WEB POLICY

Navigation information ex art. 13 EU Regulation 2016/679

Legal references: – Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter “EU Regulation”) – Legislative Decree no. 196 of 30 June 2003 (hereinafter “Privacy Code”), as amended by Legislative Decree no. 101 of 10 August 2018 -Recommendation no. 2 of 17 May 2001 concerning the minimum requirements for the collection of data online in the European Union, adopted by the European authorities for the protection of personal data, meeting in the Working Party established by Article 29 of Directive no. 95/46/EC (hereinafter the “Recommendation of the Working Party pursuant to Article 29”) ex art. 29”)

Sesa S.p.A. (hereinafter also “the Company”), a duly established corporation with registered office in via Piovola 138, Empoli (FI), VAT no. 07116910964, wishes to inform users of the terms and conditions applied by the Company to the processing operations carried out on personal data during the navigation of its Company website. In particular, the information is provided in relation to user personal data consulting and using the company website, under the following domain: www.sesa.it. The Company acts as “Data Controller”, meaning “the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of the processing of personal data”. In concrete terms, the processing of personal data may be carried out by persons specifically authorised to carry out processing operations on users’ personal data and, for this purpose, duly instructed by the Company. In application of the regulations on the processing of personal data, users who consult and use the Company’s website assume the quality of “data subject”, meaning the natural persons to whom the personal data being processed refers. It should be noted that the policy does not extend to other websites that may be consulted by users through links, including social buttons, on the Company’s website. In particular, social buttons are digital buttons or direct link to social network platforms (such as LinkedIn, Facebook, etc.), configured in each single “button”. By clicking on these links, users can access the Company social accounts. The editors of social networks, to which the social buttons refer, operate as autonomous Data Controllers; consequently, any information relating to the methods by which the aforementioned Data Controllers carry out the processing operations on the users’ personal data can be retrieved in the related Social Network platforms privacy policies.

1. Personal data subject to processing. In consideration of the interaction with this website, the Company may process the following personal user data:

1. Navigation data: the computer systems and software procedures used to operate this website acquire, during normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with data subjects butmayby its very nature allow the identification of users through processing and association with personal data held by third parties,. Navigation datainclude IP addresses or domain names of devicesused by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and device environment of the user. The navigation datacollected are used only to obtain anonymous statistical information on the use of the website and to check its correct functioning. Navigation data are stored for a maximum of12 months, without prejudice to any need to detect and prosecutecriminal offencesby the competent authorities.

• Purpose and legal basis for the processing of personal data In relation to the personal data referred to let. a) of thisnavigation information, users personal data are processed automatically and “mandatory” by the Company in order to allow the navigation itself; in this case, the processing is based on a legal obligation to which the Company is subject, as well as on the legitimate interest of the Company to ensure the proper functioning and security of the website; therefore, the users express consent of is not necessary.
• Rights under Articles 15, 16, 17, 17, 18, 20 and 21 of EU Regulation 2016/679 Users, asdata subjects, may exercise the rights of access to personal data provided for in Article 15 of the EU Regulation and the rights provided for in Articles 16, 17, 18, 20 and 21 of the same Regulation regarding the rectification, cancellation, limitation of the processing of personal data, data portability, where applicable, and opposition to the processing of personal data. The aforesaid rights can be exercised by a written communicationto the following address: [email protected]. If the Company does not provide feedback within the time limits provided for by the legislation or the response to the exercise of rights is not suitable, users may lodgea complaint to the Italian Data Protection Authority, using the following contact information: Italian Data Protection Authority, Fax: (+39) 06.69677.3785 Telephone: (+39) 06.69677.1
  E-mail: [email protected]
  PEC: [email protected]
• Data protection Officer SeSa S.p.A., company acting as holding company in SeSagroup of undertakings,, has appointed, after assessing the expertknowledge of data protection law, aData Protection Officer.. The Data Protection Officersupervises compliance with data protection regulations and provides the necessary advice. In addition, where necessary, the Data Protection Officer cooperates with the Italian Data Protection Authority. Here are the contact details: E-mail: [email protected].