Last Update: February 2026

Reply Events App - Privacy Notice

Reply S.p.A. (“Reply,” “we,” or “us”) respects your privacy and is committed to protecting it through our compliance with this Reply Events App Privacy Notice (“Privacy Notice”). This Privacy Notice describes the information we collect and process in connection with the Reply Events App (“Reply App”) and what choices you have with respect to the information.

This Privacy Notice applies to registered users who use or intend to use the Reply App, including employees, clients, and event participants or accompanying persons.

1. Purposes, Legal basis and Data Retention

We may process personal data about you that you provide when registering for and using the Reply App.

Certain processing activities are strictly related to the use of the Reply App, while others are connected to your participation in events managed through the Reply App (“Event”).

The personal data collected may include: name, surname, email, nickname, company (as applicable) and, where voluntarily provided, a profile photo. Provision of mandatory personal data is necessary to use the Reply App. Failure to provide mandatory data may prevent registration.

The profile photo is optional; however, if uploaded, it will be visible to other users of the Reply App.

You may also choose whether to share your name, surname, email and company (as applicable) with other participants through the dedicated “Contact Data Visibility” setting. If such option is not enabled, only the nickname and profile photo (if uploaded) will be visible to other users. You may withdraw such consent at any time via the Reply App or by contacting us using the details set out in Section 8.

Furthermore, subject to your explicit consent, if provided for the event, special categories of personal data (Art. 9(2)(a) GDPR) such as data relating to any allergies, intolerances or other dietary requirements that you have, may be voluntary provided by you through the Reply App. Such data is collected solely in connection with specific Events and will be used exclusively for meal administration purposes.

Your personal data may be used by Reply for the following purposes:

• to enable you to register for and use the Reply App, and to access the contents and activities available to registered Reply App users.
• to manage your registration and participation in the Event, including providing Event-related communications (such as updates or changes or logistical information) and, where reasonably necessary, supporting Event organization activities (for example badge printing for access control at Event venues);
• to comply with applicable laws, regulations, and legislation, as well as to comply with orders issued by authorities that are lawfully permitted to do so, including with respect to the prevention and detection of information technology offenses, as well as to manage any complaints or disputes.

The legal bases for processing are the performance of a contract or pre-contractual measures, compliance with legal obligations, and your explicit consent where required.

Personal data will be retained for no longer than necessary to fulfil the purposes for which it was collected.

• Event-related data (e.g., registration details, participation information) will be retained for up to 6 months after the end of the relevant event, unless further retention is required by law.
• Account data (e.g., name, surname, email, nickname and profile photo, if provided) will be retained for as long as the user account remains active. In the absence of activity, account data will be deleted after [24 months] of inactivity.
• For employees, account data may be retained for the duration of the employment relationship and for a limited period thereafter, in accordance with applicable policies.

Users may request deletion of their account at any time.

2. Processing method

For the purposes above described, we may electronically and/or manually process your personal information. We make use of reasonable technical and organizational security measures and safeguards that are designed to help protect the data that we collect, use, and retain.

3. Data Recipients and Data Transfers

In connection with the purposes outlined in the section 1 above, we may disclose your information to the following recipients which act either as data processors or independent controllers, as applicable:

• Entities within the Reply Group Companies or their employees, based in the European Economic Area (EEA) and/or the United Kingdom;
• Individuals or legal entities appointed by Reply to perform technical interventions, repairs, routine and maintenance, service restoration and updating, consultants, service providers, business partners, vendors in entrusted to perform activities related to the Reply App, to pursue the purposes outlined in the section 1 above;
• Competent governmental or public authorities, in each case to comply with legal or regulatory obligations or requests.

Note for users located in the United States: Reply does not sell or share personal data for advertising or commercial profiling purposes.

Apart from the recipients listed above, your data will not be subject to any wider dissemination.

Where personal data is transferred outside the EEA, appropriate safeguards pursuant to Art. 46 GDPR are applied (e.g. Standard Contractual Clauses).

4. Data subjects' rights

You have the right to require the access to your personal data and, where the conditions are met, to require the amendment or erasure of the same or restriction of the processing that refer to you, or to oppose to the processing. Where the conditions are met, you have the right to data portability.

Where processing is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing prior to withdrawal.

For the abovementioned communications, you may use the contact details reported in section 8 below. You have the right to lodge a complaint to the responsible Supervisory Authority.

5. Users Located in the European Union / European Economic Area

For users located in the European Union, the European Economic Area, or the United Kingdom, personal data is processed in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation – “GDPR”) and applicable national data protection laws.

Data subject rights described in Section 4 apply in accordance with the GDPR.

The Data Controller for the processing of your personal data is Reply S.p.A., with a registered office in Corso Francia n. 110, Turin, Italy, represented by the pro tempore legal representative.

The contact details of the Data Protection Officers are:

• Italy DPO: dpo.it@reply.it
• Germany DPO: dpo.de@reply.de
• UK, France DPO: dpo.uk@reply.com

6. Users Located in the United States

This Privacy Notice also applies to individuals located in the United States who use the Reply App.

Personal data is collected and processed solely for event registration, organization, and participation management purposes.

Where applicable U.S. state privacy laws grant specific rights, such rights may be exercised by contacting Reply using the details set out in Section 8.

7. Updates to this Privacy Notice

We may make changes to this Privacy Notice from time to time. The “Last Update” date at the top of this page shows when this Privacy Notice was last revised. Any changes will become effective upon publication of the updated Privacy Notice.

7. Contact Us

If you have any comments or questions regarding this Privacy Notice or our data handling practices, please contact us at: eventsapp@reply.com.