This Privacy Policy is provided pursuant to Art. 13 of Regulation (EU) 2016/679 (“GDPR”) and describes how Aurex Management processes personal data collected through the website aurexmanagement.com and any associated contact channels.
This policy applies exclusively to personal data collected through the site and related contact tools, and may be updated over time to reflect regulatory, organizational, or technical changes. Any updates will be published on this page.

This Privacy Policy should be read in conjunction with the Cookie Policy, available on this same page, which provides specific information on the use of cookies and similar technologies.

Data Controller

The Data Controller is:

Aurex Management
Email: info@aurexmanagement.com
PEC: pec@aurexmanagement.com
VAT No. / Tax Code: 000000000000

Methods of processing personal data

Personal data is processed in compliance with the principles of lawfulness, fairness, transparency, minimization, accuracy, integrity, and confidentiality provided for by the GDPR.
Data is processed using IT, electronic, and, where necessary, paper-based tools, with logic strictly related to the purposes indicated in this policy and with the adoption of appropriate technical and organizational measures to prevent unauthorized access, disclosure, modification, loss, or destruction of data. The GDPR requires the controller to adopt measures appropriate to the risk of processing.

Types of data processed

Aurex Management may process the following categories of personal data:

1. Navigation data

The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
These may include, by way of example: IP address, browser type, operating system, domain name, URI of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, and other parameters related to the user’s IT environment.

This data is used for the sole purpose of obtaining aggregate statistical information on the use of the site, ensuring the correct functioning of the services, monitoring the security of the platform, and ascertaining any responsibility in case of illicit acts or abuse.

2. Data provided voluntarily by the user

The optional, explicit, and voluntary sending of requests via the contact form, email, or other channels indicated on the site involves the acquisition of the data necessary to respond to the request, such as:

first and last name;

email address;

phone number, if provided;

content of the message or request;

any further personal data spontaneously communicated by the user.

3. Cookies and similar technologies

The site may use technical cookies and, subject to obtaining consent when required, also analytical, profiling, or third-party cookies. Detailed information on the cookies actually used must be reported in the specific Cookie Policy and in the consent management banner, in accordance with the user’s choices. The Data Protection Authority requires that the policy be provided at the time of data collection, including in relation to cookies where applicable.

Purposes of processing and legal basis

Personal data may be processed for the following purposes:

a) Management of contact requests and communications

To allow Aurex Management to receive, read, and manage requests for information, expressions of interest, and questions related to Signatures, services, or other site content.
Legal basis: execution of pre-contractual measures adopted at the request of the data subject or, as the case may be, the legitimate interest of the Controller to respond to communications received.

b) Technical management, security, and correct functioning of the website

To ensure the correct functioning of the site, the security of the infrastructure, and the prevention of abuse, unauthorized access, or fraudulent activities.
Legal basis: legitimate interest of the Controller in the security and operational continuity of its systems.

c) Fulfillment of legal obligations

To fulfill obligations provided for by laws, regulations, EU legislation, requests from authorities, or other legal obligations to which the Controller is subject.
Legal basis: fulfillment of a legal obligation.

d) Aggregate statistical analysis and site improvement

To analyze in aggregate and, where possible, anonymized form the use of the site, improve the quality of content, the browsing experience, and the effectiveness of the digital services offered.
Legal basis: legitimate interest of the Controller or user consent, if the activity involves the use of tools not exempt from consent.

e) Informational or promotional activities

Should Aurex Management intend to send informational, editorial, or promotional communications, such processing will take place exclusively on the basis of the data subject’s consent, except in cases permitted by applicable law.
Legal basis: consent of the data subject.

Nature of data provision

The provision of data for technical navigation purposes is necessary for the functioning of the site.
The provision of data requested in contact forms is optional, but any failure to provide data marked as necessary may make it impossible for the Controller to respond to the request or provide the requested service.
The provision of data for promotional purposes is always optional, and failure to provide consent does not in any way affect the possibility of browsing the site or sending contact requests.

Recipients of personal data

Personal data may be processed, within the limits of the purposes indicated, by:

subjects authorized by the Controller to process the data, who have been adequately instructed;

technical service providers, hosting providers, developers, IT consultants, professionals, collaborators, and other subjects who support the Controller in managing the site or requests;

subjects appointed, where necessary, as Data Processors pursuant to Art. 28 GDPR;

public authorities, entities, or subjects entitled to access the data by virtue of legal provisions or orders from the authority.

The updated list of any Data Processors can be requested from the Controller at the contact details indicated above.

Place of processing and transfers outside the EEA

Data is processed at the Controller’s headquarters and at the places where the subjects involved in the processing operate.
Should some providers or services used by the site involve the transfer of personal data to countries located outside the European Economic Area, such transfer will take place in compliance with Chapter V of the GDPR, adopting the appropriate guarantees provided for by applicable law, such as adequacy decisions, standard contractual clauses, or other suitable instruments. The European Commission and the EDPB specify that transfers outside the EEA require specific safeguards so that data protection continues to apply even outside the EEA.

Data retention period

Personal data is stored for a period of time no longer than necessary to achieve the purposes for which it is collected and processed, in compliance with the principle of storage limitation provided for by the GDPR.

In particular:

data transmitted via contact forms or email is stored for the time necessary to manage the request and any subsequent related developments;

data processed for legal, tax, administrative, or contractual obligations is stored for the times provided for by applicable law;

data processed on the basis of consent is stored until it is revoked, unless further storage is required by law or necessary for the protection of the Controller’s rights;

data collected for site security and operation purposes is stored for the time strictly necessary to pursue these purposes;

aggregate or anonymized statistical data may be stored longer, as it can no longer be traced back to an identified or identifiable data subject.

Cookies

The site may use technical cookies necessary for the platform’s operation and, subject to obtaining consent where required, additional analysis or marketing tools.
Detailed information on the types of cookies used, their purposes, duration, and methods for managing user preferences must be reported in the relevant Cookie Policy.

Rights of the data subject

The data subject may exercise, in the cases provided for by Articles 15-22 of the GDPR, the following rights:

obtain confirmation of the existence or otherwise of personal data concerning them;

access their personal data;

request its rectification or updating;

request its deletion in the cases provided for;

request the restriction of processing;

object to the processing, in permitted cases;

receive the data in a structured, commonly used, and machine-readable format, as well as transmit it to another controller, where technically feasible;

withdraw at any time any consent given, without affecting the lawfulness of the processing carried out before the withdrawal;

lodge a complaint with the Data Protection Authority pursuant to Art. 77 GDPR.

Requests regarding the exercise of rights can be sent to the Controller at the contact details indicated in this policy.

Changes to this Privacy Policy

Aurex Management reserves the right to modify or update this Privacy Policy at any time, also in consideration of regulatory developments, changes in the services offered, or technical updates to the site.
Changes will be published on this page and will be effective from the time of their publication, unless otherwise indicated.