1. Data Controller

The Data Controller of personal data is:

AgriAssay

A division of LAMA Laboratorio Analisi Merceologico Ambientali SaS

Viale Roma 70, Velletri (RM), Italy

Email: info@agriassay.com

(hereinafter, the “Controller”)

2. Types of Data Processed

The Controller processes the following categories of personal data:

a) Browsing data

Collected automatically during the use of the website:

· IP address

· browser and device type

· operating system

· date and time of access

· pages visited and browsing behavior

b) Data voluntarily provided by the user

· first and last name

· email address

· phone number

· company/organization

· address

· any data entered in forms

c) Cookie-related data

For more information, please refer to the Cookie Policy.

3. Purposes of Processing and Legal Bases

Personal data are processed for the following purposes:

3.1 Provision of requested services

· management of contact requests

· sending information or quotations

· website registration

Legal basis: performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR)

3.2 Compliance with legal obligations

· tax, accounting, and administrative obligations

Legal basis: legal obligation (Art. 6(1)(c) GDPR)

3.3 Statistical analysis and website security

· monitoring website usage

· prevention of abuse and fraud

Legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR)

3.4 Marketing activities (where applicable)

sending newsletters

promotional communications

Legal basis: consent of the data subject (Art. 6(1)(a) GDPR)

4. Processing Methods

Processing is carried out using electronic and/or manual tools, in compliance with the principles of:

· lawfulness, fairness, and transparency

· purpose limitation

· data minimization

· accuracy

· storage limitation

· integrity and confidentiality

5. Data Retention Period

Personal data are retained for the time strictly necessary to achieve the purposes:

· contact data: up to 12 months from the request

· contractual data: up to 10 years (legal obligations)

· marketing data: until consent is withdrawn

· browsing data: generally up to 12 months

At the end of the retention period, data will be deleted or anonymized.

6. Provision of Data

The provision of data is:

· mandatory for contractual and legal purposes

· optional for marketing purposes

Failure to provide data may result in the inability to deliver the requested services.

7. Recipients of Data

Personal data may be disclosed to:

· IT and hosting service providers

· legal, tax, and administrative consultants

· competent authorities (where required by law)

These parties act as Data Processors or independent Controllers.

8. Data Transfers Outside the EU

Personal data may be transferred to countries outside the EEA (e.g., United States, Canada).

Such transfers are carried out in compliance with Articles 44 et seq. of the GDPR, through:

· European Commission adequacy decisions

· Standard Contractual Clauses (SCC)

· other appropriate safeguards provided by law

9. Data Subject Rights

The data subject may exercise, at any time, the following rights:

· right of access (Art. 15 GDPR)

· right to rectification (Art. 16 GDPR)

· right to erasure (Art. 17 GDPR)

· right to restriction of processing (Art. 18 GDPR)

· right to data portability (Art. 20 GDPR)

· right to object (Art. 21 GDPR)

· right to withdraw consent

The data subject also has the right to lodge a complaint with the Data Protection Authority.

10. Automated Decision-Making

The Controller does not use automated decision-making processes, including profiling, pursuant to Art. 22 GDPR.

11. Data Security

The Controller adopts appropriate technical and organizational measures pursuant to Art. 32 GDPR, including:

· protection systems against unauthorized access

· firewalls and IT security systems

· data access controls

· backup procedures

12. Links to Third-Party Websites

The website may contain links to third-party websites.

The Controller is not responsible for the data processing carried out by such websites.

13. Changes to the Privacy Policy

This Privacy Policy may be subject to changes.

Any changes will be published on the website and will take immediate effect.

14. Contacts

To exercise your rights or for any information:

info@agriassay.com

Privacy Policy

(pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 – “GDPR”)