INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to Art. 13 of Regulation (EU) 2016/679 Last update: December 2021 GENERAL INFORMATION With this information notice, the company PLANEX S.R.L. – SOCIETÀ DI ENGINEERING, with registered office in Largo Perlar, 12 – 37135 Verona (VR), VAT and tax code IT 03219410234, R.E.A. VR – 318238, share capital i.v. 10.000,00€, Tel. +39 045 830 3193, e-mail planex@planex.it, PEC planex@pec.it, as Data Controller of personal data processing (hereinafter simply “Data Controller”) – wishes to inform you about the processing of personal data that you provide by browsing this Web Site www.planex.it, hereinafter simply “Web Site”. For any clarification, information, exercise of the rights listed in this notice, please contact e-mail: planex@planex.it address for sending registered mail: Largo Perlar, 12 – 37135 Verona (VR). EU Reg. 2016/679 and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, set out the rules to protect and safeguard natural persons with regard to the processing of their personal data and this information notice is drafted in accordance with the new legislative dictate. The policy may be subject to changes following the introduction of new regulations, so we invite you to visit this section periodically for updates. The Privacy Policy you are reading refers exclusively to the Website and the Data Controller is not liable for the personal data processing procedures carried out by third party websites that can be linked through the Cookie section, or through any window-links present on the Homepage. According to the law, the processing of personal data is based on the principles of correctness, lawfulness, transparency, accuracy, limitation of purposes and storage, minimisation, integrity of the data, protection of the user’s confidentiality and protection of his/her rights. The Data Controller undertakes to observe the aforementioned principles and, also for this purpose, hereby informs you from the outset that – with the exception of those processing operations for which the law provides for your explicit consent – by navigating on this Website, uploading or providing personal data, you accept and agree to be bound by the terms and conditions set out in this information notice. You may withdraw your consent to the processing of your data at any time by contacting the above addresses. If you are under 16 years of age, your consent is legitimate only if given or authorised by the person having parental responsibility for you, in accordance with the provisions of Article 8 EU Reg. 2016/679. For data subjects who are on the Italian territory, consent is also legitimate, under the same conditions as above, if the subject is at least 14 years old. In any case, we would like to give you some information on the personal data processing activities carried out by this Website and the entities that manage them. SUMMARY

1. DATA CONTROLLER
2. PERSONAL DATA PROCESSED
3. PURPOSE OF PROCESSING
4. LEGAL BASIS FOR DATA PROCESSING
5. PERIOD OF DATA RETENTION
6. METHODS OF PROCESSING
7. RECIPIENTS OF PERSONAL DATA
8. SCOPE OF DATA CIRCULATION
9. USER RIGHTS ACCORDING TO EU REG. 2016/679

  1. DATA CONTROLLER. The Data Controller is the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. It also deals with security profiles. With regard to this Website, the Data Controller is the company PLANEX S.R.L., as specified above, and for any clarification or exercise of your rights you may contact it at the following e-mail address: planex@planex.it. 2. TYPES OF PERSONAL DATA PROCESSED. Personal data’ means all information that could directly or indirectly enable the identification of users. Navigation data. The computer systems and software procedures used to operate this Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes, for example, the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data, necessary for the use of web services, are also processed in order to obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.) checking the proper functioning of the services offered ascertain responsibility in the event of offences against the Website or committed through the Website (malware attempts, spamming, abusive access to computer systems, etc.). Data actively communicated by the user. This means information sent by users in an optional and voluntary manner by filling in and sending contact forms and/or data collection forms published on the Website (e.g. e-mail address, subject of the e-mail, name or company name, first name and surname, etc.); personal data provided by users forwarding requests for information or clarifications, sending news and updates (Journal) and/or free resources offered by the Website; personal data provided by users by sending messages via the Controller’s social profiles; personal data provided by users who send spontaneous applications (‘curriculum vitae’, etc.). The optional, explicit and voluntary use of the aforementioned communication channels with the Data Controller entails the acquisition of the sender’s contact data, necessary to reply, as well as all the personal data included in the communications. The sending of such data is optional, however, the omission of the data to be included in the mandatory fields does not allow the Controller to acknowledge the request sent. In particular, by filling in the Journal subscription form or requesting to download the free resources offered by the Website, the user consents to his/her e-mail address being used to send informative and commercial material. The release of this data does not depend on a legal or contractual obligation and is, therefore, optional, but failure to provide it does not allow the company to provide the requested service. Processing is carried out through computerised systems. Users may cancel their subscription to the newsletter at any time by using the “unsubscribe” link at the bottom of each commercial communication received, or by contacting the e-mail address planex@planex.it. The storage period for the data released ends when the consent previously given by the user is revoked. The Controller shall process this data in compliance with the applicable legislation, assuming that it relates to the user or to third parties who have expressly authorised the user to provide it on the basis of a suitable legal basis legitimising the processing of the data in question. In respect of such hypotheses, the user acts as an autonomous data controller, assuming all the obligations and responsibilities laid down by law. In this sense, he/she grants on this point the widest indemnity in respect of any dispute, claim, request for compensation for damage caused by processing, etc. that may be received by the Controller from third parties whose personal data have been processed through his/her use of the Site in violation of the applicable legislation.

