Information and consent regarding the processing of personal data

How we manage the processing of personal data of users and visitors to our site.

Privacy policy

Pursuant to EU Regulation 2016/679, GDPR (General Data Protection Regulation) and Legislative Decree 101/2018 implementing the GDPR within the Privacy Code (Legislative Decree 196/2003)


This information applies to, he Foxwin platform, the Foxwin services and all connected and/or related services (the Services). This information identifies the data collected by Foxwin and how this data is used and protected. For the purposes of this information, the term “Foxwin” is to be understood as referring to Foxwin S.r.l.

1. Collected Data

Information provided by you
Foxwin collects the content and other information provided when you use the Services, including when you create an account, create or share content and send messages or communicate with other people. This can be information that is already present or related to the content provided, such as the location of a photo or the date in which a file was created. We also collect information about the way the Services are used, such as the types of content that you view or interact with, or the frequency and duration of your activities.

Information provided by other people
Foxwin also collects content and information that other people provide when using the Services, including information about you, for example when they share a photo in which you appear, they send you an upload or synchronise or import their contact information.

Networks and connections
Foxwin collects information about the people and groups you connect with and the way you interact with them, e.g. the people you communicate with most often or the groups you like to share content with within the Foxwin platform and the services offered.

Device information
Foxwin collects information about computers, phones or other devices on which you install our Services or through which you gain access, based on the permissions that you have provided. The information we collect from your various devices is only used to improve the usability of the Services offered in relation to the different technical characteristics of the devices you use.
No information collected in relation to the device used is processed for marketing or profiling purposes; the acquired data will be used only for statistical purposes and to improve the use of the services offered.
The acquisition of data takes place anonymously and does not link the data to the identity of the user.

Information from third-party partners
Foxwin receives information about you and your activities inside and outside the Services from third-party partners, for example information from a partner when we offer joint services.

2. Purpose of Data processing


The data processing will be carried out for purposes connected, instrumental and necessary to the access to and use of the Foxwin platform and, more generally, the use of the Services.

Information for which consent will not be required in order to carry out the processing:

all the information that Foxwin must know in order to conclude the contract and enable the use of the platform and the Services provided, i.e. all the data needed to comply with the requirements and obligations undertaken in order to enable the use of the platform in the best possible way.

For example:

  1. Activation, management and maintenance of the platform and of the Services and of the obligations arising therefrom, in addition to the obligations provided for by current legislation; transmission of other information or communications relating to the Services
  2. Activities aimed at personalising your profile (which may include, for example, preferences in terms of language or the preferred manner of using the Services) in order to improve the use of the Services.
  3. Verification of accounts and activities to promote security and protection within and between the Services, for example, by identifying suspicious activities or violations of our own conditions or regulations. We make every effort to protect the accounts by using our teams of engineers, automated systems and advanced technologies, such as cryptography and automatic learning. Foxwin also offers easy-to-use security tools that add an additional layer to your account;

Information for which you consent is required and without which Foxwin would not be able to provide the services listed below:

  1. Transmission of marketing communications, information about the Services and their regulations and conditions. Your information is also used to provide you with an answer when you contact us.
  2. Disclosure of personal data to third-party companies - also outside the territory of the European Union - which perform functions closely connected and instrumental to the operation of the Services.

The processing of data is carried out with appropriate procedures to protect the confidentiality of the customer and consists of its collection, recording, organisation, storage, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, deletion, and destruction, including the combination of two or more of the above activities.

3. Use of cookies

Cookies are pieces of information (small text strings) placed on your browser when you visit a website.
They perform several important functions within the network (authentication services, session monitoring, storage of information on specific configurations regarding users accessing the server, storage of preferences).

Foxwin uses only technical authentication cookies, for which, in accordance with current privacy regulations (art. 122 of Legislative Decree 196/2003 and the Provisions of 8 May 2014), no consent is required from the data subject.

These cookies are essential for the proper operation of the Services.

By clicking here, you can access the Cookie Policy of the Foxwin website.

4. Third-Party Sites

Third-party sites that you may access through the Services are not covered by this policy.
Foxwin disclaims all liability regarding such third-party sites. The categories of cookies used and the type of processing of personal data by these companies are regulated in accordance with the information provided by them.
Some of the data recorded and stored by third party sites are hosted in U.S.A. according to current regulations.

