PRIVACY NOTICE

1. Purposes and principles of data processing. In compliance with the obligations set forth in articles 13-14 of EU Regulation 679/2016 (GDPR), this document describes how the website manages the processing of personal data of users who browse it and interact with the web services accessible electronically from the address: www.Unghieperfette.com.

Please be informed that Jox Cosmetics S.R.L. will use your personal data to manage access to the portal and the services included therein, manage technical practices, carry out all necessary or useful activities for the constant improvement of the service provided, and for the verification of liability in case of crimes against the Site and/or illicit acts carried out through the Site. Specific additional purposes related to individual processing may be identified in detail, through supplementary notices, within the various services included in the portal (see in particular section 2 below).

Consultation of the Site may involve the processing of data relating to identified or identifiable persons. Personal data provided by users who consult the Site are processed by the recipient of the communication in order to follow up on received requests.

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site, to technically enable the site's functionalities, to check its correct functioning and to ensure the maintenance of its database. In these cases, navigation data do not allow the identification of interested users and are deleted immediately after anonymous processing.

Navigation data may also be used to ascertain liability in case of crimes against the Site or committed through the Site.

Data provided voluntarily by the user

These include:

• information sent voluntarily by users to the addresses indicated on the Site (e.g. email address, subject of the email, company name or business name, first and last name, etc.);
• personal data provided by users to use services accessible on the Site or to participate in initiatives promoted through the Site;
• personal data provided by users who send requests for news and/or informational material (e.g. newsletters);
• personal data provided by users who send job applications ("curriculum vitae", etc.).

The processing involves the acquisition of data (e.g. the collection of the sender's email address, necessary to respond to their requests, and any other personal data entered and other operations).

The processing will be carried out, with or without the aid of electronic tools, according to principles of fairness, lawfulness, transparency, in order to protect the confidentiality and rights of the interested party at all times, in compliance with the provisions of current legislation.

The purposes of the processing are to fulfill any user requests related to sending informational material (bulletins, newsletters, mailing-lists, answers to questions, notices, acts and provisions, other documentation, etc.) or to perform the service or performance requested by the user, and are communicated to third parties only if this is necessary for the fulfillment of the aforementioned requests or for the fulfillment of obligations provided for by current legislation incumbent on the Data Controller of the Site.

After the termination of any contractual relationship established between the Data Controller and the interested party, personal data will also be processed to fulfill all legal obligations connected with or arising from the terminated relationship.

In such cases, consent to processing is optional and any lack of consent may therefore make it impossible for the user to obtain what is requested from the Data Controller of the site or the requested service or performance.

Data collected from third parties

Sometimes we may collect data relating to user's online behavior, through the DEM service provided to us by third parties for direct marketing purposes, in particular from our provider Sendiblue (see the Data Transfer Abroad section).

2. With the customer's specific consent (please refer to specific online and/or paper forms), the collected data will also be used by us for commercial, promotional, and direct marketing activities, i.e., sending commercial communications, promotional material, and direct sales offers of products and/or services, as well as for market research, through any communication means, including automated ones (mail, email, telephone, SMS, MMS, instant messaging like Whatsapp or Telegram, social network messages, etc.). This consent is always optional, and any lack of consent will therefore not prevent the user from using any requested services, but simply prevent the Site operator from using the data for the aforementioned particular purposes.

Direct marketing is defined as "soft spam" when the interested party is already our customer or our prospect (meaning someone who has already had a concrete commercial contact of some kind in the past, which did not result in the purchase of our products, such as a request for commercial information, a request for a quote, a request for information about a product, the spontaneous delivery of a business card related to their activity, the receipt of an unsuccessful quote from us), occurs exclusively via email, SMS or instant messaging messages (e.g. Whatsapp, Telegram) and is limited to the promotion or direct sales offer of products or services similar to those for which the previous purchase or commercial contact occurred (e.g. a proposal to purchase cosmetic items for a customer who had already purchased them in the past, etc.).

We also use your data for profiling purposes. This is a relevant activity for privacy purposes only if it concerns natural persons; therefore, privacy legislation does not apply when it concerns subjects other than natural persons.

For your profiling, we use the data (e.g. first and last name, company name of the company you belong to, residence or headquarters, country of origin, landline and mobile phone, email address, website, economic or commercial sector of activity, type of product/service purchased or sold) that you provide to us when using individual services (e.g. to request the newsletter or to make purchases, or when you register in the reserved area of our website) also by associating them with data from your navigation on our Company's website and/or the use of services provided by the site (e.g. cookies, your IP address) or data collected through other communication channels (e.g. social media with which you interact, linked from our site).

