Privacy Notice on the Processing of Personal Data pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 («GDPR»)

 

Maticad365 Platform («Platform»)

 

Publication date: April 2026

Effective date: April 2026

 

  1. Data Controller.

The controller of the personal data processing is Maticad S.r.l. with registered office at Via del Novecento 17/7, 61122 Pesaro (PU), Italy, Tax Code and VAT No. 01181350412, website: https://www.maticad.com, e-mail: [dpo@maticad.com], certified e-mail (PEC): [info@pec.maticad.it].

  

  1. Categories of Data Subjects.

This notice is addressed to professional users («Licensees»), such as professional operators, resellers, showrooms, interior designers, furniture and ceramics companies established in the European Union that access the Platform in the course of their business activity.

 

  1. Categories of Data Processed.

Maticad – in the context of providing the platform known as «Maticad365» and the related Services – processes the following categories of personal data:

Licensee Data

Category

Examples

Source

Identification and contact data.

First name, last name, company name, e-mail, telephone number

Provided during registration

Access and authentication data.

Credentials, password (in protected form), access logs

Generated by the Platform

Usage and browsing data.

Activity logs, session data, technical parameters

Collected automatically.

User Content.

2D/3D projects, renders, models, images, configurations

Provided by Users and accessible to Maticad for backup and technical support.

Billing and payment data.

Tax data, payment methods (deposit, balance, RIBA)

Provided during the contractual phase.

Communications.

E-mails and notifications between Users and Maticad

Provided by Users or generated by the Platform

Beta feature data.

Logs, content, session data within pre-release features

Collected automatically.

 

 

End-User Data

Category

Examples

Source

Lead generation data

Name, e-mail, telephone number, quotation requests

Provided by end users through integrated forms.

Statistical data

WebApp usage statistics

Collected automatically.

 

  1. Purposes and Legal Bases of Processing.

Personal data are processed for the following purposes, each based on a specific legal basis pursuant to Article 6 GDPR.

Processing Purpose

Legal Basis

Provision of the services composing the Platform and management of the contractual relationship: account creation and management; management of access credentials; provision of the «SaaS» services and/or the software licensed (including standard updates at no additional cost); access, storage, backup and technical support for User Content; white-label integration of the «Maticad365» components into the Licensees’ websites; management of orders, invoicing and payments; sending of operational and service communications relating to the contract and the use of the Services (e.g. suspension notices, expiries, automatic renewals, technical updates, amendments to the conditions); management of technical support and complaints.

Performance of a contract to which the data subject is party or of pre-contractual measures taken at the data subject’s request (Art. 6(1)(b) GDPR).

Compliance with legal, administrative, tax and accounting obligations: retention of tax and accounting documentation for the period required by law; compliance with obligations laid down by laws, regulations or measures of the competent authorities; disclosure of data to authorities in the cases provided for by law.

Compliance with a legal obligation to which the Controller is subject (Art. 6(1)(c) GDPR).

Platform security, maintenance, prevention of fraud and abuse: monitoring of the integrity of the Platform; monitoring of access and detection of anomalous or suspicious activities; prevention and countering of unauthorized access, fraudulent activities, hacking, malware and other improper uses; technical maintenance and implementation of security measures; management of security incidents and data breaches; verification of compliance with the General Terms and Conditions; protection of the Digital Catalogues and the intellectual property rights of Maticad and Partner Companies; collection and analysis of aggregated usage statistics for the technical improvement of the service.

Legitimate interest of the Controller in system security, prevention of abuse and fraud, and protection of its assets and rights (Art. 6(1)(f) GDPR). For aspects strictly necessary for the technical provision of the service, Art. 6(1)(b) GDPR may also apply where relevant.

Establishment, exercise or defense of a right and management of violations: management of disputes and legal protection in and out of court; suspension or removal of User Content in the event of a breach of the General Terms and Conditions, third-party reports or unlawful content; defense of the Controller’s rights.

Compliance with a legal obligation (letter c) and the Controller’s legitimate interest in protecting its rights (Art. 6 letter b GDPR).

