ANNEX A – PRIVACY POLICY

Pursuant to art. 13 of EU Regulation 2016/679 (also “GDPR”) laying down provisions on personal data protection, we inform you that your personal data, will be processed by Data Controller “Isaia&Isaia S.p.A.”, Agilae Srl and Data Processor “PXand LLC”, as set out below. This Privacy Policy describes how we collect, store, use and distribute information through our software, website, documentation, and related services (together, the “Services”).

Capitalized terms not defined in this Privacy Policy have the meaning as set forth in the Terms of Use for the Services, which can be found here.

1. Consent

By using the Services, you consent to the use of your Personal Information as described in this Privacy Policy. If you are not of legal age to form a binding contract (in many jurisdictions, this age is 18), you may only use the Services and disclose information to us with your parent’s or legal guardian’s express consent. Furthermore, children under the age of 14 cannot use or register for the Services in any way. Except as set forth in this Privacy Policy, your Personal Information will not be used for any other purpose without your consent. We do not actively collect Personal Information for the purpose of sale of such information in a way that specifically identifies the individual (i.e. we don’t sell customer lists). You may withdraw your consent to our processing of your Personal Information at any time. However, withdrawing consent may result in your inability to continue using some or all of the Services.

2. Collection of Information

· Personal Information

When you register to use the Services, we may require you to provide certain personally identifiable information, such as your name, address, phone number, and email address. In the course of using the Services, you may voluntarily communicate with certain of our representatives for the purposes of obtaining customer care and/or technical assistance. These representatives may also ask you for certain personally identifiable information in order to better help you. Such information is referred to below as your “Personally Identifiable Information”). When purchasing the Services, we will require you to provide financial and billing information, such as billing name and address, and credit card number (“Billing Information”). Your Personally Identifiable Information and your Billing Information are collectively referred to as your “Personal Information.”

· Data, Diagnostic & Login Information

You may be able to create, upload, publish, transmit, distribute, display, store or share information, data, text, graphics, video, messages or other materials using our Services (this is collectively referred to below as “Data”). Some of this Data may be stored and maintained on our servers. If you run into technical errors in the course of using the Services, we may request your permission to obtain a crash report along with certain logging information from your system documenting the error (“Diagnostic Information”). Such information may contain information regarding your Operating System version, hardware, browser version (and .NET version information in case of Windows systems), and your email address, if provided. Additionally, certain login information may be maintained in a cookie stored locally on your personal computing device (i.e. not on a server) in order to streamline the login process (“Login Information”).

· Usage and Analytics Information

As you use our Services, we may also collect information through the use of commonly-used information-gathering tools, such as cookies, log files, and Web beacons. Such Information may include standard information regarding your mobile device, browser type, browser language, Operating System, Internet Protocol (“IP”) address, and the actions you take on our web site (such as the web pages viewed and the links clicked) or while using the Services. Collectively, this information is referred to as “Usage and Analytics Information.”

· Geo-Location Information

We do not use GPS technology to collect any information regarding your precise real-time geo-location while using the Services. However, we may use elements of your Usage and Analytics Information (such as your IP address) to determine your generalized location. This information is referred to as “Generalized Geo-Location Information.”

3. Use of Information

We use the information we collect in the following ways:

· Personally Identifiable Information

We use this information to manage your account, to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or request feedback, for identification and authentication purposes, for service improvement, and to address issues like malicious use of the Services. We may also use Personally Identifiable Information for limited marketing purposes, namely, to contact you to further discuss your interest in the Services, and to send you information about us or our partners.

We may also use your Personally Identifiable Information in an aggregated, de-identified, and anonymous way to monitor and analyze overall use of the Services, for the Services’ technical administration, and to increase the Services’ functionality and user-friendliness.

· Billing Information

We use credit card information to manage your account, to provide the Services, and to check the financial qualifications of prospective customers and to collect payment for the Services. We may use a third-party service provider to manage credit card processing. If we do so, such a service provider will not be permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on our behalf.

· Data, Diagnostic Information and Login Information

We use this information solely for the purpose of administering and improving our Services to you.

· Usage and Analytics Information

We may use your Usage and Analytics Information in a de-identified, anonymous way in conjunction with an analytics service such as Google Analytics to monitor and analyze overall use of the Services, for the Services’ technical administration, to increase the Services’ functionality and user-friendliness, and to verify users have the authorization needed for the Services to process their requests.

