Italiano

INFORMATION ON THE PROCESSING OF PERSONAL DATA

Articles 12 and onwards of Regulation (EU) 2016/679 (GDPR)

Below are provided the information related to the processing of personal data carried out on the Workflow 24Ore Platform, or otherwise related to the use of our products and services, in accordance with Regulation (EU) no. 2016/679 and national implementing measures approved by the Italian legislator (hereinafter the "Regulation" or "GDPR"). The Data Controller is the company Mitric S.r.l., with registered office at: Via Leone XIII, 14, 20145 Milan, Italy, reachable at the address gdpr@mitric.com (hereinafter, the "Data Controller," "MITRIC," the "Company," "we").

We provide this information not only to comply with the legal obligations concerning the protection of personal data provided for by the GDPR but also because we believe that the protection of personal data is a fundamental value of our business activities, and we want to provide you with all the information that can help you protect your privacy and control the use made of your data.

The Data Controller

The Data Controller can be contacted at the email address: gdpr@mitric.com.

Categories of Personal Data Processed

To enable the conclusion and establishment of the contractual relationship with MITRIC or when you visit, consult, request, or use the Workflow 24Ore through MITRIC's platform, we collect and use your personal data (i.e., any information that can directly or indirectly identify you). Below are the categories of personal data concerning you that we process:

1. Identifying, contact, and access data, such as name, surname, username, email address, postal address, phone number, MITRIC ID (if applicable), or username and password.
2. Product data, such as data related to the services you used.
3. Billing information and payment data, such as VAT number, tax code, address, and eventually the company name.
4. Navigation data, such as data related to the connection; IP addresses, domain names, and other parameters related to the browser and operating system you used; log data; configuration data; data related to registrations, interaction, and transaction processes, performance indicators; data related to navigation flows and page views; usage and counts of features.
5. Usage data of the Workflow 24Ore provided by MITRIC. Usage data related to the different services you used may be interconnected for legitimate and transparent purposes, listed in the following paragraph.

Purposes of the Processing

The processing of the above-mentioned categories of personal data is carried out by the Company, in the course of its economic and commercial activities, for specific purposes, as described below.

1. Contractual and Legal Purposes

Enable navigation on the website and the Platform.

Registration and management of the account (including any verification of the account and recovery of the credentials, where provided) and use of the functionalities connected to the account itself.

Execution of the activities necessary for the conclusion and performance of the contract for the provision of the service requested, purchased, or used by you, also through the website and the Platform.

Management of any complaints and requests, sending service communications and updates, both through traditional communication tools such as postal mail and through remote communication tools such as email, chat, phone, SMS, chatbot, banners, notification systems, and other remote communication tools.

Customer assistance activities, help desk, and support for the use of Workflow 24Ore, Consulting Services, tutoring activities, and management of open tickets for assistance purposes, also based on usage data.

Handling requests related to registration for webinars and events, preparing quotes, processing orders, providing assistance and support.

Compliance with obligations arising from current laws, regulations, or community legislation (e.g., tax and accounting obligations) or management and response to requests from competent administrative and tax authorities, as well as judicial authorities.

The purposes listed above are collectively referred to as "Contractual and Legal Purposes," and the explicit consent of the data subject is not required. The provision of your personal data for the aforementioned purposes is necessary and mandatory; therefore, if you refuse, we will not be able to proceed with the contractual relationship with you and the provision of the requested services.

2. Legitimate Interest Purposes

For statistical and research analyses regarding the products purchased and the services provided to you and their use, also for the purpose of improving and developing the same services, also through the interconnection of data among different Data Controllers and the Data Controller. In compliance with the principle of minimization, where possible, this activity will take place after anonymization and aggregation of the collected data.

For the evaluation of your satisfaction with the services provided by MITRIC, or the resolution of any difficulties and issues related to their use: e.g., "caring" initiatives to help you make the best use of the service and improve the customer experience.

To enforce and defend the rights of the Company, also in the context of credit recovery procedures and assignment of credits to authorized companies, also through third parties and to prevent and counteract any fraud.

