Privacy Notice
Hubnix — AI & Technology Partner
Ditta Individuale di Oleksii Panchenko
P.IVA: IT14660020968
Effective date: 13 April 2026 · Last updated: 13 April 2026
1. Who We Are
Hubnix is an AI and technology consultancy operated by Oleksii Panchenko as a Ditta Individuale under Italian law. We provide AI automation, cloud infrastructure, cybersecurity, ICT compliance, system architecture, and digital presence services to small and medium enterprises.
Data Controller: Oleksii Panchenko
Email: oleksii.panchenko@hubnixco.com
Address: Via Salvini 27, 20090 Trezzano sul Naviglio (MI), Italy
2. What Personal Data We Collect
We collect and process personal data only when necessary for the purposes described below:
- Identity data: name, company name, job title
- Contact data: email address, phone number
- Business data: project requirements, service requests, contractual terms
- Financial data: P.IVA/fiscal code, IBAN, invoice details (for clients and suppliers only)
- Technical data: IP addresses, browser type, system logs (for website visitors and security monitoring)
- Communication data: email content, contact form submissions, meeting notes
We do not collect special categories of personal data (health, biometric, political opinions, etc.) unless explicitly required by a client engagement, in which case it is processed exclusively on local infrastructure within the EU with no cloud transfer.
3. How and Why We Process Your Data
| Purpose | Legal Basis | Retention |
|---|---|---|
| Client project delivery | Art. 6(1)(b) — Contract | Contract + 10 years |
| Website contact form | Art. 6(1)(a) — Consent | Until purpose fulfilled |
| Invoicing and accounting | Art. 6(1)(c) — Legal obligation | 10 years (Italian tax law) |
| Security monitoring | Art. 6(1)(f) — Legitimate interest | Logs 90 days, incidents 1 year |
| AI-assisted operations | Art. 6(1)(f) — Legitimate interest | Agent memory 90 days, audit logs 1 year |
| Website analytics | Art. 6(1)(f) — Legitimate interest | 26 months |
| Pre-contractual enquiries | Art. 6(1)(b) — Steps prior to contract | 12 months after last contact |
4. AI Processing Disclosure
Hubnix uses artificial intelligence systems in its operations, in compliance with the EU AI Act:
- AI-assisted task management: Client communications may be processed by AI systems to route tasks, draft responses, and manage project workflows. All AI outputs are reviewed and approved by the data controller before external communication.
- Security analysis: Automated security tools analyse system logs and network traffic to detect threats. No personal data profiling or automated decision-making with legal effects occurs.
- Sensitive data handling: Any data classified as confidential or restricted is processed exclusively on local AI models within EU-hosted infrastructure. It is never transmitted to external cloud AI services.
These systems are classified as limited-risk or minimal-risk under the EU AI Act. Transparency obligations are met through this notice.
5. Who We Share Data With
We share personal data only with the following recipients, and only to the extent necessary:
| Recipient | Purpose | Safeguard |
|---|---|---|
| Anthropic (Claude API) | AI task processing | EU-US Data Privacy Framework |
| Cloudflare | Website hosting, CDN, security | EU-US Data Privacy Framework |
| Calendly | Appointment scheduling | EU-US Data Privacy Framework |
| Linear | Project tracking | EU-US Data Privacy Framework |
| Migadu | Email hosting | CH adequacy decision |
| Aruba | Electronic invoicing | Domestic (Italy) |
| Gulisano & Partners | Accounting and tax compliance | Domestic (Italy) |
We do not sell, rent, or trade personal data. We do not share data with third parties for marketing purposes.
6. International Data Transfers
Some of our service providers are located outside the European Economic Area. Where data is transferred to the United States, we rely on the EU-US Data Privacy Framework adequacy decision (European Commission, 10 July 2023). Where data is transferred to Switzerland, we rely on the Swiss adequacy decision.
For sensitive or confidential workloads, we process data exclusively on EU-hosted infrastructure using local AI models, with no international transfer.
7. How We Protect Your Data
- Encryption: TLS in transit for all services; LUKS2 disk encryption for sensitive storage
- Access control: SSH key-only authentication, multi-factor authentication on all administrative accounts, zero-trust mesh network
- Monitoring: 24/7 automated security monitoring (SIEM, IPS, honeypots, vulnerability scanning)
- Data minimisation: We collect only what is necessary for each stated purpose
- Retention limits: Data is deleted or anonymised when the retention period expires
- Incident response: Documented incident management procedures with breach notification within 72 hours per Art. 33 GDPR
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Access (Art. 15): Request a copy of the personal data we hold about you
- Rectification (Art. 16): Request correction of inaccurate personal data
- Erasure (Art. 17): Request deletion of your personal data (subject to legal retention obligations)
- Restriction (Art. 18): Request restricted processing in certain circumstances
- Data portability (Art. 20): Receive your data in a structured, machine-readable format
- Objection (Art. 21): Object to processing based on legitimate interest
- Withdraw consent (Art. 7): Where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at: oleksii.panchenko@hubnixco.com
We will respond to your request within 30 days.
9. Cookies
hubnixco.com does not use tracking cookies or third-party analytics scripts. Cloudflare may set essential security cookies for DDoS protection and bot detection. These are strictly necessary and do not require consent.
10. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the Italian Data Protection Authority (Garante per la protezione dei dati personali) within 72 hours of becoming aware of the breach
- Notify affected individuals without undue delay if the breach poses a high risk
- Document the breach, its effects, and remedial actions taken
11. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority. The competent authority for Hubnix is:
Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma
Website: garanteprivacy.it
Email: protocollo@gpdp.it
12. Changes to This Notice
We may update this privacy notice from time to time. Material changes will be communicated via our website. The "last updated" date at the top of this notice indicates the most recent revision.
13. Contact
For any questions about this privacy notice or our data processing practices:
Oleksii Panchenko
Email: oleksii.panchenko@hubnixco.com
Address: Via Salvini 27, 20090 Trezzano sul Naviglio (MI), Italy