PRIVACY POLICY 

Montenegro S.r.l., having its registered office in Zola Predosa, Via Enrico Fermi 4 (“Montenegro“), manages  the website https://www.edgarsoppergin.it/ (the “Website“) and, in its capacity of data controller, wishes to  inform users of the Website (the “Users“) about the processing of their personal data, pursuant to the  Legislative Decree no. 196/2003 (the “Italian Privacy Code“) and the EU General Data Protection Regulation  No. 679/2016 (General Data Protection Regulation, the “GDPR“). 

1. Data controller and data processors 

The data controller is Montenegro S.r.l., a company belonging to the Montenegro Group, having its registered  office in Via Enrico Fermi 4, 40069 – Zola Predosa (BO), Italy, and it can be contacted at the following email  address privacy.montenegrocorporate@montenegro.it. Montenegro has appointed as data processor,  among others, Birove Srl. The complete list of data processors is available upon written request to the email  address indicated above. 

2. Personal data collected 

Montenegro processes the personal data provided by Users, including: 

1. a) personal data and contact information; 
2. b) navigation data relating to the use of the services offered through the Website, which are collected through  cookies in accordance with the information notice on cookies available at the following link https://www.edgarsoppergin.it/. 

In this context, Montenegro does not process health data and in general special categories of personal data  pursuant to Article 9 of the GDPR. Therefore, we recommend not to disclose these types of personal data. 

The personal data are processed only to the extent to which they are necessary for the purposes described  in paragraph 4 of this privacy policy. 

3. Modalities of the processing 

The User’s personal data are processed with the support of electronic and / or paper means and are protected  by appropriate security measures to guarantee the confidentiality and security of personal data. In particular,  Montenegro adopts appropriate organizational and technical measures to protect the personal data in its  possession against loss, theft, as well as the use, disclosure or unauthorized modification of personal data. 

4. Purposes of the processing 

The purposes for which the User is required to provide Montenegro with his/her personal data are as follows: 

1. allow the User to access and register on the Website and make use of the services available through  the latter, including information requests and contacts with the company through the section “Contact Us” (hereinafter referred to as “Contractual Purposes”); 
2. comply with legal and regulatory obligations (hereinafter referred to as “Legal Purposes”); 
3. carry out activities functional to the sale of company and business units, acquisitions, mergers,  demergers or other company transformations and for the execution of such operations (“Legitimate  Business Interest Purposes”).
4. Legal grounds of the processing 

The processing of personal data for Contractual Purposes is mandatory as necessary to access to the Website  and use the services offered through the Website. The processing of personal data for Legal Purposes is  mandatory as requested under applicable laws. In the event that the User does not want his/her personal  data to be processed for these purposes it will not be possible for him / her to use the Website and the  services made available through it. 

The processing of personal data for Legitimate Business Interest Purposes is carried out pursuant to Article  24, paragraph 1, letter d) of the Italian Privacy Code and to meet Montenegro and its counterparties  legitimate interest to the performance of economic transactions indicated therein pursuant to Article 6, letter  f) of the GDPR, which is adequately balanced with Users’ interests as the processing takes place within the  limits strictly necessary for the execution of these operations. 

6. Communication and dissemination of personal data 

For the purposes referred to in paragraph 4, Montenegro may communicate Users’ personal data, provided  that they are strictly necessary for each type of processing, to the following categories of recipients: 

1. a) collaborators, employees and suppliers of Montenegro, for the processing carried out within the  performance of their duties and / or any contractual obligations, with regard to the commercial relationships  with the Users; 
2. b) subcontractors engaged in activities related to the execution of services and products offered by  Montenegro; 
3. c) other companies of the Montenegro Group in Italy and abroad, national and international, located in the  countries identified in paragraph 7 below. 

Users’ personal data are not disclosed. 

