PRIVACY AND COOKIE POLICY

INTRODUCTION AND REGULATORY REFERENCES

The following Privacy Policy describes how to manage this website in relation to the processing of personal data of the users browsing it. This information is provided pursuant to Article 13 of GDPR 679/2016 which describes the protection of personal data of those who interact with web services, accessible electronically at: http://sguardisegreti.it. The information also complies with Article 13 of Regulation (EU) 2016/679 (hereinafter: the “Regulation”) of the European Parliament and Council of 27 April 2016 CE (General Data Protection Regulation, published on 4 May 2016 in the Official Journal of the European Union, in force since 24 May 2016), with Recommendation 2/2001 that the European authorities for the protection of personal data adopted on 17 May 2001 with the meeting of the Group established by Article 29 of Directive no. 95/46/EC, to identify certain minimum requirements for the collection of personal data online and, in particular, the methods, timing and nature of the information that the data controllers must provide to the users when they connect to web pages in light of the Provision of the Authority for the protection of personal data of 8 May 2014 on the “Identification of the simplified procedures for the disclosure and the acquisition of consent for the use of cookies (hereinafter, the “Provision”) in compliance with the current legislation on privacy.

DATA CONTROLLER

The data controller for the personal data acquired through the website is Sguardisegreti Srl based in Via Romania, 13/15 – 46042 Castel Goffredo (MN).

GENERAL PRINCIPLES ON THE PROCESSING OF THE USER’S PERSONAL INFORMATION

Your personal information will be collected, archived, processed and transmitted in accordance with the criteria established by Sguardisegreti Srl and with applicable laws, rules and regulations on data processing. The principles relating to the processing of the user’s personal information are as follows:

(1) the User’s personal information will be processed in a correct and lawful manner;

(2) the User’s personal information will be collected for specific, explicit and legitimate purposes and subsequently processed in a manner compatible with those purposes;

(3) the User’s personal information collected will be relevant, complete and proportionate to the purposes for which it is collected;

(4) the User’s personal information collected will be accurate and, if necessary, updated to the best of our ability;

(5) the User’s personal information will be protected against unauthorised access and processing through commercially and reasonable technical and organisational security measures and controls; and

(6) the User’s personal information collected will be stored as personal data for no longer than the time necessary to pursue the purposes for which the personal information was collected.

TYPES OF DATA COLLECTED

The website may collect different types of information when the user accesses or uses the Website: “Personal information” means any information that directly identifies the user or information otherwise defined as “personal identification” in accordance with current legislation. This includes, but is not limited to, information such as name and surname, company name; e-mail address; phone number, etc. The systems used may automatically record data on the use of the Website by the user. The site can record information such as the areas of the Website visited by the user, the activities carried out, the IP address or information on the computer or software used to access the Website. Similar information, such as device type and identifier, can be collected if you access the Website from a mobile device. This data is used to check its correct functioning and is deleted immediately after processing. This information could be used to ascertain responsibility in case of hypothetical cyber crimes to the detriment of the Website.

DATA PROCESSING PURPOSE

We gather, store and process your personal data for the following purposes:

• For an effective management of the Website and the services offered by it;

• To provide the services offered and manage business needs;

• For sending newsletters and for marketing activities;

• For contacting users directly (for example, by e-mail) following requests received through the website or for providing support services;

• Compliance with legal obligations.

DATA PROVISION

The website does not provide a request form for the provision of data by users. The optional, explicit and voluntary sending of e-mails to the addresses indicated on this website (through the address info@sguardisegreti.it) involves the subsequent acquisition of the sender’s address, which is necessary to answer to requests, as well as any other personal data included in the message. The processing to which the personal data referred to above will be subjected has the sole purpose of allowing our Company, the Data Controller, to answer questions, queries, requests for clarification, or to accept suggestions from the users. The data will not be disseminated and may be known by collaborators specifically designated and/or authorised to process them, as data processors or authorised persons.

DATA PROCESSING AND SECURITY PROCEDURES

The use of your personal data will take place with the support of paper, computer or electronic means for the purposes indicated below, for the time strictly necessary to achieve the purposes for which they were collected, or, where possible, until when the data controller receives a request for deletion of data for which consent to processing is optional and not mandatory. Your personal data are, in any case, processed in compliance with the provisions relating to the confidentiality of personal data contained in the Regulations and in the Provisions issued by the Data Protection Authority. We use commercially reasonable technical and organisational measures and controls to protect your personal information against loss, misuse and unauthorised access. Your personal data will be stored in databases on our servers and on those of our trusted suppliers (located in the United Kingdom), acting as processors or sub-processors within countries of the European Economic Area where approved contractual clauses for the secure transfer of data are in force. Newsletter subscription and company marketing By subscribing to our newsletter service for receiving information on promotions, offers, initiatives, etc., you agree to provide your data for this purpose. The requested data are essential for receiving our communications. To stop receiving promotional material, you can notify us at any time that you no longer wish to use this service. To do so, simply use the “Unsubscribe” option described and available at the bottom of each e-mail received.

PERSONAL DATA COMMUNICATION

With the exception of communications made in fulfilment of a legal obligation, regulation or Community legislation, your data will not be disclosed. The Data Controller collaborates with law enforcement agencies and other public entities and authorities to enforce the law and the rights of other users and third parties, including their intellectual property rights. Therefore, your personal data may be disclosed, including but not limited to, to public entities, in the event that this should be necessary for purposes of defence, state security, prevention, detection or repression of crimes, in compliance with the rules governing this matter. These public entities are entitled to request and obtain personal information concerning you also when this is necessary or appropriate for investigations or ascertainments relating to the commission of fraud, computer fraud, the violation of intellectual property rights, hacking acts or other illegal activities, which could expose either us or our users to legal, civil or criminal liability.

RIGHTS OF THE DATA SUBJECTS AND EXERCISE OF RIGHTS

In compliance with current legislation, at any time you can request:

1. Confirmation of the existence or not of your personal data;

2. To be informed of the content, origin, purposes and methods of the processing;

3. The logic applied when data is processed with the use of electronic equipment;

4. The identification details of the data controller, data processors, persons or categories of persons to whom the data may be communicated or who may come to acquire knowledge of. Furthermore, it is your right to obtain:

1. The update, adjustment, integration and the right to data portability;

2. The cancellation, transformation into anonymous form, or the blocking of data processed in violation of law;

3. The opposition in any case, for legitimate reasons, to the processing of data pertinent to the purpose of the collection. Under the Regulation, you will also have the right to lodge a complaint with a supervisory authority. To exercise your rights, you can contact the Data Controller:

Sguardisegreti Srl

Via Romania, 13/15

46042 Castel Goffredo (MN)

Tel: +39 0376 771094

e-mail: info@sguardisegreti.it

ADDITIONAL PROVISIONS

Use of the website by minors

The website is not intended for persons under the age of 18. We do not intentionally collect or request personal information about minors.