Privacy Policy

Last Updated: March 12, 2026

1. Introduction and Controller Identity

This Privacy Policy explains how TIF Academy Online (“we”) collects, uses, and protects personal data when you visit tifacademy.it and when you communicate with us about our online educational programs. We operate as the Data Controller for all processing activities described in this notice. Our registered organization is TIF TRADING ITALIAN FASHION SRL, with the registered address Via Broletto, 26, 20121 Milano, Italy. You can reach us regarding privacy matters at [email protected].

This policy applies to information we collect through our website, contact forms, email correspondence, and routine service operations connected to our online courses. It does not cover third-party websites or services that we do not control. Where required by law, we will present consent choices for certain processing activities such as analytics and advertising cookies.

If we appoint a Data Protection Officer or a representative in a specific jurisdiction, we will update this policy to include their contact details. At present, privacy questions should be directed to [email protected].

2. Personal Data We Collect

We collect and process the following categories of personal data, limited to what is necessary for clearly defined purposes:

• Identity and contact information: full name, email address, telephone number, and country of residence.
• Form content: selected course, preferred contact method, and any additional comments you choose to provide.
• Technical information: IP address, browser type and version, device and operating system details, language settings, approximate location inferred from IP, and basic security information used to protect the site (e.g., request headers, error codes, and timestamps).
• Usage information: pages visited, time on page, navigation paths, referral source, click interactions with on-site buttons or components.
• Cookies and similar identifiers: essential cookies to keep the site running, preferences, analytics cookies (only with consent), and marketing identifiers (only with consent). See the Cookie Policy at /cookie-policy/ for details.
• Conversion and communication events: the fact that you submitted a form, opened an email, or requested information about a course.

We do not intentionally collect special-category data (such as health, religion, or political opinions), financial account details, or government-issued identifiers through our website. Please do not submit sensitive information in free-text fields. If such data is inadvertently provided, we will restrict use to essential handling and delete it where appropriate.

3. Why We Process Personal Data and Legal Bases

We process personal data for the following purposes under the legal bases set out by applicable data protection laws (including GDPR/UK GDPR):

• Responding to contact requests and providing enrollment information: necessary for steps prior to entering into a contract and performance of a contract (Art. 6(1)(b)), and, where applicable, consent (Art. 6(1)(a)).
• Providing our online educational services and routine operations: necessary for performance of a contract (Art. 6(1)(b)).
• Analytics to understand site performance and improve usability: consent (Art. 6(1)(a)).
• Marketing and remarketing activities, including audience measurement: consent (Art. 6(1)(a)).
• Security and fraud prevention, ensuring service integrity, availability, and abuse prevention: legitimate interests (Art. 6(1)(f)).
• Legal, regulatory, tax, or accounting obligations and responses to lawful requests: legal obligation (Art. 6(1)(c)).

Automated decision-making and profiling: We do not engage in automated decision-making that produces legal or similarly significant effects as defined by Article 22 GDPR. Where we conduct audience segmentation for advertising, it is limited, consent-based, and does not produce such effects.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the site and, with consent, to measure usage and support advertising. Our categories are aligned with our Cookie Policy:

• Essential cookies: enable core functionality (for example, session continuity and consent storage). Examples include _site_session and cookie_consent. These do not require consent.
• Analytics cookies (consent): used to measure traffic and user flows. Where implemented, Google Analytics 4 identifiers may include _ga and _ga_XXXXXXXXXX. IP addresses are handled with anonymization features where available.
• Marketing cookies (consent): used for advertising, remarketing, and conversion attribution (for example, _gcl_au for Google Ads or _fbp/_fbc for Meta). These activate only after you choose to allow marketing cookies.

Beyond browser cookies, pixels and server-side event forwarding may be used to record visit and conversion events. These tools are configured to respect your consent preferences. You can review and modify your preferences at any time using the “Manage cookie preferences” link in the site footer or by visiting our dedicated Cookie Policy at /cookie-policy/.

5. Consent and Choice (EEA and UK)

Users in the EEA and the UK will see a consent banner or panel that allows choices for analytics and marketing cookies. These categories are off by default until you provide explicit, informed, and freely given consent. Your preference is stored in the cookie_consent cookie for up to 12 months. You can withdraw or change your consent at any time by reopening the cookie preferences panel through the footer link or by clearing cookies in your browser. Withdrawal will not affect the lawfulness of processing that occurred before withdrawal.

We also set an essential session cookie (_site_session) to maintain basic site functionality. When consent is refused or withdrawn, we deactivate analytics and marketing scripts and delete the relevant cookies (_ga and _fbp where present).

6. Sharing with Service and Advertising Partners

We share limited personal data with carefully selected service providers that support our operations. These partners may process data on our behalf under contractual terms that limit their use of the data to the services we request:

• Google LLC (analytics, advertising, tag management): may receive cookie identifiers, page view events, conversions, and audience membership signals if you consent.
• Meta Platforms (advertising): may receive page visits, conversions, and hashed identifiers if you consent to marketing cookies.
• Cloudflare or similar providers (security and CDN): may process IP addresses and threat indicators to protect our website from malicious traffic.
• Hosting and infrastructure providers: process data stored or transmitted for the functioning of the site and contact forms.