7. Personal data transferred abroad 

Personal data may be freely transferred outside the national territory to countries located in the European  Union but could also be transferred outside the European Union and in particular in the United States. Any  transfer of Users’ personal data in countries located outside the European Union will, in any case, take place  in compliance with the suitable safeguards for the purpose of such transfer in accordance with the applicable  laws and, in particular, with Article 44 of the Italian Privacy Code and Articles 45 and 46 of the GDPR. 

The User can obtain a copy of the safeguards implemented by Montenegro by sending a specific request  to privacy.montenegrocorporate@montenegro.it. 

8. Minors 

The Website is not intended for persons under the age of 18. Montenegro asks Users to state their age before  accessing the Website and does not collect or voluntarily process personal data of minors under the age of  18 who may eventually use the Website. 

9. Rights of the Users 

The User may, at any time and at no charge (a) obtain confirmation as to whether or not personal data  concerning the User exist and communication of such data; (b) be informed of the source of the personal  data, the purposes and methods of the processing, the logic applied to the processing, if the latter is carried  out with the help of electronic means; (c) ask for updating, rectification or, where of interest, integration of 

the data; (d) request the cancellation, anonymization or blocking of data that have been processed unlawfully,  as well as object to the processing on legitimate grounds, (e) object, wholly or partly, to the processing of  data concerning the User for the purpose of direct marketing carried out through automated methods and/or  traditional methods; (f) revoke the consent to the processing of the data at any time; this shall not  compromise the legality of the processing in any way based on the consent given before its revocation. 

In addition to the rights listed above, pursuant to the GDPR, the User will have the right, in any given moment,  to (a) request to limit the processing of your personal data where (i) the User contests the accuracy of the  personal data until Montenegro has taken sufficient steps to correct or verify its accuracy; (ii) the processing  is unlawful but the User does not want Montenegro to erase your personal data; (iii) Montenegro no longer  needs your personal data for the purposes of the processing, but the User requires for the establishment,  exercise or defense of legal claims; or (iv) the User has objected to processing justified on legitimate interests,  pending verification as to whether Montenegro has compelling legitimate grounds to continue processing;  (b) object to the processing of the User’s personal data; (c) request the erasure of the User’s personal data  without undue delay; (d) request for the portability of his/her personal data; and (e) lodge a complaint with  the relevant data protection supervisory authority where necessary. 

At any time the User can exercise the above rights, change his/her contact details, notify to Montenegro any  updates to his/her data, request the removal of his/her personal data communicated by third parties, or to  obtain further information about their processing by Montenegro, by contacting Montenegro at the email  address privacy.montenegrocorporate@montenegro.it. 

10. Data retention periods 

Montenegro will retain the personal data only for the period necessary to fulfill the purposes for which the  data was collected as outlined in paragraph 2 above. In any case, the following retention periods will apply to  the processing of personal data for the purposes indicated below: 

• for the Contractual Purposes referred to in paragraph 4, lett. a) are kept for the entire duration of the  contract and for the 10 years following the expiration of the same for defense purposes and / or to  claim a right of Montenegro in court and / or out-of-court in case of disputes related to the execution  of the contract; 
• for the Legal Purposes referred to in paragraph 4, lett. b) are kept for a period equal to the duration  prescribed for each type of data by the applicable laws; 
• for the Legitimate Business Interest Purposes under paragraph 4, lett. c) are kept for a period up to  10 years from their collection. 

At the end of the retention period your personal data will be either cancelled, anonymized or aggregated. 11. Changes and updates 

This privacy policy is valid from the date indicated in its header. Montenegro could also make changes and /  or additions to this privacy policy, also as a consequence of any subsequent amendments and / or legal  updates to the GDPR. The changes will be notified in advance and the User can view the constantly updated  version of the privacy policy at the link https://www.edgarsoppergin.it/. 

If the User has any doubts, comments or complaints about how his/her personal data are collected or  processed, please contact Montenegro through the “Contact” section of the Website.