Privacy Policy
Last updated: 12 May 2026
This Privacy Policy explains how Auralis Biotech S.r.l. ("Auralis", "we", "us", or "our") collects, uses, and protects personal data when you use the Biotech Market Readiness Audit tool (the "Service") available at audit.auralisbiotech.it.
We are committed to processing personal data in compliance with Regulation (EU) 2016/679 (the "GDPR") and applicable Italian data protection law (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018).
1. Data Controller
The Data Controller is:
Auralis Biotech S.r.l.
Via Zavatti 8, 62012 Civitanova Marche (MC), Italy
VAT / P.IVA: IT10808851215
Email: info@auralisbiotech.it
Certified email (PEC): auralisbiotech@pec.it
For any questions, requests, or complaints concerning your personal data, please contact us at info@auralisbiotech.it.
2. Personal Data We Collect
When you use the Service, we collect the following categories of personal data:
Identification and contact data that you provide directly through the audit form:
- Name and email address
- Professional role and company information
Content you submit for analysis:
- The free-text material you provide for the audit (e.g., website copy, marketing or sales content)
Consent preferences:
- Your choices regarding mandatory and optional consents at submission
Data collected automatically when you use the Service:
- IP address (used for abuse prevention)
- Timestamp of submission
- Technical metadata strictly necessary for the Service to function
Data we generate based on your submission:
- The audit report (scores, summary, analysis, and recommendations) produced by AI processing of the content you submit
We do not knowingly collect special categories of personal data (such as health, religious, or biometric data). Please do not submit such content through the audit form.
3. Purposes and Legal Basis of Processing
We process your personal data for the following purposes:
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Generate and deliver the audit report to you | Performance of a contract (Art. 6(1)(b)) |
| Send you the audit report by email | Performance of a contract (Art. 6(1)(b)) |
| Protect the Service from misuse and abuse | Legitimate interest (Art. 6(1)(f)) |
| Internal notification to the Auralis team about new audits, for follow-up purposes | Legitimate interest (Art. 6(1)(f)) |
| Send you marketing communications, case studies, and updates from Auralis | Consent (Art. 6(1)(a)) — only if you ticked the optional marketing checkbox |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
You may withdraw your marketing consent at any time by replying to any email from us with "Unsubscribe", or by writing to info@auralisbiotech.it.
4. AI Processing Disclosure
The audit report is generated by an artificial intelligence (AI) model operated by a third-party AI processing provider. The content you submit through the audit form is sent to this provider's API solely to generate your audit report.
Under the commercial API terms governing our relationship with this provider:
- Your submitted content is not used to train the provider's AI models;
- Inputs and outputs are retained by the provider only for a short period (typically up to 7 days) for abuse prevention purposes, then automatically deleted.
The audit is generated automatically by AI. It is informational only and does not constitute regulatory, legal, scientific, or business advice. See our Terms of Use for the full disclaimer.
The identity of our AI processing provider can be disclosed upon written request at info@auralisbiotech.it to data subjects exercising their GDPR rights.
5. Service Providers (Sub-Processors)
To operate the Service, we rely on third-party service providers acting as data processors on our behalf, under written data processing agreements that include appropriate safeguards. These fall into the following categories:
| Category | Role | Location |
|---|---|---|
| Application hosting and frontend infrastructure | Hosting the audit interface | European Union |
| Database storage provider | Storing audit submissions and outputs | European Union |
| Email delivery provider | Sending transactional emails | European Union |
| AI processing provider | Generating the audit content from your submission | United States |
The full list of our current sub-processors is available on request by writing to info@auralisbiotech.it.
6. International Data Transfers
Some sub-processors are located outside the European Economic Area (EEA), specifically in the United States. Transfers of personal data to such recipients are made under the European Commission's Standard Contractual Clauses (SCCs) pursuant to Article 46(2)(c) GDPR, or under another adequacy mechanism where applicable.
You can request a copy of the SCCs by contacting us at info@auralisbiotech.it.
7. Data Retention
We retain your personal data for the following periods:
- Audit submissions and outputs (form data + generated audit content): up to 12 months from the date of submission, after which the records are anonymized or deleted.
- PDF download links and access tokens: 30 days from generation. After expiration, the PDF can no longer be retrieved via the link.
- IP addresses (for abuse prevention): up to 12 months.
- Marketing consent records (if you opted in): until you withdraw consent, plus a reasonable retention period to demonstrate compliance.
- Data required by law (e.g., accounting records, where applicable): for the period prescribed by Italian law.
After the applicable retention period, personal data is either deleted or anonymized so that you can no longer be identified.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): obtain a copy of your personal data.
- Right to rectification (Art. 16): correct inaccurate or incomplete data.
- Right to erasure (Art. 17): request deletion of your data, subject to legal limitations.
- Right to restriction of processing (Art. 18).
- Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
- Right to object (Art. 21): object to processing based on legitimate interest, including for direct marketing purposes.
- Right to withdraw consent (Art. 7(3)): withdraw consent for marketing communications at any time, without affecting the lawfulness of prior processing.
- Right to lodge a complaint: with the Italian Data Protection Authority (Garante per la protezione dei dati personali), https://www.gpdp.it, or with the supervisory authority of your country of residence.
To exercise any of these rights, please email us at info@auralisbiotech.it. We will respond within one month of receipt, as required by Article 12(3) GDPR.
9. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These include encrypted data transmission, restricted access on a need-to-know basis, abuse prevention measures, and contractual safeguards with our sub-processors.
No transmission over the internet is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.
10. Cookies and Tracking Technologies
The Service uses only strictly necessary cookies and technical identifiers required for the application to function — such as session tokens, security tokens, and infrastructure cookies set by our service providers for the proper operation of the Service.
We do not use analytics, advertising, tracking, or profiling cookies of any kind.
Because strictly necessary cookies do not require prior consent under Article 122 of the Italian Privacy Code, no cookie banner is displayed.
If we add analytics or non-essential cookies in the future, we will update this Privacy Policy and implement a cookie consent banner as required by law.
11. Children
The Service is intended for professionals working in biotech, life sciences, and diagnostics. It is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted personal data to us, please contact info@auralisbiotech.it and we will delete it.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. The "Last updated" date at the top of this page indicates when the most recent changes were made. Material changes will be communicated by updating the version date and, where appropriate, by direct notice.
13. Contact
For any questions, requests, or concerns regarding this Privacy Policy or our data processing practices:
Auralis Biotech S.r.l.
Email: info@auralisbiotech.it
PEC: auralisbiotech@pec.it
Address: Via Zavatti 8, 62012 Civitanova Marche (MC), Italy