PRIVACY POLICY — PERSONAL DATA PROCESSING NOTICE

pursuant to Article 13 of EU Regulation 2016/679 (GDPR)
Last updated: June 2026

1. DATA CONTROLLER

The Data Controller for personal data collected through the website www.neos1911.com is:

NETSCENT SRL
Registered office: Via Santa Lucia 123, 80132 Naples (NA), Italy
Operational address: Corso Trieste 78, 81100 Caserta (CE), Italy
VAT No. / Tax Code: 07836881214 — REA NA-913549
Phone: +39 0823 210457
PEC (certified email): [email protected]
Email: [email protected]

For any request regarding the processing of your personal data, you may contact the Data Controller at the details above.

2. TYPES OF DATA COLLECTED

2.1 Data provided voluntarily by the user
When registering on the website, placing an order, requesting assistance, or subscribing to the newsletter, the following personal data are collected:

• Personal details: first name, last name
• Contact details: email address, phone number
• Billing information: address, tax code and/or VAT number (where an invoice is requested)
• Shipping details: delivery address
• Payment data: managed exclusively by our payment gateway providers (e.g. Stripe, PayPal); NETSCENT SRL does not collect or store credit card data or payment service credentials
• Free-text communications sent via contact forms, email, or WhatsApp

2.2 Data collected automatically
During browsing, the following technical and statistical data are collected automatically:

• Device IP address
• Browser type and operating system
• Pages visited and duration of visit
• Referring website (referrer)
• Interaction data collected via Google Analytics 4, Google Tag Manager, Google Ads, and Meta Pixel, as described in Section 7

3. PURPOSES OF PROCESSING AND LEGAL BASES

a) Performance of a sales contract — Art. 6(1)(b) GDPR
Managing purchase orders, processing payments, organising shipments, order-related communications (confirmation, tracking, invoicing), and handling returns and withdrawals.

b) Compliance with legal obligations — Art. 6(1)(c) GDPR
Retention of accounting and tax documents, tax compliance obligations, and responding to requests from competent authorities.

c) Legitimate interest of the Data Controller — Art. 6(1)(f) GDPR
Fraud prevention, website security, aggregated analysis of user behaviour for internal statistical purposes, and protection of the Controller's contractual and legal rights.

d) Consent of the data subject — Art. 6(1)(a) GDPR
Subject to free, specific, and revocable consent, data may be processed for:

• Sending promotional communications and newsletters via email or SMS
• Profiling for personalised marketing purposes
• Use of profiling and marketing cookies (Google Ads, Meta Pixel) as described in Section 7

Consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal, by writing to [email protected] or by clicking the unsubscribe link in any commercial communication.

4. PROCESSING METHODS AND RETENTION PERIODS

Personal data are processed using electronic and digital tools, for purposes strictly related to those indicated, and with appropriate technical and organisational security measures as required by Art. 32 GDPR.

Personal data are retained for the following periods:

• Order and sales contract data: 10 years from the end of the contractual relationship, in compliance with Italian tax and accounting obligations
• Marketing and newsletter data: until consent is withdrawn by the data subject
• Navigation and technical log data: maximum 12 months
• Complaint or dispute data: for the period necessary to resolve the dispute, and in any case no longer than 10 years

Upon expiry of the retention period, data are deleted or irreversibly anonymised.

5. RECIPIENTS OF DATA

Personal data may be communicated, to the extent strictly necessary, to the following categories of recipients, acting as data processors (pursuant to Art. 28 GDPR) or as independent data controllers:

• Couriers and shipping companies responsible for order delivery
• Payment service providers (e.g. Stripe, PayPal)
• IT service providers, hosting providers, and website developers (Negozia s.r.l., e-commerce platform developer)
• Accountants and tax consultants of the Data Controller
• Email marketing service providers (where active)
• Judicial, tax, and administrative authorities, where required by law

Data are not sold, transferred, or disclosed to third parties for their own purposes, except with the explicit consent of the data subject.

