CPA srl | Registered office: Via Don Demetrio Castelli 71, 12060 Roddi (CN) | PI 02857780049

INFORMATION ON THE PROTECTION OF PERSONAL DATA PURSUANT TO REGULATION (EU) 2016/679 ("GDPR")

CPA srl with registered office in Via Don Demetrio Castelli 71 - Roddi (CN), (hereinafter, the "Company"), as owner of the data processing, informs pursuant to art. 13 Legislative Decree 30.6.2003 n. and art. 13 EU Regulation no. 2016/679 (hereinafter, "GDPR") that your data will be processed in the manner and for the following purposes:

1. Subject of the processing

Personal data, non-sensitive, provided by you and / or communicated during the subscription to our offline, online and telephone services and / or subscription to the newsletter of the Data Controller

2. Purposes and methods of data processing

1. Your personal data are collected and will be processed exclusively for purposes strictly connected and instrumental to the fulfillment of the obligations inherent in relations with the Company, in particular:

1. to provide the services subject to the request and / or continuation of the contract,

2. for the insertion of personal data in the company computer databases and also in the booking systems of Airlines, Hotel chains, Car Rental companies, GDS (Global Distribution System) or any other suppliers of the requested services

3. for bookkeeping and billing;

4. for the management of collections and payments;

5. Allow subscriptions to newsletter services provided by the Data Controller and any additional Services requested by you

6. Prevent or discover fraudulent activity or abuse

7. Exercise the rights of the owner

8. In the event that you are already a customer, the Company may send you commercial communications relating to services and products similar to those you have already used, unless you disagree (Article 130 c. 4 of the Privacy Code).

9. to fulfill the obligations established by the civil and fiscal forms of law, by regulations, by community legislation.

2. Only subject to your specific and distinct consent (articles 23 and 130 of the Privacy Code and article 7 of the GDPR), the data may be processed for the following Marketing Purposes:
   - sending by email newsletters, commercial communications and / or advertising material on products or services offered by the Data Controller.

The processing of personal data will be carried out through paper and computer media by the owner, the manager / managers and the persons in charge with the observance of all precautionary measures, which guarantee their security and confidentiality.

3. Nature of data collection and consequences of any failure to provide it

The legal basis of the processing indicated in point 1 to point 8 of the preceding paragraph (A) is the execution of the stipulated contract and / or provision of the service requested from the Company, while the legal basis of the processing indicated in point 9 of the preceding paragraph is the fulfillment of legal obligations to which the Company is subject as the data controller. The provision of your personal data is optional but failure to provide it may make it impossible for us to establish and fulfill the contractual relationship and / or provision of the requested service / s.

4. Access to data

Your data may be made accessible for the purposes referred to in art. 1):

• to employees, consultants and collaborators of the Data Controller, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;

• to companies linked to CPA srl or to third parties who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.

5. Communication and dissemination of data

Your personal data, for the purpose of executing the contract and / or providing the requested services and for the purposes indicated above, may be disclosed to:

• natural and legal persons (legal, administrative, tax consultancy firms, auditing companies, couriers and freight forwarders, etc.) used by the owner for the purpose of fulfilling administrative, accounting, commercial and management obligations;

• banking institutions for the management of collections and payments;

• factoring or debt collection companies;

• our collaborators and employees specifically appointed and within the scope of their duties.

Your personal data may also be disclosed to the person who provides the service you have purchased, who will act as the independent owner of your data and will in turn provide you with appropriate information.

Any communication will only concern the data that are necessary for the purposes described above.

6. Data transfer

Your personal data will be stored on servers located within the European Union. The Company does not transfer personal data to countries located outside the European Union.

In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers even outside the European Union. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for by European Commission.

7. Retention period

The personal data concerning you will be kept for the entire duration of your contractual relationship with the Company and / or provision of the requested service. After the termination of the contractual relationship and / or at the end of the provision of the service, the Company will keep personal data for the fulfillment of contractual and legal obligations, including fiscal ones. Subsequently, the personal data will be kept for a period not exceeding the limitation period provided by law to possibly assert or defend a right in court and in any case for no more than 10 years from the termination of the relationship for the purposes of service and for no more than 2 years from the collection of data for Marketing Purposes.

8. Cookies

Cookies are data that are sent from the website and stored by the internet browser on the user's computer or other device (for example, tablet or mobile phone). Technical cookies and third-party cookies may be installed from our website or its subdomains. In any case, the user can manage, or request the general deactivation or cancellation of cookies, by changing the settings of his internet browser. This deactivation, however, may slow down or prevent access to some parts of the site. The settings to manage or disable cookies may vary depending on the internet browser used, therefore, for more information on how to perform these operations, we suggest that the User consult the manual of his device or the "Help" function or "Help" of your internet browser.

