PRIVACY POLICY

(INFORMATION PURSUANT TO ART. 13 OF EUROPEAN REGULATION 679/2016)

Dear User, This page describes the methods for managing the websites https://www.croci.net/ www.croci-group.net and https://www.amtra.net/ (hereinafter referred to as the “Site” or “Portal”) with regard to the processing of the personal data of the users who consult it.

This Privacy Policy also indicates the general principles on which CROCI Spa is based with regard to data processing: this is without prejudice to the specific conditions and information that have been established for particular treatments that result from the various contractual relationships that may be established with CROCI Spa.

We would therefore like to inform you that your personal data collected as a result of your request for information and/or other means of supplying data to the above website (for example, in relation to spontaneous applications or requests for commercial information), will be processed by CROCI Spa in full compliance with current legislation on the protection of personal data, with particular reference to EU Regulation 2016/679 General Data Protection Regulation (hereinafter GDPR).

Therefore, pursuant to Art. 13 of the aforementioned GDPR and in relation to the personal data that will be processed by CROCI Spa we inform you of the following:

1) Methods of data collection

1a) Automatically collected data – Navigation data

The computer systems and programmes used to operate the website https://www.croci.net/ https://www.croci-group.netand the CROCI SPA website https://www.amtra.net/ collect some personal data whose transmission is implicit in the use of normal Internet communication protocols (e.g. IP addresses or domain names of the computers used by the users, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code regarding the status of the response given by the server and other parameters relating to the operating system, the browser and the user’s computer environment. We also collect data and information on how you navigate the site (e.g. product categories visited, pages visited, etc.).

This data is not subject to automated processing (profiling) and is used solely for the purpose of obtaining statistical information not associated with any user identification data on the use of the site and to check its correct operation and is deleted immediately after processing.

The data could also be used to ascertain responsibility in the event of computer crimes against the Site.

1b) Data provided voluntarily by the user

This category of data covers the personal data already spontaneously transmitted by the interested party to the Data Controller during contact of a commercial nature or by email, post, visits to CROCI Spa offices, meetings, events, fairs etc. or by means of other communication tools.

The same category includes personal data that may be communicated when requesting information by filling in the contact form on the website https://www.croci.net/ and https://www.amtra.net/,and https://croci-group.com or during registration on the Site. With regard to the use and consultation of the above website, please note that no personal data is required from the user. However, any contact with CROCI Spa through the customer assistance service, or the optional, explicit and spontaneous sending of messages, by electronic or traditional mail, to the CROCI Spa addresses indicated on the website entails the subsequent collection of the address, including e-mail, of the sender or of their telephone number, required to respond to requests, as well as any other personal data included in the communications. This data will only be used for the purpose of fulfilling the user’s request and may only be disclosed to third parties if this is necessary for that purpose.If consent is given, users may be categorised on the basis of their purchasing preferences by a non-automatic process for the purpose of directing commercial information relating to services and products already purchased. The mailing service is carried out using MailChimp, whose privacy policy can be found at the following links https://mailchimp.com/gdpr/ and https://mailchimp.com/legal/privacy/ 1c) Data provided voluntarily by the user through the installation of the ‘WiFi Amtra’ App To install the ‘WiFi Amtra’ App, the following personal data is required from the user: first name, last name and email address. The provision of such data is not compulsory but is necessary to activate the service offered by the App itself. Processing of this data is detailed in this policy, section 3) et seq.

2) Purpose of Processing

Personal data is processed for the purpose of providing information services of a commercial nature and in relation to the acquisition of spontaneous applications In particular, personal data will be processed in order to:

a) carry out a service or one or more agreed operations, in addition to, with your consent, proposing additional services activated at the same time as your registration;
b) carry out personnel selection activities, implemented by means of analysis and evaluation of your curriculum vitae;
c) subject to your consent, communicate commercial information by telephone, post, e-mail, SMS, WhatsApp messaging, about new offers of products and services from CROCI Spa;
d) with your consent, send you communications to assess the level of customer satisfaction for products and services.

Personal data will mainly be processed electronically. However, there may be processing in paper format for CVs submitted. The data will be processed with tools and in the manner strictly necessary to the fulfilment of the above-mentioned purposes. The data will be processed with tools and in the manner strictly necessary to the fulfilment of the above-mentioned purposes.

