Privacy & Cookie Policy

The Data Controller is the company listed below. For any request concerning the processing of personal data (exercise of rights, clarifications, complaints), please use the contact details provided.

Company name

NEXILICA SRL

Brand

LapSense is a brand operated by Nexilica Srl.

Registered office

Viale Ciro Menotti, 83 — 41121 Modena (MO), Italia

VAT number

IT04179460367

Italian fiscal code

04179460367

REA registration

MO-449445

Share capital

€ 10.000,00 i.v.

Certified email (PEC)

nexilica@trustpec.it

Privacy contact email

info@lapsense.net

The Controller has not appointed a Data Protection Officer pursuant to Article 37 GDPR, as the conditions for mandatory appointment do not apply. For any matter concerning the protection of personal data, please contact the Controller directly using the details above.

The Site processes the following categories of personal data:

• Browsing data

  IP address, user agent, pages visited, timestamps, referrer. This data is automatically collected by our hosting provider (Cloudflare) in technical logs for security, abuse mitigation, diagnostics and compliance with legal obligations.

• Cookie preferences

  The choice expressed via the cookie banner (accept, reject, granular preferences) is stored in the user's browser localStorage. It is not transmitted to the server.

• Analytics data (subject to consent)

  Only where the user has given explicit consent to the 'Analytics' category, the Site uses Google Analytics 4 (property G-PNDFYHKF6J) to collect aggregated usage statistics: pages viewed, session duration, device type, country of origin. Data is processed with anonymised IP (anonymize_ip), in Consent Mode v2 with default 'denied', with Google Signals and Advertising Features disabled and ads_data_redaction enabled. No data is used for profiling or advertising purposes.

• Data voluntarily provided

  When the user fills in the contact form or signs up to the beta waitlist, the data entered in the form fields is collected (e.g. email address, optional message). Submission requires explicit consent and acceptance of this notice. For the waitlist, the email address must be confirmed via a link sent by email (double opt-in).

The Site does not use profiling cookies or behavioural advertising technologies. The only analytics service in use is Google Analytics 4, activated only after the user's explicit consent, configured in anonymised mode and without Google Signals. Fonts and icons are hosted directly from our own domain (self-hosted).

Personal data is processed for the following purposes:

Processing is carried out using electronic tools, adopting technical and organisational measures appropriate to guarantee the security, confidentiality, integrity and availability of the data (Art. 32 GDPR), including: encrypted HTTPS/TLS transmission, restricted access to authorised personnel, environment segregation, automatic threat mitigation at CDN level.

Data is retained for the time strictly necessary to pursue the purposes set out above:

• Navigation and security logs: maximum 30 days, save for extensions for the purpose of investigating unlawful conduct
• Cookie preferences in the browser: 6 months from the user's choice, after which the banner is shown again as required by the Garante guidelines
• Data submitted via the contact form: for the time needed to respond and for the following 12 months, unless the data subject requests otherwise
• Beta waitlist data: until the commercial launch of the product and for the following 30 days, after which data of those who have not become customers is deleted
• Analytics data (Google Analytics 4): 2 months for user/event-level data (the minimum retention period offered by Google), after which data associated with the _ga cookie is automatically deleted

Data may be processed, on behalf of the Controller, by the following parties appointed as Data Processors pursuant to Art. 28 GDPR:

In addition, data may be disclosed to public authorities, judicial authorities and supervisory bodies in compliance with legal obligations.

Some Data Processors (in particular Cloudflare, Google and Resend) are entities based in the United States and may process data in datacenters located outside the European Union. Such transfers take place on the basis of the Standard Contractual Clauses (SCC) adopted by the European Commission with Implementing Decision (EU) 2021/914 and — for Google and Resend — also on the basis of the EU-US Data Privacy Framework (DPF) certification, adopted by the European Commission's Adequacy Decision of 10 July 2023, ensuring an adequate level of protection pursuant to Arts. 44-49 GDPR.

At any time, the data subject has the right to exercise the following rights provided by Arts. 15-22 GDPR against the Controller:

• Right of access to their personal data (Art. 15)
• Right to rectification of inaccurate or incomplete data (Art. 16)
• Right to erasure ("right to be forgotten", Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object to processing (Art. 21)
• Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal

To exercise these rights, simply send a request to the Controller's email address listed at the beginning of this document. The Controller will respond without undue delay and in any case within 30 days.

The data subject also has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali, www.garanteprivacy.it) if they consider the processing to be in breach of applicable rules.

The Site uses technical cookies and localStorage entries strictly necessary for the operation of the Site and for the management of consent, pursuant to Art. 122 of the Italian Privacy Code, which do not require prior consent. The Site also uses, exclusively after the user's explicit consent given via the consent manager, third-party analytics cookies from Google Analytics 4 in anonymised configuration (Consent Mode v2 with default 'denied', anonymize_ip enabled, Google Signals disabled). No profiling or behavioural advertising cookies are installed.

Manage or withdraw consent

The user can change or withdraw their cookie preferences at any time by clicking the consent manager icon located at the bottom left of every page of the Site. Withdrawal of consent does not affect the lawfulness of processing based on consent given before withdrawal.

It is also possible to block cookies directly from the browser settings; however, this may compromise the proper functioning of the Site.

List of localStorage entries used

The Controller reserves the right to amend this notice at any time, notifying users via this page and indicating the date of the last update. Users are invited to consult this page periodically.