PRIVACY POLICY

“Customers/Users” information notice pursuant to art. 13 of EU Regulation no. 679/2016 (“GDPR”)

DATA CONTROLLER

Acciai Speciali Terni S.p.A., with registered office in Terni, Viale Benedetto Brin no. 218, tax code 11222300151, VAT no. 00715760559 (hereinafter the “Company” or “AST” or “Controller”) as controller of the personal data of its customers, informs you, pursuant to art. 13 of (It.) Legislative Decree 30 June 2003, no. 196 (hereinafter, “Privacy Code”) and art. 13 EU Regulation no. 2016/679 (hereinafter, “Regulation”), in carrying out its business, pays the utmost attention to the security and confidentiality of the personal data of its customers, natural persons and of the contact persons of customers, legal persons (hereinafter, jointly the “Customer(s)”) and users of this website www.acciaiterni.it (hereinafter the “AST website”) and that is, all individuals who visit the aforementioned website through devices equipped with compatible web browsers capable of connecting to the internet with suitable connectivity (hereinafter Users) and wishes to provide them with information relating to the processing of their personal data. –

In detail, your data may undergo processing with the methods and for the purposes stated below.

WHAT PERSONAL DATA REGARDING CUSTOMERS/USERS MAY BE COLLECTED

The Company may collect the following categories of personal data of Customers/Users (hereinafter, jointly, the “Data”): name, surname, company, role, telephone contact numbers, sector of interest, email address. Before the Customer/User provides Data on behalf of third parties, they must ensure that they have read this information notice prior.

FOR WHAT PURPOSES THE DATA OF CUSTOMERS/USERS MAY BE USED

AST may process the Data for one or more of the following purposes and on the legal basis indicated from time to time.

  1. a) Provide products and services to Customers/Users.

The Company may process the Data to provide Customers/Users of the AST website with the products and services for which said website has been designed. For example, by way of non-limiting example, register as users in order to take part in the ASTAGE events/webinars, actively take part in the events via the integrated chat and possibly book the sessions of the “meeting room” with the chosen speakers. Legal basis for the processing: the processing is required to execute a contract or to execute pre-contractual measures implemented on the Customer/User’s request. This takes place with the express consent of the Customer/User. Provision of the Data is mandatory: failing that, AST shall be unable to provide products and services to the Customers/Users.

  1. b) Marketing, including profiled, to meet the needs of Customers/Users.

Following appropriate and specific consent of the Customer/User, the Company might process the contact Data for marketing and advertising purposes aimed at informing them about promotional sales initiatives. The Company might also collect information on

preferences such as Customer/User’s sector of interest, as well as details on the purchases made by them, to profile them, in order to send to the aforementioned Customer/User commercial communications in line with their preferences and expectations. Said purpose might be achieved by AST by sending to the Customer/User advertising communications aimed at informing them about the products through automated contact methods (e-mail including newsletters, text messages, MMS, chat, instant messaging, social networks and other massive messaging tools, email, push notifications, etc.) and traditional contact methods (for example, telephone call by an operator, surface mail, etc.). The Customer/User may at any time object to receiving the aforementioned promotional communications through all or only some of said contact methods. Legal basis for processing: the Customer/User’s consent, which may be withdrawn at any time using the contact details set out below. Failure to provide consent does not entail any consequences except the impossibility for the Customer/User to receive promotional communications.

  1. c) Communications on research and development activities.

The Company may process the data to send communications concerning research and development activities such as topics of innovation, technology, sustainability.

Legal basis for processing: legitimate interest of the controller.

The Customer/User may, for reasons connected to their particular situation, object too the aforementioned processing at any time, by sending a request to the contacts set out under the “Contacts” heading.

  1. d) Defending rights during legal, administrative or out-of-court proceedings and in the context of disputes that emerged in relation to the Service.

The Company may process the Data to defend their rights or sue or even lay claims against Customers/Users.

Legal basis for processing: legitimate interest of the Company in protecting their rights. In this case, a new and specific provision is not required since the Company will pursue this further purpose, where necessary, by processing the Data collected for the above purposes, deemed compatible with this purpose (also owing to the context in which the Data were collected, the nature thereof and the adequate guarantees for their processing, as well as the link between the aforementioned purposes and the additional purpose herein). The Customer/User may, for reasons connected to their particular situation, object too the aforementioned processing at any time, by sending a request to the contacts set out under “Contacts”.

  1. e) Purposes related to the obligations established by laws, regulations or EC legislation, by provisions / requests of authorities entitled by the law and/or by supervisory and control bodies.

The Company may process the Data to fulfil the obligations it is required to comply with.