3) Option of providing data

Apart from that specified for navigation data, the user is free to provide or not to provide any personal data that may be requested, but failure to do so may make it impossible for CROCI Spa to provide the services in question.

4) Data retention

Personal data, which are processed for the purposes described above, will be kept for the following period if you consent to their processing: o performance of a service or one or

more agreed operations, free of charge for the data subject, such as the provision of information or spontaneous application: 5 years
o provision of additional services and communication of commercial information, free of charge for the data subject, or in any case during pre-contractual stages: 5 years
o other cases: legal deadlines.

At the end of the storage period, the data, whether in electronic or any paper format, will be physically destroyed and no longer recoverable. Beyond the indicated retention period, CROCI Spa will no longer be able to carry out any processing and/or service provision operations, including ensuring the exercise of the rights of the data subject (see paragraph “Rights of the Data Subject”).

5) Processing modes

The processing of the data will be carried out by personnel appointed by CROCI Spa with procedures, technical and computer tools suitable to protect the confidentiality and security of your data and consists of the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, diffusion, cancellation and destruction of it, including the combination of two or more of the above activities.

Automated tools, however, have neither the characteristics nor the purpose of automatic profiling of data subjects.

6) Legal basis for processing

CROCI SPA processes personal data on the following basis:

– When processing is necessary to execute particular requests for information or services, Art. 2a) and 2b) of the ‘Purpose of Processing’ section;
– Where processing is based on consent, for all processing operations referred to in Art. . 2c) and 2d) of the ‘Purpose of Processing’ section

7) Communication of data

CROCI Spa may disclose your data to third parties only following your specific request and consent, for example, in the case of requests for information and insights that may require the involvement of third-party companies. In these cases, the third party recipients, who are themselves autonomous Data Controllers, will process your data as external Data Processors of CROCI Spa.

8) Data transfer abroad

Personal data is stored on servers located in the following EU and non-EU countries:

o Italy – IT (EU): e-mail, servers;
o United Kingdom – (non-EU): server hosting service;
o United States – US (non-EU): web traffic analysis (Google Analytics application), on this point see section 9), ‘Cookies’;o United States – US (non-EU) MailChimp platform application; o United States – US (non-EU) Google Tag Manager application for script management; o Czech Rep. – (EU) for chat service operated by Smartsupp application; o United States – US (non-EU) Google Ad application; o Ireland (EU) – WhatsApp messaging service;

Personal data will not be disclosed.

9) Cookies

No personal user data is acquired by the site in this respect.

The portal uses cookies, which are a text file that the site sends to the user’s computer connecting to it.

Cookies do not damage the computers to which they are sent and are not able to record or modify in any way personal information and data on the system.

Cookies can be stored on the user’s computer and have a variable duration.

Cookies are only used to allow the site to “recognise” a registered user, in which case failure to accept the cookie will prevent access to certain services requested.

By using this portal, you consent to the processing of your data in the manner and for the purposes set out above. By using this portal, you consent to the processing of your data in the manner and for the purposes set out above. The data collected under this point are not physically in the possession of CROCI Spa, which can only use them for consultation purposes, but has no possibility to modify or delete them independently. Any requests for the above data should be addressed to the respective Data Controller.

What are cookies?

Cookies are portions of code (computer files or partial data) sent by a server to the user’s internet browser, automatically stored on the user’s computer by that browser and automatically sent back to the server each time the Site is accessed or subsequently accessed. A cookie usually contains the name of the website from which the cookie originates, the lifetime of the cookie (how long it will remain on the user’s device) and a value, which is usually a randomly generated unique number On each subsequent visit, cookies are redirected to the website that issued them (first-party cookies) or to another website that recognises them (e.g. third-party cookies). Cookies are useful because they allow a website to recognise the user’s device and they serve various purposes such as allowing the user to navigate efficiently between pages, remembering favourite sites and generally improving the browsing experience. Cookies also help to ensure that the advertising content displayed online is better targeted to a user and their interests.

If you choose to disable cookies, this may affect and/or limit your browsing experience on the Site, for example you may not be able to visit certain sections of a Site or you may not receive personalised information when you visit the Site.

What types and categories of cookies do we use and for what purposes?

“Technical” cookies are essential for the proper functioning of the Site and allow users to browse the Site and take advantage of its features (for example, they allow the storage of previous actions or save the user’s session and/or carry out other activities strictly necessary for the operation of the Site).

