According to art.13 of the Regulation (EU) of 27 April 2016, No. 679 “concerning the protection of individuals with regard to the processing of personal data, and the free movement of such data and repealing Directive 95/46/EC” (hereinafter referred to as “Rules of Procedure”), TINABA S.p.A. (hereinafter also: ‘Society’ and/or ‘TINABA’), with registered office in Milan (MI), Via Cerva no. 28 – 20122 – Italy, as the Data Controller, informs you that the acquired personal data, also with reference to the legal relationships in existence and/or future, are subject to processing in compliance with the above mentioned legislation. In relation to the above processing the Data Controller provides, among other things, the following information.

For ‘treatment’, (ex. Art. 4, par. 1, no. 2) of Regulation, is meant any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication through transmission, dissemination or any other form of making available, comparison or interconnection, limitation, deletion or destruction. Such processing must be guided by the principles of fairness, lawfulness and transparency while protecting your privacy and your rights.

Except as specified for navigation data, the user is free to provide personal data reported in the request forms or otherwise indicated in section ‘Contacts’ to request the sending of information material or other communications. Their failure to confer may result in the impossibility of obtaining what is requested as well as the following better specified.

The data collected are essentially related to: Identification data (name or business name, name and surname of natural persons, address, telephone, fax, e-mail, tax data, etc.); Economic and commercial activity data (by way of example but not exhaustive: order collection, contracts entered into, contests, solvency, bank and financial data, accounting and tax data, etc. The same are provided by the Customer/interested person directly or may be collected from independent third parties Owners and/or External Data Processors on behalf of the TINABA Data Controller.

The purposes of processing personal data are:

• execution of legal relationships with you in existence and/or future relative to marketing activities through the sending of informative, advertising or promotional material related to derived products or services and/or similar to those expressed by TINABA when registering on the landing page tinaba.it;

• fulfilment of legal obligations related to the above-mentioned legal relationships;

• organizational management of any legal relationship existing and/or being defined as long as it is related/related to the corporate object of TINABA;

• any external professional collaboration for the fulfilment of legal obligations.

Optional, explicit and voluntary e-mail to the addresses indicated on this website involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the letter. Precise summary information dedicated to services on request will be provided or displayed on the specific website pages.

If emails are sent voluntary, explicitly and optionally to address given on this site, the sender’s address, which is required to respond to requests, is automatically acquired, as are any other personal data which may be included in the communication. Precise summary information dedicated to services on request will be provided or displayed on the specific website pages.

The data will be processed for as long as necessary to the development of the existing legal relationship and for the following ten years from the date of termination of the same. It is understood that, unless otherwise indicated by the data subject, such data will, in any case, be deleted from the server at the end of the tenth year.

Cookies consist of a small amount of textual information sent to your computer saved in the user’s web browser directory while visiting a website. The aim is to record but also sometimes, track information related to the experience of use of the site. They are used with the aim of improving the navigation passing from one page to the other of the site, saving already inserted user preferences (username, password, etc.), track the tastes and preferences of the user allowing to manage the presence or not of targeted marketing initiatives. Should restrictions be placed on their use, this will certainly affect the user’s status during the consultation. Blocking or removing them of the browser cache, could cause an incomplete use of the services offered by the Web application. The site may make use of third-party cookies that allow you to collect visitor information, keywords used to reach the site, websites visited; in this case you can view the information at http://www.bancaprofilo.it. Banca Profilo’s website may use both persistent cookies and session cookies. The first ones continue to operate also after having closed the browser, the second ones instead have a relative duration to the session of I use of the site.

The site could offer ports of access to various services “Social Media” (which may include, without limitation, the now famous Facebook, Twitter etc.), these services provide commentary areas, bulletin boards, public forums and other accessible communication platforms. TINABA advise to exercise caution about the dissemination of personal information when using these platforms. The terms of use and privacy policies applicable to each of these means of social communication published on their respective sites regulate the information provided. TINABA does not perform any form of control over the use of personal information disclosed in a public forum, a commentary area, a notice board, making the user solely responsible for any disclosure.

The personal data will be processed in paper, computer and telematic form and inserted in the relevant databases which may be accessed, and thus become aware of, the operators expressly designated by the Data Controller as Data Controllers and in charge of the processing of personal data, which may carry out consultation, use, processing, comparison and any other appropriate operation also automated in compliance with the legal provisions necessary to ensure, inter alia, the confidentiality and security of data as well as the accuracy, updating and relevance of the data with respect to the declared purposes.

The collected data will not be disseminated and can be communicated, as well as persons who are entitled and interested in accessing your personal data from statutory or secondary and/or Community regulations, to personnel within the Owner, as well as to companies, associations or professional offices that provide services and activities on behalf of the Data Controller as Data Processor for the fulfilment of legal obligations, as well as for any organisational and administrative needs necessary to provide the services requested.

The updated list of Data Processors can be consulted at the head office of the Data Controller.

We inform you that, pursuant to art. 15-22 of the Regulation, you may exercise specific rights, by contacting the Owner, including:

• right of access: right to obtain from the Data Controller whether or not personal data is being processed and, in that case, to obtain access to personal data and further information on origin, purpose, category of data processed, recipients of communication and/or transfer of data, etc.;

• right of correction: right to obtain from the Data Controller the correction of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, including by providing a supplementary statement;

• diritto alla cancellazione: diritto di ottenere dal Titolare la cancellazione dei dati personali senza ingiustificati ritardo nel caso in cui:

a) personal data are no longer necessary for the purposes of processing;

b) the consent on which the processing is based is withdrawn and there is no other legal basis for the processing;

c) personal data have been processed unlawfully;

d) personal data must be deleted in order to fulfil a legal obligation.

• right to object to processing: right to object, in whole or in part, to the processing of personal data for legitimate reasons, even if the personal data are relevant for the purpose of the collection; and to oppose, in whole or in part, the processing of personal data concerning him for the purpose of sending advertising material, direct sales, for the completion of market research or commercial communication;

• right to restriction of processing: right to obtain from the Data Controller the limitation of processing, in cases where the accuracy of personal data is contested (for the period necessary for the controller to verify the accuracy of such personal data), if the processing is unlawful and/or the data subject has opposed the processing.

• right to data portability: right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another controller, only for cases where the processing is based on consent and only for data processed by electronic means.

• right to complain to a supervisory authority: without prejudice to any other administrative or judicial remedy, where the data subject considers that the processing of the data relating to him or her violates the Regulation has the right to lodge a complaint with the supervisory authority of the Member State where he or she habitually resides or works, that is the State in which the alleged infringement occurred.

If the data subject wishes to have more information about the processing of your personal data, or exercise the above rights, may apply to: TINABA S.p.A., with registered office in Milan (MI), via Cerva no. 8, 20122 – Italy, calling +39 (02) 00691500 or send an email to privacy@tinaba.it.

We also inform you that Tinaba has appointed the “Data Protection Officer” provided by the Regulations (c.d. “Data Protection Officer” or DPO).

For all issues related to the processing of your Personal Data and/or to exercise the rights listed above, you can contact the DPO at the following email address: pagani@plslegal.eu.