Servizi Italia S p A : PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA FOR SHAREHOLDERS PARTICIPATING IN THE ORDINARY AND EXTRAORDINARYSHAREHOLDERS’ MEETING

PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA FOR SHAREHOLDERS

PARTICIPATING IN THE ORDINARY AND EXTRAORDINARYSHAREHOLDERS' MEETING

Servizi Italia S.p.A., with registered office in Castellina di Soragna (PR), Via San Pietro 59/B - 43019, Tax ID Code 08531760158 and V.A.T. No. 02144660343, as the Data Controller (hereinafter the "Controller"), hereby notifies, in accordance with Regulation EU 2016/679 ("GDPR") and the applicable Italian legislation on the protection of personal data, that your personal data will be processed for the following purposes:

1. Data Processing

The Controller will process the data indicated below concerning you and any relatives living with you that you provided at the time of your appointment or even after your appointment (hereinafter, "Data" or "Personal Data"):

• Personal details such as, for instance, name, surname, tax ID code, etc.;

2. Purposes and legal basis for processing

Your personal data shall be processed without your prior consent for the following purposes and legal requirements:

• pursuing the legitimate interest of the Controller, such as:
• • checking your identity and legitimacy for the purposes of submitting the lists and ensuring that the shareholders' meeting has been validly convened;
  • exercising the Controller's rights in court and managing disputes;
  • recording and taking images of the meeting for ease of minute taking
• Fulfilling the Controller's legal obligations for:
• • Fulfilling the legal obligations relating to company procedures and to the process for convening meetings.

3. Methods Of Processing

Your personal data shall be processed both in hard copy and electronic format by collecting, recording, organising, storing, consulting, processing, amending, selecting, extracting, comparing, using, interconnecting, blocking, communicating, deleting or destroying the data.

4. Data Retention

The Controller will use your personal data for the time necessary to achieve the purposes stated above and, in any case, for no longer than 10 years from the end of the contract.

5. Data Provision

You are required to provide your personal data and, in the event, that you refuse to provide the data this may make it impossible to submit the lists or to take part in the shareholders' meetings, or to carry out any other ensuing obligations.

6. Data Access

Your data may be accessed for the above-mentioned purposes by:

• employees/or contractors working for the Controller, in their role as Data Processors and/or internal Data Processors and/or Systems Administrators;
• third parties (e.g., notaries, independent contractors, etc.) carrying out outsourced activities on behalf of the Controller who will process the data in their role as external data processors.

7. Sharing Data

Your data may be shared, even without your consent, with supervisory bodies, police or law enforcement agencies, the Ministry of Finance, the Revenue Agency, ministerial institutions, competent authorities and local (regional, provincial, municipal) authorities, regional and provincial tax offices, at their specific request, which will process the data in their capacity as independent data controllers for institutional purposes and/or by virtue of the law and when carrying out checks and investigations. Your data may also be shared with third parties (e.g. social security benefit offices, independent contractors, etc.), in their capacity as independent data controllers, or in order to carry out activities for the above purposes.

8. Data Transfer

Your data shall not be disclosed to countries outside the EU.

9. Rights of the data subject

The Controller informs you that, as the data subject, unless specific legal requirements apply, you have the right:

• to obtain confirmation of the existence of personal data concerning you, even if not yet recorded, and that such data shall be provided in an intelligible form:
• to obtain information on and, if necessary, copy of: a) the origin and type of personal data; b) the logic applied in the case of processing carried out using electronic devices; (c) the purposes and methods of the processing; d) the personal details of the Data Controller and Data Processors; e) the individuals or categories of individuals to whom the personal data may be disclosed or those who may gain access to it as third-country recipients or recipients of international organisations; e) where possible, the length of time for which the personal data will be stored, or, if not possible, the criteria used to determine that period of time; f) the existence of an automated decision-making process, including profiling and, if this is the case, the logic applied, the significance and consequences for the interested party; g) the existence of any suitable guarantees in the case of data transfer to a country outside the EU or to an international organisation;
• to insist, without undue delay, that any incorrect data be updated and corrected, or, when requested, that incomplete data be completed.
• to obtain the erasure, encryption or blocking of data: a) that is processed unlawfully; b) that is no longer needed to be kept for the purposes for which it was collected or subsequently processed; c) for which consent on which the processing is based has been withdrawn and where there is no other legal ground for the processing; d) whose processing you object to where there are no overriding legitimate grounds for the processing; e) where there has been a failure to comply with a legal obligation; f) that relates to minors. The Controller may refuse to erase the data only when: a) exercising the right of freedom of expression and information; b) complying with a legal obligation, carrying out a duty in the public interest or as an official authority; c) there is a public health issue; d) archiving is necessary in the public interest, for scientific or historical research purposes or statistical purposes; e) exercising or defending legal claims;
• to limit the processing in the event that: a) the accuracy of the personal data is contested; b) the data has been processed unlawfully by the Controller to prevent its erasure; c) it is in order to exercise your rights in the courts; d) it has been verified that the legitimate grounds of the Controller override those of the data subject;
• to have easy access to the data, when processed by automated means, in a structured, commonly used and machine-readable format and to be able to transmit such data to another controller or, if feasible, to obtain direct transfer of the data from the Data Controller to another;
• to object, entirely or in part: a) for legitimate reasons related to your specific situation to the processing of personal data concerning you; b) to the processing of personal data concerning you for purposes of sending advertising material or direct marketing material or to carry out market research or business

communications, by using automated call systems without an operator, by email and/or using conventional marketing techniques by phone and/or post;

• to make a complaint to the Guarantor Authority for the protection of personal data.

In the above-mentioned cases, where necessary, the Controller shall ensure that third parties to whom the data was disclosed or shared are made aware of your rights, except in specific cases (such as where this compliance is impossible or entails the use of means manifestly disproportionate to the right protected).

10. How to exercise your rights

You may at any time exercise your rights:

• by sending a registered letter to the Controller's address at
  Servizi Italia S.p.A., in Castellina di Soragna (PR), Via San Pietro 59/B - 43019;
• by sending an email toprivacy@si-servizitalia.com;
• by calling number: (+39) 0524 598511.

11. Data Controller, Data Processor and AdministratorsIl Responsabile della Protezione Dati è:

 Ing. Gozzi Costantino, Viadana (MN), Viale Kennedy 20/O, CF GZZCTN69L06L826A, P.IVA 01818150201.

Numero di telefono per contattare il DPO: 0375/780004 - 0375/785303

Indirizzo mail: gozzing@alice.it

Indirizzo pec: gozzing@pec.it

The up-to-date list of Data Controllers is kept in the Data Controller's office in Via San Pietro 59/B - 43019 Castellina di Soragna (PR).

Castellina di Soragna, 8 March 2024

The Data Controller

Servizi Italia S.p.A.

Dott. Andrea Gozzi

_______________________

For acknowledgement

____________________