Privacy Policy

Article 13 ex EU REG. 2016/679 ('GDPR')


Pursuant to Article 13 of Regulation (EU) 2016/679 ('the Regulation' or 'GDPR'), we would like to inform you about how and for what purposes we process the personal data of those who interact with our website: https://www.tinextadefence.it/

This information does not apply to other websites that may be consulted via links present on the domain websites of the owner, who is not liable in any way for the websites of third parties

Data controller

The Data Controller of personal data collected through this site is Defence Tech Holding S.p.A. and Group companies: DONEXIT; FORAMIL, NEXT Systems Engineering and Innovation Design S.r.l., all co-processorswith registered office in Rome, to the street Giacomo Peroni, 452, VAT NUMBER 11065701002, in the person of the l.r.p.t., Tel: (+39) 0645752720; E-mail: privacy@defencetech.it; PEC: dth@pec.defencetech.it

Data Protection Officer

Pursuant to the General Data Protection Regulation (Art. 37 c.7 GDPR EU Regulation 2016/679), the company has appointed a Data Protection Officer, Dr. Ernesto Barbone, contacted as follows:

Purpose of processing, legal basis, nature of conferment 

For the purposes expressed in this information notice, they will be processed, as a rule:

  • personal data (e.g. name, surname, address, tax code, company name);
  • contact details (e.g. telephone numbers, e-mail address);
  • browsing data (e.g. IP addresses, domain names of computers used by users connecting to the site).
  • special categories of data ('sensitive data') pursuant to Article 9 GDPR, i.e. data concerning health (membership of so-called protected labour categories, in case of application on our website).

The data will be processed in compliance with the conditions of lawfulness under Art. 6 of the Regulation, in order to:

  1. allow navigation on this website and the technical management of connections to it

The computer systems responsible for the functioning of the websites acquire, during their normal operation and for the sole duration of the connection, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes, for example: IP addresses or the names of the computers used by users who connect to the websites, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the characteristics of the browser used for browsing, the resolution of the screen on which the browser is running on the device being used, and other parameters relating to the user's operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the sites and to check their correct functioning, and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the sites.

Legal basis for processing: Processing is necessary for the pursuit of the legitimate interest of the holder of the

processing pursuant to Article 6(1)(f) of EU Reg. 2016/679.

  1. following up information or contact requests and other types of requests made by customers/users concerning the services offered by the Controller.

The voluntary sending of e-mails to the e-mail addresses indicated on the above-mentioned websites entails the subsequent acquisition of the sender's e-mail address and first name and surname, which are necessary in order to respond to requests, as well as any other personal data included in the message. This also applies in the context of handling and responding to complaints submitted by users.

Legal basis for processing: The processing is necessary for the performance of a contract to which the data subject is a party, pursuant to Art. 6(1)(b) of EU Reg. 2016/679. The data requested for the purposes indicated are necessary in order to be able to follow up on the data subject's requests. Failure to provide the data has the sole effect of making it impossible to send and/or receive and/or acknowledge the data subject's requests.

  1. manage the selection process when applying and sending a CV

The user is also free to provide his or her personal and special data (exclusively for the above-mentioned purposes) by means of the

section of the site 'Work with us', to send your CV and submit your application.

Legal basis for processingthe performance of pre-contractual or contractual obligations (Art. 6(1)(b) GDPR) and the

consent for special data (Art. 9 lett a GDPR).

The data requested for the purposes indicated are necessary in order to initiate the personnel selection procedure. Any

failure to provide the data has the effect of making it impossible to include you in the selection and consequently to assess the

its recruitment.

Personal data will not be processed using automated decision-making processes as referred to in Article 22 of the GDPR and collection for marketing purposes is excluded in any case.

Modalities of data processing

The processing will be carried out with computer and telematic tools in compliance with the regulations in force and the principles of correctness, lawfulness, transparency, relevance, completeness and non excess, accuracy and with organisation and processing logics strictly related to the purposes pursued and in any case in such a way as to guarantee the security, integrity and confidentiality of the processed data, in compliance with the organisational, physical and logical measures provided for by the provisions in force.

Data retention period

In compliance with the provisions of Article 5 paragraph 1 letter e) of EU Reg. 2016/679, the personal data collected will be stored in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed. The retention of data of a personal nature provided depends on the purpose of the processing:

- for contact and information requests, maximum 1 year;

- application process online and personnel selection: maximum 1 year

  1. for the technical profilesthe data you send concerning your application and curriculum vitae will be kept until 5 years;
  2. for profiles genericsthe data you send concerning your application and curriculum vitae will be kept until 2 years.
  • tax obligations, up to 10 years.

After these terms, the data will be deleted or made anonymous, unless their further retention is necessary to fulfil contractual obligations that have arisen, legal obligations or to comply with orders issued by public authorities.

Nature of data provision

Users are free to provide their personal data. Failure to provide data may make it impossible to obtain what has been requested or to use the web services of the Data Controller.

Recipients of the data or categories of recipients

For the pursuit of the purposes described, or where this is indispensable or required by law or by authorities with the power to impose it, the Data Controller reserves the right to communicate the data to recipients belonging to the following categories:

  • subjects that provide services for the management of the information system used by the Data Controller and telecommunications networks, including e-mail and website management;
  • the data may also be made known, in connection with the performance of assigned tasks, by the Controller's staff, including workers and consultants, all of whom are specifically authorised to process the data;
  • Public Bodies or Public Security Authorities in fulfilment of legal obligations.

Data transfer abroad

DEFENCE TECH Holding spa undertakes to restrict the areas of circulation and processing of Personal Data (e.g. storage, archiving and preservation of data on its servers) to countries that are part of the European Union, with an express prohibition to transfer them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or, in the absence of the protection tools provided by EU Regulation 2016/679 (third country judged adequate by the European Commission, group BCR, model contractual clauses, consent of the data subjects, etc.).