If you subscribe to our newsletter, we will use the data for sending it and, with your specific separate consent, for marketing activities (e.g. to send you promotional communications other than the newsletter), and for profiling and loyalty purposes.

We process data to analyze, even predictively, and/or create groups of natural persons divided by market segments based on a minimum set of elements (e.g., profession, country and/or geographical area of origin, product or economic category), up to more advanced profiles based on age, gender, preferences you declared regarding professional areas of interest, age, the composition of your household, online behavior and previous purchases.

Furthermore, we record and analyze whether, when you receive our emails, you open them, read the content of any attachments, respond to our calls to action (e.g., clicks on links contained in emails) or use a discount code or other content accessible from the email itself.

This activity has a dual purpose: to better understand customers, both as groups and as individuals, and to analyze marketing effectiveness to develop and update products, services, and offering methods in line with the preferences of our targets.

Profiling therefore aims to align the services and goods we offer with current and potential demand, measure the results of specific promotions, take corrective actions aimed at improving business results (e.g., reducing the risk of investing resources in marginal thematic areas for the target) and the effectiveness of commercial processes (e.g., ascertaining how many promotional messages and content we sent you have been seen and clicked by you), limit the sending of promotional communications not relevant to your probable expectations and needs or through unwanted channels. This means that we do not send the same offers to all interested parties, but Jox Cosmetics srl will be able to send you advertising communications as close as possible to your tastes, interests or preferences, or through your preferred contact methods, improving your shopping experience, also to your own advantage.

Furthermore, if you consent to profiling, we use the data to advertise services and products on social media to other people who have a similar profile to yours and who therefore may be most interested in what is offered.

The profiling we carry out can be of two types: basic or advanced. The first is limited to analyzing a profile of the interested party that is generally limited, i.e., relating to information that does not particularly invade the subject's private sphere. Advanced profiling, on the other hand, analyzes aspects beyond basic profiling.

Profiling does not exclude you from specific benefits or from the possibility of freely exercising your rights in relation to the personal data we process; in particular, it does not prejudice the possibility for the interested party to use our ordinary services (e.g., online pre-registration, purchase of services).

We also process data for loyalty purposes, i.e., planning and executing loyalty programs based on loyalty cards or similar. In such cases, the legal basis for processing is your prior consent, which can be freely denied.

Obligatory or optional nature of data communication and consequences of non-communication.

For processing for direct marketing purposes other than soft-spam and advanced profiling and loyalty, the provision of Data is optional and/or consent to processing may be freely denied; in this case, any failure to provide or consent will only result in the impossibility of proceeding, from time to time, with the processing for these individual limited purposes. Any consent given may subsequently be revoked by the Data Subject at any time, by communicating without particular formalities to the Data Controller at the email address indicated below.

3. Subjects who process the data. The collected data are processed by the internal delegates of Jox Cosmetics srl who need to be aware of them in the performance of their activities (e.g. commercial office, marketing office, administrative office, call center, technical staff for the maintenance of the company's IT system, etc.).

The data may also, in compliance with current provisions, be communicated to factoring companies, debt collection companies, credit insurance companies, commercial information companies, distribution companies for the performance of their activities (e.g., order management, contract activation, after-sales assistance), transport companies, credit institutions for the management of collections and payments, third parties appointed to carry out activities connected and instrumental to this processing (such as debt collection companies, credit insurance companies, lawyers and law firms, chartered accountants, accounting experts, auditors and auditing firms, members of the supervisory body pursuant to Legislative Decree 231/2001, statutory auditors, or third parties appointed to carry out maintenance services for IT systems and/or electronic archives connected to the site). Only in the case of any processing carried out for direct marketing, profiling or loyalty purposes, the data - with your prior consent (see the specific different section of this privacy policy) - may also be communicated to advertising agencies, web marketing companies, consultants and professionals entrusted by Jox Cosmetics srl with activities functional to the pursuit of these purposes. The data are also communicated to authorities and public administrations in fulfillment of legal obligations. The aforementioned third parties will process the data as external processors or independent data controllers.

The data will not be disseminated.

4. The logic and forms of processing organization will be strictly related to the individual purposes respectively indicated above. Processing will take place electronically, telematically and/or on paper. During processing, the data are subjected to protection measures activated by Jox Cosmetics srl in order to guarantee the data themselves against the risk of unauthorized access or unauthorized processing. For example, personal data managed at a computerized level can only be accessed by entering personal mandatory passwords into the various processing or data entry programs, by authorized personnel of Jox Cosmetics srl only, who must in any case comply with predetermined usage limits.