Legal basis for processing: fulfilment of a legal obligation. The provision of Data for this purpose is mandatory as, should the data not be provided, the Company will be unable to fulfil specific legal obligations.

HOW THE COMPANY KEEPS THE DATA SECURE AND WHERE

The Company uses all the security measures required to improve the protection and maintenance of the security, integrity and accessibility of the Data. All Data are stored on

the Company’s secure servers (or suitably archived hard copies) or on those of its suppliers or business partners, and are accessible and usable according to the Company’s standards and security policies (or equivalent standards for its suppliers or business partners). Fr example, the Company restricts access to the Data solely to the authorised technical personnel who must necessarily and unavoidably access them. The Company would like to inform you that, for the purposes referred to in this Information Notice, the Data shall be processed solely within member states of the European Union (EU) or the European Economic Area (EEA).

HOW LONG DOES THE COMPANY STORE THE DATA

The Company stores the Data only for the time necessary for achieving the purposes for which they were collected or for any other connected, legitimate purpose. Therefore, if the Data are processed for two different purposes, the Company shall store said Data until the purpose with the longer term ceases; however, it shall no longer process the Data for that purpose whose retention period has expired. As already mentioned, the Company restricts access to the Data only to those who need to use them for significant purposes. The Data that are no longer necessary, or for which there is no longer a legal basis for their storage, are irreversibly anonymised (and thus can be stored) or destroyed securely. The data processed to fulfil any contractual obligation may be stored for the entire duration of the contract and however no longer than 10 years, in compliance with the statutory limitation periods. The data processed for marketing purposes may be stored for 24 months from the date on which they were collected. In the event that the data should need to be processed for judiciary purposes, they shall be stored for the time by which any claims may be pursued by law. In any case, for technical reasons, the termination of the processing and the consequent final cancellation or irreversible anonymisation of the related Data shall be final within thirty days from the terms indicated above. With particular reference to the protection of the Company’s rights before the courts or in case of requests of the Authorities as per letters sub. c) and d), the processed Data shall be retained for the time required to fulfil such request or to act for the protection of our rights.

WHO MAY THE CUSTOMERS’ DATA BE SHARED WITH

The Data may be accessed by duly authorised employees of the Company, the other companies of the group for internal administrative purposes set forth by Recital 48 of the GDPR (such as, for example, facilitating registration for courses, providing reports and information on training courses), as well as external suppliers, appointed, if necessary, as data processors, who provide support for the provision of services. The Customer/User may contact the Company at the addresses set out below should they wish to view the list of data processors and other subjects that AST discloses your Data to.

CONTACT DETAILS

The Company’s contact details are as follows:

AST S.p.A.

with registered office in Viale B.Brin, 218

05100 Terni

Telephone: + 39 0744 4901

Email: [email protected]

THE RIGHTS ON DATA PROTECTION AND THE RIGHT TO LODGE A COMPLAINT WITH THE CONTROL AUTHORITY

When applicable, the Customer/User has the right to request the Company:

  • access to your Data;
  • the copy of the Data you have provided to the Company (so-called portability);
  • rectification of the Data held by AST;
  • withdrawal of your consent;
  • erasure of the Data for which the Company no longer has any legal basis for processing;
  • limitation of the manner in which AST processes your Data, within the limits set by the regulations protecting personal data.

Right to object: in addition to the rights listed above, the Customer/User always has the right to object at any time, for reasons connected to their particular situation, to the processing of their Data carried out by the Company for the pursuit of its legitimate interest and to the processing of Data for marketing purposes. The request to object and to exercise your rights must be sent to: [email protected]. Exercising these rights is free of charge and is not subject to formal constraints. In the event that the Customer/User should exercise any of the aforementioned rights, the Company shall be responsible for ensuring they are legitimately doing so and shall respond, as a rule, within one month. Should the Customer believe that the processing of the Data concerning them is performed in violation of the provisions of the GDPR, they shall have the right to lodge a complaint with the Italian Data Protection Authority, using the contact information available on the website www.garanteprivacy.it, or to file the complaint with the competent judicial authorities.

Having read the PRIVACY POLICY – “Customers/Users” Information Notice: I authorise the Company to process my contact Data for marketing purposes (including profiled according to the sector of interest specified by me and/or the purchases made by me) and advertising communications, on promotional initiatives, which I will receive via automated contact methods (e-mail including newsletters, text messages, MMS, chat, instant messaging, social networks and other massive messaging tools, email, push notifications, etc.) and traditional contact methods (for example, telephone call by an operator, surface mail, etc.).

Updated on 30/07/2021