Panoramica

This privacy policy explains how we collect, use, store, share and protect personal data when you visit or interact with our website and services. We are committed to processing personal data in full compliance with Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”), Directive 2002/58/EC on privacy and electronic communications as amended and transposed in EU Member States, applicable national privacy laws, and relevant guidance from the European Data Protection Board (EDPB) and national supervisory authorities. This notice reflects the state of EU and EEA privacy guidance as updated in October 2025 and incorporates recent judgments of the Court of Justice of the European Union (CJEU). We are transparent about our processing activities and give you meaningful control over your personal information.

Definizioni

For the purposes of this notice: “personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. “Processing” means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. “controller” means the natural or legal person that determines the purposes and means of processing. “processor” means the natural or legal person that processes personal data on behalf of the controller. “services” refers to our website, applications, features, content and related services we offer or make available to you.

Data controller

Normative applicabili

All processing is carried out in strict compliance with the GDPR, the ePrivacy Directive (2002/58/EC) as implemented in EU Member State law, consumer protection rules under Regulation (EU) 2016/679, Directive 2005/29/EC on unfair commercial practices and any sector-specific obligations applicable to our services. We also respect national data protection laws implementing these European frameworks, including rules on confidentiality of electronic communications, direct marketing, cookies and similar tracking technologies. Our processing respects fundamental rights and freedoms as guaranteed by the EU Charter of Fundamental Rights, in particular Articles 7 (respect for private and family life) and 8 (protection of personal data). We follow recommendations and guidelines issued by the European Data Protection Board, the former Article 29 Working Party and competent national supervisory authorities.

Categories of personal data we process

Depending on how you interact with our website and services, we may process different categories of personal data including: identity and contact data (such as full name, email address, telephone number, postal address, username); account and authentication data (such as passwords, security questions, authentication tokens); technical data (such as IP address, browser type and version, operating system, device identifiers, unique device tokens, advertising identifiers, connection information, access logs, referrer URLs); usage and behavioural data (such as pages visited, features used, actions taken, click patterns, mouse movements, scroll depth, time on page, search queries, interaction timestamps); geolocation data (such as precise GPS location where permission is granted, or approximate location derived from IP); preference and settings data (such as cookie consent choices, marketing preferences, language settings, accessibility settings, notification preferences); transactional and commercial data (such as purchase history, payment details, billing information, order records); communication data (such as correspondence with customer support, feedback, survey responses, chat transcripts); and profile and inferred data (such as inferred interests, preferences, demographic characteristics based on your interactions). Additional categories of information collected by specific third-party services integrated into our website are described in detail in the services and cookies table below, together with the respective purposes and legal bases.

Origine dei dati

We collect personal data from various sources: (1) Data you provide directly: when you register for an account, complete forms, subscribe to newsletters, make purchases, request information, participate in surveys, communicate with customer support, post content, take part in community features or otherwise voluntarily submit information through our services. (2) Data we collect automatically: when you visit or use our services, we automatically collect certain technical and usage data through cookies, web beacons, pixels, local storage, server logs and similar tracking technologies. This includes information about your device, browser, IP address, pages viewed, features used, timestamps, referral sources and browsing patterns. See our Cookie Policy for detailed information on cookies and similar technologies. (3) Data from third parties: we may receive personal data from trusted business partners, service providers, analytics providers, advertising networks, social media platforms (when you connect your account or use social features), payment processors, fraud prevention services, data enrichment providers and publicly accessible sources (such as public registers, directories or social profiles set to public) where legally permitted and necessary for legitimate business purposes. (4) Data from combined sources: we may combine data collected from different sources to build a more complete understanding of our users, improve our services, personalise experiences and strengthen security, always in accordance with applicable data protection requirements.

