Assist Digital S.p.a., as the Data Controller of personal data, in accordance with current legislation, wishes to inform you about the processing of your personal data.

1. 1. Principles applicable to the processing of your personal data

In accordance with Article 5 of the European Regulation No. 16/679, your data will be processed in a manner that is:

• Lawful, fair, and transparent
• Accurate and, if necessary, kept up to date
• Relevant and not excessive in relation to the purposes for which it is processed

1. 2. Data subject to processing

The data that the Company may process includes:

• Name, Surname
• Affiliated Company
• Contact details

The Data Controller does not process special categories of personal data (such as health data, data revealing racial or ethnic origin, political opinions, union membership, religious or philosophical beliefs).

1. 3. Legal basis for the processing

The legal basis for this processing is consent pursuant to Article 6(a) of EU Regulation 2016/679.

1. 4. Purpose of processing

The collected data will be processed in order to personally contact you and provide you with the requested information about the provided service.

Processing methods

Your data will be processed using manual tools.

Your data will be processed exclusively by persons authorized by the Company for such processing. Adequate security measures have been implemented in accordance with Article 32 of EU
Regulation No. 16/679 to prevent the destruction, loss, alteration, unauthorized disclosure, or access, whether accidental or unlawful, to personal data transmitted, stored, or otherwise processed.

Your data will not be subject to automated decision-making regarding the above-mentioned purpose.

1. 5. Communication and transfer of data

IT companies that perform maintenance activities on the Company's programs/platforms may become aware of your data and have been designated as Data Processors pursuant to Article 28 of EU Regulation No. 16/679.

If necessary, your data may be communicated to law firms, consultants, professional collaborators of the Data Controller, as well as to public authorities upon request.

1. 6. Retention period

Your data will be kept by the Data Controller for the time strictly necessary to achieve the purposes described above and, in any case, for a period not exceeding 24 months, unless you exercise the rights indicated in paragraph 8.

In any case, your data may be processed for legal obligations and the exercise of rights, including in a judicial context, by the Company.

1. 7. Rights of the Data Subjects

As an interested party in the processing of personal data, you may exercise, at any time, the rights expressly recognized by the European Regulation, in particular:

The right of access to personal data (Article 15):

in order to obtain from the data controller confirmation as to whether or not personal data concerning you is being processed, and if so, access to personal data and the following information: purposes of the processing; categories of personal data concerned; recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; the right to lodge a complaint with a supervisory authority; where the data is not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4), and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject, the existence of appropriate safeguards pursuant to Article 46 relating to the transfer of data abroad;

The right to rectification (Article 16)

and integration of inaccurate or incomplete personal data concerning you;

The right to erasure (Article 17)

of personal data concerning you, if: the data is no longer necessary for the purposes for which it was collected or otherwise processed, or if it is processed unlawfully, or if it must be erased to comply with a legal obligation under Union or Member State law to which the data controller is subject; the data has been collected in relation to the offer of information society services referred to in Article 8(1); you withdraw consent and there is no other legal basis for processing; you object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2);

The right to restriction of processing (Article 18)

in the following cases: if you contest the accuracy of the personal data, for a period enabling the data controller to verify the accuracy of the personal data; if the processing is unlawful, and you oppose the erasure of personal data and request the restriction of their use instead; if the personal data are required by the data subject for the establishment, exercise, or defense of legal claims, even though the data controller no longer needs them for the purposes of processing; if you have objected to processing pursuant to Article 21(1) pending verification of whether the legitimate grounds of the data controller override your interests;

The right to data portability (Article 20),

i.e., the right to receive the personal data concerning you, which you have provided to the data controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where the processing is based on consent or a contract;

The right to object (Article 21)

at any time, on grounds relating to your particular situation, to the processing of personal data concerning you;

The right to lodge a complaint with a supervisory authority.

If you wish to exercise the above-mentioned rights, you can contact the Data Controller at the following postal address: info.databreach.assist@assistidigital.com or by email at Dpo.Assist@assistdigital.com.

1. 8. Data Controller

The Data Controller is Assist Digital S.p.a., with registered office at Via Inganni n. 93, 20147 Milan. You can contact them for any issues regarding personal data at the postal address mentioned above or the email addresses provided in point 8.

1. 9. Data Protection Officer

This Company, considering the primary importance of protecting the personal data of data subjects, has appointed a Data Protection Officer (DPO) who can be contacted by writing to the email address Dpo.Assist@assistdigital.com for any issues regarding the protection of personal data.

