NOTICE PURSUANT TO ARTICLE 13 OF LEGISLATIVE DECREE NO. 196/2003 (THE “PRIVACY CODE”) AND ARTICLE 13 OF EUROPEAN REGULATION NO. 679/2016 (THE “GDPR”)

Pursuant to Article 13 of the Privacy Code and Article 13 of the GDPR, Fimap S.p.A. hereby states that the personal data conferred when Users register on the website www.fimap.com (the "Website") and/or purchase Products on the same (the "Data") will be processed in line with the following provisions.

1. Data controller
The Data Controller is FIMAP S.p.A., with legal office in Via Invalidi del Lavoro, no. 1, 37059 - Santa Maria di Zevio (VR), in the person of its pro tempore legal representative Mr. Giancarlo Ruffo ("Fimap" or the "Data Controller").
The Data Supervisor is the marketing director. The list of the additional parties responsible for processing the personal data can easily be consulted on the premises of the Data Controller.

2. Purposes of the processing
The personal data of Users (the "Data") will be processed for the purposes indicated below:
(a) purposes linked to the obligations set out by the applicable laws or regulations and by
      provisions issued by the competent authorities/supervisory and control bodies;
(b) purposes closely linked to and/or required in order to fulfil the request of the interested party in
      relation to the purchase of a product and of registering on the Website, and those required to
      confirm the sales contract;
(c) purposes designed to promote the business carried out by Fimap and/or the products sold on
      the Website, including, by way of example, sending newsletters, promotional material and
      user satisfaction surveys, either performed directly or by specialised companies, in the form of
      telephone interviews, questionnaires etc.;
(d) profiling activities designed to help meet the requirements of the users. Specifically, data and
      information regarding the users' preferences can be analysed and profiled when they make a
      purchase on the Website, so enabling Fimap to provide a service that matches the
      preferences of each individual user as effectively as possible.

3. Processing methods
Processing:
(a) is carried out by means of individual operations or series of operations, such as: collection,
      recording, organisation, interrogation, elaboration, modification, selection, retrieval,
      comparison, use, interconnection, blocking, communication, dissemination, erasure and
      destruction of data;
(b) is performed using manual, computerised and electronic communications means, with
      methods of reasoning strictly related to the purposes specified in point 2 above and, in any
      case, in a manner that ensures the security and confidentiality of the Data.
For the purposes described in the previous paragraph 2, letters (a) and (b), the Data will be stored for the period of time required by the applicable laws.
In relation to the purposes specified in the previous paragraph 2, letter (c), the user will always be entitled to ask Fimap to suspend the processing, by sending an email to the address indicated below in paragraph 6 and/or to cancel their name from the informative newsletter by clicking on the appropriate link that appears at the bottom of each message.
With reference to the types of processing described in the previous paragraph 2, letter (d), the Data will cease to be processed within 12 months from the date of the last purchase made on the Website.
The Data are stored in the European Union, as hard copies or electronic files.
The Data is not circulated.

4. Conferring Data
Conferring the Data for the purposes referred to in paragraph 2, points (a) and (b) above is necessary insofar as it is linked to the obligations set out by applicable laws or regulations and by provisions issued by the competent authorities/supervisory and control bodies, or in order to fulfil the request of the interested party in relation to the purchase of a product and of registering on the Website, and those required to confirm the sales contract. In the event of refusal to communicate the Data required for these purposes, it will be impossible for Fimap to process the User's request to purchase the product and/or to register them on the Website.
With reference to the types of processing described in the previous paragraph 2, letter (c), the User must explicitly grant their authorisation, using the appropriate sections located on the Website. Conferring the Data for these purposes is optional and the failure to grant the relative authorisation will in no way affect the User's order or registration on the Website, but may prevent them from obtaining updates relative to the services offered by Fimap.
With reference to the types of processing described in the previous paragraph 2, letter (d), the User must explicitly grant their authorisation, by way of the appropriate sections located on the Website. Conferring the Data for these purposes is optional and the failure to grant the relative authorisation will in no way affect the User's purchase of products on the Website, or registration, but will prevent Fimap from providing the User with information more suited to their choices and preferences.
In any case, even when a User has authorised the processing, they will be entitled to suspend it at any time, also by sending a request for the cancellation of the Data to the email address indicated in paragraph 6 here below.

5. Categories of parties to whom the Data can be communicated
In order to fulfil the purposes described in paragraph 2 above, Fimap may need to communicate the Data to third parties belonging to the following categories: parties that perform banking, financial or insurance-related services; surveillance and control authorities and in general public or private parties acting as public officials or appointed to perform public services; parties that provide services for the management of IT and information systems; parties appointed to ensure the safety and maintenance of IT systems; parties that perform activities involving the filing of documentation and data entry; parties that perform activities of customer care, other companies in the group headed by Comac S.p.A., to which the Data Controller belongs, that provide centralised services also for the benefit of Fimap itself, including marketing and after-sales services, studios and companies in the field of assistance and consultancy relations.
With reference to the Data communicated to them, the parties that belong to the above-mentioned categories can operate, depending on the case, as Data Supervisors or Processors or as separate Data Controllers. In the latter case, the Data will only be communicated with the express authorisation of the Users, except in cases whereby their communication is legally required or necessary, or for the fulfilment of purposes for which the authorisation of the interested party is not legally required.

6. Right to access the Data and other rights At any point, the User shall have the right to:
(a) request anytime, and receive from the Data Controller confirmation of the existence - if any - of
      relevant personal data kept by the same and receive clear notification of the contents of
      the same; be informed about the origin of the data, the purposes and procedures of the
      processing, the reasoning behind the processing, the details which identify the appointed
      data processors, the parties and categories of parties to whom the data can be
      communicated or who may come into possession of the data in their role as Data
      Supervisors or Processors;
(b) request and obtain confirmation that any data processed in infringement of the legal
      provisions in force (including personal data which is not required to be stored in relation to the
      purposes for which it was collected or subsequently processed) be amended, deleted,
      anonymized or blocked; request and obtain that their personal data be updated, amended or,
      if applicable, corrected, and receive confirmation that the operations indicated herein above
      have been brought to the knowledge of those to whom they have been communicated (an
      exception is made for cases in which it is impossible to meet this requirement or where doing
      so entails an effort that is unquestionably disproportionate compared with the right to be
      protected);
(c) withdraw consent in cases where this has previously been provided;
(d) limit the processing of Data in the cases provided for by applicable law;
(e) object, on legitimate grounds, to the processing of their personal data, even if this is pertinent
      to the purposes of its collection.
(f) receive, in a structured, commonly-used and legible electronic format, any personal data
      relating to them, which they have provided, and transmit this data to another Data Controller
      without impediment by the Data Controller, if technically possible.
(g) lodge a complaint with a supervisory authority;
These rights can be exercised by sending an email to the address marketing@fimap.com