Skip to main content
Back to home
GDPR · Reg. (EU) 2016/679Last updated January 2026

Privacy Policy

Talentix Mobile Application

Data Controller

Talentix Impresa Sociale Srl

P.IVA

12471440011

Emailinfo@talentix.it

Introduction

This Privacy Policy is provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter, "GDPR") and applies exclusively to Personal Data collected and processed through the "Talentix" mobile application (hereinafter, the "Application").

The Application is not a website and does not provide navigation features outside the application environment. This Privacy Policy is subject to updates. Any changes will be communicated to Users through the Application or by other appropriate means.

This Privacy Policy, together with the Terms and Conditions and any other documents referred to herein, establishes the basis on which the Personal Data of Data Subjects is processed. This Policy has been drawn up in compliance with European legislation on the protection of personal data and is also applicable to Users residing in countries outside the European Union, where compatible with applicable local legislation.

Data Controller

The Data Controller of the Data collected is Talentix Impresa Sociale Srl, with registered office in Piazza Carlo Felice, Turin 10121, VAT number 12471440011, email info@talentix.it, the entity that develops, manages and makes the Application available.

Personal Data Processed

For the purposes of this Policy, Personal Data means any information relating to an identified or identifiable natural person (hereinafter, the "Data Subject"), pursuant to Article 4 of Regulation (EU) 2016/679 ("GDPR"). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

When using the Talentix Application, the Data Controller may process the following categories of Personal Data:

a) Common personal data

  • Personal details (first name and surname)
  • E-mail address
  • Residence and city data
  • Login and account information (e.g. user ID, credentials)
  • Technical and application usage data
  • Metadata generated by the use of the Application (system logs, device information)

b) Data relating to underage Users

In the case of use of the Application by minors, the following may be processed:

The parent or legal guardian acts and gives consent on behalf of the minor.

  • First and last name of the minor
  • The minor's tax code
  • First name, surname and tax code of the Parent or Legal Guardian
  • E-mail address of the parent or legal guardian

c) Special categories of data (Art. 9 GDPR)

The Application provides for the processing of special categories of data, in particular information relating to disabilities, including through the entry of a unique disability code. Such data is processed exclusively for functional and educational purposes, with enhanced security measures and in accordance with the principles of minimisation and proportionality.

d) Geolocation data

Subject to the express consent of the User or, in the case of a minor User, of the Parent or Legal Guardian, the Application may process geolocation data in order to enable specific features of the Service. Geolocation can be disabled at any time via the Application or device settings.

e) Images, screenshots and visual data

The Application allows the uploading of images and screenshots relating to purchase transactions, exclusively to enable the support and verification features offered by the artificial intelligence system. These images:

  • Are not used for commercial or advertising purposes
  • Are processed in accordance with the principles of minimisation
  • May be anonymised and used for the technical improvement of the system

f) Metadata and aggregated data

Technical metadata and aggregate data relating to the use of the Application may be processed, including through technical analysis tools (e.g. Firebase Analytics), exclusively for security, diagnostic and service improvement purposes.

Methods of Processing Personal Data

Personal Data is processed in accordance with the principles of lawfulness, fairness, transparency, minimisation, purpose limitation and confidentiality, in accordance with current legislation on the protection of personal data.

The Data Controller processes Users' Personal Data using IT and telematic tools, with organisational and logical methods strictly related to the purposes indicated in this Policy and, in any case, suitable for ensuring the security and confidentiality of the data processed.

Appropriate technical and organisational measures are taken to prevent unauthorised access, disclosure, modification or destruction of Personal Data, including:

  • Limiting access to authorised persons only
  • Authentication and access control systems
  • Enhanced protection of special categories of data
  • Segregation of data and databases
  • Use of secure technological infrastructure

Purpose of Personal Data Processing and Legal Basis

Personal Data is collected and processed directly by the Data Controller and, where necessary, by technological service providers acting as data processors. Personal Data is processed exclusively within the scope of use of the Talentix mobile application and does not concern web browsing activities outside the application environment.

a) Registration, creation and management of the Account

Personal Data is processed in order to allow the User to register with the Application, create and manage the Account, authenticate the User, and access and use the features offered by the Service.

Legal basis: Processing is necessary for the performance of the contract to which the Data Subject is party — Art. 6(1)(b) GDPR.

