INTRODUCTION AND REGULATORY REFERENCES

The following Privacy Policy describes this site management in relation with the processing of personal data of any users browsing it.

This is an information note describing the protection of personal data of those who interact with web services, accessible electronically at: www.inoxriv.it

This information note complies with Article 13 of (EU) Regulation 2016/679 (hereafter: the "Regulation") of the European Parliament and Council of 27th April 2016 CE (General Data Protection Regulation, published on 4th May 2016 in the Official Journal of the European Union, in force since 24th May 2016), with the Recommendation n. 2/2001 that the European authorities for the protection of personal data, gathered in the Group established by art. 29 of the directive n. 95/46 / EC, adopted on 17th May 2001 to identify certain minimum requirements for the collection of personal data online and, in particular, the methods, timing and nature of the information that the data controllers must provide to the users when they connect to web pages, and in light of the Provision of the Guarantor for the protection of personal data of 8^th May 8, 2014 on the "Identification of simplified procedures for disclosure and the acquisition of consent for the use of cookies "(hereinafter, the"Provision") and in compliance with the current legislation on privacy.

This information is provided solely for this Internet site of which INOXRIV S.P.A. is the Data Controller and not for any other related websites present within this same site.

THE HOLDER OF THE TREATMENT

The controller of the data collected through the website is INOXRIV S.P.A. with headquarters in Via Bernocchi, 48 - 25069 Villa Carcina (BS):

Mr Eugenio Baronio, domiciled for this position at the company's registered office, is responsible for the processing of personal data concerning the users.

The complete list of data processors appointed is available upon request from the data controller.

GENERAL PRINCIPLES ON THE TREATMENT OF THE USER'S PERSONAL INFORMATION

The User's Personal Information will be collected, stored, processed and transmitted in accordance with the criteria established by INOXRIV S.P.A. and by laws, rules and regulations in force concerning the processing of data.

The principles related to the processing of personal information of the users are as follows:

(1) the user’s personal information will be processed in a correct and lawful manner;

(2) the user’s personal information will be collected for specific, explicit and legitimate purposes and subsequently processed in a manner compatible with those purposes;

(3) the user's personal information collected will be relevant, complete and proportionate to the purposes for which it is collected;

(4) the user’s personal information collected will be accurate and, if necessary, updated to the best of our ability;

(5) the user’s personal information will be protected against unauthorized access and processing through reasonable technical and organizational security measures and controls;

(6) the user’s personal information will be stored as personal data no longer than the time necessary to pursue the purposes for which the personal information was collected.

TYPES OF DATA COLLECTED

The website may collect different types of information when the user accesses or uses the Website:

"Personal information" means any information that directly identifies the user or information otherwise defined as "personal identification" in accordance with current legislation. This is, for example, information such as name and surname, company name, address, telephone number, e-mail address and any other information freely provided through the appropriate field where the user describes his/her request for information.

Processing by the data controller on personal data defined as SENSITIVE (personal data suitable to reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, religious, philosophical, political or of trade union nature associations or organizations, as well as personal data capable of revealing the state of health and sexual life) or on judicial data are not foreseen.

Except for an explicit request or specific request, we ask the user not to send us, nor to disclose sensitive personal information on or through the Website or in any other way. In cases where we may request or encourage the user to provide sensitive information, we should obtain his/her explicit consent.

The systems used to provide the Website may automatically register additional information of usage related to the use of the Website by the user. For example, our systems may record information entered into the Website, the areas of the Website visited, the activities performed on the Website, the IP address or information on the computer or software used to access the Website.

Similar information, such as device type and identifier, can be collected if you access the Website from a mobile device. These data are used for the sole purpose of obtaining anonymous and aggregate statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical and possible IT crimes to the detriment of the site.

PURPOSE OF THE TREATMENT

We collect, store and process the users personal data in order to provide them the services offered through our website, or for legal obligations.

The collected data will be used exclusively for the following purposes:

• For an effective management of the Site and the services offered by it;

• For commercial and strategic and operational marketing purposes, including subscription to the newsletter service;

• To contact the users directly (for example, by e-mail) following requests received through the website.

DATA CONFERENCE

Apart from what is described in the specific for navigation data, the user is free to provide any personal data requested and reported in the various request forms for subscribing to the receipt of newsletters, and sending requests for information, availability of products, or other communications. Failure to provide such data will make it impossible to obtain what has been requested.

METHOD OF DATA PROCESSING AND SECURITY

The use of the users personal data will take place with the support of paper, electronic or telematic means for the purposes indicated below, for the time strictly necessary to achieve the purposes for which they were collected or, where possible, until the time when the data controller should receive a request for deletion of the data whose consent to treatment is optional and not mandatory.

The users personal data will be stored in secure databases on our servers, or on the servers of our trusted suppliers acting as data controllers, and will be processed predominantly using automated methods. The users personal data are, in any case, processed in compliance with the provisions relating to the confidentiality of personal data contained in the Code, in the Regulations and in the Provisions issued by the Guarantor Authority. The collected data are only handled by authorized personnel. All employees who access your data are appointed persons in charge of processing personal data, as required by current legislation. The data collected may be updated periodically with information acquired during the course of the relationship established.

