PRIVACY NOTICE ACCORDING TO REGULATION (EU) 2016/679 ON THE PROTECTION OF PERSONAL DATA

Website www.bioitalia.it

With this document, Bioitalia Srl ("Bioitalia"), as the owner of the website www.bioitalia.it (hereinafter "website"), provides, in relation to the services offered through the aforementioned website, the Privacy Notice on the processing of personal data, in accordance with Regulation (EU) 2016/679 of April 27, 2016, regarding the protection of personal data and the free movement of such data, and the legislation on the protection of personal data applicable in Italy, including the provisions of the Guarantor.

The processing of personal data provided by the user is carried out by Bioitalia S.r.l., the manager and owner of the website, operating in compliance with its responsibilities and the principles of relevance, lawfulness, correctness, transparency, and protection of confidentiality, through the use of suitable security measures in accordance with current privacy regulations.

This page describes the management methods of the website concerning the processing of personal data of users who consult it.

This information is provided only for the website www.bioitalia.it and not for other websites that may be consulted by the user through links.

It is necessary to read this information before providing your Personal Data.

We are available for any clarification regarding this information or in general about data processing.

At Bioitalia, you can make requests at any time by writing to privacy@bioitalia.it or contacting the company.

Data Controller

Following the consultation of this website, data related to identified or identifiable individuals may be processed.

The "data controller" of their processing is Bioitalia S.r.l., VAT number 03621811219, in the person of the legal representative Mr. Giovanni Di Costanzo, located in Sarno, via Ingegno Area PIP, Lotto 43 snc.

Tel. 081 5302305 email: info@bioitalia.it

Bioitalia will process your Personal Data in compliance with EU Regulation no. 2016/679 and the national legislation on the protection of personal data (hereinafter "Privacy Regulation").

Bioitalia's Mission

The website www.bioitalia.it, owned by the data controller Bioitalia S.r.l., provides users with information about products and/or services marketed under the Bioitalia brand.

The user has the possibility to:

- Stay updated on the services and products offered;

- Request free information about costs and products through a specific data collection form;

- Be contacted by a Bioitalia operator in case of purchases from the website www.bioitalia.it.

Bioitalia only processes personal data strictly relevant to the provision of the services offered and, in any case, functional to the sale of the offered products or requests for information about offered products.

It is understood that if Bioitalia requests personal data not strictly relevant to the provision of the services offered (for example, for promotional purposes), the user may consent to the processing by expressing specific consent.

Bioitalia does not process personal data related to individuals under the age of 18.

Purpose of Processing

By processing personal data, we mean: registration, storage, organization, consultation, selection, extraction, comparison, processing, use, modification, interconnection, blocking, communication, deletion and destruction, transfer, or the combination of two or more of these operations.

The processing of data collected by the website, in addition to the purposes connected, instrumental, and necessary for the provision of the service, is aimed at the following purposes:

1. Provision of Products

   - Collection of data to manage orders, provide products and services, process payments, communicate with users about orders, products, services, and promotional offers, update records, and generally manage user accounts, display customer content and reviews, and recommend products and services that may be of interest to users.

2. Other Related Activities

   - Communication of data to third parties performing functions necessary or instrumental to the operation of the service, and to allow third parties to perform technical and logistical activities on our behalf.

This website uses suppliers to carry out certain activities, such as processing orders, delivering packages, sending traditional mail, analyzing data, providing marketing assistance, processing payments, and providing customer services.

Suppliers only have access to personal data that is necessary to perform their tasks and undertake not to use the data for other purposes. They are also required to process personal data in compliance with European Regulation 679/2016. This category of data is stored only for the period of time necessary to provide the service.

3. Newsletter

   - The website offers a newsletter service for registered customers through a dedicated web page with a registration form and consent to data processing. Providing the requested data is optional, but without it, it will not be possible to receive the newsletter.

This page or the user administration section allows automatic removal from the newsletter, as well as a specific link at the bottom of the informative newsletter. For registrations through written consent given directly to the data controller, a request can be sent to Bioitalia S.r.l. – info@bioitalia.it.

4. Statistics

   - Collection of data and information in exclusively aggregated and anonymous form to verify the correct functioning of the website, improve the online store, and the platform. None of this information is related to the individual user of the site and does not allow identification in any way.

5. Security

   - Collection of data and information to protect the security of the website and users (anti-spam filters, firewalls, virus detection) and to prevent or uncover fraud or abuse to the detriment of the website.

The data is recorded automatically and may also include personal data (IP address), which could be used, in accordance with the current laws, to block attempts to damage the site itself or harm other users, or other harmful or criminal activities. These data are never used for the identification or profiling of the user and are periodically deleted.

6. Contact Form

   - Any requests for information or services from you may involve the collection and subsequent further processing of your Personal Data, such as your name, surname, postal and email address, age, and date of birth.

7. Integrated Social Network Functions

   - The services offered on the Bioitalia website may include integrated social network functions. These could be messaging services and so-called social plug-ins or social logins such as "Register via Facebook." If these services are activated or used, and you are a member of the respective social network, we receive data from the respective managers through which you could potentially be identified. The data that may be sent by social networks includes your public profile data stored on the social network (e.g., profile name), data about the type of device you use, and the ID of your profile on the respective social network (e.g., Facebook ID).

8. User Contributions Publication

   - By publishing Contributions (as defined below) by you, the content of which may include your Personal Data provided directly by you on social networks managed independently by third parties, such as, for example and not exhaustively, Facebook, Twitter, etc. (hereinafter "Social Networks"). By "Contributions," we mean images, comments, impactful phrases associated with the subject of the Site, content, and any other information conceived and published on the pages of Social Networks dedicated to products of the Bioitalia brand, including the image that you may provide.

