WEBSITE USERS INFORMATION NOTICE

Pursuant to Article 13 of the European Regulation 679/2016 (hereinafter “Regulation”) and Legislative Decree 101 of 10.08.2018 – providing provisions for the adaptation of national legislation (Legislative Decree 196/2003) to the provisions of EU Regulation 679/2016:

BSISTEMI S.p.A – Sole Shareholder Company, represented by the Pro-Tempore Sole Administrator, Ms. Nicoletta CASCONE, with registered office at Viale Volsci, 29, 03100 Frosinone (FR), Tax Code and VAT IT02812710602 – which can be contacted at the following PEC address: bsistemi@notificapec.com; EMAIL: amministrazione@bsistemi.com – Data Controller, hereinafter referred to as Controller.

INFORMS

Users who connect to the institutional website/portal of BSISTEMI S.p.A. that the personal data collected by the company, acquired from third parties or voluntarily provided by the subjects through various options available on the site (work with us, newsletter, events, contacts, registration, etc.), will be processed lawfully and fairly, in compliance with the principles established by the European and Italian legal systems.

DATA SUBJECT TO PROCESSING

Browsing data: IP address, operating system and browser used for browsing, date and time of connection and disconnection, time spent on the site, pages visited, activities carried out, location (if the relevant service is active), and any other information made available by your computer, based on security settings.

Personal data: name, surname, email address, phone, fax, physical contacts where available, any IDs communicated, and data present in the CV if submitted through the “CONTACTS” and “REGISTRATION” sections.

PURPOSES AND LEGAL BASIS OF PROCESSING

The collection and any other data processing activities of the data subjects acquired through the website are carried out by the Controller at the company’s premises, in compliance with the security measures and requirements imposed by the Applicable Law, or by subjects delegated by it (specially selected and endowed with the necessary professionalism), with manual and computerized procedures, to allow the user a simple and rewarding browsing experience, to gather elements useful for improving the offer of products and services via the web, to execute specific requests from the data subject (e.g., a contact request), for pre-contractual and contractual obligations, for ordinary administrative, financial, and accounting activities, to ensure the proper management of requests, for compliance with legal obligations. The processing is also aimed at producing statistics in anonymized or pseudonymized form.

Processing, at the request of the data subject or upon obtaining specific consent, may also be carried out via CRM and customer care, to determine the degree of satisfaction, tastes, preferences, and habits of the data subject, for sending commercial information or advertising material, for direct marketing campaigns, for participation in games, contests, or prize operations, for involvement in events and demonstrations, for the provision of services, for market research, and other operations directly or indirectly related to marketing activities.

The legal bases of processing are the legitimate interest of the Controller to manage user browsing data to improve the offer of products and services via the website, the expressed consent of the data subjects, and the obligations related to the pre-contractual and contractual phases of the relationship. It is always possible to request the Controller to clarify the legal basis of each processing and in particular to specify whether the processing is based on the law, provided by a contract, or necessary to conclude a contract.

SOURCES AND NATURE OF DATA

Data collection may occur through the company’s website, via navigation analysis, or spontaneous input by the data subject using specially designed forms.

In relation to the user and any of their requests, the Controller processes personal details, telephone and electronic contact information, and bank details if communicated for payments, in addition to other data necessary to fulfill the requests of the data subjects or to meet the commitments undertaken.

Providing the data is therefore mandatory, as without consent or in case of its revocation, processing cannot take place.

It should be noted that incorrect or insufficient communication of the required data may result in the total or partial impossibility of executing the data subject’s requests or the obligations related to the commitments undertaken, potentially leading to a lack of correspondence between the processing results and the agreements made or legal obligations.

Other data are collected solely to generally adapt the company’s activities to the interests of users and for the dispatch of newsletters and other involved parties. Their provision is not mandatory, and any refusal to process or revocation of consent does not affect the establishment or continuation of the primary relationship.

MINORS’ DATA

Minors under 16 years cannot provide data without the consent of a parent or guardian.