6. TRANSFERS TO THIRD COUNTRIES

Some third-party services used on the website (in particular Google LLC and Meta Platforms Ireland Ltd.) involve the transfer of personal data to the United States or other countries outside the European Economic Area (EEA). Such transfers are carried out in compliance with the safeguards provided for in Chapter V of the GDPR, specifically:

• Google LLC: adheres to Standard Contractual Clauses (SCCs) adopted by the European Commission and to the EU-USA Data Privacy Framework (DPF)
• Meta Platforms Ireland Ltd.: transfers to Meta Platforms Inc. (USA) on the basis of SCCs and DPF

Users may obtain information on the specific safeguards adopted by each provider by consulting their respective privacy policies, linked in Section 7.

7. COOKIES AND TRACKING TOOLS

The website www.neos1911.com uses cookies and similar tracking technologies. For a full description of all cookies used, their purposes, and how to manage or withdraw consent, please refer to the Cookie Policy available on the website.

Below is a summary of the main third-party tools active on the website:

Google Analytics 4 / Google Tag Manager
Provider: Google Ireland Ltd. (EU) / Google LLC (USA)
Purpose: statistical analysis of traffic, campaign measurement, website optimisation.
Legal basis: consent (analytics cookies)
Privacy Policy: https://policies.google.com/privacy

Google Ads (Conversion Tracking)
Provider: Google Ireland Ltd.
Purpose: measuring conversions generated by Google Ads campaigns.
Legal basis: consent (marketing cookies)
Privacy Policy: https://policies.google.com/privacy

Meta Pixel (Facebook / Instagram)
Provider: Meta Platforms Ireland Ltd.
Purpose: conversion measurement, creation of custom audiences, retargeting. Active only upon consent.
Legal basis: consent (marketing cookies)
Privacy Policy: https://www.facebook.com/privacy/policy

Trustpilot
Provider: Trustpilot A/S (Denmark)
Purpose: collection and display of verified customer reviews.
Legal basis: legitimate interest and consent of the data subject
Privacy Policy: https://legal.trustpilot.com/end-user-privacy-terms

iubenda (Cookie Consent Management)
Provider: iubenda srl (Italy)
Purpose: managing cookie consent. Stores user preferences regarding cookies.
Legal basis: legitimate interest (technical cookies for the consent banner)
Privacy Policy: https://www.iubenda.com/privacy-policy/65675

8. RIGHTS OF THE DATA SUBJECT

Pursuant to Articles 15–22 of the GDPR, the data subject has the right to:

• Access (Art. 15): obtain confirmation of the processing and receive a copy of their personal data
• Rectification (Art. 16): obtain the correction of inaccurate data or the completion of incomplete data
• Erasure (Art. 17): obtain the deletion of their personal data (“right to be forgotten”), in the cases provided for by law
• Restriction (Art. 18): obtain restriction of processing in the cases provided for by law
• Data portability (Art. 20): receive data in a structured, commonly used, and machine-readable format
• Objection (Art. 21): object at any time to the processing of their data for direct marketing purposes
• Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of prior processing
• Lodge a complaint: lodge a complaint with the competent supervisory authority — in Italy, the Garante per la Protezione dei Dati Personali (www.garanteprivacy.it)

To exercise any of the above rights, the data subject may send a written request to [email protected]. The Data Controller will respond within 30 days, with a possible extension of a further 60 days in particularly complex cases.

9. MINORS

The website www.neos1911.com is not intended for persons under the age of 18. NETSCENT SRL does not knowingly collect personal data from minors. Should it become aware of having inadvertently collected personal data from a minor, it will proceed with immediate deletion.

10. DATA SECURITY

NETSCENT SRL adopts appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or accidental disclosure, as required by Art. 32 GDPR. The website uses HTTPS/TLS encrypted connections for all communications. Payment data are managed exclusively through PCI-DSS certified gateways.

In the event of a personal data breach that may pose a risk to the rights and freedoms of data subjects, the Data Controller will notify the supervisory authority within 72 hours pursuant to Art. 33 GDPR and, where necessary, will inform the affected individuals pursuant to Art. 34 GDPR.

11. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy may be updated periodically to reflect changes in legislation, services, or processing activities. The updated version will always be available on the website www.neos1911.com in the dedicated section. In the event of material changes, NETSCENT SRL will notify registered users by email.

This Privacy Policy was last updated in June 2026.

NETSCENT SRL — Via Santa Lucia 123, 80132 Naples (NA), Italy
[email protected] — Tel. +39 0823 210457 — VAT No. 07836881214