Assist Digital S.p.a., as the Data Controller of personal data, in accordance with current legislation, wishes to inform you about the processing of your personal data.

1. 1. Principles applicable to the processing of your personal data

In accordance with Article 5 of the European Regulation No. 16/679, your data will be processed in a manner that is:

• Lawful, fair, and transparent
• Accurate and, if necessary, kept up to date
• Relevant and not excessive in relation to the purposes for which it is processed

1. 2. Data subject to processing

The data that the Company may process includes:

• Name, Surname
• Affiliated Company
• Contact details

The Data Controller does not process special categories of personal data (such as health data, data revealing racial or ethnic origin, political opinions, union membership, religious or philosophical beliefs).

1. 3. Legal basis for the processing

The legal basis for this processing is consent pursuant to Article 6(a) of EU Regulation 2016/679.

1. 4. Purpose of processing

The collected data will be processed in order to personally contact you and provide you with the requested information about the provided service.

Processing methods

Your data will be processed using manual tools.

Your data will be processed exclusively by persons authorized by the Company for such processing. Adequate security measures have been implemented in accordance with Article 32 of EU
Regulation No. 16/679 to prevent the destruction, loss, alteration, unauthorized disclosure, or access, whether accidental or unlawful, to personal data transmitted, stored, or otherwise processed.

Your data will not be subject to automated decision-making regarding the above-mentioned purpose.

1. 5. Communication and transfer of data

IT companies that perform maintenance activities on the Company's programs/platforms may become aware of your data and have been designated as Data Processors pursuant to Article 28 of EU Regulation No. 16/679.

If necessary, your data may be communicated to law firms, consultants, professional collaborators of the Data Controller, as well as to public authorities upon request.

1. 6. Retention period

Your data will be kept by the Data Controller for the time strictly necessary to achieve the purposes described above and, in any case, for a period not exceeding 24 months, unless you exercise the rights indicated in paragraph 8.

In any case, your data may be processed for legal obligations and the exercise of rights, including in a judicial context, by the Company.

1. 7. Rights of the Data Subjects

As an interested party in the processing of personal data, you may exercise, at any time, the rights expressly recognized by the European Regulation, in particular:

The right of access to personal data (Article 15):

in order to obtain from the data controller confirmation as to whether or not personal data concerning you is being processed, and if so, access to personal data and the following information: purposes of the processing; categories of personal data concerned; recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; the right to lodge a complaint with a supervisory authority; where the data is not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4), and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject, the existence of appropriate safeguards pursuant to Article 46 relating to the transfer of data abroad;

The right to rectification (Article 16)

and integration of inaccurate or incomplete personal data concerning you;

The right to erasure (Article 17)

of personal data concerning you, if: the data is no longer necessary for the purposes for which it was collected or otherwise processed, or if it is processed unlawfully, or if it must be erased to comply with a legal obligation under Union or Member State law to which the data controller is subject; the data has been collected in relation to the offer of information society services referred to in Article 8(1); you withdraw consent and there is no other legal basis for processing; you object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2);

The right to restriction of processing (Article 18)

in the following cases: if you contest the accuracy of the personal data, for a period enabling the data controller to verify the accuracy of the personal data; if the processing is unlawful, and you oppose the erasure of personal data and request the restriction of their use instead; if the personal data are required by the data subject for the establishment, exercise, or defense of legal claims, even though the data controller no longer needs them for the purposes of processing; if you have objected to processing pursuant to Article 21(1) pending verification of whether the legitimate grounds of the data controller override your interests;

The right to data portability (Article 20),

i.e., the right to receive the personal data concerning you, which you have provided to the data controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where the processing is based on consent or a contract;

The right to object (Article 21)

at any time, on grounds relating to your particular situation, to the processing of personal data concerning you;

The right to lodge a complaint with a supervisory authority.

If you wish to exercise the above-mentioned rights, you can contact the Data Controller at the following postal address: info.databreach.assist@assistidigital.com or by email at Dpo.Assist@assistdigital.com.

1. 8. Data Controller

The Data Controller is Assist Digital S.p.a., with registered office at Via Inganni n. 93, 20147 Milan. You can contact them for any issues regarding personal data at the postal address mentioned above or the email addresses provided in point 8.

1. 9. Data Protection Officer

This Company, considering the primary importance of protecting the personal data of data subjects, has appointed a Data Protection Officer (DPO) who can be contacted by writing to the email address Dpo.Assist@assistdigital.com for any issues regarding the protection of personal data.