We therefore invite you to carefully review the following information.

Data Controller and Data Protection

The Data Controller is Salice Consulting, office in Milan (MI), Via Edmondo De Amicis, No. 59 (20123). The Data Controller can be contacted by sending a registered letter with acknowledgment of receipt to the above address or via email at silvia@saliceconsulting.com.

This Privacy Policy applies to the website saliceconsulting.com.

Types of Data Processed

Salice Consulting collects the following personal data through the website: name, surname, gender, date of birth, phone number, email, profile image, usage data, cookies, geographic location, IP address, and others.

Some types of personal data may be freely provided by users when requesting a specific service. Additional data may be required by the web management system to fully access the services offered, while other data is automatically collected during website use through Google Analytics. The full list of data processed through this tool and data protection details can be found on the respective Google Analytics page.

Unless otherwise specified, all data requested by the website is mandatory for its regular use. Users have the discretion to provide personal data when completing optional fields.

The use of cookies or tracking tools by third-party service providers is aimed at delivering the requested service. For more information on cookies, please consult the relevant section.

Users assume responsibility for any third-party personal data obtained, published, or shared and guarantee they have the right to communicate and/or disclose such data, releasing the Data Controller from any liability toward third parties.

The personal data provided will be processed for the following purposes:

i) fulfillment of contractual obligations;

ii) compliance with accounting and tax obligations;

iii) supplier management (supplier administration, contract management, orders, deliveries, and invoicing);

iv) customer management (customer administration, contract management, orders, shipments, invoicing, creditworthiness, and solvency control);

v) legal and financial processing of personnel;

vi) litigation management (contractual breaches, legal notices, settlements, debt recovery, arbitrations, and legal disputes);

vii) compliance with legal obligations;

viii) legitimate interest of the Data Controller.

Data Disclosure and Distribution

For the purposes outlined above, the collected data may be shared with third parties—properly designated as Data Processors—whose details will be provided upon request. These may include, for example, IT and telecommunication service companies, data archiving and storage companies, printing and mailing service providers, email management companies, judicial or administrative authorities, lawyers, consultants, affiliated or subsidiary companies, risk assessment agencies, auditing firms, and trade associations.

Beyond these cases, your personal data will not be disclosed or distributed without explicit consent.

Processing Methods

Data processing will be carried out both manually and electronically, in compliance with the principles of lawfulness, fairness, necessity, and relevance as required by current regulations.

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of processed data.

Hosting

System data enabling proper website operation is stored on cloud servers, such as Amazon AWS.

•Data processing location: Ireland

•Data processing and privacy policy: AWS Data Privacy FAQ

Direct Registration and Authentication

We collect and store the following information: name, surname, date of birth, email, and phone number.

Data Retention

Salice Consulting will process personal data for the time strictly necessary to fulfill the above purposes or for the period required to comply with legal obligations, unless further retention is necessary to meet regulatory or authority requirements.

Data Processing Location and Data Circulation

The management and storage of personal data will take place on servers used by Salice Consulting and/or third-party companies designated as Data Processors, located both within and outside the European Union.

Regarding potential extra-EU data transfers, the Data Controller ensures that such transfers comply with legal provisions through agreements guaranteeing an adequate level of protection and the adoption of standard contractual clauses issued by the European Commission.

Refusal to Provide Data

Please note that failure to consent to the specified data processing may prevent the completion of contractual relationships or requested services.

Data Subject Rights

Under applicable laws, data subjects have the right to:

•Obtain confirmation as to whether personal data concerning them exists, even if not yet recorded, and receive it in an intelligible form.

•Receive information on:

a) the source of personal data;

b) the purposes and methods of processing;

c) the logic applied in case of electronic processing;

d) the identification details of the Data Controller, Data Processors, and designated representatives under Article 3, Paragraph 1 of the GDPR and Legislative Decree 101/2018;

e) the entities or categories of entities to whom personal data may be disclosed or who may access it as designated representatives, Data Processors, or authorized personnel.

•Obtain:

a) updates, corrections, or, if relevant, data integration;

b) deletion, anonymization, or blocking of unlawfully processed data, including data unnecessary for processing purposes;

c) confirmation that the operations under points a) and b) have been communicated to third parties, except where impossible or disproportionate to the protected right.

•Object, in whole or in part:

a) on legitimate grounds to the processing of personal data concerning them, even if relevant to the purpose of collection;

b) to the processing of personal data for sending advertising materials, direct sales, market research, or commercial communications, whether automated or traditional.

For marketing purposes, data subjects may choose to receive communications only via traditional methods, automated methods, or neither.

•Where applicable, exercise rights under Articles 16-21 of the GDPR, including the right to rectification, erasure (“right to be forgotten”), restriction of processing, data portability, and objection, as well as the right to file a complaint with the Data Protection Authority.

Changes to the Privacy Policy

New regulations or updates to our services may require modifications to this Privacy Policy.

Therefore, this document may be updated over time. Users are encouraged to check the dedicated Privacy Policy page on our website saliceconsulting.com/privacy-policy for any changes.