PRIVACY STATEMENT – PERSONAL DATA PROCESSING AND PROTECTION OUR WEBSITE PRIVACY POLICY

Pursuant to arts. 13 and 14 of EU Regulation 2016/679 (General Data Protection Regulation – GDPR)

Dear Visitor,

The European Regulation 2016/679, applicable in all Member States, recognizes the protection of their personal data that are subject to treatment by third parties to each data subject, as a sign of respect for human dignity and fundamental human rights and freedom.

Based on the provisions of the aforementioned Regulation, we wish to inform you that the processing of your data will be carried out in full compliance with the principles of lawfulness, fairness and transparency and protection of the confidentiality of your data in compliance with the provisions of said regulation.

Please also note that the data you provide to us through our websites or via email requesting information or clarifications will be acquired for the sole purpose of replying to your requests. Any other use will be subject to our explicit consent.

Therefore, according to the provisions of the applicable European Regulation and Member State law, we provide you with the following information.

1. Applied legal basis, purposes of the processing

The purposes of the processing for which your data are intended are linked to respond to your explicit requests, the fulfilment of the contractual and pre-contractual relationship existing between the parties for compliance with the rules and legal obligations to which the Data Controller is subject and for the pursuit of the legitimate interests of the Data Controller or third parties, if previously authorised. Any processing of your personal data for purposes other than those specified herein shall be subject to specific and independent disclosure and specific consent.

2. Methos of processing

The data concerning you will be processed and stored using computerized media and tools and/or in printed form, so as to allow you access to your personal data in our possession, according to the most suitable methods to guarantee its completeness, updating, security and confidentiality, including the protection from unauthorised and/or unlawful processing, loss, destruction or accidental damage. Subject to communications carried out in compliance with legal obligations, the data may be disclosed to third parties who perform specific tasks on behalf of the undersigned person against explicit commitment to the protection of your personal data in accordance with the provisions of this privacy statement and the rules regarding the Data Processor pursuant to arts. 28 et seq. of EU Regulation 679/2016, as well as the applicable legal provisions.

3. Data storage

The data concerning you will be retained for the entire duration of the relationships established between the parties and after termination of the existing relationship/contract or upon completion of your request. Where there are contractual obligations, the data will be kept in compliance with civil and tax law requirements applicable to the existing relationship, as well as any other Data Controller’s fulfilment/legal obligation; in any case, they will be deleted after 10 years from the last processed operation (backup history deletion).

4. Data Controller

The data controller is Cy.Pag. S.p.A., based at 13 Via del Commercio, 23017 Morbegno (SO).Tel: 0342 605011; e-mail: info@cypag.com.

External data processors may be appointed upon the assignment of external tasks by the Data Controller, the execution of which requires the disclosure of your data, from among those who provide sufficient guarantees to put in place suitable technical and organisational measures to meet normative requirements and guarantee the protection of the rights of data subject, after the Data Controller has signed a specific contract/addendum to the professional assignment containing data processing requirements and specifications.

5. Rights of the data subject

You may exercise all the rights envisaged by the European Regulation and Member State law, namely arts. 13, 14, 15 to 22 and 34 of said regulation and decrees, at any time on written request, in particular:

a) the right of free access to the personal data and/or obtain a copy of the personal data undergoing processing, with the indication of all the aspects relevant to the processing envisaged by the GDPR;

b) the right to obtain, free of charge, the updating, the rectification of inaccurate personal data concerning you, the restriction of processing or the addition of supplementary data, as required;

c) the right to object, in whole or in part, to the processing of personal data concerning you even if pertinent to the purposes of collection for legitimate reasons or to withdraw, in whole or in part, your consent, whenever necessary.

d) the right to partial or total erasure of your data, including the right to be forgotten.

e) the right to lodge a complaint with a supervisory authority (in Italy, the Guarantor for personal data protection) or judicial authorities where the conditions exist.

The complete list of the rights of the data subject can be consulted on the Guarantor’s website or it is available at the Data Controller’s Head Office and can be sent via email, upon written request.

You can exercise your rights by sending a letter or an e-mail to Cy.Pag. S.p.A., registered office at 13 Via del Commercio, 23017 Morbegno (SO), phone (++39) 0342 605011; e-mail: privacy@cypag.com

WEBSITE PRIVACY POLICY

Below is a description of how we manage our website in connection with the processing of visiting users’ personal data. This disclosure is provided for all those who interact with the company web services and can be seen by logging on to www.cypag.com.

Our website can be accessed via SSL protocol and certified in compliance with current WEB security guidelines.

TYPES OF DATA PROCESSED BY THE WEB PLATFORM