COOKIE POLICY - MOBILE AND WEB APP “LIFFO”

Information on the use of cookies in the mobile application and on the website

Updated September 2025 - Compliant with GDPR and the Guidelines of the Italian Data Protection Authority of 10 June 2021

DATA CONTROLLER

Robomagister srl with registered office in Via Carlo Calvi di Coenzo, 8 cap 42124, Reggio Emilia, Italy.

DEFINITIONS AND REFERENCE LEGISLATION

This Cookie Policy is drafted in accordance with:

• EU Regulation 2016/679 (GDPR)
• Privacy Code (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018)
• Guidelines on cookies and other tracking tools of the Italian Data Protection Authority of 10 June 2021
• Art. 122 of the Privacy Code

Cookie: Cookies are small text files that applications and websites send to the user's terminal (smartphone, tablet, computer, etc.), where they are stored and then retransmitted to the same application or site during the user's subsequent visit.

Application: This information concerns: the mobile application called Liffo available for iOS and Android operating systems and the web application liffoweb.liffo.com.

TYPES OF COOKIES USED BY THE MOBILE APPLICATION AND THE WEBSITE

This mobile application and website exclusively use technical and functional cookies, as specified by the Guidelines of the Italian Data Protection Authority of 10 June 2021.

Necessary Technical Cookies

Technical cookies are used solely for the purpose of "carrying out the transmission of a communication over an electronic communication network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the user to provide such service" (Art. 122, paragraph 1, of the Privacy Code).

Purposes:

• Ensure the correct functioning of the mobile application and the website
• Maintain the user's session during navigation
• Manage authentication in reserved areas
• Save application configuration preferences
• Store the user's progress in the application

Duration: Session cookies are automatically deleted when the application or browser is closed. Persistent cookies have a maximum duration of 12 months.

Legal basis: Legitimate interest of the data controller (Art. 6, paragraph 1, letter f) GDPR) for the correct functioning of the mobile application and the website.

Functional Cookies

Functional cookies allow the user to navigate based on a series of selected criteria in order to improve the service provided.

Purposes:

• Store the user's language preferences
• Save application or site configuration settings
• Remember user choices to customize the interface
• Improve the user's browsing experience
• Maintain accessibility settings

Duration: Maximum 12 months

Legal basis: Legitimate interest of the data controller (Art. 6, paragraph 1, letter f) GDPR) to improve the user experience.

CONSENT AND MANAGEMENT OF COOKIES for Technical and Functional Cookies

For technical and functional cookies, user consent is not required as established by the Guidelines of the Italian Data Protection Authority of 10 June 2021, as they are necessary for the correct functioning of the application/site or to provide services explicitly requested by the user.

Information

In accordance with current legislation, the user is informed of the use of cookies through:

• This Cookie Policy
• Information in the application and on the site (if applicable)

As specified by the Authority: "In the event that only technical cookies or other similar tools are present, information about them may be provided on the homepage or in the general information without the need to affix specific banners to be removed by the user."

RIGHTS OF THE DATA SUBJECT

The user can exercise the following rights provided by the GDPR:

• Right of access (Art. 15 GDPR): obtain information on processed data
• Right to rectification (Art. 16 GDPR): correct inaccurate data
• Right to erasure (Art. 17 GDPR): obtain the erasure of data
• Right to restriction of processing (Art. 18 GDPR): limit processing
• Right to data portability (Art. 20 GDPR): obtain data in a structured format
• Right to object (Art. 21 GDPR): object to processing

To exercise these rights, the user can contact the Data Controller at the addresses indicated in point 1.

DEVICE-LEVEL COOKIE MANAGEMENT

The user can manage cookies directly from their device settings:

iOS Devices

To manage application data:

• Go to "Settings" → "General" → "iPhone Storage"
• Select the application → "Offload App"
• Or delete and reinstall the application

Android Devices

To manage application data:

• Go to "Settings" → "Apps" → "[App Name]" → "Storage"
• Select "Clear data" or "Clear cache"

Warning: Deleting application data will erase all personalized settings and may require a new configuration.

Browser

It is specified that the user can express their options on the use of cookies on the site (also by setting the browser(s) following the instructions provided below. The user can also set "anonymous browsing" which allows the user to browse the internet without saving any information about the site, visited pages, any passwords entered and other parameter information.

Microsoft Edge: https://support.microsoft.com/it-it/microsoft-edge/eliminare-i-cookie-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

Safari: https://support.apple.com/it-it/guide/safari/sfri11471/mac

Chrome: https://support.google.com/chrome/answer/95647?hl=it&hlrm=fr&hlrm=en

Firefox: https://support.mozilla.org/it/kb/protezione-antitracciamento-avanzata-firefox-desktop?redirectslug=Attivare+e+disattivare+i+cookie&redirectlocale=it

For further information on how to control, manage and delete cookies on your device, please consult the following links:

https://webcookies.org/ or http://www.allaboutcookies.org/manage-cookies/index.html or http://www.wikihow.com/Disable-Cookies or http://www.youronlinechoices.com/it/

DATA SECURITY

The Data Controller adopts adequate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Art. 32 of the GDPR, including:

• Encryption of data in transit and at rest
• Access controls to systems
• Backup and disaster recovery procedures
• Staff training on data protection
• Regular updates of security systems

DATA TRANSFERS

The technical and functional cookies used by the application and the website are stored on servers located in the European Union. No data transfers to third countries are foreseen for these types of cookies.

RETENTION PERIODS

Data collected through cookies are retained for the time strictly necessary to achieve the purposes for which they were collected:

• Session cookies: Until the application and browser are closed
• Persistent technical cookies: Maximum 12 months
• Persistent functional cookies: Maximum 12 months

At the end of these periods, cookies are automatically deleted from the system.

UPDATES TO THE COOKIE POLICY

This Cookie Policy may be amended in case of:

• Regulatory evolution
• Changes to the functionality of the application or site
• Updates to processing methods
• New guidelines from the Privacy Authority

Users will be informed of any substantial changes through:

• Notification in the application and/or on the site
• Update of the last modification date

CONTACTS AND COMPLAINTS

For any information relating to this Cookie Policy or to exercise the rights provided by the GDPR, you can contact:

Data Controller (see contact details indicated in point 1)

Supervisory Authority:

Complaints can be submitted to the Italian Data Protection Authority:

• Website: www.garanteprivacy.it

Applied Principles

This information respects the fundamental principles of the GDPR:

• Transparency: Users are clearly informed about the use of cookies
• Purpose limitation: Cookies are used only for specific and legitimate purposes
• Minimization: Only strictly necessary cookies are used
• Accountability: The data controller guarantees and demonstrates regulatory compliance

________________________________________________________________________________

Last modified: 13/10/2025

Version: 2.0

________________________________________________________________________________

This document has been drafted in accordance with current legislation on personal data protection for mobile applications and websites that exclusively use technical and functional cookies.