To complete a potential merger, transfer of assets, business transfer, branch of business, or financial operations by communicating and transferring data to the involved third party/parties.

To send marketing communications via email, in accordance with Article 130, paragraph 4, of Legislative Decree 196/2003, as amended by the GDPR ("Privacy Code"), about services or products similar to those covered by the contract concluded with MITRIC. However, you will have the possibility to object to the sending of such communications at any time.

To carry out customer segmentation activities, to which communications for Marketing Purposes may be sent based on what is indicated in this notice, based on non-invasive categories of belonging, such as, among others, the professional category of belonging, the city/province/region where the service has its headquarters, the type of service purchased. This customer segmentation activity may also be carried out on platforms of third-party providers, through interconnection activities with data of the third-party platform. In this case, communications for Marketing Purposes will be sent in compliance with the consents expressed by you and in accordance with what is indicated in this notice. In this context, the data may also be used to detect profiles of similar customers.

The described "Legitimate Interest Purposes" do not require your specific consent, falling within the exception provided for by art. 6, paragraph 1, letter f) of the GDPR. In any case, in compliance with the GDPR and the Privacy Code, the Company has carried out a thorough balancing of interests aimed at protecting and guaranteeing the privacy and fundamental rights of the data subjects.

3. Marketing Purposes

To send you updates on news and commercial offers of MITRIC services, also through the interconnection of usage data and analysis of your behavior concerning both the navigation of the Platform and, more generally, the use of the services, or to invite you to participate in events, conduct market research, or other commercial initiatives and customer satisfaction, both through traditional communication channels such as postal mail or phone call by an operator and through automated communication tools such as email, chat, messages (SMS), chatbots, and other remote communication tools.

To communicate your personal data to MITRIC, MITRIC SA, and its Affiliates and/or commercial partners belonging to its sales network, for the purpose of sending marketing communications and other commercial initiatives.

The processing of your data for "Marketing Purposes" is not mandatory. Therefore, your prior consent, which the Company will request from time to time in the most appropriate forms for each of the activities described above, is necessary. The consent given is always revocable by you without any consequences concerning the contractual relationships with the Company. The Company undertakes to identify the data subjects involved from time to time to request their prior consent and, consequently, undertakes to keep such consent in full compliance with the GDPR and the Privacy Code.

Communication, dissemination, and transfer of data

In compliance with the principle of purpose and minimization, your personal data may be communicated to the following third parties who perform activities functional to those related to the purchased product or service, such as: (a) third-party suppliers of assistance and consulting services to the Company with reference to activities in sectors (merely as an example) such as technology, accounting, administrative, legal, insurance; (b) MITRIC, MITRIC SA, and its Affiliates; (c) in cases where the contractual relationship involves the intervention of commercial partners, the Company may share some of your personal data with its distributors, retailers, and partners included in MITRIC's service distribution chain; (d) banks and credit institutions; (e) debt collection companies; (f) public entities and authorities whose right to access your personal data is expressly recognized by law, regulations, or measures issued by the competent authorities; (g) potential acquirers of the Company and entities resulting from the merger or any other transformation concerning the Company; (h) public databases and credit information systems.

For Marketing Purposes, and subject to your specific consent, your personal data may also be communicated to third parties and commercial partners responsible for marketing campaigns carried out on behalf of MITRIC, MITRIC SA, and its Affiliates.

Your data may be shared with Il Sole 24 ORE S.p.A. for its own marketing and advertising communication purposes, aimed at informing you about promotional sales initiatives carried out through automated contact methods (email, SMS, and other mass messaging tools, etc.) and traditional contact methods (e.g., phone calls with an operator) or for market research and statistical surveys, if you provide specific consent.

In this case, Il Sole 24 ORE S.p.A. will process your data as an independent data controller.

These recipients, depending on the case, process your data as autonomous Data Controllers, Data Processors, or persons authorized to process data. The complete and updated list of the subjects processing the data as Data Processors is available upon request from MITRIC, according to the contact methods indicated in this information.

