This Privacy Policy (“Policy”) describes the processing carried out by Alia Cloud srl (hereinafter referred to as “Company” or “Alia-Cloud”) of personal data (“Data”) provided by users of the mobile application called “ALIA” (hereinafter, the “Application”), available on the App Store and Play Store, in accordance with the terms described in the license agreement regarding the use of the Application.

The personal data provided by users will be processed in compliance with the provisions of Legislative Decree No. 196 of June 30, 2003 (“Privacy Code”) and Regulation (EU) 2016/679 (hereinafter “GDPR”).

Alia-Cloud aims to ensure the privacy and security of each user’s personal data in accordance with the provisions of this Policy and, in particular, in compliance with the principles of necessity, transparency, lawfulness, fairness, and proportionality of personal data processing.

DATA CONTROLLER

Company Name: Alia Cloud srl

Registered Office: Via Ugo Foscolo 4, 20121 MILAN

VAT Number: 12064290963

Phone: +39 031 6949301

Email: info@alia-cloud.com

1. TYPES OF DATA PROCESSED

The Company collects exclusively personal data specifically and voluntarily provided by the user at the time of registration or downloading of the Application. The provision of personal data is mandatory, and failure to provide the data will result in the inability to use the service. When the user accesses the Application, the Company will process the following data:

Identifying information (name, email, phone number);

User codes and passwords;

Geolocation data.

2. TYPES OF COLLECTED DATA – NAVIGATION DATA

The computer systems and software procedures used to operate the services acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols (e.g., IP addresses of the devices used by the user, the time of the request, and other parameters relating to the user’s operating system). Such information is not collected to be associated with identified individuals but, by its nature, could allow the identification of users through processing and association with data held by third parties. These data are used solely for the purpose of obtaining anonymous statistical information about the use of the Application and to ensure its proper functioning, and they are deleted immediately after processing. These data may be used to ascertain responsibility in case of any computer crimes against the Company or its affiliates.

3. TYPES OF COLLECTED DATA – BANKING AND SENSITIVE DATA

In the event that the application is used for services that require online payment, the banking transaction and payment-related data will be managed exclusively by the operator of said services. In addition to user identification data, the Company will also collect timestamps related to product management. If Alia-Cloud supports third-party products, it may provide these listed data to them. The Company will not process sensitive data, understood as personal data capable of revealing the user’s ethnic origin, religious, philosophical, or other beliefs, political opinions, membership of parties, trade unions, associations, or organizations of a religious, philosophical, political, or trade union nature, as well as personal data capable of revealing the user’s health and sex life. Users are advised not to transmit sensitive data to the Company.

4. METHODS AND PURPOSES OF DATA PROCESSING

Alia-Cloud will process Users’ personal data exclusively for the purposes related to the provision of the service. The Company will not use the data for marketing purposes or sending commercial communications to Users. Personal data is processed using automated electronic tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access. The technology used by the Company is based on high-security standards, such as:

128-bit AES cryptographic system, through which every message is encrypted;

the 128-bit private key is never transmitted in plain text;

communication between the client and server is protected;

data transmission and the connection between the Alia-Cloud hardware device and the Application occur via a Bluetooth 4.0 Low Energy interface;

Bluetooth connection is without pairing;

the encrypted transmission phase is preceded by an authentication phase where it is verified that both the “Alia-Cloud” device and the smartphone are capable of encrypting a secret code in the same way, with both having the same private key;

all messages are encoded in XOR with the generated CODx codes that are unique to each individual message sent.

5. LEGAL BASIS

The processing of personal data provided by the User will take place exclusively for the following purposes:

fulfillment of contractual obligations;

management of the services and features of the Application.

6. COMMUNICATION AND DISCLOSURE OF DATA

The User’s personal data will be accessible to internal and external personnel in charge of processing in relation to the above-mentioned purposes. Personal data provided by Users may be disclosed to the Company’s suppliers or other intermediaries supporting the Company for the operation and provision of services (e.g., distributors, wholesalers, installers, or other service providers or partners of the Company) exclusively for the specific purposes related to the provision of said services. The data will not be transferred to further third parties and will only be communicated in the presence of an order from the competent judicial or administrative authority. With regard to the data processing carried out by Apple, Inc. and Google, Inc. as managers of the App Store and Play Store platforms, it is advisable to review their respective data processing policies.

7. RIGHTS OF THE DATA SUBJECTS

Individuals whose personal data is referred to above (referred to as “data subjects”) have the right to exercise their rights in accordance with the procedures and within the limits prescribed by the current privacy regulations. To exercise these rights, report issues, or seek clarifications regarding the processing of their personal data, it is possible to send an email to info@alia-cloud.com, attaching a copy of an identification document as a mandatory requirement. In particular, Users, with reference to their personal data, have the right to request from Alia-Cloud: Access (Art. 15 GDPR): They can request confirmation of whether or not personal data concerning them is being processed and to obtain such data in an intelligible form, within reasonable limits, along with further clarification regarding the information provided in this Privacy Policy. They can request to know the origin of the data, the purposes and methods of processing, as well as the identification details of the data controller, processors, and individuals or categories of individuals to whom the personal data may be communicated. Rectification (Art. 16 GDPR): They can request verification of the accuracy of their data and, if inaccurate, request its rectification. They can also request the data to be completed if it is incomplete or updated. Erasure (Right to be Forgotten – Art. 17 GDPR): They can request the erasure of their data acquired or processed by Alia-Cloud – (I) if it is no longer necessary for the purposes for which it was provided; (II) in case of withdrawal of consent or objection to processing; (III) in case of unlawful processing; (IV) if there is a legal obligation to erase the data. Restriction of Processing (Art. 18 GDPR): When one of the conditions stated in Article 18 of the GDPR applies, their data will not be processed, except for storage, without their consent, except as explicitly specified in the same article, paragraph 2. Data Portability (Art. 20 GDPR): They can request to receive their data or have it transmitted to another data controller designated by them, in a structured, commonly used, and machine-readable format. Objection (Art. 21 GDPR): They can object to the processing of their data at any time for legitimate reasons, unless Alia-Cloud has legitimate grounds for processing the data (e.g., for defense purposes in legal proceedings). Withdrawal: They can revoke their consent at any time, in accordance with Article 7, paragraph 3, without affecting the lawfulness of the processing based on the consent given prior to its revocation. Finally, each data subject has the right to lodge a complaint with the Supervisory Authority, which in Italy is the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali – www.garanteprivacy.it).

8. CHANGES TO THE PRIVACY POLICY

The possible enactment of new sector-specific regulations, as well as the continuous examination and updating of services to the User, may require modifying the methods and terms described in this Privacy Policy. Therefore, it is possible that this document undergoes changes over time. We invite you to periodically consult the website alia-cloud.com under the “Privacy” section.

9. DATA RETENTION

Your personal data will be retained by us only for the time necessary to fulfill the purposes mentioned above in relation to the respective data.