Privacy policy statement on the processing of personal data for commercial information purposes

ARTICLES 13 AND 14 OF EU REGULATION 2016/679

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 on personal data protection (GDPR), we inform you that the personal data you provide may be processed in compliance with the following. EUROCREDIT BUSINESS INFORMATION S.r.l. provides a Business Information Service to third parties (Clients) who request it for needs related to establishing and managing business, contractual or pre-contractual economic and financial relations and/or the protection of their rights/interests. A BUSINESS INFORMATION SERVICE is defined as: 'the service requested by third parties (clients) concerning the execution of research, collection, recording, organisation, analysis, evaluation, processing and communication of information from public sources, from sources publicly and generally accessible by anyone or otherwise acquired by the data subject such as to provide additional knowledge value to third parties' and may only be carried out by anyone in possession of a licence from the prefect's office issued by the competent Prefecture pursuant to Article 134 of Royal Decree No. 773/1931. This notice is published on the basis of the principles recognised in Article 5 paragraph 3 of the Code of Conduct for the processing of personal data in the field of business information approved by the [Italian] Personal Data Protection Authority with its Provision of 29 April 2021 (Register of Provisions no. 181 of 29 April 2021), which may be consulted at the following link https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9586215

DATA CONTROLLER

The Data Controller is EUROCREDIT BUSINESS INFORMATION S.r.l., VAT number 07693660966, with its registered office in Milan 20124 - Via Mauro Macchi, 58, which can be contacted at the email address info@eurocredit.it or on telephone number +39 0236707160

DATA PROTECTION OFFICER

The Data Controller has appointed RP Advisor S.r.l., VAT no. 09694750960, email: rpd@servizisicuri.com as Data Protection Officer

CATEGORIES OF DATA SUBJECTS COVERED BY THE PROCESSING

- Any natural person on whom a Business Information Service is requested - Data subjects legally and/or economically linked to the natural person about whom a business information service is requested(*) - natural persons or other data subjects legally and/or economically linked (*) to the legal person - organisation or association about whom a business information service is requested (*) a legal and/or economic link must be deemed to exist between two or more data subjects and between a data subject and an entity other than a natural person (e.g. a company) when one or more of the following situations occur: a) participation of the data subject in a company or a corporation through direct or indirect ownership or control of a percentage of shares or stock, or voting rights, equal to or exceeding the thresholds identified in Article 8 of the Code of Conduct; b) exercising, by virtue of the office or position held by the data subject, of effective powers of administration, direction, management and control of an undertaking or company.

WHAT DATA ARE PROCESSED

- Data relating to asset, economic, financial, credit, industrial and production matters with the exclusion of special categories of personal data referred to in Article 9, paragraph 1, of Regulation EU 2016 / 679 i.e. 'personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing of genetic data, biometric data intended to uniquely identify a natural person, data concerning the health or sex life or sexual orientation of the person' - data on criminal convictions and offences from public sources; - data on criminal convictions and offences from publicly and generally accessible sources, only if they have been disclosed within the last six months, starting from the date of receipt of the service request by the client, and without any possibility of making changes to the content of such information - except for its possible updating - and using it for the purposes of processing evaluation information. - evaluative information and judgements, also expressed in predictive or probabilistic terms, issued on the basis of statistical analysis and processing and assessments carried out by expert analysts, including on the basis of a classification in predefined categories or classes or overall evaluation of the data acquired. - further useful information for the purposes of verifying solvency or creditworthiness (typically other companies and economic operators with which the data subject has or has had dealings), such as, for example, so-called payment habits, the amount of a credit or debt, etc., when any obligations to provide information and obtain consent have been fulfilled (where the latter is necessary)

DATA SOURCE

For the purposes of providing the service, the following are processed: - data provided by the Client: name, address, telephone, email, information on the type of business relationship established or to be established, etc.. - any data/documents supplied directly by the data subject; - data available from public sources, i.e. public registers, lists, deeds or documents that are known and available to anyone under current legislation, including but not limited to: 1) register of companies, financial statements and lists of shareholders, chamber of commerce title searches and/or deeds, deeds and events relating to bankruptcy or other insolvency proceedings as well as the computerised register of protests at the chambers of commerce and the related consortium company InfoCamere; 2) real estate deeds, prejudicial and mortgage entries (such as, for example, registrations or cancellations of mortgages, transcripts and cancellations of foreclosures, injunctions or court documents, and related annotations) kept in the registers managed by the [Italian] Revenue Office (which include the former Real Estate Registry and the Land Registry Office), in the Public Register of Motor Vehicles and in the Register of the Resident Population. - data from sources that are publicly and generally accessible by anyone, including but not limited to: daily and national newspapers, so-called categorical lists and telephone directories and related online services, Internet sites; - third parties in compliance with current legislation.

