Privacy Policy
Introduction
Dear User,
Bentivoglio Consulting, LLC (EIN 35-2899869), with registered office at 131 Continental Dr, Suite 305, Newark, DE 19713, United States, email info@nexelia.ai, has adopted and implements a policy in compliance with the EU Data Protection Regulation (GDPR REG. EU 2016/679), in order to ensure high security standards and proper processing of personal data, including special categories of data.
For clients subject to GDPR, the Company operates through its EU representative, AUTOMATION GENIUS BY K.D.L. (P.IVA 02789630692), with registered office in Bucchianico (CH), Italy, contrada Santa Maria Maggiore n. 4.
Personal data means any information relating to an identified or identifiable natural person, such as name, surname, address, tax code, etc.
Special categories of data refer to particular types of personal data that are subject to additional protection measures compared to the aforementioned data, such as data concerning health, genetics, or biometrics.
The data we collect will be processed exclusively for the purposes outlined in this privacy policy, also through Data Processors and duly trained authorized personnel who implement technical and organizational security measures compliant with the GDPR.
To exercise your rights or obtain more detailed information regarding data processing methods, you can contact the following email address: info@nexelia.ai
Data Subject Rights
Regarding the data provided, the exercise of the following rights is guaranteed:
to receive orally the content of the Information Notice;
to access the provided data;
to rectify and supplement the provided data;
to delete the provided data (right to be forgotten);
to restrict the processing of the provided data;
to data portability;
to object to automated processing concerning the provided data;
to lodge a complaint with the supervisory authority (Data Protection Authority).
The terms of this policy will be subject to constant updates based on organizational and/or legislative changes.
SECTION 1: USER PRIVACY NOTICE
Art. 13 EU Regulation of 2016/679 – GDPR
Data Controller
The Data Controller for all legal purposes is Bentivoglio Consulting, LLC (EIN 35-2899869) with registered office at 131 Continental Dr, Suite 305, Newark, DE 19713, United States, email info@nexelia.ai
For GDPR matters concerning EU users, the EU Representative is AUTOMATION GENIUS BY K.D.L. (P.IVA 02789630692) with registered office in Bucchianico (CH), Italy, contrada Santa Maria Maggiore n. 4.
Categories of Data Processed
The services provided by NEXELIA.AI can only be purchased by registered users ("direct clients") on the relevant site platform. Users, during the registration phase and while purchasing the services, undertake to provide their personal data correctly and updated. The data provided are personal in nature (such as, for example, personal details, navigation data, payment data, etc.), and will be collected and processed in electronic format.
Users, through the use of the services provided, may process personal and special categories of data of third parties defined as "indirect clients" (i.e., clients of the registered users); in this case, the registered users are considered Data Controllers for the personal and special categories of data of their own clients, with NEXELIA AI which – by virtue of the DPA signed at the time of registration and contract subscription – will become the Data Processor on behalf of the registered users. In this regard, registered users assume all responsibilities and obligations provided for by the relevant legislation, guaranteeing that such processing is based on suitable legal bases pursuant to Articles 6 and/or 9 and/or 10 of the GDPR. For these reasons, registered users undertake to provide full indemnity against any dispute, claim, or request for compensation for damage from processing that may come from third parties not adequately informed about the processing carried out exclusively on behalf of the Data Controller.
Data not necessary for the purpose of managing the purposes specified below will be destroyed upon collection, or processed in an anonymous or aggregated form for statistical purposes.
Purpose and Legal Basis of the Processing
Subscription to the NEXELIA.AI service
The Controller informs that the data provided will be processed in order to execute the pre-contractual measures and the contract of which the client is a party, as well as for purposes related to the obligations of the current sector legislation, as provided for in Art. 6, point 1, letters b) and c) of the GDPR.
Marketing purposes
The Controller informs that the data provided will be processed for marketing purposes only towards direct clients, to allow them to benefit – during the contractual relationship – from advantageous commercial proposals and news relating to the subscribed service, as provided for in Art. 6, point 1, letter f) and recital 47 of the GDPR. Once the contractual relationship has ended, as described in the paragraph "Duration of processing", the Controller will process the data for 12 months from the termination of the subscription in order to allow the client to return to use the NEXELIA AI services; during this latter phase, the client may object to the processing for the aforementioned purpose.
The provision of data is mandatory, as in its absence it will be impossible to complete the management of the contractual phases between the parties.