Beta/Pre-release features: processing of usage data, technical logs, feedback and, where necessary, content uploaded by the User, including through manual review and with the aid of automated tools, in order to enable testing, quality assurance, error correction and optimization of the Beta features activated by the User.

Legitimate interest of the Controller in protecting its rights (Art. 6(1)(f) GDPR); where applicable, compliance with a legal obligation (Art. 6(1)(c) GDPR).

Lead generation through white-label components: collection of data entered by end users in integrated forms for direct marketing purposes, where such functionality is activated.

Consent of the data subject, where required by applicable law (Art. 6(1)(a) GDPR).

 

  1. Recipients and Categories of Recipients

Personal data may be disclosed or made accessible to the following categories of recipients:

  • Cloud infrastructure providers: Maticad uses third-party providers established in the European Union to host the Platform and store User Content. Such parties act as data processors pursuant to Article 28 GDPR.
  • Third-Party Companies: suppliers of the Digital Catalogues (ceramics, furniture, bathroom, plumbing and heating products), limited to the data strictly necessary to manage access to such catalogues.
  • Competent authorities: in the event of a breach of the Conditions or legal obligations.
  • Consultants and professionals appointed by Maticad for legal, tax or audit activities, within the limits of what is necessary.

Parties processing data on behalf of Maticad are appointed as data processors pursuant to Article 28 GDPR or, where applicable, as joint controllers pursuant to Article 26 GDPR.

 

  1. Transfer of Data to Third Countries.

Maticad provides the Platform to operators established worldwide. Personal data processed within the scope of the Services are not transferred to third countries outside the European Economic Area.

 

  1. Retention Period.

Data category

Retention period

Account data and User Content (post-termination)

90 days from termination of the Agreement; after that period, permanent and irreversible deletion.

User Content subject to technical storage limits

Until the technical limits are exceeded; the Services may be suspended in case of overrun

Billing and tax data

10 years from registration of the invoice

Data relating to disputes

For the entire duration of the dispute and until the limitation period of the asserted right expires

In any case, data will not be retained for longer than necessary to achieve the purposes for which they are processed (Art. 5(1)(e) GDPR).

 

  1. Rights of Data Subjects

As a data subject, the User has the right to:

  • Access (Art. 15 GDPR): obtain confirmation as to whether personal data are being processed and a copy of the personal data processed.
  • Rectification (Art. 16 GDPR): obtain the correction of inaccurate data or the completion of incomplete data.
  • Erasure (Art. 17 GDPR): obtain the deletion of personal data in the cases provided for by law.
  • Restriction of processing (Art. 18 GDPR): obtain restriction of processing in the cases provided for by law.
  • Portability (Art. 20 GDPR): receive the data provided in a structured, commonly used and machine-readable format, in the cases provided for by law.
  • Objection (Art. 21 GDPR): object to processing based on legitimate interest, including the processing of usage data for statistical purposes (§ 5.3), on grounds relating to the User’s particular situation.
  • Withdrawal of consent (Art. 7(3) GDPR): withdraw consent at any time, without affecting the lawfulness of processing carried out before the withdrawal. Withdrawal of consent to the use of Beta features entails the obligation to discontinue their use (D3:Art.4.5).

To exercise his/her rights, the User may contact Maticad using the contact details indicated in Section 1.

 

  1. Right to Lodge a Complaint.

The User has the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it), or with the supervisory authority of the EU Member State in which he/she habitually resides or works, if he/she believes that the processing of his/her personal data violates the GDPR.

 

  1. Automated Decision-Making and Profiling.

Maticad does not carry out processing based on fully automated decision-making, including profiling, that produces significant legal effects on Users.

 

  1. Changes to this Notice.

Maticad reserves the right to update this Notice to reflect legal, technical or organizational changes, informing Users by e-mail, Platform notification or publication at https://www.maticad.com/privacy-cookie-policy/.

 

  1. Language Version.

In the event of discrepancies between the Italian and English versions of this Notice, the Italian version shall prevail for Italian Users and the English version shall prevail for international Users.