5. Data controller

The data controller is Foxwin S.r.l., with registered office in Udine, Via Luigi Moretti 15, 33100. The data will be processed at the headquarters of Foxwin, at Via Jacopo Linussio, 51 - 33100 - Udine, using procedures that may also be computerised, in the manner and within the limits necessary to achieve the aforementioned objectives.
At the headquarters of Foxwin S.r.l. it's possible to view the privacy organizational chart and see the subjects in charge of the processing and, therefore, authorised to carry out data processing operations of according to the indication and direction of the Data Controller.

6. Mandatory and/or optional nature of the conferral

In order to access the platform and use the Services, you are required to complete the registration process.
During registration, your name and email address must be confirmed.
Foxwin will use this information to contact the Customer and provide information regarding the Services.
Foxwin’s communications are intended to provide you with a better understanding of the Services and to support you in their use.
The registration information is required in order to access the platform and, more in general, the Services.
Failure to provide the information will make it impossible for Foxwin to provide the Services described above.
The Foxwin platform and Services allow you to provide and upload data, enter comments and, more generally, share information with other users of the platform.
This data is entered by you freely and in accordance with the conditions of use of the platform.
Foxwin can in no way be held responsible in relation to the content posted by the user, to which it does not carry out any type of control or filter, becoming aware of the information only once the user has accessed and used the services offered.
Therefore, Foxwin reserves the right to obscure content that is inappropriate, contrary to the conditions of use, illegal or illicit, detrimental to common decorum and morals, or anything else reported to Foxwin as inappropriate by its customers, other users, or third parties concerned.

7. Data retention periods

Foxwin will keep in the memory of its servers the data relating to the contract concluded and executed for a period of ten years (legal deadline for keeping tax records) from the end of the contractual relationship with the customer to whom the platform is provided.
Foxwin will keep in the memory of its servers the data relating to marketing activities, i.e. all those activities for which the express consent of the data subject is required, for a maximum of 10 years: time calculated evaluating three different cycles of possible business plans.

8. Rights of the data subject

We remind you that, in relation to the processing of your data in accordance with this policy, your rights are recognized under the GDPR regulations, in particular the right to access your data, to request its rectification, update and removal if incomplete, incorrect or collected in violation of the law, as well as to oppose its processing for legitimate reasons, addressing your requests to Foxwin S.r.l., Via Luigi Moretti 15, 33100, Udine (email:

In this case, the rights that the data subject could exercise against the company in question are the following.
One of the fundamental rights of the data subject guaranteed by the General Data Protection Regulation - GDPR - is certainly the right of access that is regulated by art. 15, where it is stated that the party shall have the right to obtain from the controller confirmation as to whether or not processing of personal data concerning the data subject is in progress, and in that case to access the data and the following information:

(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular if the recipients are from third countries or international organisations;
(d) where possible, the envisaged period of retention of personal data or, if that is not possible, the criteria used to determine such period;
(e) the existence of the right of the interested party to request the controller to rectify or erase the personal data or limit the processing of personal data concerning him/her or to oppose their processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where data is not collected from the data subject, all available information regarding its origin;
(h) the existence of an automated decision-making process, including profiling, and at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such a processing approach for the data subject.

The data controller must provide the data subject with information relating to the action taken with regard to a request for access, pursuant to articles 15 to 20, without undue delay and at the latest within one month after having received the request.

That period may be extended for a further maximum of two months, if necessary, taking into account the complexity of the request and the number of requests.
If the extension applies, the data subject shall be informed of the reasons for the delay within one month of receipt of the request. If the data subject submits the request in electronic format, the information shall be provided, where possible, in electronic format as well, unless otherwise specified by the data subject.
If it does not comply with the data subject’s request, the data controller shall inform the same without delay, and at the latest within one month of receipt of the request, of the reasons for the non-compliance and the possibility to lodge a complaint with a supervisory authority and seek judicial redress.
This right is not new compared to the previous legislation and also compared to Articles 16, 17 and 18 of the Regulation, which set out further important rights of the data subject which are already implemented in our regulations, such as the right of rectification, the right of removal (and the right to be forgotten) and the right limit the processing, in specific circumstances.
With the right of rectification, the data subject has the right to obtain from the controller the rectification of the data without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary statement.

