(Art. 13 of Regulation (EU) 679/2016)Last updated on 02/12/2024This privacy policy, prepared pursuant to Legislative Decree 196/2003 and subsequent amendments ("Privacy Code") and the EU General Data Protection Regulation 679/2016 ("GDPR"), outlines how Twini AI S.r.l. (hereinafter referred to as the "Controller" or the "Company") will process the Personal Data of Customers who have purchased access to the "Twini AI" Software and Services, with the acceptance of the General Terms and Conditions that govern their use ("Contract"), to which this privacy policy is an annex.1. Data ControllerThe Data Controller is Twini AI S.r.l., with registered office in Rome (RM), Via Example No. 50 – ZIP 00100, VAT No. 12345678901. Any requests, clarifications, or information regarding the processing of Personal Data can be addressed at any time to the following email address: info@twini.ai.2. Categories of Data Subjects and Personal Data ProcessedThe Personal Data processed concerns exclusively the Customer and any related parties, such as: agents; CEOs; founders; employees and/or collaborators authorized by the Customer to use the access credentials to the Software and Services.The Data Controller processes the Personal Data relating to the Customer and any related parties for the purposes detailed in the following article, including: identification, demographic, and contact data, banking and tax data; billing data, data relating to the use of the "Twini AI" Software and Services.3. Purposes of Processing and Legal BasisSubscription to Software and Services The legal basis for this processing is the execution of the Contract to which the Customer is a party or pre-contractual measures adopted at their request, and to comply with related legal obligations (Article 6 (1) (b) and (c) GDPR).The refusal by the Customer to provide their Personal Data will make it impossible to conclude the Contract and, consequently, impossible for the Customer to use the "Twini AI" Software and Services.Responses to Customer Requests Personal Data will be processed to respond to requests sent by Customers to the Controller's contacts or through the functionalities provided by the Software, including support requests regarding the Software and Services.The legal basis for this processing is the necessity to execute the Contract to which the Customer is a party and/or pre-contractual measures adopted at their request (Article 6 (1) (b) GDPR).The processing of Personal Data as described is mandatory to respond to the Customer's requests.Extraordinary Operations If necessary, Personal Data may be processed for purposes related to the evaluation and/or participation in extraordinary operations (such as mergers, acquisitions, sales, and demergers).The legal basis for this processing is the legitimate interest of the Data Controller to evaluate and/or participate in extraordinary operations (Article 6 (1) (f) GDPR).Right to Defense When necessary, Personal Data may be used to ensure the Data Controller's right to defense in judicial (including arbitration) proceedings concerning any disputes relating to the execution of the Contract and the commercial relationship with the Customer.The legal basis for this processing is the legitimate interest of the Data Controller in defending itself in judicial proceedings (Article 6 (1) (f) GDPR).Customer Satisfaction Surveys The Data Controller may conduct customer satisfaction surveys to ask Customers to evaluate the Software and Services purchased. Participation in customer satisfaction surveys is optional, and the Personal Data collected may be used to improve the products and services offered by the Data Controller.The legal basis for this processing is the legitimate interest of the Data Controller to keep its Customers satisfied with the Software and Services purchased.Soft Marketing Communications Personal Data will be processed to send, exclusively via email, commercial, promotional, and advertising communications regarding products and services of the Data Controller similar to those already purchased or used by the Customer.Pursuant to Article 130 (4) of the Privacy Code, the legal basis for this processing is the legitimate interest of the Data Controller to keep its Customers informed and updated about offers of products and services similar to those purchased by the Customer, as well as promotions and/or initiatives promoted by the Data Controller.At any time, the data subject can object to the processing carried out for the purpose described above, easily (by following the procedure indicated in each commercial communication or using the contact details of the Controller provided in this Privacy Policy) and without any cost.Marketing Personal Data will be processed to send, via email and/or SMS, messages containing informational, promotional, commercial, advertising material relating to the Data Controller's products and services, even those not similar to those purchased by the Customer.The processing of Personal Data for the purpose of sending the newsletter will only be possible with the explicit, free, and informed consent of the Customer, which can be given by ticking the relevant box within this Privacy Policy.Failure to provide consent does not prevent the Customer from concluding the Contract and using the "Twini AI" Software and Services. Consent to the processing of Personal Data can be revoked at any time by writing to the Data Controller at the contact details provided in this Privacy Policy or by following the procedure indicated in each commercial communication. In any case, the revocation of consent will not affect the lawfulness of the processing activities carried out by the Data Controller up to that point.4. Processing Methods and Retention PeriodThe Data Controller will process the Personal Data of Customers in compliance with the principles of fairness, lawfulness, and transparency, as prescribed by Article 5 of the GDPR. Customers' Personal Data will be processed in paper and/or digital form exclusively for the purposes identified in this privacy policy, and no processing of Personal Data for additional purposes will be carried out. Customers' Personal Data will be retained only for the time necessary to achieve the purposes for which they were collected, as detailed in this privacy policy.5. Security MeasuresTaking into account the nature, scope, context, and purposes of the processing of Customers' Personal Data, as well as the potential risks posed by the processing, the Data Controller has adopted appropriate technical and organizational measures to ensure the utmost confidentiality, integrity, and correctness of the Personal Data being processed, also to protect it from the risk of violations and unauthorized access, in compliance with Article 32 of the GDPR.6. Recipients of Personal DataCustomers' Personal Data may be communicated, where strictly necessary, to the following categories of recipients:Subjects authorized and instructed in the processing of Personal Data pursuant to Article 29 of the GDPR (such as employees and/or collaborators of the Data Controller). Personal Data will only be accessible to those who need it due to their job role or position.External consultants (such as labor consultants, legal consultants, tax consultants, social security consultants, banks, and insurance companies) and/or suppliers.Legal, tax consultants, third-party companies in the context of extraordinary operations such as mergers, acquisitions, sales, and demergers. Communication to these subjects will be carried out to allow the feasibility assessment of each operation, imposing confidentiality obligations on such third parties to protect Personal Data.Administrative, supervisory, and/or judicial authorities.7. International Transfers of Personal DataCustomers' Personal Data is not transferred or stored outside the European Economic Area (EEA). If it becomes necessary to transfer Personal Data outside the EEA, it will only be transferred to third countries for which the European Commission has adopted an adequacy decision, or – in the absence – only after the adoption of appropriate measures as provided by Title V, Articles 46 et seq. of the GDPR.8. Your RightsAt any time, Customers can contact the Data Controller at the following email address: info@twini.ai, to exercise their rights, guaranteed by Articles 15 et seq. of the GDPR, as detailed below:Right of access;Right to rectification of inaccurate and/or incomplete Personal Data;Right to erasure (also known as the "right to be forgotten");Right to restriction of processing;Right to data portability;Right to object to the processing of their Personal Data;Right to lodge a complaint with a supervisory authority for data protection.The data subject, having read the Privacy Policy: consents to the processing of their Personal Data for marketing purposes, including the receipt of promotional and commercial communications from the Data Controller.