Below are the links that explain how to manage or disable cookies for the most popular internet browsers:

• Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies

• Google Chrome: https://support.google.com/chrome/answer/95647

• Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie

• Opera: http://help.opera.com/Windows/10.00/it/cookies.html

• Safari: https://support.apple.com/kb/PH19255

technical cookies

The use of technical cookies, i.e. cookies necessary for the transmission of communications on the electronic communications network or cookies strictly necessary for the supplier to provide the service requested by the customer, allows the safe and efficient use of our site. Session cookies may be installed in order to allow access and stay in the reserved area of ​​the portal as an authenticated user. Technical cookies are essential for the proper functioning of our website and are used to allow users to navigate normally and to take advantage of the advanced services available on our website. The technical cookies used are divided into session cookies, which are stored exclusively for the duration of the navigation until the browser is closed, and persistent cookies that are saved in the memory of the user's device until their expiration or cancellation by the user. same.

Our site uses the following technical cookies:

• Technical navigation or session cookies, used to manage normal navigation and user authentication;

• Functional technical cookies, used to store customizations chosen by the user, such as, for example, graphic templates;

• Technical analytics cookies, used to know how users use our website so as to be able to evaluate and improve its functioning.

Third-party Cookies

Third-party cookies may be installed: these are cookies, analytical and profiling, of Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing and Facebook. These cookies are sent from the websites of the aforementioned third parties external to our site. Third-party analytical cookies are used to detect information on user behavior on the site. The survey takes place anonymously, in order to monitor performance and improve the usability of the site. Third-party profiling cookies are used to create profiles relating to users, in order to propose advertising messages in line with the choices made by the users themselves.

profiling cookies

Profiling cookies can be installed by the Data Controller (s), using so-called web analytics software, which are used to prepare detailed and real-time analysis reports relating to information on: visitors to a website, search of origin, keywords used, language of use, most visited pages. They can collect information and data such as IP address, nationality, city, date / time, device, browser, operating system, screen resolution, navigation source, pages visited and number of pages, duration of the visit, number of visits made.

9. Social plugins

The Site may use social media plugins. By accessing the Site, these Plugins will allow your browser to create a direct connection to the servers of the related social networks. The content of the Plugins will be transmitted by the respective Providers directly to your browser. By incorporating the Plugin, Providers will receive notification that the browser has accessed the site from our service, even if you do not have a profile or are not connected to it. The information (which may also contain the IP address) can be communicated by the client's browser directly to the Provider's server.

If you are connected to one of the social services, the Providers can link the visit to our Site directly to their social profile. By interacting with the Social Plugins, the information will also be transmitted to the Provider's servers and stored there. This information may also be shown on the social network, published and / or shared with the contacts of the relevant social network.

For more information on the purposes and methods of processing and use of data by the Social Providers, as well as the rights and settings to protect your privacy, please consult the respective privacy policies of the Social Providers concerned.

If you do not want Facebook, LinkedIn, Twitter, Instagram or other social networks to connect the data relating to your visit to our Site, directly to your profile of the respective services, you must disconnect from the Social Service before accessing our Site.

10. Rights of the party concerned

At any time you can exercise your rights towards the Data Controller, pursuant to art. 15 - 22 of the GDPR, which for your convenience we summarize below. In particular, you have the right:

• to obtain the termination of processing in cases where your personal data are processed for direct marketing purposes, also in relation to services identical to those already purchased by our Company (so-called right of opposition);

• to obtain information in relation to the purposes for which your personal data are processed, the period of treatment and the subjects to whom the data are communicated (so-called right of access);

• to obtain the correction or integration of inaccurate personal data concerning you (so-called right of rectification);

• to obtain the deletion of personal data concerning you in the following cases (a) the data are no longer necessary for the purposes for which they were collected; (b) You have withdrawn your consent to the processing of data if they are processed on the basis of your consent; (c) You have objected to the processing of personal data concerning you in the event that they are processed for our legitimate interest; or (d) the processing of your personal data is not in accordance with the law. However, we inform you that the retention of personal data by the Company is lawful if it is necessary to allow it to fulfill a legal obligation or to ascertain, exercise or defend a right in court (so-called right of cancellation);

• to obtain that the personal data concerning you are only preserved without any other use being made of them in the following cases: (a) You contest the accuracy of the personal data, for the period necessary to allow us to verify the accuracy of such personal data; (b) the processing is unlawful but you still object to the cancellation of your personal data by us; (c) the personal data are necessary for you to ascertain, exercise or defend a right in court; (d) You have opposed the processing and are awaiting verification of the possible prevalence of our legitimate reasons for processing with respect to those of the interested party (so-called right of limitation);

• to receive in a commonly used format, readable by an automatic and interoperable device, the personal data concerning you processed by automated means, if they are processed under contract or on the basis of your consent (so-called right of portability).

Finally, we remind you that you have the right to contact the Guarantor for the protection of personal data (Piazza di Monte Citorio, 121 - 00186 Rome RM) to assert your rights in relation to the processing of your personal data.

11. How to exercise rights

Any request addressed to the Owner or Manager can also be sent by registered letter or e-mail through the references indicated in the following point.

12. Owner and manager of the treatment

The data controller is: CPA srl - Via Don Demetrio Castelli 71 - 12060 Roddi CN, Email address: cpa@cpa-piscine.it

The list of those responsible for the processing of personal data is available at the offices of the Data Controller and can be requested by sending an email to the address cpa@cpa-piscine.it