Privacy Policy

1. Data Controller

The Data Controller is F2xp.com s.r.l., registered office at Via Sanda 67/C, 17015 Celle Ligure (SV), VAT ID IT02568630061, email info@f2xp.com, certified email (PEC) f2xp.com@pec.it (the "Controller").

2. Categories of personal data collected

• Browsing data: IP address, device and browser identifiers, technical logs, timestamps and metadata required for website operation and security.
• Data submitted through forms: full name, company, job role, email, phone number, ERP in use, CAD in use, and any additional information voluntarily provided.
• Data processed for technical consulting purposes: organizational, application and process information shared during assessment or preliminary analysis activities.

3. Purposes of processing

• Handling and responding to contact requests and technical consulting requests.
• Performing pre-contractual activities requested by the data subject or represented company.
• Complying with legal, tax, administrative and compliance obligations.
• Ensuring website and IT infrastructure security, integrity and availability.

4. Legal basis for processing

• Article 6(1)(b) GDPR: performance of pre-contractual measures.
• Article 6(1)(c) GDPR: compliance with legal obligations.
• Article 6(1)(f) GDPR: legitimate interest of the Controller in operational management and system security.
• Article 6(1)(a) GDPR: consent, where required by applicable law.

5. Processing methods and security measures

Processing is carried out using technical and organizational measures consistent with lawfulness, data minimization and storage limitation principles.

The Controller adopts appropriate technical and organizational measures pursuant to Article 32 GDPR, including access control, technical event logging, perimeter protection, backup procedures and incident handling.

Data is stored on servers located in the European Union.

6. Data retention period

Data is retained only for the time strictly necessary to perform the requested service and to comply with any related legal obligations.

After the retention period, data is deleted or anonymized.

7. Disclosure to third parties

Personal data is not disclosed to third parties without the explicit consent of the data subject.

8. Transfers outside the EU

Where necessary, transfers to non-EEA countries are carried out in compliance with Articles 44 et seq. GDPR, through appropriate safeguards, including Standard Contractual Clauses (SCCs) and supplementary measures where required.

9. Data subject rights

• Right of access.
• Right to rectification.
• Right to erasure.
• Right to restriction of processing.
• Right to data portability, where applicable.
• Right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

10. How to exercise rights

Requests may be sent to info@f2xp.com or to the certified email (PEC) f2xp.com@pec.it. The Controller will reply within the deadlines set out in Article 12 GDPR, after verifying the requestor's identity.

11. Policy updates

This notice may be updated due to regulatory, organizational or technological changes. The current version is published on this page with the relevant last update date.