Privacy Policy

AuthenGene S.r.l.
Effective Date: 02/192026

---

1. Controller Information

AuthenGene S.r.l.
Registered Office: 20121, 59 Foro Buonaparte, Milan
Email: connect@authengene.com
Website: https://authengene.com

AuthenGene S.r.l. ("AuthenGene", "we", "us") acts as Data Controller for personal data processed in connection with our genetic wine authentication services and related digital platform.

2. Scope

This Privacy Policy applies to:

• Visitors of our website
• Customers using our genetic wine authentication services
• Users creating platform accounts
• Individuals submitting wine samples by mail or courier

Our services concern genomic analysis of agricultural products. We do not process human genetic data.

3. Categories of Personal Data

Identity and Contact Data

• Name and surname
• Company name
• Email address
• Phone number
• Billing and shipping address
• VAT / Tax ID

Account and Order Data

• Login credentials
• Order history
• Authentication reports
• Invoices and payment records

Sample Submission Data

• Wine sample identifiers
• Declared varietal and origin information
• Shipping and tracking information

Technical Data

• IP address (server logs)
• Session identifiers

4. Legal Basis (GDPR Art. 6)

• Contract performance (service delivery)
• Legal obligations (tax and accounting)
• Legitimate interest (fraud prevention and service security)
• Consent (where required by law)

5. Purpose of Processing

• Provision of genetic wine authentication services
• Account management
• Processing laboratory analyses and delivering reports
• Billing and compliance
• Service security and fraud prevention

6. Cookies and Web Monitoring

We use only essential cookies strictly necessary for session control and secure authentication.

• No analytics cookies
• No tracking cookies
• No behavioral profiling
• No third-party monitoring services
• No marketing pixels

We do not use Google Analytics or any third-party web monitoring services. Session cookies expire automatically and are used exclusively for secure login and platform functionality.

7. Data Sharing

We do not sell, rent, share, or disclose personal data for marketing purposes.

Personal data is not provided to third-party marketing companies or advertising platforms.

Data may be shared only with:

• Accredited laboratory partners for analysis purposes
• Payment service providers (for transaction processing)
• Legal and regulatory authorities if required by law

8. International Compliance

European Union (GDPR)

Data processing complies with Regulation (EU) 2016/679.

United States (including California CPRA/CCPA)

We do not sell personal information. California residents may request access, correction, or deletion of personal information.

Japan (APPI)

Personal data of individuals located in Japan is processed in accordance with the Act on the Protection of Personal Information.

China (PIPL)

For individuals located in the People’s Republic of China, personal data processing is limited to necessary contractual purposes and conducted with appropriate safeguards.

9. Data Retention

• Accounting records: 10 years
• Contractual documentation: 10 years
• Account data: until account deletion plus statutory retention
• Server logs: limited retention for security purposes

10. Data Security

• Encrypted transmission (TLS)
• Access controls
• Separation of laboratory and identity data
• Secure infrastructure management

11. Data Subject Rights

Depending on jurisdiction, individuals may request:

• Access to personal data
• Correction
• Deletion
• Restriction of processing
• Data portability

Requests may be sent to: connect@authengene.com

12. Children

Our services are business-oriented and not directed to minors.

13. Updates

This Privacy Policy may be updated periodically. The updated version will be published on this page with a revised effective date.