PURPOSES OF PROCESSING

The purpose of the processing operations carried out is to provide information to clients in order to verify the economic, financial and equity situation of the data subjects, as well as their solidity, solvency and creditworthiness, in relation to legitimate requirements connected, by way of example but not limited to, the analysis and definition of business strategies and policies, the identification of subjects for the start-up of new business relations, the establishment and management of relations, including pre-contractual relations, the supply of goods, work and services to the data subjects and the related payment terms and conditions, the fulfilment of the related regulatory obligations, including those relating to anti-money laundering, the prevention and combating of fraud and protection of the related rights by clients, including in court.

LEGAL BASIS

The processing of data for Business Information purposes is based on the need to pursue the legitimate interests (article 6, paragraph 1, letter f), of Regulation EU 2016 / 679) of EUROCREDIT BUSINESS INFORMATION S.r.l. and the clients who ask them both to carry out the necessary checks on the economic, financial and asset position of the persons concerned, for protection, prior to establishing and managing business relations, including pre-contractual relations, to the supply of goods, work and services and the definition of the relative terms and conditions of payment, and the fulfilment of related regulatory obligations, including those relating to anti-money laundering, prevention and combating of fraud and the protection of their rights, including in court.

COMMUNICATION OF DATA TO PARTIES OTHER THAN THE CONTROLLER

Personal data may not be disseminated but only communicated: a) al Committente, soggetto privato o pubblico che richiede al fornitore il servizio di informazione commerciale, stabilito in Italia o all’estero; b) to persons who can access the data by virtue of a provision of law, regulation or Community legislation, within the limits provided for by these rules; c) to correspondent business information agencies; d) to other providers of business information; e) to persons in charge of processing under the authority of the Data Controller; f) to other companies/consultants who need access to them for the tasks entrusted to them, in their capacity as managers or co-managers, such as: assistance in the fulfilment or direct performance of tax/accounting/welfare obligations, managing information systems, financial services, personnel training, organisational/management consulting. Any designated Data Processors will be bound to confidentiality and data security through a contract and the updated list of Data Processors can always be requested from the Data Controller.

DATA TRANSFER TO THIRD COUNTRIES

Data processing will take place exclusively within the European Union.

DATA RETENTION TIMES

The data in question may be retained for as long as they remain known, available and/or published in the public sources from which they originate, in order to facilitate the provision of the Service and without prejudice to the obligation to update them. Notwithstanding any more restrictive time limits laid down by specific legal provisions, information from public sources relating to negative events may be retained in compliance with the following time limits: a) information relating to bankruptcy or insolvency proceedings for a period of time not exceeding 10 years from the date on which the bankruptcy proceedings are opened; after that period, such information may be further used by the supplier only when other information relating to a subsequent bankruptcy is present or a new bankruptcy or insolvency proceeding is opened in respect of the surveyed subject or another related subject, in which case, the processing may continue for a maximum period of 10 years from their respective openings; b) information on prejudicial and mortgage entries (mortgages and foreclosures) for a period of time not exceeding 10 years from the date of their transcription or registration, unless they are cancelled before that time, in which case a record of their cancellation will be kept for a period of 2 years.

RIGHT TO ACCESS ONE'S OWN DATA

You may exercise your right of access, rectification, erasure, restriction and objection to the processing of your data. In order to assert your rights, as provided for in Article 15 of the GDPR et seq., you may contact the Data Controller, who can be contacted at the above-mentioned addresses, identifying yourself and specifying the nature of your request or the problem highlighted.

RIGHT OF COMPLAINT

If you consider that the processing of the data provided violates the legislation on the protection of personal data, you have the right to lodge a complaint with the Italian Data Protection Authority "Garante della Privacy", based in Piazza Venezia 11 - 00186 Rome - Tel. 06.696771 - Email: protocollo@gpdp.it