Privacy Policy
Updated 30/10/2025
Data Controller
The Data Controller is Maffeis Engineering S.p.A. (hereinafter referred to as the “Controller”).
How to Exercise Your Rights
The Provider is the only entity authorized to perform the Maintenance Service.
Purpose
The purpose of this Privacy Policy, in accordance with Articles 13 and/or 14 of EU Regulation 2016/679 (General Data Protection Regulation – GDPR), is to inform data subjects about the processing of personal data that may be handled for the specific purposes described herein.
Types of Data and Purposes of Processing
The Controller may process personal identification data such as, but not limited to, name, surname, address, telephone number (landline and mobile), email, professional activity, economic and financial data, IP addresses, and preferences/opinions, for the following purposes:
Providing access to and use of the Software in accordance with the user license.
Improving the Software.
Creating statistical analyses regarding Software usage.
Ensuring or improving Software protection.
Establishing and performing pre-contractual and/or contractual relationships related to the marketing of the Controller’s products, components, and (digital) services.
Responding to information requests from interested parties about the Controller’s products.
Providing requested technical support, managing quality control, ensuring operational continuity and/or disaster recovery.
Communicating technical/commercial updates about purchased products, services, and digital content.
Creating and maintaining the user’s account to allow access to the Controller’s portals.
Ensuring the security of products and services, and protection against fraud.
Communicating extraordinary corporate or organizational operations related to the contractual relationship.
Fulfilling legal obligations to which the Controller is subject (e.g., tax, accounting, health and safety at work), managing contracts, payments, and invoices, handling disputes, group reporting, internal controls, management control, and certification.
Complying with orders from authorities, including inspections and investigations.
Conducting research and surveys.
Sending invitations to trade fairs and events promoted by the Controller.
Sending advertising and marketing information about products and services.
Methods of Data Processing
Data processing will be carried out through the following operations: collection, recording, organization, storage, consultation, selection, deletion, and destruction, using:
Automated methods such as software, email, SMS.
Non-automated methods such as regular mail, telephone with operator, or paper means.
Electronic tools such as computers, mobile phones, and smartphones.
Web platforms, applications, and cloud systems.
The Controller or designated Data Processors will retain data for as long as necessary to fulfill the above purposes. After that period, data may be anonymized or deleted. Data related to legal and tax obligations will be retained for the duration of the contractual relationship and beyond, as required by law.
Except for communications required by law or contract, data may be disclosed only for the purposes stated above to specific third parties such as consultants, public authorities, banks, and service providers. Data may also be shared with legally authorized recipients (e.g., judicial authorities) or entities necessary to fulfill contractual or regulatory obligations. Data will be handled by authorized personnel under the Controller’s supervision using both electronic and manual systems in accordance with Article 5 of the GDPR.
Data will not be publicly disclosed.
Data will not be transferred outside the European Union; however, if for technical or organizational reasons (e.g., server locations or group coordination) a transfer outside the EU is required, even to countries lacking adequate protection, the Controller commits to ensuring appropriate safeguards and protection, including the use of standard contractual clauses.
Data Subject Rights
Data subjects may exercise, in relation to the described processing, the rights provided under Articles 15–21 of the GDPR, including:
The right to access their data.
The right to update, modify, or correct their data (right of rectification).
The right to request deletion or limitation of data processed unlawfully, including data no longer necessary for the purposes collected (right to erasure and restriction).
The right to object to processing.
The right to lodge a complaint with the supervisory authority.
The right to receive a copy of their data in electronic format and request its transmission to another controller (data portability).
For these processing purposes, obtaining specific consent is not required, as processing is based on the legal grounds set out in Article 6(1)(b) of the GDPR (performance of a contract).
Consent to Data Processing
The data subject, having read and understood this Privacy Policy and its contents, gives consent to the processing of their personal data for the specified purposes.