To receive information about their Personal Data, its purpose, and the parties with whom it is shared, users should contact the Data Controller.

Data Controller and Processor

Categories of Collected Data

The Data Controller does not provide a list of categories of Personal Data collected. Complete information regarding each category of Personal Data collected is provided in the sections of this privacy policy dedicated to that purpose or through specific explanatory texts displayed prior to the collection of such Data.

Personal Data may be freely provided by the user or, in the case of Usage Data, collected automatically when using this Application. All Data requested by this Application is mandatory, and the refusal to provide it may make it impossible for this Application to provide its services. In cases where this Application specifically indicates that certain Data is not mandatory, users are free not to communicate such Data without any consequences on the availability or functioning of the Service. Users who have doubts about which Data is mandatory can contact the Data Controller. The use of Cookies - or other tracking tools - by this Application or by third-party service providers used by this Application is intended to provide the Service requested by the User, in addition to any other purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Application and declares hereby to have the consent of such third parties to provide such Data to the Data Controller.

Mode and Place of Processing of Collected Data

Processing Methods

The Data Controller will process Users' Data appropriately and adopt appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of the Data.

Data processing is carried out using computers and/or IT-enabled tools, following procedures and organizational methods strictly related to the purposes indicated. In addition to the Data Controller, in some cases, certain categories of authorized persons related to the operation of this Application (administration, sales, marketing, legal and system administration departments) or external contractors providing services to the Data Controller (such as external technical service providers, courier companies, hosting companies, IT companies, communication agencies) may have access to the Data. They will be appointed by the Data Controller as Data Processors, if necessary. Users can request an updated list of these persons from the Data Controller at any time.

Legal Basis of Processing

The Data Controller may process the User's Personal Data if one of the following conditions is met:

• • When Users have given their consent for one or more specific purposes. Notice: Under several different legislations, the Data Controller may be allowed to process Personal Data until the User objects to such processing ("opt-out"), without having to rely on consent or any other of the legal bases below. However, this does not apply whenever the processing of Personal Data is subject to European data protection law;
• • When data acquisition is necessary for the performance of a contract between the User and/or any pre-contractual obligations thereof;
• • When processing is necessary for compliance with a legal obligation to which the User is subject;
• • When processing is related to a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
• • When processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party.

In any case, the Data Controller is available to define the specific legal bases that apply to the processing, and in particular, whether the acquisition of Personal Data is a contractual or statutory requirement, or a requirement necessary to enter into a contract.

Location

The Data is processed at the Data Controller's offices and in any other places where the parties involved in the processing are located. Depending on the User's location, Data transfers may involve transferring the User's Data to a country other than their own. For more information on the processing location of such transferred Data, Users can refer to the section containing details on the processing of Personal Data.

Users will also have the right to know the legal basis for Data transfers to another country outside the European Union or to any international organization governed by public international law or made up of two or more countries, such as the UN, and to know the security measures taken by the Data Controller to safeguard their Data.

In the event of such a Data transfer, Users can obtain more information by consulting the relevant sections of this document or by requesting it from the Data Controller through the contact information provided in the contact section.

Retention Period

Personal Data will be processed and stored for as long as necessary for the purpose for which it was collected. Therefore:

• • Personal Data collected for the performance of a contract between the Data Controller and the User shall be retained as such until such a contract has been fully executed.
• • Personal Data collected in the legitimate interest of the Data Controller shall be retained for the time necessary to fulfill that purpose. Users can find specific information related to the Data Controller's legitimate interest by consulting the relevant sections of this document or by contacting the Data Controller.

The Data Controller may retain Personal Data for an additional period when the User provides their consent to such processing, provided that such consent remains valid. Additionally, the Data Controller will be obliged to retain Personal Data for an additional period whenever required for compliance with a legal obligation or an order from an authority.

Once the retention period has expired, Personal Data must be deleted. Therefore, the rights of access, modification, rectification, and data portability cannot be exercised once this period has expired.

User's Rights

Users have the right to exercise certain rights with respect to the processing of their Data by the Data Controller. Specifically, Users have the right to do the following:

• • Withdraw their consent at any time. Users have the right to withdraw their consent when they have previously granted it for the processing of their Personal Data.
• • Object to the processing of their Data. Users have the right to object to the processing of their Data if such processing is carried out on a legal basis other than consent. For more information, Users can refer to the relevant section below.
• • Access their Data. Users have the right to know whether their Data will be processed by the Data Controller, to obtain information about certain aspects of the processing, and to obtain a copy of the Data being processed.
• • Verify and request modification. Users have the right to verify the accuracy of their Data and request that it be updated or corrected.
• • Restrict the processing of their Data. Users have the right, in certain cases, to restrict the processing of their Data. In that case, the Data Controller will process their Data solely for the purpose of storing it.
• • Delete or erase Personal Data. Users have the right, in certain cases, to obtain the deletion of their Data by the Data Controller.
• • Receive and transfer their Data to another controller. Users have the right to receive their Data in a standard, structured, machine-readable format and, if technically feasible, to have it transferred to another controller without hindrance. This provision shall apply where the Data has been processed by automated means and the processing is based on the User's consent, a contract to which the User is a party or pre-contractual obligations.
• • File a complaint. Users have the right to file a complaint with the competent authority in the field of personal data protection.

Details on the Right to Object to Processing

When the processing of Personal Data is of public interest, in the exercise of official powers granted to the Data Controller or due to a legitimate interest of the Data Controller, Users may object to such processing by explaining a reason related to their particular situation to justify their objection.

However, Users should know that in the case of processing their Personal Data for commercial purposes, they may object to such processing at any time without justification. To find out if Users' Personal Data is being processed by the Data Controller for commercial purposes, they should refer to the relevant sections of this document.

How to exercise these rights

Any request to exercise User's rights can be addressed to the Data Controller through the contact details provided in this document. Such requests will be processed by the Data Controller at no cost as soon as possible and always within one month.

Additional information on Data collection and processing

Legal defense

User's Personal Data may be used for the legal defense of the Data Controller in court or in the stages leading to possible legal action arising from the improper use of this Application or related Services. The User acknowledges that the Data Controller may be required by public authorities to disclose Personal Data.

Additional information on User's Personal Data

In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information regarding specific Services or the collection and processing of Personal Data.

System logs and maintenance

For operation and maintenance purposes, this Application and any third-party services it uses may collect system logs, i.e., files that record interactions with this Application and may contain Personal Data, such as the User's IP address.

Information not contained in this privacy policy

At any time, the User may request additional information regarding the collection and processing of Personal Data from the Data Controller. The contact information is provided at the beginning of this document.

How "Do Not Track" requests are handled

This Application does not support "Do Not Track" requests. To determine if any of the third-party services it uses accept "Do Not Track" requests, please read their privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users through this page and, if technically and legally feasible, directly notifying Users if the Data Controller has the necessary contact information. Users are strongly recommended to check this page frequently, referring to the date of the last modification listed at the bottom.

If the changes affect the processing activities carried out based on the User's consent, the Data Controller shall obtain, if necessary, the new consent of the User.