GDPR Privacy Addendum & Data Processing Agreement (DPA)

This is a courtesy translation. The Italian version is the legally binding one and prevails in case of any discrepancy.

1.Data Controller

For the purposes of Regulation (EU) 2016/679 ("GDPR"), the Data Controller is:

TIMAGI CAPITAL PROJECT MANAGEMENT L.L.C

Fahidi Heights Building Al Hamriya Office No. 1503-07 Dubai United Arab Emirates

Email: hello@humanova-robotics.com

The Controller manages the HUMANOVA project and determines the purposes and means of the processing of personal data.

2.Scope of application

This document governs the processing of personal data carried out through:

HUMANOVA website;
Founding Membership;
HUMANOVA Community;
newsletter;
webinars;
events;
Ms. NOVA Executive Office;
HUMANOVA AI systems;
contact forms;
HUMANOVA digital services.

3.Categories of data processed

The following may be processed:

Identification data

Membership data

Usage data

Communication data

Participation data

Technical data

Identification data: first name, last name, email, preferred language, country
Membership data: member status, registration date, renewals, payment history
Usage data: access logs, site activity, preferences, events
Communication data: support requests, messages, emails
Participation data: webinars, events, community
Technical data: IP address, browser, device, cookies, technical identifiers

4.Data we do not collect

HUMANOVA does not intentionally collect:

health data;
biometric data;
genetic data;
religious beliefs;
sexual orientation;
judicial data;
special categories of data pursuant to Art. 9 GDPR.

Should such data be voluntarily communicated by the user, HUMANOVA reserves the right to delete it.

5.Purposes of processing

Data may be processed for:

Performance of the contract

Consent

Legitimate interest

Legal obligations

Performance of the contract: Membership management; access to services; user support; payment management.
Consent: newsletter; marketing communications; promotional updates.
Legitimate interest: security; fraud prevention; service improvement; analytics.
Legal obligations: accounting; taxation; regulatory compliance.

6.Legal bases

Art. 6 GDPR:

6.1 Contract — Art. 6(1)(b)

6.2 Consent — Art. 6(1)(a)

6.3 Legitimate interest — Art. 6(1)(f)

6.4 Legal obligation — Art. 6(1)(c)

7.Newsletter and marketing

Marketing communications are sent exclusively:

upon voluntary subscription;
upon confirmation of consent;
with the possibility of withdrawal at any time.

Every email contains an unsubscribe mechanism.

8.Profiling

HUMANOVA may use automated systems for:

user segmentation;
content personalization;
engagement assessment;
suggestion of relevant content.

Such activities do not produce significant legal effects on the user.

9.Artificial intelligence

HUMANOVA uses artificial intelligence systems for:

The AI systems:

content generation;
user support;
operational automation;
strategic assistance;
do not make legally binding decisions;
do not replace human operators;
do not carry out automated decision-making pursuant to Art. 22 GDPR.

10.Data recipients

Data may be shared with:

Stripe — Payment management.
Email Provider — Sending newsletters and communications.
Hosting Provider — Infrastructure management.
Analytics Provider — Aggregate analysis.
Professional Advisors — Legal, tax and accounting.

11.Sub-processor

HUMANOVA may rely on third-party providers acting as:

Data Processors;
Sub-Processors;
Service Providers.

Such parties operate on the basis of GDPR-compliant agreements.

12.International transfers

Since the Controller is based in the United Arab Emirates, some data may be transferred outside the European Economic Area.

HUMANOVA adopts adequate safeguards, including:

Standard Contractual Clauses (SCC);
equivalent contractual agreements;
appropriate technical and organizational measures.

13.Data retention

Active accounts: for the entire duration of the relationship.

Membership: for the contractual period and subsequently for tax and legal obligations.

Newsletter: until consent is withdrawn.

Technical logs: for the time strictly necessary for security.

14.Security measures

HUMANOVA adopts appropriate technical and organizational measures, including:

authentication;
access control;
encryption where appropriate;
logging;
backup;
security monitoring.

No system can guarantee absolute security.

15.Data breach

In the event of a personal data breach:

HUMANOVA will assess the impact;
will notify the competent authorities when required;
will inform data subjects in the cases provided for by the GDPR.

16.Rights of the data subject

The user may exercise:

Access — Art. 15 GDPR

Rectification — Art. 16 GDPR

Erasure — Art. 17 GDPR

Restriction — Art. 18 GDPR

Portability — Art. 20 GDPR

Objection — Art. 21 GDPR

Withdrawal of consent — Art. 7 GDPR

17.How to exercise rights

Requests can be sent to: hello@humanova-robotics.com

HUMANOVA will respond within the timeframes provided for by the GDPR.

18.Supervisory authority

Users residing in the European Union may lodge a complaint with the competent authority of their Member State.

19.Data Processing Addendum (DPA)

Should HUMANOVA process personal data on behalf of companies, organizations or business clients, this document automatically supplements the contractual relationship as a Data Processing Addendum.

In this context HUMANOVA will act exclusively in accordance with the documented instructions of the client.

20.Limitation of the DPA

This DPA does not apply to processing in which HUMANOVA acts as an independent Data Controller.

21.Updates

HUMANOVA may update this document for:

regulatory changes;
technological evolution;
introduction of new services;
operational needs.

The updated version will be published on the website.

22.Privacy contacts

For any matter relating to data protection: hello@humanova-robotics.com

TIMAGI CAPITAL PROJECT MANAGEMENT L.L.C Dubai – United Arab Emirates