The data subject has the right to obtain from the data controller a limitation of the processing in one of the following cases:

(a) the data subject contests the accuracy of the personal data, for as long as it is necessary for the controller to verify the accuracy of such personal data;
(b) the processing is unlawful and the data subject objects to the cancellation of the personal data and requests its use to be restricted;
(c) although the controller no longer needs it for processing purposes, personal data is necessary for the data subject to establish, exercise or defend a right in court;
(d) the data subject has objected to the processing in accordance with Article 21, paragraph 1, pending verification with regard to the possible prevalence of the legitimate reasons of the data controller over those of the data subject.

If processing is limited, personal data are processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of a right in judicial proceedings or to protect the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.
With the recognition of the right of removal or the right to be forgotten, the data subject has the right to request that his/her personal data which are no longer necessary are removed and no longer processed for the purposes for which they were collected or otherwise, if the data subject has withdrawn his/her consent or have opposed the processing of his/her personal data or when the processing of that personal data does not comply with the Regulation.

This right is particularly relevant if the data subject has given his/her consent when they were not of age, and therefore not fully aware of the risks arising from the processing, and subsequently wants to eliminate this type of personal data, in particular from the Internet (a circumstance that does not affect the state of the company in question).
However, further retention of the data should be permissible where it is necessary to exercise the right to freedom of expression and information, in order to fulfil a legal obligation, to carry out a task in the public interest or in the exercise of official authority vested in the data controller, for reasons of public interest in the field of public health, for purposes of public archiving, for purposes of scientific and historical research or statistical purposes or to ascertain, exercise or to defend a right in court.
The Regulation also reaffirms the right of the data subject to oppose, always with a view to a new dimension acquired by the right to privacy, which is no longer understood as purely negative, such as the right to reject the intrusions of strangers into one’s private life, or to refuse consent to the dissemination of personal information, to waive the participation in social life; but in a positive sense, as an affirmation of the freedom and dignity of the person, and as the power to limit the information, controlling its means and purposes.

Article 21, however, attributes autonomous importance to this right, stating that the data subject has the right to object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning pursuant to Article 6, par. 1, letters e) or f), including profiling based on these provisions.
The data controller shall no longer process personal data unless it provides evidence that there are legitimate and prevailing grounds for processing taking precedence over interests, rights and freedoms of the data subject or for the establishment, exercise or defence of a right in judicial proceedings.
In addition, if the personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of his/her personal data carried out for such purposes, including profiling, to the extent that processing is related to such direct marketing.

Where personal data is processed for purposes of scientific and historical research or for statistical purposes in accordance with Article 83, par. 1), the data subject, for reasons relating to his/her particular situation, has the right to object to the processing of personal data, unless the processing is necessary for the performance of a task of public interest.
The Regulation also pays particular attention to the automated processing of personal data that can lead to decisions that are machine specific and not human.
Article 22, therefore, reiterates as a general principle that the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject in a significant way.

This provision shall not apply when the decision taken:
(a) is necessary for the conclusion or performance of a contract between the data subject and a data controller, or
(b) is authorised by the law of the Union or of the Member States to which the controller is subject, which also specifies appropriate measures to protect the rights, freedoms and legitimate interests of the data subject
(c) is based on the explicit consent of the data subject.

Article 20 of the Regulation introduces a right that is in some ways new compared to the previous legislation, although it has already been the subject of numerous debates in the past, namely the right to data portability, according to which the data subject shall have the right to receive in a structured, commonly used and machine-readable format his/her personal data provided to a data controller and has the right to transmit such data to another data controller without hindrance from the data controller which has provided the data, if:

(a) the processing is based on consent in accordance with Article 6, par. 1, letter a) or Article 9, paragraph 2, letter a) or on a contract pursuant to Article 6, par. 1, letter b);
(b) processing is carried out by automated means.

Furthermore, in exercising his/her rights with regard to data portability, the data subject shall have the right to obtain the direct transmission of data from one controller to another, if technically feasible.


9. Consent to processing

By clicking on the field marking the acceptance of this privacy notice, you authorise Foxwin to process your personal data, under the terms and conditions indicated in this notice.
You will be asked to click on each area of processed data in order to authorise it.
Some data must be submitted in order to allow Foxwin to provide you with the requested services.
For other purposes, Foxwin requires a specific authorisation: should this be denied, you will not be able to use the related services.