Switzerland
How we process personal data
How the usual neXt processes personal data collected through the website, forms, Tholus Account and commercial services.
Overview
Last updated: 15 July 2026.
This notice describes how personal data is processed through theusualnext.com, contact and quotation forms, Tholus Account and connected commercial journeys. Software applications published by the usual neXt have a separate privacy notice.
Data controller
THE USUAL NEXT S.R.L., Corso Umberto I 10, 67031 Castel di Sangro (AQ), Italy, VAT no. IT02182990669. For privacy enquiries or to exercise your rights: [email protected].
Data we process
- Technical and security data: IP address, date and time, requested page, browser, device, operating system, logs and technical or anti-fraud events.
- Enquiries: name, email, telephone number, company, VAT or UID number, role, messages, files, project details, place, date and information needed for delivery, site inspection or a quotation.
- Account and commercial data: identity data, credentials and sessions, account references, quotations, orders, support, invoicing and payment status. When online payment is available, full card details are collected directly by the payment provider, not by this website.
- Preferences: subscription to commercial communications, consent records and measurement technology choices.
Data comes from you, your browser or device and, where needed to perform a contract, the organisation or partner you work with.
Purposes and legal grounds
- answering enquiries and managing quotations, accounts, orders, deliveries, rentals, support and payments: pre-contractual steps and performance of a contract;
- issuing and retaining tax, accounting and administrative records: legal obligation;
- protecting the website, infrastructure, accounts and rights, preventing abuse and improving reliability and service: legitimate interests balanced against individual rights;
- sending newsletters or promotional communications and enabling Google Ads campaign measurement: consent, which may be withdrawn at any time;
- establishing, exercising or defending legal claims: legitimate interests and, where applicable, legal obligations.
Fields marked as required are needed to respond or provide the requested service. Without them, we may be unable to issue a quotation, create an account or enter into a contract. Optional fields may be left blank.
Cookies and similar technologies
The website uses technologies required for sessions, security, abuse prevention and storage of your privacy choice. Cloudflare protects and delivers the website and may set strictly necessary cookies when security checks are triggered. Its Web Analytics beacon collects aggregate traffic and performance measurements without using cookies or localStorage to recognise visitors.
Google Ads loads only after you select “Accept measurement”. If you choose “Necessary only”, the tag does not load. Your choice lasts no more than 180 days and can be changed at any time through “Privacy preferences” in the footer. Withdrawal does not affect processing carried out lawfully before withdrawal.
Service providers and other recipients
Data is available only to authorised staff and providers needed to deliver the service, under instructions and confidentiality duties. Depending on the journey you use, these may include:
- Hetzner and RunCloud for hosting and infrastructure management;
- Cloudflare for network delivery, security and aggregate performance measurements;
- Google Fonts and the unpkg and CARTO CDNs for fonts, components and maps on pages that require them; your browser sends the technical data needed to make the request;
- YouTube and Vimeo only when you choose to open an external video; default previews remain local and the players use the most privacy-protective modes available;
- the SMTP provider, including Amazon SES where configured, for email delivery;
- Tholus Account and Merxera for identity, catalogue, quotations, availability, orders and support;
- Stripe, only when online payment is offered;
- Mailchimp, only if you subscribe to a newsletter managed through that service;
- Google Ads, only after you consent to measurement;
- Glacom, only after separate consent if you request an assessment for possible public funding. The assessment is preliminary and does not guarantee funding.
Data may also be disclosed to professional advisers, insurers, authorities or entitled parties where necessary for legal duties, security or the protection of rights. We do not sell personal data.
International transfers
Some providers may process data outside the European Economic Area or Switzerland. In those cases we use an adequacy decision, the EU–US or Swiss–US Data Privacy Framework where the recipient participates, or standard contractual clauses and supplementary measures appropriate to the transfer. You may ask the controller for information about the safeguards used.
Retention
- technical and security logs: normally up to 12 months, and longer only to investigate incidents or protect rights;
- enquiries and quotations that do not lead to a contract: normally up to 24 months after the last meaningful contact;
- accounts: for the life of the account and afterwards as needed for legal duties, disputes and security;
- contracts, orders, invoices and accounting records: normally 10 years or another period required by applicable law;
- marketing: until consent is withdrawn, while retaining what is necessary to evidence the choice and respect an objection.
If a dispute or preservation duty applies, the period may be extended for no longer than necessary.
Your rights
Where provided by the GDPR and Swiss data protection law, you may request access, correction, deletion, restriction, objection and, where applicable, data portability. You may withdraw consent at any time and object to direct marketing free of charge. Email [email protected] to exercise a right; we may request only the information needed to verify your identity.
You may complain to the Italian Data Protection Authority or, for processing governed by Swiss law, the Federal Data Protection and Information Commissioner. We nevertheless invite you to contact us first so we can address the matter directly.
Automated decisions, children and security
We do not make decisions based solely on automated processing that produce legal or similarly significant effects. Any matching between a project, products or funding opportunities is preliminary and subject to human review.
The website services are intended for businesses and adults and are not directed to children under 16. If you believe a child has submitted data, contact us so we can verify and delete it.
We use technical and organisational measures proportionate to the risk, including encryption in transit, access controls, event logging and incident procedures. No system is risk-free; we limit data, access and retention to reduce exposure.
Changes to this notice
We may update this notice when services, providers or laws change. The current version and its date are always published here; material changes will be communicated through appropriate means.