1 REFERENCE PRINCIPLES: The Privacy Policy and Standards used by IMEFY S.p.A. for the protection of personal data they are based on the following principles:

1.1 RESPONSIBILITY The processing of personal data is managed over time by specific functions with specific responsibility, identified within the company organizational system.

1.2 TRANSPARENCY Personal data is collected and processed according to the principles expressed in this Privacy Policy, in compliance with the current legal provisions. For the aforementioned, the interested party is provided, in compliance with the provisions of the law, a summary and complete information on the purposes and methods of processing, on the mandatory or optional nature of providing data, on the consequences of failure to provide data, on the subjects or on the categories of subjects to whom the personal data can be communicated and the scope of communication of the same, on the rights foreseen by the rule (access, integration, updating, correction, cancellation, opposition to the treatment), on the identity and the headquarters of the owner and the controller. The interested party is then called to express his consent after having been informed, in a free and specific manner; this consent will be documented for the cases provided for by the law (sensitive or health data). If the provision of data takes place in successive stages, additions to the previously disclosed information may be provided and any new consent required by law may be requested.

1.3 RELEVANCE OF THE COLLECTION Personal data are processed in a lawful and correct manner, are recorded for specific, explicit and legitimate purposes. They are relevant and not excessive for the purposes of the processing. Finally, they are kept for the time necessary for the purposes of collection.

1.4 PURPOSE OF USE The purposes of the processing of personal data are disclosed to interested parties at the time of collection. Any new processing of data, if unrelated or in addition to the declared purposes, is activated only after new information to the interested party and any new request for consent, when required by law. In any case, personal data are not disclosed to third parties and / or disseminated without the prior consent of the interested party, except in the cases expressly indicated by art. 25, 2nd paragraph, of Legislative Decree no. 196/2003.

1.5 VERIFICATION Personal data is updated over time. They are also organized and stored so that the interested party is given the opportunity to know, if he wishes, what data has been collected and recorded, as well as to check its quality and request any correction, integration, cancellation for violation of the law or opposition to the processing and to exercise all other rights, pursuant to and within the limits of the legislation in force, at the addresses indicated in the information that has been given.

1.6 SECURITY Personal data is protected by technical, IT, organizational, logistic and procedural security measures, against the risks of destruction and / or loss, even accidental, as well as unauthorized access or unauthorized processing. These measures are updated periodically based on technical progress, the nature of the data and the specific characteristics of the processing; they are also constantly checked and verified over time.

2 SCOPE OF APPLICATION Third parties that carry out support activities of any kind in favor of IMEFY S.p.A. for the provision of services or products, in relation to which they carry out processing operations of personal data, they are contractually bound to comply with the measures to guarantee the security and confidentiality of the treatments. With the consent of the interested parties, if required by law, and in any case subject to specific information that clarifies the purposes, personal data may be communicated to third parties, both public and private, which will treat them as independent data controllers, according to the forecasts of law. IMEFY S.p.A. it is not in any way responsible.

3 TYPES OF DATA COLLECTED AND PROCESSING METHODS The types of personal data collected and processed by IMEFY S.p.A. they are those necessary for the supply of the Company's products and services. The data is processed by paper, computer and electronic media, with logic strictly related to the purpose of the processing. The users are informed of these particular methods of processing and freely give their consent to the collection of personal data. To offer the services of IMEFY S.p.A. telephone, fax and e-mail addresses can also be used. In case of failure to provide these services, they cannot be provided.

4 DATA COMMUNICATION SCOPE The personal data provided may be disclosed to third parties to fulfill legal obligations, or to comply with orders from public authorities or to assert or defend a right in court. In relation to particular services and / or products requested and with the consent of the interested party, the personal data may be communicated to third parties that perform, as independent data controllers, functions strictly connected and instrumental to the provision of such services or to the supply of these products.

5 ASSIGNMENT OF PERSONAL DATA The provision of personal data is optional, in the sense that the interested party is free to confer them or not. In case of failure to provide, in whole or in part, the services requested cannot be returned. For the collection of personal data, registration forms are used, which specifically mark certain data as mandatory. These data are necessary for the provision of the requested service or good.