• Cookies and other tracking systems.

We do not use cookies for user profiling, nor do we use any other tracking methods. With regard to the types of cookies loaded on this Website, please read the Cookie Policy.

• Processing of personal data through the social media platforms used by the Controller

With regard to the processing of personal data carried out by the managers of the Social Media platforms used by the Controller, please refer to the information provided by them through their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of the Social Media platforms dedicated to its activity exclusively for the purpose of managing interactions with users (comments, public posts, etc.) and in compliance with the regulations in force. In order to prevent the transmission and storage of data relating to Internet navigation through Social Networks, the user must log out of them before visiting the Website. 3. PURPOSES OF PROCESSING. Without prejudice to what is provided for with regard to individual personal data processing activities within the Site, in general, the purposes of the processing pursued are as follows to reply to requests for information and, in general, to contact the user to enable the sending of spontaneous applications to work at the Data Controller’s organisational structure to execute pre-contractual and contractual obligations with respect to the legal relationships established, even at a distance send the customer news or commercial communications relating to services similar to those already purchased and therefore in line with the user’s interests (so-called Soft Spam). It is possible to object to such processing at any time by writing to planex@planex.it without any consequences (other than that of no longer receiving any informative or promotional communication); allow subscription to and, subsequently, forwarding of the newsletter (Journal) for informative and commercial purposes fulfil legal obligations manage management, administrative, accounting and tax obligations; storage, hosting and management of the Site’s backend infrastructure; interaction with social networks and external platforms; statistics and cookie management; preventing and detecting any abuse in the use of the Website, or any fraudulent activity, and thus enabling the Data Controllers to protect themselves in court. 4. LEGAL BASIS FOR DATA PROCESSING. The legal bases for the processing of personal data provided by the user while browsing the Website are: the fulfilment of a legal obligation to which the Data Controller is subject pursuant to 6 co 1 lett. c) GDPR with regard to the fulfilment of obligations provided for by law, regulations, Community legislation or an order from the Authority; the performance of a contract to which the data subject is a party or the performance of pre-contractual measures taken at the request of the same, ex 6 co 1 lett. b) GDPR with regard to data collected to respond to requests for information from users and for sending spontaneous applications sent via the contact forms the user’s consent ex 6 co 1 lett. a) GDPR for the management of the newsletter. Consent is expressed by ticking the appropriate consent flag; the legitimate interest ex art. 6 co 1 lett. f) GDPR for the activity of soft spam, for the management of the backend infrastructure of the Site, for the management of technical and analytical cookies present on the Site and, more generally, for the exercise of its rights in the context of the information society. 5. DATA RETENTION PERIOD. Data processed to fulfil legal obligations will be retained for the period of time indicated by the specific legislation or until the fulfilment of the same, and in any case for the period of time necessary to prove the fulfilment; data processed to fulfil contractual purposes will be retained until the fulfilment of the same and, if a contract has been concluded or pre-contractual negotiations have taken place, for ten years from the conclusion of the same in order to allow for any judicial or extrajudicial protection as well as the demonstration of the correct fulfilment of the obligations contractually undertaken. The data contained in CVs collected through spontaneous applications will be processed for the time necessary to fulfil the purposes for which they were collected and, in any case, for no longer than 12 months after collection. As regards the activity of sending newsletters by e-mail, personal data will be kept until the user withdraws consent by requesting cancellation from the service. When the processing of personal data is necessary for the pursuit of a legitimate interest of the Data Controller, personal data will be kept until such interest is satisfied or until the data subject objects, to be exercised in the manner indicated below. The data processed for the purposes of Prevention of Abuse and Fraud will be kept for the time strictly necessary to enable the Controller to defend itself in court. 