PROVISION OF DATA
The provision of data for purposes F2 and F3 is optional, failure to provide it will not allow the data subject to receive personalized communications or communications as part of the Data Controller's marketing activities. In all other cases, the provision of data is necessary to allow participation in the activities of the Data Controller.

DATA RECIPIENTS
The Data may be communicated to external parties operating as data controllers, such as supervisory and control authorities and any public or private entities entitled to request the data.
The Data may be processed, on behalf of the Data Controller, by external parties designated as data processors, such as companies that have received adequate operating instructions.
The Data may also be communicated to European and non-European legal entities of the MAIRE group.
In particular, the data may be made available to subjects who carry out management activities of the IT system of the Data Controller and the MAIRE group, competent authorities and/or public bodies and supervisory and control bodies for the possible fulfilment of legal obligations, agencies and communication companies, as well as to other subjects who in any capacity collaborate - for the achievement of the above purposes - with the Data Controller.

PERSONS AUTHORISED TO PROCESS
The data may be processed exclusively by employees and collaborators of the Data Controller and the MAIRE group appointed to pursue the purposes indicated above, who have been expressly authorised to process the data and who have received adequate operating instructions.

METHODS OF PROCESSING
The Data Controller will process the data with and without the aid of electronic, IT or otherwise automated tools and has adopted specific and adequate logical, organizational and technical security measures to prevent the loss of Data or unauthorized or unlawful use.

TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION
The Data Controller may transfer personal data to third parties such as independent Data Controllers or to Data Processors to allow the performance of the activities listed in this Policy. In the event that such transfer takes place to countries that do not provide the same level of protection provided for by the GDPR or applicable legislation, or in any case an adequate level of protection of personal data, the Data Controller will ensure that each of these recipients assumes specific contractual obligations in accordance with the applicable regulations on the protection of personal data (including the signing of Standard Contractual Clauses - Standard Contractual Clauses - approved by the European Commission), unless the Data Controller may refer to any other legal basis for the transfer of such information.

RIGHTS OF THE DATA SUBJECT - COMPLAINT TO THE SUPERVISORY AUTHORITY
By writing by e-mail to the address Privacy@groupmaire.com, data subjects may ask the Data Controller for access to the data concerning them, the correction of inaccurate data, the integration of incomplete data, the deletion of data and the limitation of processing in the cases provided for by Article 18¹ of the GDPR , where applicable, as well as object, at any time, in whole or in part, to the processing of data necessary for the pursuit of the legitimate interest of the owner.
In addition, if the processing is based on consent or contract and is carried out using automated means, the data subject has the right to receive the data in a structured and commonly used format that can be read on automated devices and, if technically feasible, to send them to another controller without hindrance.
The data subject has the right to withdraw consent to the processing of his or her data at any time and to object to the processing carried out for the same purposes. In addition, the data subject who prefers to be contacted by non-automated means may refuse automated communication.
Data subjects have the right to lodge a complaint with the competent supervisory authority.

CHANGES TO THE PRIVACY POLICY
The Owner reserves the right to modify, update, add or remove parts of this privacy policy at its discretion and at any time. The person concerned is obliged to check for any changes periodically.

UPDATE DATE: May/2026

¹The right to restriction of processing consists in the temporary subjection of the Data to the sole storage operation, in the following cases provided for by art. 18 GDPR:
a) the data subject contests the accuracy of the Personal Data, for the period necessary for the data controller to verify the accuracy of such Data;
b) the processing is unlawful and the data subject opposes the erasure of the Data and instead requests that its use be limited;
c) the data controller no longer needs it, but the Data are necessary for the data subject to ascertain, exercise or defend a right in court;
d) the data subject has objected to the processing pursuant to art. 21.1 of the GDPR, pending verification of whether the legitimate reasons of the data controller prevail over those of the data subject.