Maximum Transparency for Your Security: Complete Privacy and Cookie Usage Policy from CARDS-XYZ

Last updated: September 16, 2025

Considering the utmost importance of your privacy, we at CARDS-XYZ S.r.l.s. UNIPERSONALE are committed to protecting your personal information with the utmost diligence. This policy has been created to provide you with total clarity on how we manage your data. We explain in a simple and direct way: what data we collect, why they are necessary to provide you with our excellent services and how we secure them against any unauthorized access. It is essential to know that this policy applies exclusively to data collected directly by us. Any link, advertisement or content from third parties accessible through our site is subject to their respective privacy policies, over which we have no control. Your trust is our most valuable asset.

1. Identity and Contacts of the Data Controller (Who Processes Your Data?)

The Data Controller is CARDS-XYZ S.r.l.s. UNIPERSONALE, with registered office in Via PRATOMAGNO Pal. 27 n. 4, 98121 Messina (ME). You can contact us for any need or question regarding your data by sending an email to cards-xyz@pec.it or calling +39 090 919 8812. We are always at your disposal to ensure maximum transparency.

2. Why Do We Use Your Data? (Purpose of Processing and Legal Basis)

Your data is processed exclusively for the following essential purposes:

• Contract and Service Management: To impeccably fulfill all obligations arising from the contract you have entered into with us or to manage your specific pre-contractual requests (Legal Basis: Contract Execution).
• Legal and Fiscal Compliance: To fulfill all legal, regulatory and normative obligations, including accounting and fiscal needs (Legal Basis: Legal Obligation).
• Commercial Communications and Marketing (Only with Consent): To send you updates, exclusive promotions or newsletters related to our products and services, but only if you have expressed a free and specific consent (Legal Basis: Consent of the Data Subject).
• Analysis and Service Improvement (Legitimate Interest): To analyze the use of our website (through anonymized or aggregated data) and constantly improve the user experience, service effectiveness and site security (Legal Basis: Legitimate Interest).

3. How Do We Process Your Data? (Methods, Logic and Retention)

The processing of your data takes place with the aid of electronic and paper tools, always in compliance with the principles of correctness, lawfulness and transparency. The processing logic is strictly related to the purposes indicated above. Your data is not subject to automated decision-making processes that produce legal effects concerning you.

Retention Period: We retain your data only for the time strictly necessary to achieve the purposes for which it was collected. For example, data necessary for contractual or fiscal compliance will be retained for the period provided by current laws (typically 10 years). Data processed for marketing purposes (consent) will be retained until your consent is revoked.

4. What Data Do We Collect? (Categories of Personal Data Processed)

Based on your interaction with our site and our services, we may collect the following categories of data:

• Identification and Contact Data: Name, Surname, Email Address, Phone Number, Residence/Domicile Address, Tax Code/VAT Number (necessary for invoicing and contract execution).
• Navigation Data (Cookies): Information collected automatically during site use, such as IP address, browser used, operating system, access time and pages visited. This data is used to derive anonymous statistical information on site use and to check its correct functioning (see "Cookie" section).
• Data Voluntarily Provided by the User: Data included in any messages sent through contact forms or via email.

5. Use of Cookies and Other Tracking Technologies (Your Optimal Experience)

Our website uses cookies to improve your browsing experience. Cookies are small pieces of data stored on your device. We distinguish between:

• Technical Cookies (Essential): Necessary for the correct functioning of the site. They do not require your prior consent.
• Analytical Cookies (Anonymous): Used to collect statistical information in aggregate form on site use (e.g., number of visitors, most viewed pages). If these cookies are managed in such a way as not to identify the user (e.g., IP anonymization), they do not require consent.
• Profiling and Third-Party Cookies (Optional): Used to create user profiles and send advertising messages in line with preferences expressed by the user during navigation. These cookies require your prior consent.

You have full control: you can choose at any time to accept or reject cookies by modifying your browser settings or using our possible consent banner. Your navigation, your rules.

6. Who Can Access Your Data? (Recipients and Transfer)

Your personal data is processed by the Data Controller and, where strictly necessary, may be communicated to external parties (Recipients) who operate on our behalf and under our instructions (Data Processors). These include:

• Accounting and fiscal consultants.
• IT service providers, hosting and site maintenance.
• Judicial Authorities or Supervisory Bodies, in compliance with legal obligations.

We guarantee that all external parties processing your data are bound by strict contractual agreements on privacy and security. Your data is processed mainly within the European Union (EU). If a transfer to non-EU countries is necessary, we will ensure the adoption of adequate guarantees (e.g., Standard Contractual Clauses or adequacy decisions).

7. Your Inalienable Rights (How to Exercise Control Over Your Data)

As a Data Subject, the law recognizes you a series of rights that allow you to maintain full control over your data. You can exercise the following rights at any time:

• Obtain confirmation of existence and access to your personal data (Right of Access);
• Obtain rectification of inaccurate personal data or integration of incomplete ones;
• Obtain deletion of data (Right to be Forgotten) in the presence of specific reasons;
• Obtain limitation of processing (e.g., in case of dispute over data accuracy);
• Obtain copy of data in a structured, commonly used and machine-readable format (Right to Data Portability);
• Oppose processing in the cases provided (Right of Opposition), in particular to processing for direct marketing purposes;
• Revoke consent at any time, without prejudice to the lawfulness of processing based on consent given before revocation;
• Lodge a complaint with the Data Protection Authority (Supervisory Authority).

To exercise your rights simply and quickly, you can:

• access your reserved area, if available;
• contact us immediately with PEC email at cards-xyz@pec.it;
• write a registered letter to: CARDS-XYZ S.r.l.s. UNIPERSONALE, with registered office in Via PRATOMAGNO Pal. 27 n. 4, 98121 Messina (ME).

8. Maximum Data Security (Our Priority)

We adopt state-of-the-art technical and organizational measures to protect your personal data against unauthorized access, alterations, accidental losses or unauthorized disclosures. When you create an account on our portal, the initial password is sent to you automatically. We strongly recommend that you access your reserved area and change it immediately by choosing a strong and secure password, combining uppercase, lowercase letters, numbers and symbols. Your security is part of our responsibility.

9. Updates to the Policy (Stay Always Informed)

CARDS-XYZ S.r.l.s. UNIPERSONALE reserves the right to update and improve this privacy policy at any time, in response to regulatory changes or evolutions of our services. Changes will be published immediately on this page, accompanied by the date of the last update. We recommend that you consult it periodically to always be aware of our data protection practices.