We use commercially reasonable technical and organizational measures and controls to protect the personal information of the users against their loss, misuse and unauthorized access. Unfortunately, data transmitted or usable via the Internet can not be 100% secure. As a result, even if we protect all Personal Information, we can’t ensure or guarantee that such Personal Information will be fully protected against unlawful use by hackers or other nefarious criminal activities or in the event of a computer or telecommunications network, hardware or software failure. The data controller will inform the user if he/she is aware of a security breach concerning his/her personally identifiable information (as established and foreseen in cases of so-called "Data Breach" incidents, in compliance with current legislation) in our possession.

If the user decides to send us his/her e-mail address for any reason, he/she expressly agrees to receive electronic notices in the event of a security breach.

COMMUNICATION OF PERSONAL DATA

Without prejudice to communications made in fulfilment of a legal obligation, regulation or Community legislation, your data may be disclosed:

a) to natural and/or juridical persons we use in the execution of the services and for activities connected to them;

b) to subjects delegated and/or assigned by us to perform professional and technical maintenance activities (including maintenance of network equipment and electronic communication network of websites where the data are published).

In any case, the aforementioned parties will be notified only the data necessary and relevant to the purposes of the processing to which they are responsible as external Data Processors/Appointees, appointed by the Data Controller as required by current legislation. Personal data will therefore not be widespread.

The Data Controller collaborates with law enforcement agencies and other public authorities to enforce to its users the law, the rights of other users and third parties, including their intellectual property rights. Therefore, your personal data may be disclosed, by way of example but not exhaustively, to public entities, in the event that this is necessary for purposes of defence, state security, prevention, detection or repression of crimes, in compliance with the rules governing this matter.

These public entities will have the right to request and obtain the personal information that concerns you also if this is necessary or appropriate for verifications or investigations relating to frauds, computer frauds, violations of intellectual property rights, acts of hacking or to other illegal activities, which could expose either us or our users to legal, civil or criminal liability.

RIGHTS OF INTERESTED PARTIES AND EXERCISE OF THE RIGHTS

In compliance with current legislation, at any time you can request:

1 Confirmation of the existence or not of your personal data;

2 Knowing the content and the origin, the purposes and methods of treatment;

3 The logic applied in case of treatment carried out with the aid of electronic instruments;

4 The identification details of the controller, processors and subjects or categories of subjects to whom your personal data may be communicated.

Furthermore, it is your right to obtain:

1 The update, rectification, integration, the right to portability of the data;

2 The cancellation, transformation into anonymous form or blocking of your data processed in violation of the law;

3 The opposition in any case, for legitimate reasons, to the processing of data pertinent to the purpose of the collection.

4 Opposition to the processing of data for commercial purposes.

According to the Regulation, you will also have the right to propose a complaint to a supervisory authority.

To exercise your rights, you can contact the Data Controller: INOXRIV S.P.A. based in Via Bernocchi, 48 - 25069 Villa Carcina (BS) - tel. +39 030 8931401 - fax +39 030 802628 - info@inoxriv.it.

If the user contacts us requesting access to his/her Personal Information or to delete them from our systems and records, in compliance with this Privacy Policy and legal obligations, we will take care to satisfy the request within the foreseen time frame. We inform users that, however, due to technical constraints and due to the backup of our systems, your Personal Information may continue to reside even after being deleted for a certain period of time and in part on our systems. The data controller reserves the right to refuse requests for access or deletion of personal information if the disclosure or deletion of the requested information is not permitted by law. To protect against illegal access requests, we reserve the right to request sufficient information to verify the identity of the party submitting the request before allowing access or making corrections.

Newsletter Subscriptions

By subscribing to our newsletter reception service you will receive communications about promotions, offers, initiatives, and accept to provide your data for this purpose. The requested data are essential for receiving our communications.

To stop receiving promotional material, you can at any time notify us that you no longer wish to use this service. To do this simply use the "Unsubscribe" mode described and present at the bottom of each email.

ADDITIONAL PROVISIONS

Use of the website by minors

The website is not intended for persons under the age of 18 and is therefore not directed to children under the age of 13. We do not intentionally collect or request personal information about children under the age of 13.

Data transfer

Your personal data will be stored in databases on our servers, or on the servers of our trusted suppliers acting as data controllers, on the Italian territory. The transfer of data to Third Countries is therefore not expected.

UPDATE OF THE PRESENT PRIVACY POLICY

This Privacy Policy was updated on 23-07-2018.

The data controller reserves the right to make changes to the Website and to this Web privacy at any time.

The user must always refer, as current version, to the text published online.

The changes will become operational when they are published on the Website.

The continuation of the use of the Site by the user, following a modification, will be considered as an acceptance of these changes.

All users can check at any time, by connecting to the Site, the latest updated version of the Web privacy.