In this section, for each purpose, we will provide you with the purpose of the processing, the related legal basis, the nature of the provision, and the retention period. 
a. Website Navigation. Purpose: to enable navigation and consultation of the Website. Legal basis: legitimate interest of the Data Controller pursuant to Art. 6, paragraph 1, letter f) of the GDPR. Nature of the provision: necessary to enable navigation of the Website. Failure to provide data will make it impossible to navigate the Website. Retention period: for the entire duration of the browsing session and for a maximum period of seven days, without prejudice to a further period if necessary to detect any cybercrimes. 
b. Contact information. Purpose: to contact the Data Controller via the appropriate section of the Website. Legal basis: to respond to your request pursuant to Art. 6, paragraph 1, letter b) of the GDPR (execution of pre-contractual or contractual measures adopted at the request of the data subject). Nature of the provision: necessary to contact the Data Controller. Failure to provide personal data, or partial provision of such data, may make it impossible for the Data Controller to respond adequately. Retention period: for the entire duration necessary to respond to your requests and for a maximum period of two years once the Data Controller has responded. 
c. Legal obligations. Purpose: Personal Data collected for other purposes will also be processed to fulfill the legal obligations to which the Data Controller is subject. Legal basis: Art. 6, paragraph 1, letter c) of the GDPR, as processing is necessary to fulfill the legal obligations to which the Data Controller is subject. Nature of the provision: once the data has been provided for other purposes, it will also be processed to fulfill such legal obligations. Retention period: in accordance with the obligations imposed by the Regulations and in any case for a maximum period of ten years from the last contact with the Data Controller. 
Your personal data may be processed if necessary and after your provision for the purposes set out above, to ascertain, exercise, or defend a right in court , based on the data controller's legitimate interest pursuant to Art. 6, paragraph 1, letter f) of the GDPR. In this case, your personal data will be retained until the conclusion of any proceedings or until the judicial order becomes enforceable, and in any case until it can produce its legal effects.

The Data Controller does not transfer your data to countries outside the European Economic Area. 
If any third parties are based or use cloud services in countries outside the European Union, we inform you that these countries have been verified as offering an adequate level of data protection, as established by specific decisions of the European Commission. 
The transfer of personal data to third parties residing or located in countries outside the European Union that do not ensure adequate levels of protection will be carried out only with the data subject's consent or following the execution of specific agreements between the Company and such third parties containing safeguard clauses and appropriate data protection safeguards—so-called "standard contractual clauses"—also approved by the European Commission, or if the transfer is necessary for the conclusion and performance of the contract between the Company and the data subject or for the management of their requests.

We inform you that you have the following rights in relation to the personal data covered by this privacy policy, as provided for and guaranteed by the Regulation: 

> Right of access and rectification (Articles 15 and 16 of the Regulation): You have the right to access your personal data and to request that it be corrected, amended, or supplemented. If you wish, we will provide a copy of the data we hold about you. 

> Right to erasure (Article 17 of the Regulation): In the cases provided for by applicable law, you may request the erasure of your personal data. Once we receive and review your request, we will cease processing and erase your personal data, if deemed legitimate. 

> Right to restriction of processing (Article 18 of the Regulation): You have the right to request restriction of processing of your personal data in the event of unlawful processing or if the accuracy of the personal data is contested by the data subject. 

> Right to data portability (Article 20 of the Regulation): You have the right to request that the Data Controller provide your personal data for the purpose of transmitting it to another Data Controller, in the cases provided for in the aforementioned article.

 
> Right to object (Article 21 of the Regulation): You have the right to object at any time to the processing of your personal data carried out on the basis of our legitimate interest, explaining the reasons justifying your request; before granting your request, the Company will evaluate the reasons for your request. 

> Right to lodge a complaint (Article 77 of the Regulation): You have the right to lodge a complaint with the competent Data Protection Authority if you believe that a violation of your rights regarding the processing of your personal data has occurred or is occurring. 
You can exercise your rights at any time by contacting the Data Controller and/or the DPO at the contact details indicated in this policy.

The Company adopts appropriate and preventive security measures to safeguard the confidentiality, integrity, completeness, and availability of the data subject's personal data. Technical, logistical, and organizational measures are implemented to prevent damage, loss, including accidental loss, alteration, improper, and unauthorized use of the processed data.

This privacy policy may be subject to changes and additions over time, as necessary due to new regulatory changes regarding personal data protection, or to the evolution/modification of the Company's operations.