Dati obbligatori e facoltativi

Whenever personal data is requested through forms or other interfaces, we clearly distinguish and indicate which data fields are mandatory (required) to provide the requested service and which are optional (voluntary). Mandatory fields are typically marked with an asterisk (*) or another clear visual indicator, and we explain why the information is necessary. Refusal to share optional data will not negatively affect your ability to use our services, receive support or exercise your rights. However, failure to provide mandatory data may prevent us from fulfilling your request, completing a transaction, creating an account, responding to your enquiry or providing certain features or services. In such cases, we will explain the consequences of not providing the required information. The distinction between mandatory and optional data is based on the principles of necessity and proportionality under Article 5(1)(c) GDPR, ensuring we only collect data that is adequate, relevant and limited to what is necessary for the specified purposes.

Purposes of processing

We process personal data for the following specific purposes: (1) Delivering and performing services: to provide, manage, maintain and deliver our services, features and functionality; to create and manage user accounts; to process transactions and fulfil orders; to provide customer support and respond to enquiries; to send service-related communications, notifications and updates. (2) Security and fraud prevention: to detect, prevent and respond to security incidents, fraud, abuse, unlawful activity and breaches of our terms of service; to verify identity and authenticate users; to protect the rights, property and safety of our organisation, users and the public. (3) Analytics and performance measurement: to analyse usage patterns, measure effectiveness, understand user behaviour, monitor service performance, identify technical issues and generate statistical insights; to conduct research and development. (4) Service improvement and innovation: to improve existing features, develop new features and services, enhance user experience, test new functionality and optimise our content, design and offerings. (5) Personalisation and tailored experiences: to provide personalised content, recommendations, advertising and experiences adapted to your interests and preferences, only where you have given the relevant consent or where permitted by applicable law. (6) Marketing and communications: to send promotional communications, newsletters, marketing materials and information about products and services that may interest you, only with consent where required by law. (7) Compliance and legal obligations: to comply with legal obligations, regulatory requirements, court orders, governmental requests and to assert our legal rights and agreements. (8) Business operations: to manage our business operations, maintain records, conduct internal administration and perform accounting and audit functions. Each processing purpose is linked to a specific legal basis as detailed in the Legal bases section below.

Basi giuridiche

Each processing activity relies on one or more of the following legal bases under Article 6(1) GDPR: (a) Consent (Article 6(1)(a)): for optional processing such as non-essential analytics, marketing cookies, profiling for marketing, third-party advertising, optional service features and marketing communications. Consent must be freely given, specific, informed and unambiguous, provided through a clear affirmative action. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. (b) Contractual necessity (Article 6(1)(b)): where processing is necessary for the performance of a contract to which you are party (such as our Terms of Service) or to take steps at your request prior to entering a contract. This includes processing necessary to provide the requested services, create and manage accounts, process payments and deliver purchased products or services. (c) Legal obligation (Article 6(1)(c)): where processing is necessary for compliance with a legal obligation to which we are subject, such as tax and accounting requirements, regulatory compliance, responses to lawful government requests, cooperation with law enforcement and record-keeping duties. (d) Legitimate interests (Article 6(1)(f)): where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. We rely on legitimate interests for: security and fraud prevention; essential analytics to understand service performance and technical issues; network and information security; direct marketing to existing customers for similar products; business continuity and disaster recovery; exercise or defence of legal claims. Before relying on legitimate interests, we conduct and document a balancing test weighing our interests against your rights, considering the nature and sensitivity of the data, implementing appropriate safeguards and following EDPB and national authority guidance. (e) Vital interests (Article 6(1)(d)): in rare cases where processing is necessary to protect vital interests of you or another natural person. (f) Public interest or official authority (Article 6(1)(e)): where applicable for processing carried out in the public interest or in the exercise of official authority. The specific legal basis for each processing purpose and service is indicated in the services and cookies table below.