The internal delegates belong to the homogeneous company functional areas that need to process the data for the purposes indicated in this privacy policy, such as the administration office, the human resources office, the IT maintenance office, the marketing office, etc.

Jox Cosmetics srl has also appointed all categories of external parties to whom the Company must communicate the data for the aforementioned purposes (where such external parties do not assume the direct role of autonomous data controllers due to the scope of managerial autonomy granted to them in relation to the processing entrusted to them) as data processors. An updated list of data processors is available upon request from the interested party.

6. Personal data are generally processed for the entire duration of the contractual relationships established with the data subject, and subsequently, only for the duration necessary to fulfill our legal obligations (10 years). After the termination of the contractual relationship eventually established between the Data Controller and the data subject, personal data will also be processed to fulfill all legal obligations connected to the terminated contractual relationship. The data will be stored no longer than the time necessary to fulfill the aforementioned obligations, tasks, or purposes and to prove their fulfillment to the supervisory authorities (usually for 10 years from the termination of the contract), after which they will be destroyed. Some data (e.g., first and last name, company name and business name, VAT number, tax code, email, telephone number, mobile phone, fax, certified email, registered office address, names of internal and/or contact persons, etc.) are also kept beyond the aforementioned ten-year deadline, as long as they are useful for satisfying the Data Controller's legitimate interest in rationalizing the selection and commercial contacts with users, customers and/or suppliers.

Conversely, where personal data are processed for IT security purposes (e.g., log registrations), the data will be retained for the time sufficient to complete related security checks and evaluate their outcomes; normally a maximum of 1 year from the time of collection. In the event of extrajudicial or judicial litigation with the interested party and/or third parties, the data will be processed for the time strictly necessary to fully protect the Data Controller's rights.

The data retention period for data collected via cookies is illustrated in the "Cookie Policy" section below.

7. The legal basis for processing is, depending on the case, Article 6 letter b) GDPR (processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures adopted at the request of the data subject, e.g., requests for information or commercial offers), Article 6 letter c) GDPR (processing is necessary for compliance with a legal obligation to which the controller is subject) and/or Article 6 letter f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, which override the interests or fundamental rights and freedoms of the data subject). In particular, the legitimate interest of the controller is to i) be able to process data in order to effectively and efficiently manage the relationship with its users, customers and/or suppliers and to organize the relevant internal organizational and management processes. The legitimate interest of third parties, on the other hand, is to receive and process personal data from the Controller for the purpose of verifying compliance with legal and contractual obligations towards the data subject or third parties (e.g., verification by the Public Authority regarding the fulfillment of tax obligations, verification by the board of auditors or statutory auditors regarding the fulfillment of legal obligations, etc.) or to receive and process personal data from the Controller in turn to manage activities related to the Controller's request for support in managing activities towards data subjects.

In the case of processing for purposes of basic profiling or direct marketing consisting of soft-spam, the legal basis is our legitimate interest in maintaining a commercial relationship with the data subject through periodic communication of such messages concerning our products and services via off-line and on-line methods and to minimize the dispersion of promotional messages by focusing them on targets, channels and content that can guarantee a greater return in terms of sales effectiveness; therefore, for these purposes, the prior consent of the data subject is not required.

In the case of processing for purposes of advanced profiling or direct marketing other than soft-spam (e.g., if, even if the data subject is our customer or a prospect, direct marketing occurs through channels other than emails, SMS, or instant messaging) the legal basis is Article 6, letter a), of EU Regulation no. 679/2016 or "GDPR" (the data subject has given their free and informed consent to the processing for a given purpose and has not subsequently withdrawn it).

8. Cookie Policy. 

The Italian Data Protection Authority, with its provision of 8 May 2014, transposed, with definitive entry into force in Italy from 2 June 2015, the European directive 2009/136/CE, which requires website administrators to publish information regarding the cookie policy of the site visited by users.

This Policy may be updated at any time due to changes in current legislation or any change in the configuration and type of cookies used, therefore we suggest that you periodically review this cookie policy to be aware of all subsequent updates.

The Site may contain links to other websites that have their own privacy policies which may differ from those adopted by the Site's positioning-seo and for which the Site is therefore not responsible.