Data Dissemination

User data will not be disseminated.

Using Social Networks

From the website, it is possible to link to the company page on LinkedIn, via the respective icon.

As is well known, social networks autonomously regulate privacy for those who surf, post and communicate through them, being in this case the main data controllers.

You are therefore invited to visit the following links for more information:

However, when the user is on social pages managed by LinkedIn and communicates, in various ways, his or her personal data (e.g. through a private message or by commenting on a post or leaving a review), or when the social network provides certain statistics on the use of the pages in a non-anonymous way (and thus traceable to the activity carried out on the page by the specific person), it is DEFENCE TECH Holding spa to become a data controller.

The data processing that is carried out is exclusively for the ordinary administration of the pages (e.g. if a comment is posted in which you insult other users DEFENCE TECH Holding spa may decide to remove it from the page as unlawful) and to answer user questions (both public and private) about the characteristics of the products of DEFENCE TECH Holding spa.

In this case, the legal basis for the processing is the legitimate interest of DEFENCE TECH Holding spa to propose to the user and illustrate their products and their characteristics, as well as on the need to answer any possible user queries.

The processing of the user's personal data will take place by means of the tools made available by the Social Network itself.

At this stage of simple contact, DEFENCE TECH Holding spa will not transfer or disclose the user's personal data to other parties. The user is always free to decide when to remove a like, delete a comment, review, etc., simply by going back to the relevant Social Network page and deleting it directly.

As for private messages, these are kept for a maximum of 6 months after the last contact, after which they are deleted.

Users are always free to provide their personal data. Failure to provide data may make it impossible to obtain what has been requested or to use the Controller's services.

Rights of the data subject

Articles 15, 16, 17, 18, 20, 21 of the GDPR confer on the data subject the exercise of specific rights that may be exercised vis-à-vis the Data Controller.

In particular, as a data subject, you may, under the conditions laid down in the GDPR, exercise the following rights:

  • right of accessThe right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to your personal data, including a copy thereof;
  • right of rectificationThe right to have inaccurate personal data concerning you corrected and/or incomplete personal data supplemented;
  • right to erasure (right to be forgotten): the right to obtain the deletion of personal data concerning you, if they are no longer necessary for the purposes pursued by the Controller, in case of revocation of your consent (and if there is no other legal basis for the processing) or your objection to the processing, in case of unlawful processing, or if there is a legal obligation to delete.

The right to erasure does not apply insofar as the processing is necessary for the fulfilment of a legal obligation or the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims;

  • right of restriction of processing: the right to obtain the restriction of processing when: a) the data subject contests the accuracy of the personal data; b) processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that their use be restricted; c) the personal data are necessary for the establishment, exercise or defence of legal claims;
  • right to data portabilityThe right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you that you have provided to the Controller and the right to transmit them to another controller without hindrance, where the processing is based on consent and is carried out by automated means;
  • right of opposition: the right to object, at any time, to the processing if personal data are processed for purposes other than those for which you have consented to the processing.

Pursuant to Article 77 of the Regulation, you have the right to lodge a complaint with a supervisory authority, namely in the Member State where you habitually reside, work or where the alleged infringement has occurred, which in Italy corresponds to the Italian Data Protection Authority, whose references can be found at www.garanteprivacy.it.

In addition, the GDPR gives you the right to withdraw your consent at any time and as easily as if it had been given.

The exercise of your rights as a data subject is free of charge pursuant to Article 12 GDPR. However, in the case of requests that are manifestly unfounded or excessive, including due to their repetitiveness, the Data Controller may charge you a reasonable fee, in light of the administrative costs incurred in handling your request, or deny satisfaction of your request.

You may exercise your rights by using the attached form which must be sent in hard copy to the Controller's address, or by e-mail or fax to the addresses given in this notice.

This Policy was updated on 2.4.2025

Any updates will always be published on this page.

The Data Controller
DefenceTech s.p.a.

Contact us

Privacy Policy
Privacy Policy
Tinexta Defence logo

Defence Tech | Next | Donexit | Foramil | Innodesi

Tinexta Defence S.r.l. - Share Capital € 25,000.00 i.v. - VAT No. 17105861003 - REA Rome No. 1696120.
Defence Tech Holding S.p.A. Benefit Corporation - Share Capital € 2,554,285.70 i.v. - VAT No. 11065701002 - REA Rome No. 1276114.
Copyright © Tinexta Defence - All Rights Reserved.

Degree in Business Administration from the University of Naples 'Federico II' with an MBA in Business Management achieved with high merit in 2008 by winning a scholarship provided by Invitalia S.p.A. from which she was selected in the first months of attendance as the best MBA profile.

After a brief experience in Invitalia S.p.A., he immediately held increasingly important roles in the management of Administration, Finance and Control of companies operating in the defence sector, theInformation Technology, of Cyber and National Security. In addition, she was Treasury Manager in companies operating in theEnergy.

He obtained an Executive Master in Finance (EMF) at SDA Bocconi in 2020, with a specialisation in Corporate Finance & Control and, in 2022, a further specialisation track in Asset, Wealth Management also at SDA Bocconi.

For over five years it has been the Chief Financial Officer of the Defence Tech Group, whose listing process he followed on the Euronext Growth Milan segment of Borsa Italiana.

From 2017 to 2024, she was a member of the boards of directors of all the legal entity of the Defence Tech Group with delegated powers over their financial management and from October 2021 to October 2024 was a Board Member of the Holding Company.

It is currently also Investor Relations Manager of the listed Defence Tech and follows all ESG issues of the Group.

In July 2021, she was recognised by Federmanager as one of the best talents under 44 at national level, receiving an important award as Young Manager 2020.