PRIVACY NOTICE AND COOKIE POLICY OF GENERATIVE BIONICS S.R.L.’S WEBSITE 

This privacy notice is provided in accordance with Regulation (EU) No. 2016/679 (“GDPR”) and Legislative Decree No. 196/2003, as amended (the “Italian Privacy Code”), in order to inform users of the website https://gbionics.ai (the “Website”) about the processing of personal data carried out by the Data Controller, as defined below, while browsing the Website. 
Any future updates to this privacy notice will be published on this page. GENERATIVE BIONICS therefore invites you to review it regularly, so that you remain informed about any changes. 
 

DATA CONTROLLER AND DATA PROTECTION OFFICER 

The Data Controller is GENERATIVE BIONICS S.R.L., with registered office in Genoa (GE), Via Granello 3/19 – 16121, Italy (hereinafter “GENERATIVE BIONICS” or the “Controller”), which may be contacted at the following email address: privacy@gbionics.ai 
 

CATEGORIES OF DATA PROCESSED 

In order to allow you to use the Website and its services, including the possibility to follow up on your request or message (the “Services”), we need to collect and process certain personal data. 
Browsing data 
The information technology systems and software procedures used to operate the Website may, during their normal operation, acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects; however, by its very nature, it may, through processing and association with data held by third parties, allow users to be identified. 
This category includes information such as IP address, device type, unique device identifiers, browser type, general geographic location (e.g., country or city), and other technical information. We may also collect information on how your device interacts with the Website, including pages visited and links clicked, the date and time of the request, the type and size of the requested resource, and other data relating to the operating system. 
Browsing data are processed in order to obtain anonymous statistical information on the use of the Website, to monitor its proper functioning, to improve the quality of the services offered, and to optimize the Website’s functionality. 
Such data are processed using IT tools (including portable devices) only to the extent strictly necessary and proportionate to ensure the security of networks and the information transmitted through them, in compliance with the confidentiality obligations binding the Controller, and by adopting technical and organizational security measures appropriate to the nature of the data processed. 
Data voluntarily provided by the user 
While browsing the Website, we may need to process certain personal data when provided in connection with the use of our contact form. 
In particular, the optional and voluntary sending of messages and requests through the Website entails the acquisition of your identification and contact details (i.e., first and last name, email address, telephone number), as well as any other data and information contained in the message or request you submit. GENERATIVE BIONICS asks you not to include in your contact request information from which it may be possible, even indirectly, to learn special categories of personal data under Article 9 GDPR (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health, sex life, or sexual orientation). 
 

PURPOSES, LEGAL BASES AND NATURE OF DATA PROVISION 

Purposes:
Use of the Website content and Services and ensuring the security of networks and information. 
To pursue these purposes, the Controller must process your data in order to provide you with the requested Services (e.g., access to the Website, responding to your request, etc.). In addition, the Controller will process your data only to the extent strictly necessary to ensure the proper functioning of the Website and the security of networks and information, based on the Controller’s legitimate interest in keeping the Website secure and preventing it from being used to infringe third-party rights or as a channel for unlawful acts or fraud, as well as in compliance with applicable legal obligations. 

Legal bases: 
(i) Performance of a contract 
(ii) Compliance with a legal obligation 
(iii) Legitimate interest 

Nature of the provision :
Providing your personal data for the use of the Services and for ensuring network and information security relates to contractual and legal obligations. 
Therefore, failure to provide your data may result in GENERATIVE BIONICS being unable to provide the requested content and Services and/or unable to ensure the security of networks and information. 
 
Purposes: 
Compliance with legal obligations and protection of GENERATIVE BIONICS’ rights in judicial proceedings. 
To pursue these purposes, the Controller is required to process your personal data, in accordance with the terms and conditions set by law, where necessary to comply with statutory obligations or to ensure the protection of GENERATIVE BIONICS’ rights. 

Legal bases :
(i) Compliance with a legal obligation 
(ii) Legitimate interest 

Nature of the provision: 
Providing your data relates to a legal obligation. 
Therefore, failure to provide your personal data may prevent GENERATIVE BIONICS from complying with applicable legal obligations or from establishing, exercising, or defending its rights in court. 
 

DATA RETENTION 

Personal data voluntarily provided will be retained only for the time strictly necessary to follow up on the request sent to GENERATIVE BIONICS through the Website. 
Personal data collected to provide the Services made available through the Website will be retained for up to 10 years after termination of the contract under which the relevant processing activities are carried out, in accordance with applicable limitation periods. 
Personal data acquired through the use of the Website to ensure its proper functioning and to ensure network and information security will be retained for up to 12 months from collection. 
Finally, where necessary to comply with legal obligations or to establish, exercise, or defend our rights, we may retain your personal data for the relevant limitation period under applicable law or, in any case, for as long as necessary for the exercise of GENERATIVE BIONICS’ rights in judicial proceedings. 
 

CATEGORIES OF RECIPIENTS OF PERSONAL DATA 

Your personal data will not be disclosed to third parties, but may be communicated, for the purposes described above, to the following recipients: 
persons who may access the data pursuant to legal provisions under European Union or national law; 
parties carrying out activities functional to the purposes described above, including companies providing IT infrastructure and IT assistance and consulting services, as well as companies involved in the design and development of software and websites, and companies or consultants appointed to provide further services to GENERATIVE BIONICS, within the limits of the purposes for which the data were collected. 
In addition to the above categories of recipients, your personal data may be accessed by persons acting under the authority and within the organization of GENERATIVE BIONICS, who are instructed and authorized to process data pursuant to Article 29 GDPR and Article 2-quaterdecies of the Italian Privacy Code. 
The list of processors appointed by the Controller may be requested at: [•]. 
 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES 

The Controller does not transfer your personal data to third countries outside the European Union. 
 

DATA SUBJECT RIGHTS 

As a Data Subject, you have the right, within the limits set by data protection laws, to: 
obtain access to your personal data processed by the Controller; 
request rectification and/or erasure (the “right to be forgotten”); 
request restriction of processing; 
object to processing carried out on the basis of the Controller’s legitimate interest, for reasons related to your particular situation; 
request data portability; 
lodge a complaint with the competent Supervisory Authority (for Italy, the Garante per la Protezione dei Dati Personali: www.garanteprivacy.it) or take legal action, if you believe that the processing of your personal data violates the GDPR. 
To exercise any of your rights, you may contact the Controller by sending a written request to the registered office in Genoa (GE), Via Granello 3/19 – 16121, Italy, or by email at: privacy@gbionics.ai 



This notice is updated as of December 2025.