Pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR) and applicable national and EU legislation

I. Data Controller

The Data Controller is Neosperience S.p.A., with registered office at Via Orzinuovi 20, 25125 Brescia (BS), Italy – VAT and Tax Code IT02792030989 – represented by its legal representative pro tempore.

For any inquiries regarding the processing of your personal data, you may contact the Data Controller at: privacy@neosperience.com.
For further information, please refer to our website: www.neosperience.com.

Neosperience S.p.A. ensures the processing of personal data in compliance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, integrity, confidentiality, and accountability.

II. Type and Source of Personal Data Processed

Browsing data:
The IT systems and software procedures used to operate the website (www.neosperience.com, hereinafter "the Site") automatically acquire some personal data during their normal operation. This data, transmitted implicitly through Internet communication protocols, may include IP addresses, domain names of devices used by users, URI addresses of requested resources, timestamps, request methods, server responses, and user environment details. Although not collected to identify users, this data could potentially lead to user identification through processing and association with third-party data. These data are used solely for anonymous statistical purposes and to ensure the Site functions correctly. They are deleted shortly after processing unless used for investigating suspected cybercrime. Normally, such data are retained no longer than seven days.

Data voluntarily provided by the user:

Personal data may be voluntarily submitted via:

• Contact forms on the Site
• Completion of the "new customer registration form"
• Communication within the scope of a contractual relationship

These data may include:

• Identification data (e.g. first name, surname, company name, company type, business address)
• Contact details (e.g. telephone number, email, certified email [PEC])
• Fiscal and financial data (e.g. VAT and tax codes, bank and payment details, invoice codes)
• Details of legal representatives, employees, or collaborators involved in contract-related activities

Sensitive personal data (e.g. racial or ethnic origin, political opinions, religious beliefs, health data) are not collected. Please refrain from submitting such data.

The processing of minors’ personal data is lawful only from the age of 16. Data relating to children under 16 will only be processed with the explicit consent of their parents or guardians.

III. Purposes of Data Processing

Your personal data may be processed for the following purposes, based on your explicit consent or another lawful basis under Article 6 of GDPR:

a) Managing contact requests, and establishing or executing contractual relationships for the provision of services or products.
Legal basis: performance of a contract (with the customer) or legitimate interest (for data of customer employees or collaborators)

b) Compliance with legal, tax, and fiscal obligations related to business operations.
Legal basis: compliance with legal obligations

c) Defence or enforcement of legal rights in judicial or administrative proceedings, or alternative dispute resolution.
Legal basis: legitimate interest of the Data Controller

d) Statistical and analytical research on aggregated or anonymised data, aimed at improving the Site’s functionality and service quality.
Legal basis: legitimate interest of the Data Controller

e) Promotional communications regarding products or services offered by Neosperience S.p.A. or its affiliates.
Legal basis: data subject’s consent

Note: Failure to provide required personal data for the purposes listed in points a), b), c), or d) may prevent Neosperience S.p.A. from responding to your requests or from initiating or fulfilling a contract.

Processing for marketing purposes (e) will only take place with your explicit consent.

IV. Processing Methods and Data Retention

Personal data are processed primarily through electronic means, including the use of the HubSpot CRM platform (www.hubspot.com/products/crm). Processing is carried out by authorised personnel or data processors formally appointed under Articles 28 and 29 of the GDPR.

Data are retained only for the time necessary to fulfil the specified purposes and, after the end of the contractual relationship, only for the period required by applicable laws and regulations to protect legal rights and obligations.

Neosperience S.p.A. adopts appropriate technical and organisational measures to safeguard personal data, in accordance with Article 32 of GDPR.

V. Data Disclosure and Transfer

Personal data will not be publicly disclosed. However, data may be shared, without requiring specific consent, with third parties necessary for the fulfilment of the stated purposes. These include:

• Parent, subsidiary or affiliated companies
• Service providers for IT, banking, financial, archiving, consulting, or support services (including outsourced providers)
• Competent administrative, judicial, or public authorities

Data may be transferred outside the European Economic Area (EEA) only to countries with adequate data protection as recognised by the European Commission or under appropriate safeguards such as standard contractual clauses.

VI. Data Subject Rights

As a data subject, you may exercise your rights under Articles 15–22 of the GDPR, including:

• Access to your personal data
• Rectification or erasure of data
• Restriction or objection to processing
• Data portability
• Withdrawal of previously given consent
• Lodging a complaint with a supervisory authority.

To verify your identity before complying with a request, we may ask for appropriate identification details.

You can exercise your rights by contacting: privacy@neosperience.com