Without your consent, we do not receive data that allows your identification and

 contact from social network managers.

Marketing Purposes

Personal data will also be processed for the sending of commercial and promotional information, direct sales, market research on products, services, and events (hereinafter collectively defined as "marketing activities"). **Legal Basis for Data Processing.**

The processing of personal data by Bioitalia is carried out in accordance with Regulation (EU) 2016/679, known as the GDPR. The legal basis for data processing may vary depending on the purpose of the processing:

1. **Consent:** For certain purposes, data processing is based on the informed and explicit consent of the user, as provided in Article 6, paragraph 1 of the European Regulation 679/2016. In general, the provision of data and the consent to the collection and processing of data are optional; the user can deny consent and revoke it at any time.

2. **Contractual Performance:** When the user chooses to register on the www.bioitalia.it website to use the services offered, such as purchasing Bioitalia brand products through the "shop" section, or submitting a request through the "Contacts" section of the website, the provision of certain personal data is necessary for Bioitalia to meet the user's needs. The corresponding fields in the registration or contact form are marked with an asterisk or otherwise indicated as necessary. Failure to provide personal data marked as necessary may result in the inability to perform the requested service.

3. **Legitimate Interest:** In cases where the user contacts Bioitalia or submits job applications online, data processing is based on legitimate interests.

4. **Legal Obligations:** For fiscal data, processing is necessary to fulfill legal obligations related to taxation.

**Nature of Data Provision and Consequences of Refusal**

By using or consulting the website, visitors and users explicitly approve the privacy policy and consent to the processing of their personal data in accordance with the described methods and purposes. However, users can refuse or revoke consent for non-essential data requested for promotional purposes.

The provision of certain data marked as necessary for specific services is obligatory. Omission of such data results in an error message from Bioitalia, and failure to provide data marked as obligatory may render the execution of the requested service impossible.

**Types of Data Collected**

1. **Automatically Collected Data:** During navigation, the website's systems automatically collect and process certain user data, such as anonymized IP address, browser type, device parameters, ISP name, date and time of visit, and referral and exit web pages. These data are used for trend analysis, aggregate data collection, website administration, and security purposes, without being directly linked to the user's identity.

2. **Voluntarily Provided Data:** Users may voluntarily provide additional data when using specific services, such as comments, communication services (chat, contact forms, and email), and purchase services (shopping cart). This may include name, email address, physical address, VAT ID or tax code, company and location information, social media profile images, and public IDs on social networks. Such data is used exclusively for the requested service and processed for the time necessary to provide the service.

3. **Fiscal Data:** Fiscal data is necessary for paid services and billing purposes.

**Processing Methods**

Data processing follows the procedures outlined in Article 4 of the European Regulation 679/2016 and is carried out manually and electronically. Technical and organizational measures applied by Bioitalia ensure maximum security and confidentiality of personal data, including prevention of unauthorized access.

A variety of security measures, including sophisticated encryption and authentication tools, are employed to safeguard personal data. Information is stored on secure servers and is accessible only to a limited number of individuals obligated to maintain confidentiality.

**Location of Data Processing**

Data collected from the website is processed at the data controller's headquarters and data centers within the European Economic Area (EEA). Processing is handled by technical personnel or occasional maintenance operators. Data processing, whether automatic or not, is performed for the time strictly necessary to achieve the purposes for which the data was collected.

For information on data processors and controllers, inquiries can be directed to privacy@bioitalia.it.

**Data Retention Period**

Collected data is processed for the time necessary for the purposes for which it was collected, not exceeding the time prescribed by legal standards. Fiscal data is retained until tax assessments for the corresponding tax period are defined, for a minimum of 10 years or longer if the relevant tax year is not yet prescribed.

For product purchases, data is retained for a maximum of 12 months from the purchase date. For information requests through the contact form, data is retained for a maximum of 12 months from the last contact with Bioitalia. If the user has consented to receive the newsletter or promotional communications, data is retained for a maximum of 12 months.

At the expiration of these periods, data is deleted or anonymized unless there are additional purposes for retention (e.g., warranty obligations, tax obligations).

**Transfer of Personal Data Outside the European Economic Area**

No data from the web service is communicated or disclosed outside the European Economic Area.

**Sharing of Your Personal Data**

Data related to users will not be disseminated, sold, or exchanged with third parties, except in cases where communication to third parties is necessary for website management as service providers.

Bioitalia communicates with users through social network platforms such as Facebook, Instagram, or Twitter. While these platforms offer additional contact and information possibilities, Bioitalia has limited influence over their data processing terms and conditions. Bioitalia cannot control the behavior of social network operators, other users, or third parties associated with social network services.

For order delivery, Bioitalia collaborates with external service companies. These delivery companies receive the following data from Bioitalia for the execution of their respective tasks: name, delivery address, postal code, and optionally, the user's phone number

 for delivery information. Users can recognize third-party involvement in these cases.

**User Rights and How to Exercise Them**

In accordance with Articles 15 to 21 of the European Regulation 679/2016, users have the right to:

- Access and request a copy of their data (Article 15 and 20 GDPR).

- Request the rectification of their data (Article 16 GDPR).

- Request the erasure of their data (Article 17 GDPR).

- Obtain the restriction of processing (Article 18 GDPR).

- Object to the processing of their data (Article 21 GDPR).

- Receive their data in a commonly used and machine-readable format and transmit it to another controller.

To exercise these rights, users can send a request to Bioitalia S.r.l., Via Ingegno s.n.c., Area PIP, Lotto 43, Sarno (SA), or send an email to privacy@bioitalia.it.

This privacy information is updated as of July 2018, and Bioitalia reserves the right to make updates.