What cookies are and how they are used

Cookies are short strings of information (text files) concerning user activity on the website, which are stored, during the first navigation on the website, on the user's device (computer, smartphone or tablet) browsing the internet, to then be retransmitted to the same sites on any subsequent visit by the same user, allowing our site to automatically recognize the user (or other users using the same device) after the first visit and thus improve their user experience.

Their operation is entirely dependent on the browser used by the user and can be enabled or disabled by the user themselves.

In order to always ensure the best possible browsing experience, our site offers the best performance with cookies enabled. By default, almost all web browsers are set to automatically accept cookies.

Cookies can be:

• "first-party" when they are managed directly by the website owner
• "third-party" when cookies are set and managed by entities external to the website visited by the user.

Third-party cookies fall under the direct and exclusive responsibility of the operator, and in relation to their installation, the first-party site operator acts merely as a technical intermediary.

Which cookies we use and for what purpose

The Site uses or may use, also in combination, the following categories of cookies:

• Permanent or "persistent" cookies: these cookies remain stored on the device even after leaving the website or closing the browser: in particular, they remain until their intended expiration or until they are manually deleted by the user. Persistent cookies fulfill many functions in the interest of users (such as password storage), however, in some cases they can also be used for promotional purposes.
• Session (or temporary) cookies: These have a limited duration to the visit and are deleted when the browser is closed, which ends the "session" of access to the website. As a rule, they allow the user to access personalized services and to fully exploit the site's functionalities, avoiding the use of other IT techniques potentially detrimental to the privacy of users' navigation.
• Technical-functional cookies, for example for the transmission of session identifiers necessary to allow safe and efficient exploration of the site. These cookies avoid the use of other IT techniques potentially detrimental to the privacy of users' navigation.
• Analytics cookies: these cookies can be either temporary or permanent, and allow for the collection and analysis, in aggregate and/or disaggregated form, of statistical information related to access (e.g., user's geographic area of origin, access tool used, age, etc.) and generally to user behavior on the site, thereby improving the user experience and the content provided.

Such analytical cookies can be assimilated to technical cookies only if they are created and used directly by the first-party site (without, therefore, the intervention of third parties). For example, the site uses log files (meaning it records the history of operations as they are performed) and registry files (which include IP addresses, browser type, operating system used by the user's device, Internet Service Provider (ISP), date, time, entry and exit page and the number of clicks, but also the pages visited on the site, the third-party sites from which the user originates). All this to analyze user behavior trends and administer and optimize the site. The information collected in this way has no personal value as the data is collected and analyzed anonymously.

If, on the other hand, analytical cookies are created and/or used by third parties (i.e., different from the owner of the first-party site), they cannot be assimilated to technical cookies and have different legal treatment.

• "Profiling" (or advertising) cookies (always permanent): these are used to obtain aggregated or non-aggregated information, useful for evaluating the use of the website and the activities carried out by the visitor (choice of displaying specific pages, specific products and/or services, etc.), used by the owner to formulate targeted commercial advertisements for products and/or services, i.e., based on the user's previous activities (instead of general advertisements offered indiscriminately to everyone).

For the use of technical cookies, the law requires only that the data subject be informed, as occurs with this communication, and therefore even without the creation of specific banners on the Site.

For all non-technical cookies, however, current legislation subordinates their installation to the prior expression of consent in the simplified forms provided by the Provision of 8.5.2014 of the Garante, i.e., through the publication of a summary banner visible to the user upon the first "landing" on the site, which allows for the generation of a further action of use of the Site (based on "scrolling", or the continuation of navigation within the same web page) with which the user can implicitly communicate their consent, or, alternatively, access an analytical cookie information notice (i.e., this notice), within which they can express their necessary consent or dissent. Such consent or non-consent can be formulated by the user not in reference to individual installed cookies but in relation to broader categories of cookies, or to specific producers and/or intermediaries with whom the Site has established commercial relationships.

List of cookies actually present on the website

The above premise does not automatically imply that this website currently uses all the cookie categories listed above. The list of cookies actually used by Jox Cosmetics srl is given below.