· Geo-Location Information

We may use this information for the purpose of administering and improving our Services to you, such as by providing you with relevant promotions. We may also use your Geo-Location Information in an anonymized manner to monitor and analyze use of the Services, for the Services’ technical administration, and to increase the Services’ functionality and user-friendliness.

If we plan to use your Personal Information in the future for any other purposes not identified above, we will only do so after informing you by updating this Privacy Policy. See further the section of this Privacy Policy entitled “Amendment of this Privacy Policy”.

4. Legal basis of the processing and nature of data provision

Personal data processing is necessary in order to execute pre-contractual measures adopted at the request of the interested party (Article 6 paragraph 1, letter .b) of EU Reg. 2016/679), sometimes, for some types of processing resides in the explicit consent of the user ((art.6, par.1, lett. a of the EU Reg. 2016/679),) (for example the processing of personal data for further purposes of promotional communications, profiling, etc. or geolocation). The provision of the data listed above is mandatory as it is necessary to carry out the purposes indicated; therefore, the refusal to issue it will only determine the impossibility of processing your data for the aforementioned purposes. Failure to provide the optional data, however, will not hinder the pursuit of the main purposes for which they are collected. In the case of processing based on the explicit and declared consent of the User, the same may revoke the consent previously given at any time.

5. Disclosures & Transfers

We have put in place contractual and other organizational safeguards with our agents (see further below) to ensure a proper level of protection of your Personal Information (see further “Security” below). In addition to those measures, we will not disclose or transfer your Personal Information to third parties without your permission, except as specified in this Privacy Policy (see further “Important Exceptions” below).

From time to time we may employ third parties to help us improve the Services. These third parties may have limited access to databases of user information or registered member information solely for the purpose of helping us to improve the Services and they will be subject to contractual restrictions prohibiting them from using the information about our members for any other purpose. Such agents or third parties do not have any rights to use Personal Information beyond what is necessary to assist us.

6. Important Exceptions

We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law.

We may also disclose your Personal Information in connection with a corporate re-organization, a merger or amalgamation with another entity, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed continues to be used for the purposes permitted by this Privacy Policy by the entity acquiring the information.

7. Security

The security of your Personal Information is important to us. We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.

You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your password, and safeguard your user name, password and personal credentials when you are using the Services, so that other people will not have access to your Personal Information. Furthermore, you are responsible for maintaining the security of any personal computing device on which you utilize the Services.

8. Sharing Information with Third Parties

You may be able to share Personal Information with third parties through use of the Services. The privacy policies of these third parties are not under our control and may differ from ours. The use of any information that you may provide to any third parties will be governed by the privacy policy of such third party or by your independent agreement with such third party, as the case may be. If you have any doubts about the privacy of the information you are providing to a third party, we recommend that you contact that third party directly for more information or to review its privacy policy.

9. Retention

We will keep your Personal Information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law. All retained Personal Information will remain subject to the terms of this Privacy Policy. Please note that if you request that your Personal Information be removed from our databases, it may not be possible to completely delete all of your Personal Information due to technological and legal constraints.

10. Amendment of this Privacy Policy.

We reserve the right to change this Privacy Policy at any time. If we decide to change this Privacy Policy in the future, we will post or provide appropriate notice. Any non-material change (such as clarifications) to this Privacy Policy will become effective on the date the change is posted, and any material changes will become effective 30 days from their posting or via email to your listed email address. Unless stated otherwise, our current Privacy Policy applies to all Personal Information that we have about you and your account. The date on which the latest update was made is indicated at the bottom of this document. We recommend that you print a copy of this Privacy Policy for your reference and revisit this policy from time to time to ensure you are aware of any changes. Your continued use of the Services signifies your acceptance of any changes.

11. Rights of Interested party

Rights of the interested party in relation to the purposes of the processing described above, the user is entitled to exercise the rights pursuant to art. 15 of Reg.UE 2016/679, to obtain from the Data Controller the confirmation that a personal data concerning him is being processed or not and, in this case, to obtain access to personal data and information regarding the processing. In addition, the user may exercise the rights set out in art. 16 to 22 of Reg.UE 2016/679: Right of rectification (art.16), Right to be forgotten (art.17), Right to restrict processing (art.18), obligation to notify in case of rectification or cancellation of personal data or restriction of processing (art.19), Right to data portability (art.20), Right to object (art.21), including any automated decision-making process relating to natural persons, including profiling (art.22).