Destinatari e trasferimenti di dati

Personal data may be disclosed or shared with the following categories of recipients, strictly limited to what is necessary for the stated purposes: (1) Service providers and processors: third-party vendors, contractors and service providers that process data on our behalf under written data processing agreements (hosting, cloud storage, CDN services, email delivery, payment processors, analytics providers, customer support platforms, security services). (2) Business partners: trusted partners with whom we collaborate to deliver services, fulfil orders or provide integrated features, subject to contractual confidentiality and data protection obligations. (3) Advertising and marketing partners: where you have given consent, we may share data with advertising networks, marketing platforms and social media services for targeted advertising and marketing. (4) Professional advisers: lawyers, accountants, auditors, insurers and other professional advisers when necessary for business operations or legal compliance. (5) Competent authorities: law enforcement, regulators, courts, government agencies and other public authorities when required by law, in response to legal process, to protect rights and safety or to meet regulatory obligations. (6) Corporate transactions: in connection with any merger, sale, acquisition, restructuring or transfer of assets, prospective purchasers or investors may receive personal data subject to confidentiality obligations. (7) With your consent: other third parties where you have given specific consent or at your direction. Where recipients are established outside the European Economic Area (EEA), international transfers take place only when: (i) the European Commission has issued an adequacy decision; or (ii) appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission (Article 46 GDPR), binding corporate rules, approved codes of conduct or certification mechanisms; and (iii) additional technical, organisational and contractual measures are implemented in line with EDPB recommendations (including following the CJEU Schrems II judgment) to ensure a substantially equivalent level of protection. We assess the legal regime of destination countries and implement supplementary measures where necessary. Details of specific international transfers and safeguards are available on request.

Processors and authorised staff

Access to personal data is strictly controlled and limited on a need-to-know basis. Only authorised personnel who have been adequately trained on data protection principles, confidentiality obligations, security procedures and relevant policies have access to personal data. All employees, contractors and other staff with access are bound by contractual confidentiality duties and may be subject to disciplinary action for breaches. We implement role-based access controls, authentication mechanisms, activity logging and periodic access reviews. External service providers, vendors and other third parties that process personal data on our behalf (“processors”) operate under written data processing agreements (DPAs) that fully reflect Article 28 GDPR requirements. These agreements require processors to: process data only on documented instructions; implement appropriate technical and organisational security measures; maintain confidentiality; assist with data subject requests; assist with security incidents and data breach notifications; delete or return personal data at the end of the relationship; demonstrate compliance through audits and inspections; and engage sub-processors only with prior authorisation and equivalent contractual obligations. We conduct processor due diligence before engagement, regularly monitor and assess their compliance, review audit reports and security certifications, and maintain an up-to-date record of processors and processing activities as required by Article 30 GDPR.

Misure di sicurezza

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR, taking into account the state of the art, implementation costs, the nature, scope, context and purposes of processing and the risks to rights and freedoms of natural persons. Our security measures include: (1) Technical measures: encryption of personal data in transit using TLS/SSL and at rest using industry-standard algorithms; secure authentication including strong password policies, multi-factor authentication and session management; access controls with role-based permissions, least privilege and periodic access reviews; network security including firewalls, intrusion detection and prevention, network segmentation and security monitoring; logging and monitoring of access, activities, security events and anomalies; periodic vulnerability assessments, penetration testing and security audits; secure software development practices, code reviews and security testing; backup and recovery procedures for availability and resilience; pseudonymisation and anonymisation where appropriate to reduce risk. (2) Organisational measures: data protection policies, procedures and guidelines; data minimisation and storage limitation applied throughout the data lifecycle; staff training and awareness on data protection, security and confidentiality; incident response and data breach procedures; periodic compliance assessments and internal audits; vendor management and third-party security assessments; business continuity and disaster recovery planning; privacy by design and default integrated into systems and processes; documented data protection impact assessments (DPIAs) for high-risk processing. (3) Physical measures: physical access controls to facilities and server rooms; environmental controls and monitoring; secure disposal of media and equipment. We regularly test, assess and evaluate the effectiveness of these measures, update them to address evolving threats and align with industry best practice and regulatory guidance.

