INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA

This Information Notice is provided to inform you that the data supplied to our Company will be processed in accordance with EU Regulation No. 2016/679 (hereinafter also “GDPR”) and Legislative Decree No. 101/2018.

We therefore invite you to carefully read the following information.

Data Controller and Data Protection

The Data Controller is Systema s.r.l., with registered office in Ivrea (TO), Via Jervis 24.

The Data Controller may be contacted by sending a registered letter with return receipt or by email to: ilteam@oli-ivrea.com

Purpose of Processing

The personal data provided will be processed for the following purposes:

i.) fulfilment of contractual obligations;
ii.) fulfilment of accounting and tax obligations;
iii.) supplier management (supplier administration, contract management, orders, deliveries and invoices);
iv.) customer management (customer administration, contract management, orders, shipments and invoices, assessment of reliability and solvency);
v.) legal and economic management of personnel;
vi.) management of disputes (contractual breaches, formal notices, settlements, debt recovery, arbitration, legal disputes);
vii.) compliance with legal obligations;
viii.) legitimate interests of the Data Controller.

Scope of Communication and Disclosure

We inform you that, in order to achieve the purposes indicated above, the collected data may be communicated to third parties – appropriately appointed as Data Processors, whose details will be made available upon simple request – such as, for example: financial institutions, social security and welfare institutions, insurance companies, IT and telematics service providers, archiving and storage companies, printing and shipping companies, email management companies, judicial or administrative authorities, accountants, lawyers, consultants, doctors, subsidiaries or affiliated companies, credit agencies, auditing firms, foundations, universities and other institutes, and trade associations.

Outside the cases mentioned above, your personal data will not be disclosed or disseminated without your explicit consent.

Methods of Processing

Processing will be carried out both in paper form and electronically, in accordance with the principles of lawfulness, fairness, relevance and proportionality established by current legislation.

The Data Controller adopts appropriate security measures designed to prevent unauthorized access, disclosure, modification or destruction of the processed data.

Data Retention

The Data Controller will process personal data for the time strictly necessary to fulfil the purposes indicated above or, in any case, for the period required by law, unless further retention is necessary to comply with orders from Authorities.

Place of Processing and Scope of Data Circulation

The management and storage of personal data will take place on servers of the Data Controller and/or third-party companies duly appointed as Data Processors, located both within the European Union and in non-EU countries. Therefore, the data may be transferred both within and outside the European Union.

With regard to possible transfers of data outside the EU, the Data Controller guarantees that such transfers take place in compliance with applicable legal provisions through agreements ensuring an adequate level of protection and through the adoption of the standard contractual clauses approved by the European Commission.

Refusal to Provide Data

We also consider it necessary to inform you that any refusal to consent to the processing indicated above may prevent the establishment or continuation of the contractual relationship.

Rights of Data Subjects

With regard to the processing of personal data carried out by our Company, we remind you that, as data subjects, you have the right to:

• obtain confirmation as to whether or not personal data concerning you exists, even if not yet recorded, and to receive such data in intelligible form;

• obtain information regarding:
  a) the origin of the personal data;
  b) the purposes and methods of processing;
  c) the logic applied in case of processing carried out with electronic tools;
  d) the identification details of the Data Controller, processors and designated representative pursuant to Article 3(1) GDPR and Legislative Decree 101/2018;
  e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representatives, processors or authorized persons;

• obtain:
  a) updating, rectification or, where interested, integration of the data;
  b) deletion, anonymization or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed;
  c) certification that the operations referred to in points a) and b) have been notified, including their contents, to those to whom the data was communicated or disclosed, unless this proves impossible or involves disproportionate effort;

• object, in whole or in part:
  a) on legitimate grounds, to the processing of personal data concerning you, even if relevant to the purpose of collection;
  b) to the processing of personal data concerning you for advertising, direct sales, market research or commercial communication purposes, through automated systems without operator intervention via email and/or traditional marketing methods via telephone and/or paper mail.

It should be noted that the right to object to direct marketing through automated methods also extends to traditional methods, and that the data subject may exercise this right even partially. Therefore, the data subject may choose to receive only traditional communications, only automated communications, or neither.

• where applicable, you also have the rights set out in Articles 16–21 GDPR (right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Italian Data Protection Authority.

Changes to this Information Notice

The possible entry into force of new sector regulations, as well as the constant review and updating of the services reserved for you, may require modifications to the methods and terms described in this Information Notice.

Therefore, this document may be subject to changes over time. You are therefore invited to periodically consult the dedicated page on the company website:

www.oli-leadershipinstitute.com/privacy-policy

where any updates to this Information. Notice will be published.