PRIVACY POLICY

Users of the relevant accounts related to Clients, as well as the individual contact persons of the client itself (hereinafter also “data subjects”, ex. Art. 4(1) GDPR) are informed of the following general profiles, valid for all processing activities:

The Data Controller is Open Gate S.p.A., represented by its legal representative Luca Visconti, with registered and operational offices in Gorgonzola (20064 – MI), via Milano n. 37/c – tax code and VAT: 08033300966, contactable at: info@opegate.biz – tel.: +39 02 87198839.

All user data, directly or indirectly relating to natural persons, is processed in a lawful, fair and transparent manner towards the data subject, in compliance with the general principles set out in Art. 5 GDPR.

We have adopted specific security measures to prevent data loss, unlawful or improper use, and unauthorised access.

Through the AIDeskPro platform, we process only “common” data, i.e. information that does not include “special categories of data” (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data concerning sexual life) or “judicial data”.

The hosting of the tool is managed by Google Cloud or Scaleway, appointed as external data processors, whose servers are located within the European Economic Area.

Open Gate’s privacy policy does not involve the processing of personal data of natural persons under the age of 18.

We collect personal information as follows:

Account information: when you create an account with us, we collect information associated with your account, including your name, email and account credentials.

User content: when you use our services, you provide information through chat input, in files you upload to create Indexes or files you upload directly to chat, or in feedback you provide to our services (“Content”).

Communication information: if you contact us, we collect your name, contact information and the content of the messages you send.

Technical information (received automatically from use of the services):

• Log data: IP address, browser type and settings, date and time of request
• Usage data: types of content viewed, features used, time zone, country, access dates and times
• Device information: device name, operating system, device identifiers

Legal bases:

• Performance of contract (use, update and maintenance of the platform; invoicing; support)
• Legitimate interest of the Controller (claims management, aggregate statistical analysis, commercial communications to existing customers)
• Compliance with legal obligations

We use collected personal information to:

• Provide, manage, maintain and improve our services
• Develop new programmes and services
• Prevent fraud, criminal activity or misuse of our services
• Comply with legal obligations and protect the rights, privacy, security or property of ourselves and our affiliates, users or third parties
• Send you technical information, updates, security alerts, support and administrative messages

This Addendum (“DPA”) governs the processing of Client data (“Controller”) by Open Gate S.p.a., with registered offices in Gorgonzola, via Milano 37/C (20064 - MI) – tax code and VAT: 08033300966 (hereinafter “Open Gate” or the “Processor”).

The Client and the Processor have entered into a contract for the resale of AIDeskPro licences, a software product developed by Open Gate, which provides access to generative Artificial Intelligence (AI).

The Processor will process Personal Data in the course of activities related to the performance of the Contract and in particular all data of the Controller or third parties necessary for the provision of assistance and support services for the AIDeskPro application, for the cloud infrastructure hosting it and for integration with cloud and generative AI services.

If your company needs to finalise this document with Open Gate, please contact sales@opengate.biz.

AIDeskPro uses/integrates third-party products and services, identified as sub-processors, essential for AIDeskPro’s operation.

Cloud infrastructure: AIDeskPro resides in a Google Cloud or Scaleway account owned by Open Gate or the Client (AIDeskPro+ version). Servers are located within the European Economic Area (St. Ghislain, Belgium with backups in the EU).

AI services from OpenAI OpCo, LLC: Open Gate has entered into a “Data Processing Addendum” with OpenAI. OpenAI processes data only on behalf of Open Gate for the purpose of providing services, guaranteeing a level of protection no lower than that required by data protection laws. Further information: trust.openai.com and openai.com/policies/privacy-policy.

AI services from Google Cloud Italy S.r.l.: AIDeskPro uses Generative AI services provided by Google (Vertex AI – Gemini, PaLM 2…) and third-party models made available through Vertex AI Model Garden (Anthropic Claude Sonnet and Haiku). Privacy notice: cloud.google.com/terms/cloud-privacy-notice.

AI services from Nebius B.V. — Token Factory: AIDeskPro uses AI inference services provided by Nebius Token Factory (Nebius B.V., Schiphol Boulevard 165, 1118 BG Schiphol, Netherlands) for open-source models, including GLM-5.2 on endpoints in the eu-north1 region (data centre in Finland, within the European Economic Area). Nebius Token Factory holds ISO 27001, ISO 27701 and SOC 2 Type II certifications. The DPA is incorporated into Nebius’s Terms of Service and requires no separate signature. Zero Data Retention mode is available: data is not stored or used to train models. Data sent to EU endpoints remains within the EU. Privacy policy: docs.tokenfactory.nebius.com/legal/privacy-policy. DPO: privacy@nebius.com.

Email notification service: AIDeskPro uses MailGun (Sinch) for sending account management email notifications. Privacy notice: mailgun.com/legal/privacy-policy.

The updated list of sub-processors will be made available and updated on this page. Last updated: 23 June 2026.

Open Gate maintains an information security programme designed to safeguard its systems, data and customer data.

Authentication: AIDeskPro supports 3 authentication methods — username/password (bcrypt), Login with Google, API-Key.

Security measures adopted:

• Separate production and non-production environments
• Regular vulnerability scanning
• WAF – Google Cloud Armor (DDoS protection)
• Encryption of data at rest in production datastores
• Encryption of data in transit
• Audit logs of all infrastructure management operations
• Encryption of all corporate device disks
• Employee access based on the principle of least privilege

Customer data can be deleted upon request by emailing support@opengate.biz.

Navigation data: the IT systems automatically collect personal data whose transmission is implicit in the use of Internet communication protocols (IP addresses, domain names, URIs, request time…). These data are used solely to obtain anonymous statistical information on site usage and to check its correct functioning.

Contacts: the “Contact Us” section allows the data subject to request contact with Open Gate staff, providing their details (name / email / phone). Data is generally retained for times compatible with the purpose of collection; for customers, up to 2 months after the end of the contractual relationship; for other categories, no more than 24 months.

Other data voluntarily provided: sending emails to the addresses indicated on the site results in the acquisition of the sender’s address, necessary to respond to requests.

Cookies: no personal data is collected via cookies. No persistent cookies or user tracking systems are used. The site uses Google Analytics for anonymous usage analysis.

You may freely exercise the following rights regarding the processing of your data:

• Access: obtain confirmation as to whether personal data concerning you is being processed
• Rectification: request the correction of inaccurate data
• Erasure: request the deletion of data when no longer necessary
• Restriction: request the restriction of processing
• Objection: object, on legitimate grounds, to the processing of your data
• Portability: receive data in a structured, machine-readable format
• Withdrawal of consent: withdraw consent given at any time

To exercise your rights, contact Open Gate:

• Registered mail: Open Gate S.p.a., via Milano n. 37/c, Gorgonzola (20064 – MI), Italy
• Email: info@opengate.biz
• PEC: opengatesrl@legalmail.it

You have the right to lodge a complaint with the competent supervisory authority.

Cookies: no personal data is acquired from the site via cookies. No cookies are used to transmit personal information, nor are any persistent cookies or user tracking systems used. The use of session cookies is strictly limited to the transmission of session identifiers necessary for safe and efficient browsing.

Google Analytics: this site uses Google Analytics to collect and anonymously analyse information on site usage behaviour. Google does not associate your IP address with any other data held by Google.

You can disable cookies directly in your browser:

• Mozilla Firefox
• Google Chrome
• Internet Explorer
• Safari
• Opera