Transfer of your personal data outside the European Community

Without prejudice to the above, your personal data may be freely transferred within the European Community territory. However, in cases where, for the indicated purposes, the Company needs to transfer your personal data outside the European Union to countries not considered adequate by the European Commission (e.g., the United States), the Company will adopt the necessary measures to protect your personal data, in compliance with the legal guarantees provided for by the applicable legislation and in particular articles 45 and 46 of the GDPR.

If you wish to receive further information about the guarantees in place and request a copy of them, you can contact the Data Controller according to the contact methods indicated in this information.

Data Processing Methods

Your personal data is processed by the Company using electronic and manual systems, in compliance with the principles of correctness, loyalty, and transparency provided for by the applicable legislation on the protection of personal data and safeguarding your privacy through technical and organizational security measures to ensure an adequate level of security, as described in the ISO IEC 27001 manual of MITRIC.

These treatments take place at the Company's headquarters and/or at external Data Processors who carry out the processing on behalf of the Company. With regard to usage data, in compliance with the described purposes and, if necessary, your explicit consent, analysis activities may be carried out, including through the interconnection of your data relating to the different services purchased from MITRIC, during their online use. For usage statistics, the Company uses tools that allow the collection of usage data. The Company uses analytical tools such as:

Web and customer analytics;

Analytics and document search;

Querying and Dashboarding.

Data Retention

The data will be kept for the period of time necessary for the pursuit of the purposes for which such data was collected, as stated in this information. In any case, the following retention terms will apply with reference to data processing for the purposes set out below: for Contractual and Legitimate Interest Purposes, the data will be retained for a period equal to the duration of the provision of the services used by you and for the 10 years following (period in which the prescription for any contractual liability that may be claimed by the Customer against MITRIC matures), except for cases where retention for a later period is required for any disputes, requests from competent authorities, or in accordance with applicable law; for Marketing Purposes, the data will be retained for a period of 24 months from the date on which consent is given or renewed on the occasion of the purchase of a new MITRIC service or its renewal, or the date of the last contact with you, including, among others, the termination of the contractual relationship, participation in an event organized by the Company, use of a service provided by the Company, or the opening of a newsletter (collectively defined as the "Last Contact").

Change of Choices and Revocation of Consent

If you change your mind, you can modify the consent given for marketing purposes at any time by contacting us according to the methods provided in this information. The failure to provide or revoke consent will not in any way affect the use of our services.

Rights of Data Subjects

Regarding the processing of data described in this information, you can exercise at any time the rights provided by the GDPR (articles 15-21), including:

• Receiving confirmation of the existence of your personal data and access to their content (right of access);
• Updating, modifying, and/or correcting your personal data (right of rectification);
• Requesting the deletion or limitation of the processing of your personal data processed in violation of the law, including those for which storage is not necessary in relation to the purposes for which the data was collected or otherwise processed (right to erasure and right to restriction), subject to a prevailing public interest or legal obligation of the Company to retain such data;
• Objecting to the processing, including profiling (right to object), without prejudice to the existence of a legitimate interest of the Company in continuing the processing;
• Revoking consent, if given, for marketing activities;
• Filing a complaint with the Supervisory Authority (Italian Data Protection Authority www.garanteprivacy.it) in case of violation of the rules on the protection of personal data;
• Receiving a copy in electronic format of your personal data, to transfer them to yourself or to a different service provider if the Company processes such data on the basis of your consent or on the basis that the processing is necessary for the provision of the services requested by you, and the data is processed through automated tools (right to data portability).

To exercise the rights regarding the protection of personal data at any time and free of charge, you can contact the Data Controller, who can be reached by sending a request to the address gdpr@mitric.com or by sending the communication by post to:

Mitric S.r.l. Registered office: Via Leone XIII, 14 20145 Milan Attn: Data Controller

When contacting the Company, make sure to include your name, email/postal address, and/or phone number(s) to ensure that your request can be properly handled.

Changes and Updates

This information may be subject to variations also as a result of any changes and/or additions to the legislation. The changes will be communicated to the data subjects, and the constantly updated text of the information will be available on the Platform.