The purpose of this document is to inform the natural person (hereinafter the "Data Subject") about the processing of their personal data (hereinafter "Personal Data") collected by the data controller, CLICK GENERATION S.R.L. S.B., with registered office at Piazza IV Novembre 4, 20124 Milan, CF/VAT number 12373690960, email help@genoma-group.com (hereinafter the "Controller"), through Marcus (hereinafter the "Application").

Modifications and updates will be binding as soon as they are published on the Application. If the Data Subject does not accept the changes made to the Privacy Policy, they must stop using this Application and may request the Controller to delete their Personal Data.

1. Categories of Processed Personal Data

The Controller processes the following types of Personal Data voluntarily provided by the Data Subject:

• Contact Data: name, surname, address, email, phone number, images, authentication credentials, and any additional information provided by the Data Subject.

The Controller also processes the following types of Personal Data collected automatically:

• Technical Data: Personal Data generated by devices, applications, tools, and protocols used, such as device information, IP addresses, browser type, and Internet Service Provider (ISP). These Personal Data may leave traces that, especially when combined with unique identifiers and other data received from servers, may be used to create profiles of natural persons.
• Browsing and Application Usage Data: such as pages visited, number of clicks, actions performed, session duration, etc.

If the Data Subject does not provide the required Personal Data due to a legal or contractual obligation or when it is necessary to establish a contract with the Controller, it will not be possible to establish or continue the relationship.The Data Subject who provides the Controller with Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication, or dissemination.2. Cookies and Similar TechnologiesNo cookies are used for transmitting Personal Data, nor are persistent cookies or any tracking systems for Data Subjects used. Therefore, the Application does not collect Personal Data using these technologies. Only session technical cookies (non-persistent) are used, strictly limited to what is necessary for secure and efficient navigation of the Application.3. Legal Basis and Purpose of ProcessingThe processing of Personal Data is necessary:a) For the execution of the contract with the Data Subject, specifically:

1. To fulfill any obligations arising from the pre-contractual or contractual relationship with the Data Subject.
2. Registration and authentication: to allow the Data Subject to register on the Application, log in, and be identified, including through external platforms.
3. Support and contact with the Data Subject: to respond to their requests.
4. Payment management: to process payments via credit card, bank transfer, or other methods.

b) To comply with legal obligations, specifically:

1. Fulfilling any obligations provided by applicable laws and regulations, particularly in tax and fiscal matters.

c) Based on the Controller’s legitimate interest, for:

1. Managing, optimizing, and monitoring technical infrastructure: to identify and resolve technical issues, improve the Application’s performance, and manage data within an IT system (e.g., servers, databases, etc.).
2. Statistics with anonymous data: to conduct statistical analysis on aggregated and anonymized data to analyze user behavior, improve products/services, and better meet user expectations.

d) Based on the Data Subject’s consent, for:

1. Profiling for marketing purposes: to provide the Data Subject with information about the Controller’s products/services through automated processing aimed at collecting personal data to predict or evaluate their preferences or behaviors.
2. Retargeting and remarketing: to reach the Data Subject with personalized advertising if they have already visited or shown interest in the products/services offered by the Application. The Data Subject can opt out via the Network Advertising Initiative page.
3. Marketing purposes for the Controller’s products/services: to send commercial and promotional information/materials, conduct direct sales of the Controller’s products/services, or perform market research using both automated and traditional methods.

The Data Subject’s Personal Data may also be used by the Controller for legal defense in competent judicial forums.4. Processing Methods and Recipients of Personal DataPersonal Data processing is carried out using paper-based and electronic tools, with organizational methods and logic strictly related to the indicated purposes and through the adoption of appropriate security measures.Personal Data is processed exclusively by:

• Authorized individuals within the Controller’s organization, who are bound by confidentiality obligations.
• Independent data controllers or processors designated by the Controller, including business partners, consultants, IT service providers, and hosting providers.
• Entities or authorities that must receive Personal Data due to legal obligations or orders.

All these parties must use appropriate safeguards to protect Personal Data and can access only the data necessary for their assigned tasks.Personal Data will not be indiscriminately disclosed in any way.5. Location of Data ProcessingIf necessary, Personal Data may be transferred outside the European Economic Area (EEA). In such cases, the Controller will adopt all necessary contractual measures to ensure an adequate level of protection, including Standard Contractual Clauses (SCCs) approved by the European Commission.For details on the adopted security measures, the Data Subject may contact the Controller at help@genoma-group.com.6. Personal Data Retention PeriodPersonal Data will be retained for the period necessary to fulfill the purposes for which they were collected, specifically:

• For contractual purposes: retained throughout the contractual relationship and, after termination, for the ordinary prescription period of 10 years. In case of legal disputes, for the entire duration of the dispute until all legal actions have been exhausted.
• For the Controller’s legitimate interest: retained until such interest is fulfilled.
• For legal obligations, regulatory requirements, or legal defense: retained as required by applicable laws and statutory limitation periods.
• For processing based on consent: retained until the Data Subject withdraws consent.

Once the retention period expires, all Personal Data will be deleted or anonymized.7. Data Subject RightsThe Data Subject has the right to:

• Be informed about the processing of their Personal Data.
• Withdraw consent at any time.
• Restrict the processing of their Personal Data.
• Object to the processing of their Personal Data.
• Access their Personal Data.
• Verify and request rectification of their Personal Data.
• Obtain processing restrictions.
• Request deletion of their Personal Data.
• Transfer their Personal Data to another controller.
• File a complaint with the Data Protection Authority or take legal action.

To exercise their rights, Data Subjects may submit a request via email to help@genoma-group.com. Requests will be processed promptly, and in any case within 30 days.