Processo decisionale automatizzato e profilazione

We may use profiling, meaning any form of automated processing of personal data to evaluate certain personal aspects, in particular to analyse or predict aspects concerning your preferences, interests, behaviour, location or movements. Profiling may include: analysing your usage patterns to recommend content or products; user segmentation for marketing; personalising website content and user interfaces; predicting interests based on browsing history and interactions. Profiling is only carried out when based on a valid legal basis (typically your consent or our legitimate interests after a balancing test) and with appropriate safeguards. Automated decision-making means making decisions solely by automated means without human involvement. We do not carry out automated decision-making that produces legal effects concerning you or similarly significantly affects you (as defined in Article 22 GDPR) unless: (i) it is necessary for entering into or performing a contract between you and us; (ii) it is authorised by EU or Member State law which lays down suitable measures to safeguard your rights, freedoms and legitimate interests; or (iii) it is based on your explicit consent. Where automated decision-making is used, we implement appropriate safeguards including: providing meaningful information about the logic involved; ensuring human intervention is available; allowing you to express your point of view and contest the decision; conducting periodic assessments of accuracy and bias. You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects, and you may exercise this right by contacting us as indicated in the “How to exercise your rights” section.

Conservazione

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, in line with the storage limitation principle under Article 5(1)(e) GDPR. Our retention periods are based on: (1) Purpose-based retention: data is kept for as long as needed to provide services, maintain accounts, perform contractual obligations and achieve the purposes described in this notice. (2) Legal and regulatory retention requirements: some data must be kept for specific periods to comply with legal obligations such as tax laws (typically 7–10 years for financial records), accounting requirements, regulatory duties, employment law and other statutory retention periods. (3) Legal claims and litigation: data may be kept longer when necessary to establish, exercise or defend legal claims, typically until applicable limitation periods expire. (4) Consent-based retention: where processing is based on consent, data is retained until consent is withdrawn unless another legal basis or legal retention obligation requires continued retention. (5) Legitimate-interest-based retention: where based on legitimate interests, data is retained for as long as the interest persists and is not overridden by your rights. Specific retention periods include: account data is kept while your account is active and for a limited period after closure; transactional records are kept in accordance with applicable financial and tax regulations; marketing consent records are kept for the period required by law to demonstrate compliance (typically 3–5 years after withdrawal); consent management records (cookie consents) are kept as required by law and guidance (typically 6–24 months); access logs and security data are typically kept for 6–12 months unless longer retention is needed for security investigations; cookies and similar technologies follow the durations stated in our cookie tables and Cookie Policy. At the end of applicable retention periods, personal data is securely erased, destroyed or anonymised (rendered non-identifiable) so it can no longer be attributed to an identifiable individual. We periodically review retained data to ensure compliance with retention policies and delete data that is no longer necessary. Detailed retention schedules for specific categories of data and processing activities are available on request.

Diritti dell'interessato

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data: (1) Right of access (Article 15 GDPR): you have the right to obtain confirmation as to whether personal data concerning you are being processed and, if so, to access the data and information about the processing including purposes, categories of data, recipients, retention periods and sources. (2) Right to rectification (Article 16 GDPR): you have the right to have inaccurate personal data corrected and incomplete data completed without undue delay. (3) Right to erasure / “right to be forgotten” (Article 17 GDPR): you have the right to obtain erasure of personal data without undue delay where: the data are no longer necessary; you withdraw consent and there is no other legal basis; you object to processing based on legitimate interests and there are no overriding grounds; the data have been processed unlawfully; erasure is required for a legal obligation; or data were collected in relation to information society services offered to children. This right does not apply where processing is necessary for legal obligations, for establishing, exercising or defending legal claims, or other exceptions under Article 17(3). (4) Right to restriction (Article 18 GDPR): you have the right to obtain restriction of processing where you contest accuracy (for the period needed to verify); processing is unlawful and you oppose erasure; we no longer need the data but you require them for legal claims; or you have objected pending verification whether our legitimate grounds override yours. (5) Right to data portability (Article 20 GDPR): you have the right to receive personal data you provided in a structured, commonly used and machine-readable format and to transmit them to another controller where processing is based on consent or contract and carried out by automated means. (6) Right to object (Article 21 GDPR): you have the right to object at any time to processing based on legitimate interests or public-interest tasks for reasons relating to your situation; we will stop processing unless we demonstrate compelling legitimate grounds or processing is necessary for legal claims. You have an absolute right to object to processing for direct marketing, including related profiling. (7) Right to withdraw consent (Article 7(3) GDPR): where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. (8) Right not to be subject to automated decisions (Article 22 GDPR): you have the right not to be subject to decisions based solely on automated processing, including profiling, with legal or similarly significant effects, subject to certain exceptions. (9) Right to lodge a complaint (Article 77 GDPR): you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