Retention period: For the entire duration of the contractual relationship and, in the event of a request to delete the Account, for a maximum period of 30 days.

b) Use of the educational features

Personal Data is processed to allow the User to use the educational features of the Application, aimed at supporting learning and cash management, including through digital support tools.

Legal basis: Performance of the contract — Art. 6(1)(b) GDPR.

Retention period: For the entire duration of use of the Application.

c) Management of underage Users

Personal Data is processed to allow minors to use the Application, to manage their Accounts and to allow Parents or Legal Guardians to exercise the powers of control, supervision and management provided for by the Service.

Legal basis: Art. 6(1)(b) GDPR (performance of the contract); Art. 6(1)(c) GDPR (compliance with legal obligations).

Retention period: For the duration of the contractual relationship and, in the event of cancellation, for a maximum of 30 days.

d) Processing of special categories of data

Special categories of data, including those relating to disabilities, are processed in order to enable the Application to function properly in relation to the specific educational needs of vulnerable Users.

Legal basis: Explicit consent of the Data Subject or Parent/Legal Guardian — Art. 9(2)(a) GDPR.

Retention period: For the time strictly necessary to pursue the purposes indicated.

e) Use of the Artificial Intelligence system

Personal Data, including images and screenshots uploaded by the User, are processed to enable the functioning of the artificial intelligence system integrated into the Application, aimed exclusively at recognising coins and banknotes, suggesting the correct amount and verifying any change. The artificial intelligence system operates as a non-decision-making support tool.

Legal basis: Art. 6(1)(b) GDPR (performance of the contract); Art. 6(1)(f) GDPR (legitimate interest in technical improvement).

Retention period: Images are stored for a limited period and, if used for technical improvement purposes, are anonymised beforehand.

f) Technical analysis, security and service improvement

Personal Data and technical metadata are processed for security purposes, to prevent misuse, for technical analysis and to improve the performance of the Application, including through technical analysis tools such as Firebase Analytics.

Legal basis: Legitimate interest of the Data Controller — Art. 6(1)(f) GDPR.

Retention period: Data is stored in aggregate or anonymised form.

g) Responding to requests and providing assistance

Personal Data is processed for the purpose of responding to requests for assistance, support or information sent by Users via the Application or by email.

Legal basis: Art. 6(1)(b) GDPR (requests related to the Service); Art. 6(1)(a) GDPR (other cases).

Retention period: For the time necessary to manage and close the request.

h) Compliance with legal obligations

Personal Data is processed to comply with obligations under applicable laws, regulations or rules.

Legal basis: Art. 6(1)(c) GDPR.

Retention period: For the period required by applicable law.

Communication of Personal Data

Personal Data may be processed, in addition to the Data Controller, by expressly authorised or designated persons, exclusively for the purposes indicated in this Policy. In particular, Personal Data may be disclosed to:

a) Authorised personnel

Employees or collaborators of the Data Controller, duly authorised and trained, who operate for purposes strictly related to the management, development and security of the Application.

b) Technology and IT service providers

External parties providing technical support, software development, hosting, database management, cloud infrastructure and technical analysis services, including Google Firebase, acting as Data Processors pursuant to Article 28 of the GDPR. The updated list of Data Processors may be requested from the Data Controller at any time.

c) Public or private entities

Authorities, public bodies or other entities that have the right to access the Data pursuant to provisions of law, regulations or orders of the Authority.

d) Entities performing instrumental activities

Professionals or consultants who provide ancillary and instrumental activities (e.g. legal, tax or IT consultants), within the limits of their respective competences.

Nature of the Provision of Data

The provision of Personal Data marked as mandatory is necessary to allow registration and use of the Application. Failure to provide such Data will make it impossible to provide the Service.

The provision of any optional Data is voluntary and does not affect the possibility of using the main features of the Application.

Personal Data is not disclosed or communicated to third parties for advertising, promotional or commercial profiling purposes.