The user may also exercise their rights by writing an e-mail to the Data Protection Officer at the e-mail address: privacy@agilae.it. If the user believe that the processing that concerns them violates the provisions of EU Reg. 2016/679, them always lodge a complaint with the Guarantor Authority for the protection of personal data through the form and procedure indicated on the site and available at the link https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524.

12. Contact Us.

The Data Controller is Isaia&Isaia S.p.A., with registered office in Naples (NA), Via Toledo 106, 80134. e-mail: privacy@isaia.it

The Data Protection Officer is Agilae S.r.l., based in Naples (NA), Via Seggio del Popolo 22, 80138. e-mail: privacy@agilae.it

ANNEX B - Information on the processing of personal data – Newsletter

We inform you, pursuant to art. 13 of the GDPR (the European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data), that the personal data relating to you and included in this form, are processed in full compliance with the privacy law in force, as well as respecting confidentiality obligations.

Nature of the data

We process only your e-mail address that you have specifically entered in the newsletter registration form.

Purpose of the processing

Personal data will be processed by the Data Controller, with your prior explicit and necessary consent, in order to send to the User, newsletter communications regarding promotions, updates and news related to the services of Isaia&Isaia S.p.A.

Legal basis of the processing and nature of data provision

Pursuant to art.6 of Reg.UE 2016/679, the processing of personal data is based on your consent, necessary to fulfil the purposes for which the data are requested (art.6, paragraph 1, lett.a of Reg. EU 2016/679). The provision of the data is necessary for the fulfillment of the purposes indicated above; therefore, the refusal to release will determine the impossibility of processing the data to provide the service requested.

Processing methods

In relation to the purposes indicated, your data will be processed lawfully, correctly and with the utmost confidentiality, with the support of paper and computer media, in compliance with the security measures referred to in art. 32 to 35 of Reg.UE 2016/679. Your personal data will be processed by personnel inside Isaia&Isaia S.p.A. who, as authorized to process (ex art.29 of Reg.UE 2016/679)shall act under the direct subordination and supervision of the Data Controller and in compliance with the operating instructions received from them.

Recipients or categories of recipients of personal data

For the pursuit of the above purposes your data may be the subject of communication and dissemination to external managers Isaia&Isaia S.p.A. specially appointed as Data Processors, pursuant to art.28 of Reg.UE 2016/679 and will not be disclosed to unauthorized third parties.

Data transfer

The Data Controller does not transfer personal data to third countries; however, it reserves the right to use cloud services and in this case the service providers will be selected from those who provide adequate guarantees, as required by art.46 of the GDPR.

Data retention

The Data will be stored until the User has indicated his intention to no longer receive the Newsletter or after 24 months from the last communication of which he has evidence of direct interaction (opening or response). At the end of the retention period, the data will be deleted or made anonymous permanently and irreversibly.

Rights of Interested party

Contact Us

The Data Controller is Isaia&Isaia S.p.A., with registered office in Naples (NA), Via Toledo 106, 80134. e-mail: privacy@isaia.it

The Data Protection Officer is Agilae S.r.l., based in Naples (NA), Via Seggio del Popolo 22, 80138. e-mail: privacy@agilae.it

ANNEX C - Information on the processing of personal data – Make An Appointment

Nature of the data

Only your first name, last name, e-mail address and telephone number are subject to processing and are specifically included in the form to send an appointment request.

Purpose of the processing

Personal data will be processed by the Data Controller exclusively to process your request for appointment.

Legal basis of the processing and nature of data provision

The legal basis that legitimizes the processing of personal data for the above purposes is to be found in the hypothesis provided for by art. 6 para. 1, lett. b of the GDPR, or the need for processing for the execution of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the same. The provision of data is mandatory for the fulfillment of the purposes indicated above and your refusal will determine the impossibility of processing your data and, consequently, to process your request.

Processing methods

Recipients or categories of recipients of personal data

Data transfer

Data retention

The personal data you provide will be stored in our computer systems for the time strictly necessary for the pursuit of the purposes. At the end of the retention period, the data will be deleted or made anonymous permanently and irreversibly.

Rights of Interested party