, as every web server does. We do not read it, and nothing is built from it. It is described below.
- That is why there is no cookie banner on this site: there is nothing to consent to.
Who is responsible for your data
The controller is TSCOMPANY S.r.l., an Italian company. Its identifying details are on the Legal notice page. The contact address for privacy questions is among the details not yet supplied for publication — until it appears, use the contact form and say that your message concerns your data.
When you open a page
To deliver the site at all, our host processes the technical connection data every web server records: IP address, the time of the request, the address requested and the volume transferred. This cannot be switched off. The legal basis is article 6(1)(f) GDPR — and, for visitors in the United Kingdom, article 6(1)(f) UK GDPR — our legitimate interest in delivering the site and keeping it secure.
We build no profiles from this data, we combine it with nothing else, and we run no statistics on it. The logs stay with the host; we do not receive them ourselves.
What we collect, and why
Enquiry form: your name, email address, the kind of business you are, your city and the text of your message. We use them to answer you, and for nothing else.
Sales agent application: name, email, phone, territory, commercial experience and any notes. We use them to assess the application and to get back to you.
Waiting list: your email address only, so we can write once when your water band opens.
Legal basis: for the first two, steps taken at your request before entering a contract (art. 6(1)(b)) and our legitimate interest in replying to people who write to us (art. 6(1)(f)). For the waiting list, your consent (art. 6(1)(a)), which you can withdraw at any time.
How long we keep it
- Enquiries: 24 months from our last exchange, then deleted.
- Agent applications: 12 months, unless a commercial relationship starts.
- Waiting list: until you ask to come off it, which you can do at any time.
Who else sees it
Nobody, with two technical exceptions: the company that hosts the site and the company that delivers our email. Both act as processors under a contract meeting article 28 GDPR. They are named in the table below, with the location of the data.
We do not sell data, we do not pass it to third parties for their marketing, and we do not profile anyone.
Data leaving the EU or the UK
Hosting is pinned to the Frankfurt region, so form data stays in the European Union while it is processed.
Email delivery is handled by a company based in the United States, on the basis of the European Commission's Standard Contractual Clauses and the EU-US Data Privacy Framework. For personal data coming from the United Kingdom, the equivalent UK transfer mechanism applies — the UK Addendum to the SCCs, or the UK extension to the Data Privacy Framework.
Your rights
You can ask for access to your data, correction, erasure, restriction of processing, portability, and you can object to processing based on legitimate interest. Where we rely on consent, you can withdraw it at any time without affecting what was lawful before.
We answer within one month. Asking costs nothing.
If you are in the United Kingdom
The UK GDPR applies to you alongside the EU GDPR, and your rights above are the same under both. You can complain to the Information Commissioner's Office (ico.org.uk), the UK supervisory authority.
We have no establishment in the United Kingdom. Whether article 27 of the UK GDPR obliges us to appoint a UK representative, and who that would be, has not yet been settled — so no representative is named here. We will not name one until there is one.
Complaints
Our lead supervisory authority is the Italian data protection authority, the Garante per la protezione dei dati personali (garanteprivacy.it), because we are established in Italy.
You may also complain to the supervisory authority of the EU country where you live or work, or — if you are in the UK — to the Information Commissioner's Office.
Security
The site is served over HTTPS only. The forms carry a hidden field that catches automated submissions. Service credentials are never present in the code sent to your browser.
Children
This site is not aimed at children and we do not knowingly collect data from them. If a child has sent us a form, write to us and we will delete it.
- ProviderVercel Inc.RolehostingWhere the data sitsFrancoforte (UE)
- ProviderResend (Plus Five Five, Inc.)Roleinvio delle email dei moduliWhere the data sitsStati Uniti — SCC / EU-US Data Privacy Framework