Data Processing and Storage Times

Pursuant to Article 5(1)(e) of the GDPR, Personal Data is stored for a period of time not exceeding that necessary to achieve the purposes for which it was collected and processed. In particular:

  • Personal Data relating to the User's Account is retained for the entire duration of the contractual relationship
  • In the event of a request to delete the Account, Personal Data is deleted or anonymised within a maximum period of 30 days, unless further storage is required by law
  • Images and screenshots uploaded by the User are stored for a limited period and, where used for AI improvement, are anonymised in advance
  • Technical metadata and aggregated data may be stored for longer periods exclusively in aggregated or anonymised form

Processing of Personal Data of Minors

The Talentix Application is also intended for underage Users. The processing of minors' Personal Data takes place exclusively with the involvement and under the responsibility of the Parent or Legal Guardian, who enters into the contractual relationship in the name and on behalf of the minor.

For the purposes of registration and use of the Application by a minor, the Data Controller processes the Personal Data of the minor and the Parent or Legal Guardian, including identification data and tax code, in order to:

  • Verify parental responsibility
  • Enable the management of the minor's Account
  • Enable the exercise of the supervision and control functions provided by the Service

Processing of Special Categories of Data (Art. 9 GDPR)

The Talentix Application provides for the processing of special categories of personal data pursuant to Article 9 of Regulation (EU) 2016/679 (GDPR), in particular data relating to the disability and fragility of Users.

The processing of special categories of data takes place exclusively for functional and educational purposes, in compliance with the principles of minimisation and proportionality, and with the adoption of enhanced security measures.

The legal basis for the processing of special categories of data is the explicit consent of the Data Subject or, in the case of a minor User, the consent given by the Parent or Legal Guardian, pursuant to Article 9(2)(a) GDPR.

Special categories of data are not used for commercial, marketing or profiling purposes and are not disclosed to third parties except to the extent strictly necessary for the purposes indicated.

Use of Artificial Intelligence Systems

The Talentix Application uses artificial intelligence systems exclusively as tools to support the educational features of the Service. In particular, the artificial intelligence system is used to:

  • Analyse images and screenshots uploaded by the User
  • Recognise coins and banknotes
  • Suggest the correct amount and any change

Limitations and safeguards

  • Does not make automated decisions within the meaning of Article 22 of the GDPR
  • Does not replace human control
  • May provide incorrect or incomplete suggestions — the User must verify the correctness of operations
  • Images used for technical improvement are anonymised in advance
  • Not used for commercial, advertising or profiling purposes

Place of Processing and Transfer of Data Abroad

Personal Data is mainly processed within the European Union, at the infrastructures and IT systems used by the Data Controller. For technical and operational reasons, some Personal Data may also be processed by technology service providers operating outside the European Economic Area (EEA), including cloud and technical analysis service providers such as Google Firebase.

In such cases, the transfer of Data takes place in accordance with Articles 44 et seq. of the GDPR and on the basis of adequate safeguards, including:

  • The adoption of Standard Contractual Clauses approved by the European Commission
  • Additional technical and organisational measures to ensure a level of Data protection substantially equivalent to that provided by the GDPR

Exercise of Data Subject Rights

The Data Subject may exercise the rights recognised by Articles 7 and 15–22 of Regulation (EU) 2016/679 (GDPR) at any time. In particular, the Data Subject has the right to:

  • Obtain confirmation of the existence or otherwise of Personal Data and access it (right of access)
  • Obtain the rectification of inaccurate Personal Data or the integration of incomplete Personal Data
  • Obtain the erasure of Personal Data in the cases provided for by law (right to be forgotten)
  • Obtain the restriction of processing in the cases provided for by the GDPR
  • Receive Personal Data in a structured, commonly used and machine-readable format and transmit it to another controller (right to portability)
  • Withdraw consent at any time, without prejudice to the lawfulness of processing based on consent prior to withdrawal
  • Object, on legitimate grounds, to the processing of Personal Data concerning them (Art. 21 GDPR)
  • Lodge a complaint with the Data Protection Authority or take legal action before the competent courts

How to exercise your rights

In the case of underage Users, the above rights are exercised by the Parent or Legal Guardian, acting in the name and on behalf of the minor.

To exercise their rights, the Data Subject may contact the Data Controller at: info@talentix.it

Changes to This Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page. Please therefore consult this page often, referring to the date of last modification indicated below.

If you do not accept the changes made to this Privacy Policy, you must stop using this application and may request the Data Controller to remove your Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to Personal Data collected up to that point.

Last updated: January 2026v1.0 · GDPR Reg. (EU) 2016/679