Duration of Processing
For the purpose of executing the NEXELIA AI service, the Controller will process the data provided for the entire duration of the contractual relationship and, subsequently to the conclusion, they will be stored for 10 years from the date of termination for accounting and tax compliance purposes, as per the provisions of Art. 2220 of the Italian Civil Code (for EU clients) and applicable US regulations. Subsequently, they will be destroyed or processed in an anonymous or aggregated form for statistical purposes.
The personal data of indirect clients (clients of the clients) will be deleted or anonymized at the time the contractual relationship between the parties ceases and, consequently, the appointment of Bentivoglio Consulting, LLC as the Data Processor for registered users.
Furthermore, the personal data of third parties provided by registered users will also be deleted or anonymized if the registered user communicates the withdrawal of consent or the objection of an indirect client for the specific service.
For the purpose of marketing, the Controller will process the data of direct clients for the entire duration of the contractual relationship and, subsequently to the conclusion, for 1 year from the date of termination in order to offer the client any promotional offers for the renewal of services. Subsequently, they will be destroyed or processed in an anonymous or aggregated form for statistical purposes.
Processing Methods
The Controller, in order to guarantee adequate data protection, has adopted effective technical and organizational measures that may be reviewed and updated if necessary.
The Controller informs that the data provided will be processed with IT and telematic tools.
Automated processes and profiling of indirect clients are carried out exclusively on behalf of the clients using the service, never for autonomous purposes. For these reasons, in order to make the service more and more performant for the client, the data provided may be used to "train" the artificial intelligence.
Organizational and processing methodologies have been adopted that are exclusively related to the aforementioned purposes, guaranteeing the security, integrity, availability, and confidentiality of personal data.
The Controller informs that the data provided may be processed exclusively by data processors and authorized personnel who guarantee measures deemed suitable by the Controller or who are adequately trained by the latter.
The personal data of registered users, when necessary for the provision of the NEXELIA AI services, may be shared with suppliers with headquarters in non-EU countries, but who guarantee compliance with the current European data protection regulations and are in possession of suitable technical and security measures (as expressed in their general service conditions and DPA). The Controller, where deemed necessary, has carried out impact assessments for the software of its suppliers used. For more information, write to the email above.
Rights of the Data Subject
In relation to the data provided, the exercise of the following rights is guaranteed:
to receive the content of the Privacy Policy orally;
of access to the data provided;
of rectification and integration of the data provided;
of deletion of the data provided (right to be forgotten);
of limitation of the processing of the data provided;
of portability of the data provided;
of opposition to automated processes concerning the data provided;
to lodge a complaint with the supervisory authority (Privacy Guarantor).
Client rights can be exercised by writing to the email info@nexelia.ai
SECTION 2: SUPPLIER PRIVACY POLICY
Art. 13 of EU Regulation 2016/679 – GDPR
Data Controller
The Data Controller for all legal purposes is Bentivoglio Consulting, LLC (EIN 35-2899869) with registered office at 131 Continental Dr, Suite 305, Newark, DE 19713, United States, email info@nexelia.ai
For GDPR matters concerning EU suppliers, the EU Representative is AUTOMATION GENIUS BY K.D.L. (P.IVA 02789630692) with registered office in Bucchianico (CH), Italy, contrada Santa Maria Maggiore n. 4.
Categories of Data Processed
The controller informs that for the management of the relevant contractual relationship, personal data of an identifying and financial nature will necessarily be processed. The data will be processed exclusively by the company's staff and collaborators, as well as by the professionals necessary for the specific fulfilments (appointed as Data Processors where necessary). Personal data are not communicated to third parties or disseminated except for the exercise of corporate activities. Data not necessary for the purpose of managing the specified purposes below will be destroyed upon collection, or processed in an anonymous or aggregated form for statistical purposes.
Purpose and Legal Basis of the Processing
Management of the contractual relationship
The Controller informs that the data provided will be processed in order to execute the pre-contractual measures and the contract of which it is the supplier, as well as for purposes related to the obligations of the current sector legislation, as provided for in Art. 6, point 1, letters b) and c) of the GDPR.
Duration of Processing
For the purpose specified above, the Controller will process the data provided for the entire duration of the contractual relationship and, subsequently to the conclusion, they will be stored for 10 years from the date of termination for accounting and tax compliance purposes, as per the provisions of Art. 2220 of the Italian Civil Code (for EU suppliers) and applicable US regulations. Subsequently, they will be destroyed or processed in an anonymous or aggregated form for statistical purposes.
