FairMind Logo

Privacy Policy

1. Introduction

FairMind S.r.l. Società Benefit, with registered office at Via San Vittore 47, 20123, Milan (MI), VAT No. 13168830969 (hereinafter 'Controller' or 'FairMind'), acting as Data Controller, informs you pursuant to EU Regulation 2016/679 ('GDPR') and current legislation on the protection of personal data that your data, within this website, will be processed in the manner and for the purposes outlined below. Unless otherwise indicated, the content of this policy shall be understood to apply to personal data processed in connection with the use of the Website. It is understood that for personal data processing carried out for purposes other than those indicated below, the processing notices relating to the services considered from time to time will apply.

1. Types of Data Processed

As Data Controller

FAIRMIND processes common personal data collected from users during the use of the Site and, in particular, by way of example: name and surname, telephone number, e-mail address, data necessary for account registration, payment data, navigation data (such as IP address and session ID).

As Data Processor

FAIRMIND processes on behalf and on instruction of the Controller client: common personal data, and possibly special categories of data, entered by the Client within the Processor's Platform or, in general, all personal data processed by the Processor on behalf of the Client in the provision of services.

2. Purposes and Legal Bases of Processing

Performance of contractual and pre-contractual obligations

Pursuant to Art. 6(1)(b) GDPR and, in particular, to: respond to user requests (by way of example, for the management of information and demo requests, to calculate the quote requested by the user); manage the subscription of quotes by the user; create and manage accounts on the Site; allow the user to use the Site, including the technical management of the Site and its operational functions.

Compliance with legal obligations

Fulfillment by the Controller of legal obligations, regulations or national and EU legislation or imposed by competent authorities pursuant to Art. 6(1)(c) GDPR.

Legitimate interest of the Controller

Pursuant to Art. 6(1)(f) GDPR, such as: exercise or defense of a right in court or before an Authority; management and maintenance of the site and its operational functions, to control its correct functioning, to improve the quality of services offered and optimize the functionality of the Site; prevention and discovery of fraudulent activities or harmful abuse of the Site.

Express consent

Only with the express consent of the user pursuant to Art. 6(1)(a) will the Controller process your data for the purpose of: Sending commercial and/or promotional communications through a dedicated newsletter in which the user has freely decided to subscribe.

3. Methods of Processing

The processing of your data is carried out, both in paper and computerized form, in such a way as to minimize the risk of destruction, loss (including accidental loss), unauthorized access/use or use incompatible with the initial purpose of collection. This is achieved through the technical and organizational security measures implemented by the Controller.

4. Data Retention

Performance of contractual and pre-contractual obligations

The data will be retained for the entire duration of the contract and, subsequently, for a period of 10 years from the termination of the contract.

Compliance with legal obligations

For the time required by applicable legal provisions in relation to the purposes of compliance with legal obligations of the Controller.

Direct marketing

For direct marketing purposes through the sending of newsletters, data will be retained for a period of 2 years from registration or until the data subject withdraws consent, whichever comes first.

5. Data Provision

Contractual and pre-contractual purposes

For the purposes of fulfilling contractual and pre-contractual obligations of using the Site is mandatory. These data are necessary for the relationship with the Controller and the use of services. The user may, however, decide not to provide personal data; however, in the absence of such personal data it will not be possible to use the Controller's services.

Purposes of compliance with legal obligations

For the purposes of compliance by the Controller with legal obligations is mandatory. Such processing is necessary to comply with a legal obligation to which the Controller is subject.

6. Data Communication

Employees and collaborators

Employees and collaborators of the Controller, duly instructed and authorized to process pursuant to Arts. 29 GDPR and 2-quaterdecies of Legislative Decree 196/2003.

Third parties

Third parties necessary for the execution of activities connected and consequent to the execution of the contract (e.g., providers of IT, banking, insurance, accounting, tax, legal services, etc.), who act as processors or as independent controllers.

Public authorities

Judicial or police public authorities, within the limits established by applicable laws. You may request from the Controller, at any time, the updated list of data processors.

7. Data Transfer

The Controller does not carry out any transfer outside the European Economic Area. However, should this become necessary for the purposes indicated above, it will take place exclusively on the basis of an adequacy decision pursuant to Art. 45 GDPR or, in any case, in compliance with the safeguards referred to in Chapter V of the GDPR.

8. Data Subject Rights

  • Obtain confirmation of the existence or not of your personal data, even if not yet recorded, and that such data be made available to you in intelligible form.
  • Obtain indication and, if applicable, a copy of: a) the origin and category of personal data; b) the logic applied in case of processing carried out with the aid of electronic instruments; c) the purposes and methods of processing; d) the identifying details of the Controller and processors; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it, particularly if recipients in third countries or international organizations; f) when possible, the period of data retention or the criteria used to determine this period; g) the existence of automated decision-making, and, in such case, the logic used, the importance and expected consequences for the data subject; h) the existence of adequate safeguards in case of data transfer to a non-EU country or an international organization.
  • Obtain, without undue delay, the updating and rectification of inaccurate data or, where there is interest, the integration of incomplete data.
  • Withdraw at any time, easily, without impediment, the consents given, using, if possible, the same channels used to provide them.
  • Obtain the erasure, transformation into anonymous form or blocking of data: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in case of withdrawal of consent on which the processing is based and in case there is no other legal basis, d) if you have objected to the processing and there is no overriding legitimate reason to continue processing; e) in case of compliance with a legal obligation; f) in the case of data relating to minors. The Controller may refuse erasure only in the case of: a) exercise of the right to freedom of expression and information; b) compliance with a legal obligation, performance of a task carried out in the public interest or exercise of public powers; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in legal proceedings.
  • Obtain the restriction of processing in the case of: a) contesting the accuracy of personal data; b) unlawful processing by the Controller to prevent erasure; c) exercise of your right in legal proceedings; d) verification of any overriding legitimate grounds of the Controller over those of the data subject.
  • Receive, where processing is carried out by automated means, without impediment and in a structured, commonly used and machine-readable format, the personal data concerning you to transmit to another controller or – if technically feasible – to obtain direct transmission by the Controller to another controller.
  • Object, in whole or in part, for legitimate reasons related to your particular situation, to the processing of personal data concerning you.
  • Lodge a complaint with the Personal Data Protection Authority.

9. How to Exercise Rights

You may, at any time, exercise your rights by sending a registered letter with return receipt to the Controller's address or by sending an email to privacy@fairmind.ai. For further information, we invite you to consult the website of the Personal Data Protection Authority – www.garanteprivacy.it – where you will find a section dedicated to these rights.

FairMind S.r.l. Società Benefit

Via San Vittore 47, 20123 Milan (MI)

VAT No. 13168830969

privacy@fairmind.ai

Effective Date: 01-15-2026