Exein logo

Privacy Policy

PRIVACY NOTICE FOR THE PROCESSING OF PERSONAL DATA

In accordance with the provisions of the General Data Protection Regulation no. 679/2016 (“GDPR”) Exein S.p.a. (“Exein”) as data controller informs you of the following regarding the processing ofyour personal data pursuant to art. 13 of EU Regulation 2016/679 onthe protection of personal data (“Regulation”).

a) data will be processed solely in relation to contractual needs and to the consequent fulfilment of the legal and contractual obligations arising therefrom, and for the purposes of the effective management of business relationships. The provision of data is mandatory for all that is required by contractual and legal obligations; any refusal to provide or subsequently process such data may result in Exein being unable to enter into the contractual relationships;

b) your data may also be used for the extraction of statistical information, so as to guarantee the best service to consumers andthe best after-sales support, in order to improve the provision of our services, and for sales and marketing purposes, in order to keep you up-to-date on the latest service announcements and invite you to events and exclusive pre-sales. The provision of data for the above purposes is optional. Refusal to provide data will not therefore have any repercussions on the data subject or on the enforcement of our existing contractual relations;

d) data will be processed fairly and lawfully and, in any case, incompliance with the aforementioned regulation, by means of suitable technical and organizational tools that ensure appropriate security and confidentiality of the data;

e) processing is carried out by expert appointed staff by paper, computer, electronic and any other type of means deemed technologically suitable for safeguarding the data subject’s rights and freedoms;

f) the data will be stored in the filing systems and competent offices of Exein;

g) without prejudice to communications and disseminations made incompliance with legal obligations, the data may be disclosed to: banks, post offices or other mail delivery companies, credit institutions and debt collection companies, insurance companies, consultants, self-employed professionals, IT maintenance companies, training bodies, and in any case to all third parties identified for the purposes listed above and for the enforcement of our existing contractual relations.

h) data will be processed and retained for the duration of established contractual relationships and, in specific cases, alsothereafter, so as to guarantee fulfilment of all legal obligations;

i) data will be processed within and, where appropriate, outside the European Union. The Data Controller hereby ensures that any transferof data outside the EU will take place in accordance with applicable legal provisions and with the safeguard requirements of the GDPR. With regard to the data itself, you may exercise the rights envisaged by articles 15 to 22 of EU Regulation 2016/679 (a copy of which is annexed hereto). In more detail, data subjects have the following rights in relation to the processing to which theirpersonal data is subject:

## Right of access;
## Right to rectification;
## Right to restrict processing and right to erasure;
## Right to data portability;
## Right to make a complaint to a supervisory authority;

These rights may be exercised by sending written notice to the Data Controller, Exein S.p.A., with registered office at Piazzale Flaminio 19 – 00196 – Rome – Italy

E-mail: privacy@exein.io