The Controller is in no way responsible for any false statements that may be provided by minors and, if the falsity of the statement is ascertained, will proceed with the immediate deletion of all personal data and any information acquired. In any case, data processing consent by minors over 16 is authorized for minors only for access to information society services. Minors under 18 cannot approve or sign terms and conditions of service.

BROWSING DATA

The IT systems and software procedures used for the company website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication products. This information is not stored to identify data subjects, but due to its nature, it can, through processing and association with data managed by third parties, allow the identification of the user.

This category of data includes IP addresses and domain names of the computer used by the user to connect to the site, URL (Uniform Resource Locator) addresses of the requested resource, request time, method used to submit the request to the server, file size received, numeric code used to indicate the server response status (completed or error, etc.), and other parameters related to the operating system and user computer. These data are used only to produce anonymous statistics on site use and to monitor its proper functioning. They are normally deleted immediately after processing. They may be used and provided to law enforcement agencies and the judiciary to ascertain responsibilities in the event of site damage or unlawful activities carried out via the network.

USER-PROVIDED DATA

Completing forms on the site’s pages results in data being acquired in the system’s memory. Information is protected by an authentication system and is usable only by those with credentials. They are also updated and adequately protected, based on the best practices available.

Requests for information via email result in the storage of the user’s email address, necessary to respond to the sender’s requests. Data contained in the message are also included. The Controller suggests its users, during their service and information requests, not to transmit third parties’ data or personal information unless absolutely necessary.

COOKIES

As is common with most websites, browsing information is retained for statistical purposes. Information collection is possible through the use of cookies. A cookie is a small file transferred to the computer’s hard drive when connecting to a site.

These data are not personal in nature, as they do not allow specific user identification. The data collected pertain to the geographic location of the service provider, browser type used, IP address, pages visited, etc. This information enables us to see the frequency of visits to a site and the activities carried out during navigation. Thus, over time, the content of the site can be improved and its use facilitated.

Even companies that transmit content to the site or whose sites are accessible via links may use cookies when the user selects the respective link.

In these cases, the use of cookies is not under the direct control of the Controller. Most browsers automatically accept cookies, but it is possible to refuse them or select only some, according to user preferences. However, if the user inhibits cookie loading, some site components may cease to function, and some pages may be incomplete.

ESSENTIAL TECHNICAL COOKIES

These are necessary cookies to ensure the correct and smooth operation of the site: they allow page navigation, content sharing, credential storage to speed up site access, and keep preferences and credentials active during navigation, improving the browsing or purchase experience. Without these cookies, it is not possible to provide, in whole or in part, the services for which users access the site.

STATISTICAL COOKIES

These cookies allow us to understand how users use the site to then evaluate and improve its functioning and create increasingly appropriate content for user preferences. For example, these cookies allow us to know which pages are most and least frequented, how many visitors there are, the average time spent on the site, and how visitors arrive on the site. In this way, it is possible to determine which functions and contents are most appreciated and how to improve the contents and functionality of the pages. All information collected by these cookies is anonymous and not linked to the user’s personal data.

THIRD-PARTY PROFILING COOKIES

These are cookies used by third parties not directly controlled by the Controller. The company cannot provide guarantees regarding the use of data, as their processing is directly operated by an external subject.

Cookies from such third-party operators enable offering advanced functionalities, as well as more information and personal functions. This includes the ability to share content through social networks and have a site experience personalized based on preferences expressed through the pages visited.

If you have an account or use the services of such other data controllers, they may be able to know that you have visited the company’s site. The use of data collected by such external operators through cookies is subject to their respective privacy policies. Third-party profiling cookies are identified by the names of the respective operators and can be deactivated.

COOKIE MANAGEMENT

By selecting the “Accept” button shown by the overlay banner in the footer, the installation of cookies on the device in use by the data subject is authorized. Cookie settings can be changed through the browser functionalities. Thus, it is also possible to prevent the installation of third