Information on the processing of personal data.

Data controller.

The data controller is the company behind the Longevilife project (name, registered office and VAT/Tax code being finalised).

For any matter relating to the processing of your data you may write to the controller's privacy email, being activated. The appointment of a Data Protection Officer (DPO), if any, is under assessment: the reference will be published here only if such a figure is appointed.

The controller's identifying details are being finalised. Whether or not to appoint a DPO is subject to legal assessment; if not appointed, the related reference will be removed.

What data we collect.

We process only the data you provide and the minimum data necessary for the site to function, in line with the data minimisation principle.

Categories of data processed: data submitted through the contact and request forms (general contact, "Become a partner", "Request access to the dossier"); technical browsing data strictly necessary for security and operation; cookies and technical identifiers described in the Cookie Policy.

We do not collect health-related data through this site. Should the forms collect health information in the future, a specific legal basis and a dedicated notice pursuant to Art. 9 GDPR will be required.

Categories of data.

• —Form dataFirst and last name, email, organisation/facility, role, country/city, phone (if provided) and message. The type and number of fields vary by form.
• —Technical browsing dataIP address, browser/device type and server log data, necessary for security and the correct functioning of the site.
• —Cookies / technical identifiersOnly necessary technical identifiers. For details see the Cookie Policy.

Why we process data and on which legal basis.

Each purpose is matched to a specific legal basis pursuant to Art. 6 GDPR.

Below are the purposes of processing and, for each, the legal basis on which it relies.

The exact qualification of the legal basis (pre-contractual measure vs legitimate interest) for B2B leads and any reliance on consent is being defined with legal counsel.

Purposes of processing.

• —Responding to your requests via the forms and managing the contactPre-contractual measures at your request / legitimate interest in providing a response (Art. 6.1.b / 6.1.f GDPR).
• —Qualifying and managing partnership requests or requests to access reserved materialsPre-contractual measures at your request (Art. 6.1.b GDPR).
• —Ensuring site security, abuse/spam prevention and technical logsLegitimate interest of the controller (Art. 6.1.f GDPR).
• —Legal obligationsCompliance with a legal obligation (Art. 6.1.c GDPR).
• —Non-essential analytics / marketing, if activatedConsent (Art. 6.1.a GDPR), revocable at any time; see the Cookie Policy.

Optional or mandatory provision.

Providing the data marked as mandatory in the forms is necessary to act on your request: without it we cannot reply to you. The other fields are optional and not providing them has no consequences for handling your request.

How we process data and with whom.

Data is processed by electronic means and with appropriate security measures. It may be accessed by the controller's authorised staff and by suppliers acting as data processors pursuant to Art. 28 GDPR, appointed under a specific agreement.

By way of example, such suppliers may include: hosting/cloud, transactional email delivery, any anti-spam and any CRM (once activated). We do not transfer your data to third parties for marketing purposes.

The list of actual suppliers (hosting, email, analytics, anti-spam) and the data processor appointments under Art. 28 GDPR are being defined.

Transfers outside the EU.

We favour suppliers and storage within the European Union.

Some technical suppliers may process data outside the EU: in such cases the transfer only takes place where adequate safeguards under Chapter V GDPR are in place (an adequacy decision or the European Commission's Standard Contractual Clauses, with supplementary measures where necessary).

Some of the site's target markets are outside the EU. The site is informational and the forms collect B2B contact data; the mere availability of the site in non-EU languages does not in itself constitute a transfer, but the handling of leads from those markets does.

Relevant for non-EU markets: should CRM, analytics or non-EU recipients be activated in the future, each transfer will be mapped, the countries and applied safeguards indicated, and this section updated.

How long we keep data.

We retain form data for as long as necessary to handle your request and, in the case of a pre-contractual or contractual relationship, for the periods set by law. Log data is retained for the time strictly necessary for security.

Specific retention periods (e.g. for unconverted leads) are being defined with legal counsel.

The rights of the data subject.

You may exercise the rights provided under Arts. 15-22 GDPR by writing to the controller's privacy email, being activated.

You also have the right to lodge a complaint with the competent supervisory authority. In Italy this is the Garante per la protezione dei dati personali (www.garanteprivacy.it).

Rights you may exercise.

• —AccessObtain confirmation of processing and a copy of your data (Art. 15).
• —RectificationCorrect inaccurate data or complete incomplete data (Art. 16).
• —ErasureRequest erasure of data in the cases provided for (Art. 17).
• —RestrictionRequest restriction of processing in the cases provided for (Art. 18).
• —PortabilityReceive your data in a structured format and transmit it to another controller (Art. 20).
• —ObjectionObject to processing based on legitimate interest (Art. 21).
• —Withdrawal of consentWithdraw consent at any time, without affecting the lawfulness of processing carried out beforehand (Art. 7).
• —Complaint to the supervisory authorityLodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

Changes to this notice.

We may update this notice; the version in force is always published on this page together with the relevant update date.