Privacy Policy

1. Data Controller

The data controller is Bajara S.r.l., with registered office at Via Sandro Pertini 25, 42017 Novellara (RE), Italy, VAT number 03013870351, email: [email protected] (hereinafter "Bajara", "we", "us").

This privacy policy describes how we collect, use, store, and protect your personal data when you visit our website and use the BraianOS platform (the "Service"), in compliance with EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.

2. Data We Collect

2.1 Data you provide directly

• Contact form data: full name, business email, company name, role, industry sector, and any message you include.
• Account data: name, email address, company information, and credentials when you register for the Service.
• Contractual data: billing information, company legal details, and any information necessary to provide the Service.

2.2 Data collected automatically

• Technical data: IP address, browser type and version, operating system, referring URL, pages visited, time and date of access.
• Cookies and similar technologies: we use strictly necessary cookies for the functioning of the website. See our cookie section below for details.

2.3 Data processed through the Service

When using BraianOS, you may upload documents, connect databases, and process business data. This data is processed exclusively on your behalf as the data controller. Bajara acts as data processor. The processing of this data is governed by a separate Data Processing Agreement (DPA) as required by Art. 28 GDPR.

3. Legal Basis and Purpose of Processing

We process your personal data based on the following legal grounds:

• Consent (Art. 6(1)(a) GDPR): for processing contact form submissions and sending information you have requested. You may withdraw your consent at any time.
• Performance of a contract (Art. 6(1)(b) GDPR): to provide and manage the BraianOS Service, process your registration, and fulfill our contractual obligations.
• Legitimate interest (Art. 6(1)(f) GDPR): to improve our website and services, ensure security, and prevent fraud.
• Legal obligation (Art. 6(1)(c) GDPR): to comply with applicable laws, regulations, and legal requirements, including fiscal and accounting obligations.

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

• Contact form data: retained for 24 months from submission, unless you become a client.
• Account and contractual data: retained for the duration of the contractual relationship and for 10 years thereafter as required by Italian law (Art. 2220 Civil Code).
• Technical/log data: retained for a maximum of 12 months.
• Data processed through the Service: retained and deleted according to the terms of the Data Processing Agreement. Upon termination, all data is deleted or returned as per the DPA.

5. Data Sharing and Transfers

Your personal data may be shared with:

• Service providers: trusted third parties who assist us in operating the website and providing the Service (hosting, email, analytics), acting as data processors under Art. 28 GDPR.
• Legal authorities: when required by law or legal process.

Data location: all data processed through BraianOS is stored on servers located in Italy or within the European Economic Area (EEA). We do not transfer personal data outside the EEA unless adequate safeguards are in place (e.g., EU Standard Contractual Clauses).

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit (TLS/SSL) and at rest.
• Role-based access controls and document-level permissions.
• Dedicated instances for each client — no shared data environments.
• Regular security audits and monitoring.
• Complete audit logging of all system activities.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): obtain confirmation of whether your data is being processed and access a copy.
• Right to rectification (Art. 16): request correction of inaccurate data.
• Right to erasure (Art. 17): request deletion of your data under certain conditions.
• Right to restriction (Art. 18): request restriction of processing under certain conditions.
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
• Right to object (Art. 21): object to processing based on legitimate interest.
• Right to withdraw consent (Art. 7): withdraw your consent at any time, without affecting the lawfulness of prior processing.

To exercise your rights, contact us at [email protected]. We will respond within 30 days as required by law.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), Piazza Venezia 11, 00187 Roma, www.garanteprivacy.it.

8. Cookies

This website uses only strictly necessary cookies that are essential for the functioning of the site. These cookies do not require consent as they are necessary for the provision of the service you have requested (Art. 122 of the Italian Privacy Code, as amended).

We do not use profiling cookies, advertising cookies, or third-party tracking cookies. No personal data is collected through cookies for marketing or profiling purposes.

9. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this page periodically. Significant changes will be communicated to registered users via email.