We do not sell personal data. We instruct our providers not to use the data we share for their own independent commercial purposes beyond delivering the contracted services.

7. International Data Transfers

When personal data is transferred outside the EEA/UK (for example, to the United States), we rely on recognized transfer mechanisms such as the EU–US Data Privacy Framework and its UK Extension or, where appropriate, Standard Contractual Clauses (SCCs) adopted by the European Commission (2021/914). For Switzerland, the Swiss–US Data Privacy Framework may apply. If none of these mechanisms are available, we will implement additional safeguards to protect your data consistent with applicable laws.

8. Data Retention

We keep personal data only as long as necessary for the purposes set out in this policy or as required by law. Typical retention periods are as follows:

• Contact and enrollment inquiries: up to 2 years from the last interaction.
• Analytics data: up to 14 months, depending on the analytics configuration and your consent.
• Marketing cookies and identifiers: per cookie lifetime and reset upon consent withdrawal.
• Email correspondence: the duration of the relationship and up to 1 additional year.
• Server logs: typically 90 days unless needed for security investigations.
• Cookie consent records: up to 3 years for audit purposes.
• Legal, tax, and accounting records: as required by applicable law (commonly 6–10 years).

9. Your Rights

Subject to applicable law, you may have the following rights: access, rectification, erasure, restriction of processing, data portability, objection to processing based on legitimate interests, and the right to withdraw consent at any time. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days, or as otherwise required by law, and may extend the period for complex requests. We may ask you to verify your identity before fulfilling certain requests.

You also have the right to lodge a complaint with your local supervisory authority. EU residents can find information via the European Data Protection Board; UK residents can contact the Information Commissioner’s Office; Italian residents can contact the Garante per la protezione dei dati personali. Contact details can be obtained from official government resources.

10. Children’s Privacy

Our website and programs are intended for adults and older students with capacity to consent. We do not knowingly collect personal data from individuals under the age of 16. If we discover that a child under 16 has provided personal data without verifiable parental consent, we will delete the data promptly. If you believe a child has provided personal data to us, please contact [email protected].

11. Do Not Track

Some browsers offer a “Do Not Track” (DNT) setting. Our website does not currently respond to DNT signals. Third-party providers we use may handle DNT signals differently. You may control analytics and marketing tracking through our consent preferences and your browser settings.

12. Account and Data Deletion

If you wish to request deletion of your personal data, please email [email protected] with the subject “Data Deletion Request” and include enough detail for us to identify your records (for example, the email address and approximate date of your request). After verifying your identity, we will delete or anonymize the data unless retention is required by law or necessary to establish, exercise, or defend legal claims.

13. Business Transfers

If we are involved in a merger, acquisition, restructuring, asset sale, financing, or insolvency event, personal data may be transferred to a successor or affiliate as part of the transaction. Any transfer will be consistent with applicable law and this Privacy Policy. If our use of personal data materially changes after such a transaction, we will provide a prominent notice on our website.

14. Notice for California Residents (CCPA/CPRA)

If you are a California resident, state law may grant you rights to know, access, delete, and correct certain personal information we hold about you, as well as the right to opt out of “sale” or “sharing” of personal information for cross-context behavioral advertising. We do not sell personal information as that term is commonly understood. We may “share” personal information for advertising with your consent to marketing cookies. To exercise rights, contact [email protected] with the subject “California Privacy Request.” We will verify your identity as required. You have the right not to receive discriminatory treatment for exercising your privacy rights. Authorized agents may act on your behalf with appropriate written authorization.

Categories disclosed in the last 12 months may include identifiers (such as name, email, IP address), internet activity (pages viewed, device information), and inferences (course interests), shared with service providers and advertising partners for the purposes described in this policy, subject to your consent where required.

15. Notice for Virginia Residents (VCDPA)

If you are a Virginia resident, you may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects. To submit a request, email [email protected] with the subject “Virginia Privacy Request.” If we deny your request, you may appeal by emailing us with the subject “Appeal of Refusal — Privacy Request.” We will respond to an appeal within 60 days. If unresolved, you may contact the Office of the Attorney General of Virginia.

16. Nevada Residents

Nevada residents may submit a verified request to opt out of the sale of personal information by emailing [email protected] with the subject “Nevada Do Not Sell Request.” We do not currently sell personal information as defined by Nevada law (NRS 603A).

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Material changes will be announced via a notice on our homepage at least 14 days before they take effect. The “Last Updated” date at the top of this page will always show the most recent revision. Continued use of our website after changes take effect means you acknowledge the updated policy.

18. Contact Us

For questions or requests related to this Privacy Policy or your personal data, please contact:

TIF TRADING ITALIAN FASHION SRL
c/o TIF Academy Online
Via Broletto, 26
20121 Milano, Italy
Email: [email protected]

You may also review our Cookie Policy and our website Terms for additional information about how our services operate.