Cookie name	Function (technical, analytical, advertising)	Saved data – objective	Duration (if permanent and if not deleted earlier by the user)
__utma, __utmb, __utmc, __utmv, __utmz	Navigation analysis cookie	A random unique number or a string of letters and numbers to identify the browser, the times and dates of interaction with the site, and the marketing tools or referring pages that led to the site.	5min - 2y
frontend	Session cookie	Session ID	60min
cookielaw	Configuration cookie	Checks if the user has consented to save cookies.	1y
PHPSESSID	Session Cookie	PHP session ID	60min
__atuvc, __atuvs	Configuration cookie	Used by the AddThis page sharing widget to store the number of page shares	http://www.addthis.com
customer_group	Configuration cookie	Used by Magento: contains the user's group affiliation	60min
external_no_cache	Analysis cookie	Used by the Magento framework to indicate if caching is enabled	60min
store	Configuration cookie	Used by Magento to indicate the selected store view	1y

 

The Site also uses Google Analytics cookies (cookies from Google Inc., which is an American company, a third party). We specify that no strictly personal information is collected through the Google Analytics functionalities, but only aggregated statistical data on the age, gender, and interests of our visitors (in order to better evaluate the use of our website and the activities carried out by the visitor and to better direct the services provided). These cookies are stored on servers that may be located in the United States or other countries. Google reserves the right to transfer the information collected with its cookie to third parties where this is required by law or where the third party processes information on its behalf.

The "Analytics" functionality is, however, configured by Jox Cosmetics srl by default in such a way as to significantly mask portions of the user/visitor's IP address, and therefore the IP address data thus collected is already anonymized at the source and thus the analytical cookie does not allow for identifying the user/visitor, not even indirectly - and in particular through further processing. For this reason, Jox Cosmetics srl, which acts as the site manager from time to time, is not even subject to the obligations and requirements established by cookie regulations (e.g., notification of cookie processing to the Privacy Guarantor) under the law.

In the event that Jox Cosmetics srl should in the future decide to modify the configuration of the "Analytics" functionality at any time to allow the collection of user data consisting of the last three numbers of their IP address, this choice must be notified in advance to the Privacy Guarantor by the data controller operating through the portal or site, to protect the user.

 

Please note that Google also assures, from now on, that it will not associate the user's IP address with any other data held by Google in order to obtain a more detailed user profile.

This site does not use nominative profiling cookies, i.e., based on personal identification data.

Our site does not use remarketing lists and display network ads, i.e., online advertisements based on categories of general interests expressed by categories of users through previous web browsing.

Notwithstanding the generality of the foregoing, our site does not use the special advertising functions of Google Analytics (which allow for the activation of additional functionalities not available through standard Google Analytics implementations and related cookies, and to also collect traffic data - through Google advertising cookies and anonymous identifiers - in addition to the data normally already collected by us through a standard Google Analytics implementation). Google Analytics advertising features are as follows:

• Remarketing with Google Analytics
• Google Display Network Impression Reporting (if used through AdWords)
• DoubleClick Platform Integrations
• Google Analytics Demographics and Interest Reporting

• Social cookies: these are third-party cookies, i.e., provided directly by the domains of the most common social media networks that are linked to our Site via links to official pages, content sharing buttons, and links. The use of these buttons and functionalities implies the exchange of information (e.g., texts, photographs, videos, etc.) with these sites.

The management of information and methods for eliminating these social cookies is, therefore, regulated by the social media sites themselves; users are invited to consult their respective privacy policies at the following links:

• Linkedin: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
• Facebook: https://www.facebook.com/policies/cookies/
• Instagram: https://help.instagram.com/519522125107875
• Twitter: https://help.twitter.com/it/rules-and-policies/twitter-cookies
• YouTube: https://www.google.com/policies/technologies/types/

The use of these cookies is purely anonymous; no personal information is collected unless the user explicitly intends to provide it by sending contact and/or information request forms.

Further information on privacy and the use of social cookies can be found directly on the websites of the respective third-party operators.

How cookies work and how to disable them

Accepting or rejecting cookies is your right.

By default, browsers generally accept the use of cookies from both our site and third-party sites. To allow the site to function correctly, exploit its features and use it in its entirety, we recommend accepting the use of cookies.

The user is, however, enabled to change the default configuration at any time. To manage how cookies work, as well as the options to limit or block cookies, it is sufficient for the user to change their Internet browser settings via the relevant toolbar. It is possible to choose between unconditional acceptance of all cookies (in particular: by browsing our site in any way after the initial appearance on the screen of the synthetic banner that warns you of the presence of cookies on our website, you implicitly consent to the use of cookies), the indiscriminate rejection of all cookies definitively, or the display of a pop-up window (Notice) each time a cookie is proposed, in order to evaluate whether to accept it or not through an explicit action by the user.

