Privacy Policy (GDPR)

Roles of the Parties

In the context of its services, Exora srl acts as Data Processor on behalf of the Client, who remains the sole Data Controller for the personal data of its own clients, prospects or employees.

Nature of Processed Data

Processed data may include:

• Identity
• Contact details
• Login data
• Communication history
• Any data necessary for the execution of the assigned operational mission

Processing Purposes

Exora processes data exclusively for:

• The execution of operational missions ordered by the Client
• Client relationship management and invoicing
• Improving service security

Processing is based on the execution of the contract between Exora and the Client within the meaning of Article 6.1.b of the GDPR.

Security and Confidentiality

Exora commits to implementing appropriate technical and organizational measures (encryption, restricted access, logs) to protect data against unauthorized access or leaks.

Exora's personnel are bound by an obligation of absolute confidentiality.

Further Subprocessing

The Client authorizes Exora to engage subprocessors (SaaS tools, technical partners) for service execution, provided they offer sufficient GDPR guarantees.

Transfer Outside the EU

In case of data transfer outside the European Union, Exora ensures that adequate protection mechanisms (Standard Contractual Clauses) are in place.

Individual Rights

The Client, as Data Controller, is responsible for responding to access, rectification or deletion requests from data subjects.

Exora commits to assisting the Client in this process.

Data Retention and Disposal

At the end of the contractual relationship, Exora commits, at the Client's choice, to delete or return all personal data processed on its behalf, unless there is a legal obligation to retain it.