Processing Methods
The Controller, in order to guarantee adequate data protection, has adopted effective technical and organizational measures that may be reviewed and updated if necessary. The Controller informs that the data provided will be processed with IT and telematic tools. The Controller informs that the data provided may be processed exclusively by data processors and authorized personnel who guarantee measures deemed suitable by the Controller or who are adequately trained by the latter. The Controller, where deemed necessary, has carried out impact assessments for the software of its suppliers used. For more information, write to the email above.
Rights of the Data Subject
In relation to the data provided, the exercise of the following rights is guaranteed:
to receive the content of the Privacy Policy orally;
of access to the data provided;
of rectification and integration of the data provided;
of deletion of the data provided (right to be forgotten);
of limitation of the processing of the data provided;
of portability of the data provided;
of opposition to automated processes concerning the data provided;
to lodge a complaint with the supervisory authority (Privacy Guarantor).
Supplier rights can be exercised by writing to the email info@nexelia.ai
SECTION 3: DATA PROCESSING DETAILS
Third-Party Data Processors
Bentivoglio Consulting, LLC uses the following third-party service providers who act as Data Processors:
OpenAI Inc. - AI language models
Anthropic PBC - AI language models
Bubble.io - Platform infrastructure
Amazon Web Services (AWS) - Cloud hosting and storage
Stripe - Payment processing
Postmark - Email services
Gupshup.io - Messaging channels integration
Meta Platforms - WhatsApp, Messenger, Instagram integration
All third-party processors have been selected based on their compliance with GDPR requirements and have signed appropriate Data Processing Agreements.
International Data Transfers
For clients and suppliers subject to GDPR, all transfers of personal data to countries outside the European Economic Area (EEA) are conducted in accordance with Chapter V of the GDPR. The Company ensures that appropriate safeguards are in place, including but not limited to:
Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions by the European Commission
Binding Corporate Rules where applicable
Other legally recognized transfer mechanisms under GDPR Article 46
Security Measures
The Company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
Encryption of data in transit (TLS/SSL) and at rest
Multi-factor authentication (MFA)
Regular security assessments and vulnerability testing
Access controls and segregation of duties
Regular backups and disaster recovery procedures
Employee training on data protection
Incident response procedures
Data Breach Notification
In the event of a personal data breach, the Company will:
Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required by GDPR)
Notify affected data subjects without undue delay if the breach is likely to result in a high risk to their rights and freedoms
Document all data breaches, including facts, effects, and remedial actions taken
SECTION 4: CONTACT INFORMATION
For General Privacy Inquiries
Bentivoglio Consulting, LLC
131 Continental Dr, Suite 305
Newark, DE 19713, United States
Email: info@nexelia.ai
For GDPR-Related Inquiries (EU Users and Suppliers)
EU Representative
AUTOMATION GENIUS BY K.D.L.
Contrada Santa Maria Maggiore n. 4
66011 Bucchianico (CH), Italy
P.IVA: 02789630692
Email: info@nexelia.ai
Supervisory Authority
EU users have the right to lodge a complaint with their local supervisory authority. A list of EU Data Protection Authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en
SECTION 5: UPDATES TO THIS PRIVACY POLICY
This Privacy Policy may be updated from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. We will notify users of any material changes by:
Posting the updated policy on our website (https://nexelia.ai/privacy)
Sending an email notification to registered users
Displaying a prominent notice on our platform
The "Last Updated" date at the bottom of this policy indicates when it was last revised. We encourage you to review this Privacy Policy periodically.
SECTION 6: CHILDREN'S PRIVACY
NEXELIA.AI services are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information as quickly as possible. If you believe we have collected information from a child under 18, please contact us at info@nexelia.ai
SECTION 7: YOUR CALIFORNIA PRIVACY RIGHTS (CCPA)
If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA):
Right to Know: You have the right to request information about the personal information we collect, use, and disclose about you.
Right to Delete: You have the right to request deletion of your personal information.
Right to Opt-Out: You have the right to opt-out of the sale of your personal information (Note: we do not sell personal information).
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise these rights, please contact us at info@nexelia.ai
Last Updated: February 2025
Version: 1.1
Copyright @ Nexelia.ai | Tutti i diritti riservati
131 Continental Dr Suite 305, 19713, Newark, United States
Just enter the details below, and watch how your business grow
You're agreeing to our Terms & Conditions. We won't sell your info ever. We will only email you relevant offers and info. Seriously. View our full Privacy Policy to see why. Unsubscribe at any time.