Come esercitare i tuoi diritti

To exercise any of your data protection rights, please submit your request: (1) by email to the contact address in the Data controller section above; (2) using the dedicated contact form on our website; (3) by post to the postal address in the Data controller section; or (4) by contacting our Data Protection Officer, if appointed. Your request should clearly identify which right(s) you wish to exercise and provide sufficient information to allow us to identify you and locate your personal data. We will respond without undue delay and in any event within one month of receipt, in accordance with Articles 12 and 15–22 GDPR. That period may be extended by two further months where necessary taking into account complexity and number of requests. If we extend the period, we will inform you of the extension and reasons within one month of receipt. For security and to protect against fraudulent requests, we may request additional information to verify your identity before responding, particularly for access, erasure or portability requests. Where we have reasonable doubts about your identity, we may request further information needed to confirm it. We provide information and respond to requests free of charge. However, if requests are manifestly unfounded or excessive, in particular because of repetition, we may: (i) charge a reasonable fee taking into account administrative costs; or (ii) refuse to act on the request, in which case we will demonstrate the manifestly unfounded or excessive character. If we take no action on your request, we will inform you without delay and at the latest within one month of the reasons for not acting and of the possibility to lodge a complaint with a supervisory authority and to seek a judicial remedy.

Withdrawal of consent and cookie management

You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal. You can change and manage your consent choices and preferences at any time through: (1) Cookie preference interface: use the cookie consent tool shown in our website footer or via a dedicated preferences button. This lets you review, enable or disable cookie categories and update consent choices. (2) Browser settings: you can configure your browser to refuse all or some cookies, alert you when cookies are set or delete cookies already set. Disabling cookies may affect functionality and limit certain features. Instructions for managing cookies are available in your browser’s help section. (3) Opt-out mechanisms: for specific services, analytics or advertising partners, you may use their opt-out mechanisms; links are provided in the services and cookies table below and in our Cookie Policy. (4) Email preferences: you can unsubscribe from marketing emails using the unsubscribe link in each marketing message or by updating email preferences in your account settings. (5) Account settings: if you have an account, you can manage communication preferences, privacy settings and data-sharing options there. Withdrawal of consent or opt-out from certain processing does not affect: processing necessary to perform a contract with you; processing based on legal obligations; processing based on legitimate interests (though you may still have a right to object); or lawfulness of processing before consent was withdrawn. Even if you unsubscribe from marketing, we may still send service-related, transactional and administrative messages necessary for your use of the services. Withdrawing consent for essential cookies needed for service operation may result in limited functionality or unavailability of certain features.

Dati dei minori

Our services are not directed at, designed to attract, or aimed at children below the age at which valid consent for processing personal data is required under applicable law. In the European Union, that age is generally 16, although Member States may set a lower age by law (not below 13). We do not knowingly collect, use or disclose personal data of children below the applicable age of consent without verifiable parental or guardian consent. Where processing of children’s personal data is necessary for information society services, it is lawful only where consent is given or authorised by the holder of parental responsibility, and we make reasonable efforts to verify that consent, taking account of available technology. If we become aware that we have inadvertently collected personal data of a child below the applicable age without adequate authorisation, valid parental consent or another lawful basis, we will promptly: (i) delete the information as soon as possible; (ii) not use or disclose it for any purpose; (iii) cease any profiling or tracking; (iv) investigate how the data were collected and take steps to prevent recurrence; and (v) take any further steps required by applicable law and supervisory guidance. We encourage parents and guardians to monitor children’s online activities and to help enforce this policy by instructing minors never to provide personal information through our services without permission. If you believe a child below the applicable age has provided personal data to us, contact us immediately using the details in this notice and we will take appropriate action.