Below are links for configuring the most popular browsers that describe how to manage cookies:

- Chrome: https://support.google.com/accounts/answer/61416?hl=it

- Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie

- Internet Explorer: http://windows.microsoft.com/it-it/windows-vista/block-or-allow-cookies

- Opera: http://help.opera.com/Windows/10.00/it/cookies.html

- Safari: https://support.apple.com/it-it/HT201265

To change cookie settings in browsers other than those listed, refer to the help documentation provided by the specific browser manufacturer.

The user can also selectively disable Google Analytics by downloading and installing the opt-out add-on specifically provided by Google for their browser, at the following link:

http://tools.google.com/dlpage/gaoptout

Remember to set cookie preferences for each device and each browser used for internet browsing.

For any further information relating to Google Analytics, please refer to the Privacy Policy at the following link:

http://www.google.com/intl/it_ALL/analytics/learn/privacy.html

To delete cookies from your smartphone/tablet's Internet browser, refer to the device's user manual.

For more information on cookies and privacy, please consult the specific document prepared by the Privacy Guarantor at the following link:

- http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/2142939

7. The Data Controller of personal data is Jox Cosmetics srl VICENZA (VI) VIA GORIZIA 9 CAP 36100 - Certified Email Address joxcosmeticssrl@pec.it - REA number VI - 385845 Tax Code and registration no. in the Register of Companies 04185810241 (hereinafter Jox Cosmetics srl) through www.unghieperfette.it. The Data Protection Officer is domiciled at the Data Controller.
8. Regarding the processing of personal data, you may exercise the following rights:

1) Ask our Company for confirmation as to whether or not personal data concerning you is being processed and, if so, to obtain access to the personal data and the following information:

1. a) the purposes of the processing;
2. b) the categories of personal data concerned;
3. c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
4. d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
5. e) the existence of the Data Subject's right to request from our Company rectification or erasure of personal data or restriction of processing of personal data concerning them or to object to such processing;
6. f) the right to lodge a complaint with a supervisory authority; where the data are not collected from the Data Subject, all available information as to their source;
7. g) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.

2) If personal data are transferred to a third country or an international organization, the Data Subject has the right to be informed of the existence of appropriate safeguards relating to the transfer (NB: as explained in this policy, our Company currently does not transfer the data subject's data abroad);

3) Request, and obtain without undue delay, the rectification of inaccurate data; taking into account the purposes of the processing, the integration of incomplete personal data, also by providing an additional statement;

4) Request the erasure of data if:

1. a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. b) the Data Subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
3. c) the Data Subject objects to the processing, if there is no overriding legitimate ground for the processing, or objects to the processing carried out for direct marketing purposes (including profiling functional to such direct marketing);
4. d) the personal data have been unlawfully processed;
5. e) the personal data must be erased for compliance with a legal obligation in Union or Member State law to which our Company is subject;
6. f) the personal data have been collected in relation to the offer of information society services from our Company's database;

5) Request restriction of the processing concerning you, when one of the following applies:

1. a) the Data Subject contests the accuracy of the personal data; in this case, the restriction of processing (i.e., its suspension) may occur for the period necessary for our Company to verify the accuracy of such personal data;
2. b) the processing is unlawful (e.g., because the data subject was not provided with the prior legal notice) and the Data Subject opposes the erasure of the personal data (i.e., prefers that they be kept by us in our paper and/or electronic archives) and requests instead that their use be restricted as above;
3. c) although our Company no longer needs the personal data for the purposes of the processing, they are required by the data subject for the establishment, exercise or defense of legal claims;
4. d) the Data Subject has objected to processing carried out for direct marketing purposes, pending the verification whether the legitimate grounds of our Company override those of the data subject;

6) Obtain from our Company, upon request, communication of the third-party recipients to whom the personal data have been transmitted;

7) Withdraw consent to processing at any time where previously communicated for one or more specific purposes of your personal data, it being understood that this will not affect the lawfulness of processing based on consent given before withdrawal.

8) Receive the personal data concerning the Data Subject, which he or she has provided to our Company, in a structured, commonly used and machine-readable format and, if technically feasible, to have those data transmitted directly to another controller without hindrance from us, provided the following (cumulative) condition applies:

1. a) the processing is based on the Data Subject's consent for one or more specific purposes, or on a contract to which the Data Subject is party and for the performance of which the processing is necessary;
2. b) the processing is carried out by automated means (software) (overall right to so-called "portability").

The exercise of the so-called right to portability does not prejudice the right to erasure provided above;

9) Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. To clarify, we specify that we do not carry out any automated processing of the type described above.

10) Lodge a complaint with the competent supervisory authority under the GDPR (Privacy Guarantor) or the ordinary court.