ASC27 Privacy Policy (Europe)

Updated: February 9, 2025

At ASC27 srl, we respect your privacy and are strongly committed to keeping secure any information we obtain from or about you. This Privacy Policy describes our practices regarding the Personal Data we collect when you use our website, applications, and services (collectively, "Services").

This Privacy Policy does not apply to content that we process on behalf of customers of our business offerings, such as our API. Our use of such data is governed by our customer agreements covering access to and use of those offerings.

1. Data Controller

If you live in the European Economic Area (EEA) or Switzerland, ASC27 (an Italian company registered at Via Tirso, 14, Rome, Italy) is the controller responsible for processing your Personal Data as described in this Privacy Policy.

2. Personal Data We Collect

We collect Personal Data in the following ways:

Personal Data You Provide

• Account Information: When you create an account, we collect your name, contact details, account credentials, date of birth, payment details, and transaction history.
• User Content: We collect Personal Data that you provide as input to our Services, including prompts and other uploaded content.
• Communication Information: If you communicate with us via email or social media, we collect your name, contact details, and message contents.
• Other Information You Provide: This includes participation in events, surveys, or identity verification data.

Personal Data We Receive from Your Use of Our Services

• Log Data: Your IP address, browser type, settings, and interactions with our Services.
• Usage Data: Information about the features you use, content you engage with, time zone, device type, and browsing history.
• Device Information: Includes device name, operating system, unique device identifiers, and browser details.
• Location Information: Approximate location determined via IP address, or more precise location if enabled on your device.
• Cookies and Similar Technologies: Used for session maintenance, service improvements, and security.

Information We Receive from Other Sources

We receive data from partners (e.g., security vendors) to detect fraud and improve security. We also collect publicly available data for training our models.

3. How We Use Personal Data

We use Personal Data to:

• Provide, analyze, and maintain our Services.
• Improve and develop our Services, including research.
• Communicate updates and relevant information.
• Prevent fraud, illegal activities, or misuse of our Services.
• Comply with legal obligations and protect user rights.

We may also aggregate or de-identify data for analytics and research purposes.

4. Disclosure of Personal Data

We may disclose Personal Data to:

• Vendors & Service Providers: Hosting, analytics, security, payment processing, and customer support providers.
• Business Transfers: In case of mergers, acquisitions, or similar transactions.
• Government Authorities: If required by law or to protect security and legal rights.
• Affiliates: Other entities within ASC27.
• Business Account Administrators: If you are part of an enterprise or business account.
• Other Users or Third Parties: If you interact with third-party integrations or applications.

5. Data Retention

We retain Personal Data as long as necessary for our Services and business purposes. Retention length depends on:

• Our purpose for processing the data.
• The nature and sensitivity of the data.
• Legal and security requirements.

6. Your Rights

You have the right to:

• Access, delete, or update your Personal Data.
• Transfer your data to a third party.
• Restrict or withdraw consent for data processing.
• Object to direct marketing.
• File a complaint with your local data protection authority.

You can manage some of these rights via your ASC27 account or by contacting us at privacy.ASC27.com.

7. Children

Our Services are not directed to children under 13. If we discover that a child under 13 has provided Personal Data, we will delete it. Users under 18 require parental or guardian permission to use our Services.

8. Security

We implement commercially reasonable measures to protect Personal Data but cannot guarantee absolute security. Please be mindful when sharing sensitive information online.

9. Legal Bases for Processing

We process Personal Data based on:

• Contractual necessity (e.g., processing user prompts).
• Legitimate interests (e.g., fraud prevention, research, product improvement).
• Compliance with legal obligations.
• Your consent (where required).

10. Data Transfers

ASC27 processes your Personal Data on servers located outside the EEA, including the United States. We ensure appropriate safeguards, such as:

• Adequacy Decisions: When applicable, relying on the European Commission's adequacy decisions.
• Standard Contractual Clauses (SCCs): Used for transfers outside the EEA, Switzerland, and the UK.

For more details, contact us at privacy@ASC27.com.

11. Changes to This Privacy Policy

We may update this policy periodically. Any changes will be posted with an updated effective date.

12. Contact Us

For privacy concerns, contact us at:

• Email: privacy@ASC27.com
• Mail: ASC27, Via Tirso, 14, Rome, Italy

---

This Privacy Policy ensures transparency regarding how we collect, use, and protect your data while using ASC27 Services.