Personal data breach handling

We maintain comprehensive procedures and response plans to detect, assess, report, investigate, respond to and mitigate personal data breaches in accordance with Articles 33 and 34 GDPR. A personal data breach means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. Our breach handling procedures include: (1) Detection and assessment: monitoring systems and security controls to detect potential breaches; procedures for employees, contractors and processors to report suspected breaches; rapid assessment of nature, scope and likely consequences; determination of risk or high risk to rights and freedoms. (2) Notification to supervisory authority (Article 33 GDPR): where a breach is likely to result in a risk to rights and freedoms, we notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware. If notification is not made within 72 hours, we provide reasons for the delay. The notification includes: the nature of the breach including categories and approximate numbers of data subjects and records concerned; contact details of our DPO or other contact point; likely consequences; and measures taken or proposed to address the breach and mitigate adverse effects. (3) Communication to data subjects (Article 34 GDPR): where a breach is likely to result in a high risk, we communicate the breach to data subjects without undue delay in clear and plain language, describing the nature of the breach, providing DPO or contact details, describing likely consequences and measures taken or proposed. Communication is not required where we have implemented appropriate technical and organisational protection (such as encryption) rendering data unintelligible to unauthorised persons; we have taken subsequent measures ensuring the high risk is unlikely to materialise; or it would involve disproportionate effort, in which case we make a public communication or similar measure. (4) Internal documentation: we document all personal data breaches, including facts, effects and remedial action, to enable the supervisory authority to verify compliance with Article 33 even where notification is not required. (5) Investigation and remediation: root-cause analysis; corrective and preventive measures; review and update of security measures; training to prevent recurrence. (6) Processor obligations: our DPAs require processors to notify us without undue delay after becoming aware of a breach affecting our data, enabling us to meet our notification obligations.

Contacting the supervisory authority

Under Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes data protection law or that your privacy rights have been violated. You may lodge a complaint with a supervisory authority: (i) in the EU Member State of your habitual residence; (ii) at your place of work; or (iii) where the alleged infringement occurred. This right is without prejudice to other administrative or judicial remedies, meaning you may bring a complaint in addition to or instead of seeking remedies in court. The competent supervisory authority in each EU and EEA Member State is responsible for monitoring GDPR application, handling complaints, conducting investigations and imposing administrative fines for violations. The supervisory authority receiving the complaint will inform you of progress and outcome, including the possibility of a judicial remedy. Contact details, complaint forms and procedures for all EU and EEA supervisory authorities are available on the European Data Protection Board website at https://edpb.europa.eu/about-edpb/about-edpb/members_en. We are committed to cooperating with supervisory authorities and resolving any complaints or concerns about our processing practices. If you have concerns, we encourage you to contact us first so we can try to resolve the matter directly. However, you always have the right to lodge a complaint with a supervisory authority.

Governance e aggiornamenti dell'informativa

We are committed to keeping this privacy policy accurate, transparent and up to date, reflecting our current data processing practices and complying with applicable legal requirements. We review and update this privacy policy at least annually, or more frequently when: (i) our processing operations, purposes, legal bases or data flows change materially; (ii) new services, features or technologies are introduced; (iii) new legal requirements, regulations or guidance take effect; (iv) CJEU or national court case law affects our processing; (v) the EDPB or national authorities issue new guidance, recommendations or binding decisions; or (vi) other circumstances require updates to maintain alignment with the GDPR, ePrivacy Directive and related national and sectoral frameworks as in force in October 2025. When we make material changes that may affect your rights or how we process your personal data, we will communicate updates through one or more of: (1) a prominent notice on our website or services; (2) direct email to registered users; (3) in-app notifications; (4) a request to renew consent where processing is based on consent and changes affect scope or purposes; or (5) other appropriate means to ensure you are informed. For minor non-material updates (such as formatting, clarifications, contact detail changes or organisational changes that do not affect processing), we may simply update the policy and change the “last updated” date without separate notice. We encourage you to review this privacy policy periodically. The current version is always available on our website. Previous versions may be available on request.

Servizi e cookie

Last update

This privacy policy was generated on 25 March 2026 15:35.