This category also includes “analytical” cookies,which help us understand how users interact with the Site by providing information about the last page visited, the number of sections and pages visited, the time spent on the Site and any incidents that have arisen during browsing, such as an error message, and help us understand any difficulties you are experiencing in using the Site. This information may be associated with user details such as IP address, domain or browser; however, it is analysed together with other users’ information so as not to identify one particular user to another. These cookies are collected and aggregated anonymously and allow us to improve the performance of the Site.

Finally, “functionality” cookies allow the Site to remember the user’s choices (e.g. the user’s name) in order to provide the user with more personalised and optimised navigation. Functional cookies are not essential to the operation of the Site, but they improve its quality and browsing experience If you do not accept these cookies, the performance and functionality of the Site may be impaired and access to the content of the Site may be restricted.

This Application uses Cookies managed directly by the Owner and Cookies that enable services provided by third parties (commonly called “third party” Cookies). Unless otherwise specified herein, such third parties have access to their respective Tracking Tools.

The duration and expiry of Cookies may vary depending on what is set by the Controller or each third party provider. Some of them expire at the end of the User’s browsing session.

Activities involving the functionality of third-party Cookies

1) Simple interactions and functionality.

This Application uses Cookies to enable simple interactions and activate functionalities that allow Users to access certain Service resources and simplify communication with the Owner.

• Interaction with live chat platforms

2) Measuring

This Application uses Tracking Tools to measure traffic and analyse Users’ behaviour with the aim of improving the Service.

• Statistics

The services contained in this section allow the Data Controller to monitor and analyse traffic data and serve to keep track of the User’s behaviour.

• Google Analytics (Google LLC)

Google Analytics is a web analytics service provided by Google LLC (“Google”). Google uses the Personal Data collected in order to track and examine the use of this Application, compile reports and share them with other services developed by Google.

Google may use Personal Data to contextualise and personalise ads in its advertising network.

Personal data processed: Usage data and Tracking Tool.

Place of processing: United States – Privacy Policy – Opt Out. https://policies.google.com/?hl=it

How can I disable cookies?

Most browsers accept cookies automatically, but you can also choose not to accept them. It is advisable not to disable this function, as this may prevent you from moving freely from one page to another and enjoying all the features of the site. If you do not want your computer to receive and store cookies, you can change the security settings of your browser (Internet Explorer, Google Chrome, Safari etc.). In any case, please note that certain parts of our Site can only be used to their full extent if your browser accepts cookies. Otherwise, choosing to remove or not accept cookies may adversely affect your visit to our Site. If you wish to change the cookie settings by entering settings in the various browsers, the following are brief instructions on how to do this in the four most popular browsers:

Microsoft Internet Explorer Click on the ‘Tools’ icon in the top right-hand corner and select ‘Internet Options’. In the pop-up window select ‘Privacy’. Here you can adjust your cookie settings.

Mozilla Firefox From the drop-down menu in the top left corner, select ‘Options’. In the pop-up window, select ‘Privacy’. Here you can adjust your cookie settings. To find out more about cookies and how to manage or disable third-party or marketing/retargeting cookies, please visit www.youronlinechoices.com. 10) Rights of the persons concerned

Google Chrome Click on the ‘Tools’ icon in the top right-hand corner and select ‘Internet Options’. In the pop-up window select ‘Privacy’. Here you can adjust your cookie settings.

In addition to the above, we would like to inform you that in accordance with the above-mentioned legal provisions you are entitled to:

1. Receive confirmation of the existence of personal data concerning you, as well as access to and communication in comprehensible form of such data and their origin and the logic on which the processing is based; 2. Obtain the deletion, transfer, portability of data, including in anonymous form, or the blocking of processed data; 3. Obtain the update, rectification or, where interested, integration of data.

4. Withdraw consent to data processing.

5. Restrict data processing. 6. Obtain information on the persons or categories of persons to whom personal data may be communicated.

7. Complain to a supervisory authority (Privacy Authority).

8. Oppose the processing of personal data and its profiling.

As a data subject,

you also have the right to lodge

a complaint with the National Data

Protection Authority, which can be reached at www.garanteprivacy.it

11) Data Controller

The data

controller is

CROCI Spa

with headquarters in Castronno

, (VA) via S. Alessandro, 8

Tel: +39 0332-870860

, email privacy@croci.net

data

CROCI Spa