6. METHODS OF PROCESSING. On this Website, data are collected electronically and processed by means of operations performed mainly with the aid of electronic tools, ensuring the use of suitable measures for the security of the data processed and guaranteeing their confidentiality. This Website does not foresee the existence of an automated decision-making process for the purpose of commercial profiling (a targeted marketing technique that includes the collection and processing of users’ data for the purpose of understanding their choices and their behaviour in order to divide their interests into “profiles”, i.e. into homogeneous groups with increasingly specific behaviour or characteristics). 7. RECIPIENTS OF PERSONAL DATA. The categories of recipients that may become aware of your personal data during or after the execution of the contract are: parties that process the data in performance of specific legal obligations; external consultants who provide services functional to the purposes indicated above, identified in writing and to whom specific written instructions have been given with reference to the processing of personal data; subjects with whom it is necessary to interact in order to provide the services requested (e.g. hosting providers, etc.); subjects necessary for the provision of the services offered by the Site including, by way of example, the sending of e-mails and the analysis of the operation of the Site; persons authorised by the Data Controller to process personal data necessary to carry out activities strictly related to the provision of the Services, who are committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. employees and collaborators of the Data Controller) in general, to all those public and private subjects for whom communication is necessary for the correct and complete fulfilment of the indicated purposes. Users’ personal data may be communicated to Judicial Authorities and Police Forces only in cases where this is required by law and used by the Controller for the purposes of any defence of its rights in court, where strictly necessary. 8. SCOPE OF DATA CIRCULATION. The processing of personal data relating to the services of the Website takes place at the Data Controller’s premises and is handled only by personnel authorised to process such data. The data collected will not be circulated. However, for the effective performance of the requested service, some data will be shared with external parties called upon to perform specific tasks on behalf of the Data Controller (e.g.: hosting, housing, cloud providers, e-mail service providers for the Website publication and e-mail/PEC service management needs, web agencies, marketing consultants, professionals, etc.). In order to provide certain services, personal data may be transferred to third-party organisations or countries, where the servers of the hosting or providers are located. Where this occurs, the Controller ensures that your personal data is processed by these recipients in compliance with applicable legislation. Further information is available from the Controller by writing to the following address: planex@planex.it. The Controller undertakes to protect the security of your personal data by taking all the necessary IT and physical measures to protect the personal data provided. No security system guarantees this protection with absolute certainty, therefore, except in cases of liability for negligence, the Data Controller shall not be liable for the actions of third parties who abusively access the systems without due authorisation. For these reasons, users of the Site are advised to ensure that their computer is equipped with software suitable for the protection of network data transmission (e.g. up-to-date antivirus software) and that their Internet provider has adopted suitable measures for the security of network data transmission. 9. USER RIGHTS ACCORDING TO EU REG. 2016/679 Article 13 para. 2 and Articles 15 to 22 of EU Reg. 2016/679 (GDPR) list the user’s rights. The Controller therefore wishes to inform you of the existence:

• of the data subject’s right to request from the Controller access to personal data (Art. 15 GDPR), rectification (Art. 16 GDPR) or restriction of processing concerning him/her (Art. 18 GDPR) or to object, on legitimate grounds, to their processing (Art. 21 GDPR), as well as the right to data portability (Art. 20 GDPR);
• the right to request the deletion (art. 17 GDPR), transformation into anonymous form or blocking of data processed in violation of the law, including data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed.

Requests may be addressed to the Data Controller, without formalities or, alternatively, using the form provided by the Data Protection Authority available at http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924, by sending an e-mail to the address: planex@planex.it. If the processing is based on Art. 6(1)(a) or Art. 9(2)(a), the user has the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation. Similarly, in the event of a breach of the law, the user has the right to lodge a complaint with the Garante per la Protezione dei Dati Personali, as the authority in charge of supervising the processing in the Italian State. The form for lodging a complaint with the Garante per la Privacy can be found at: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524. For a more detailed discussion of your rights, see Art. 15 et seq. of the GDPR. To exercise one or more of the above rights, you can contact us at the following e-mail address: planex@planex.it.