In accordance with Regulation (EU) 2016/679 ("GDPR")
This policy is provided in accordance with Article 13 of EU Regulation No. 2016/679 (hereinafter, “GDPR”) and Legislative Decree No. 196/2003 and subsequent amendments ("Privacy Code") by COPROGET S.R.L., headquartered at VIA BARLETTA 158 - 10136 - TORINO (TO), Tax Code/VAT Number 09261090014 (hereinafter, "Data Controller").

1. Subject of the Processing
The Data Controller processes personal, identification, and contact data (such as: name, surname, address, phone number, email, banking information, etc.) provided by the data subject for the purposes outlined below and within the contractual or pre-contractual relationship with the Data Controller.

2. Purpose of the Processing
The processing of the data subject's personal data occurs: 
A) Without your consent (pursuant to Article 6 GDPR) for the following purposes:
•    To conclude and manage contracts for the services of the Data Controller;
•    To comply with pre-contractual, contractual, and fiscal obligations arising from existing relationships with you;
•    To fulfill legal obligations, regulations, community laws, or orders from Authorities, such as those related to anti-money laundering;
•    To exercise the rights of the Data Controller, for example, in legal defense.
B) With your prior consent (pursuant to Articles 7 and 130 GDPR) for the following marketing purposes:
•    Sending commercial communications, newsletters, and promotional information about the Data Controller's services and products via email, mail, SMS, or phone contacts.

3. Methods of Processing
Personal data is processed using the operations outlined in Article 4 GDPR (collection, registration, storage, consultation, processing, etc.) and can be carried out using both paper and electronic tools, respecting the security measures required by applicable law. Personal data will be stored for the time strictly necessary to achieve the purposes described above and, in any case, not beyond 10 years from the termination of the contractual relationship for service purposes.

4. Access to Data
Your personal data may be accessible to:
•    Employees and collaborators of the Data Controller, in their capacity as data processors and/or internal data protection officers and/or system administrators;
•    Third parties (such as banks, consultants, etc.) performing outsourced activities on behalf of the Data Controller, in their capacity as external data processors.

5. Communication of Data
Without your express consent, the Data Controller may communicate your data for the purposes of Article 2.A) to judicial authorities and other parties to whom communication is mandatory by law for carrying out said purposes. These parties will process the data as independent data controllers. Your data will not be disclosed.

6. Data Transfer
Personal data is stored on servers located within the European Union. If data transfer to third countries becomes necessary, it will occur in accordance with the conditions set forth in Articles 44 et seq. of the GDPR.

7. Nature of Data Provision and Consequences of Refusal
Providing data for the purposes of Article 2.A) is mandatory for the execution of the contract. Refusal to provide such data may result in the inability to guarantee the requested services. Providing data for the purposes of Article 2.B) is optional, and lack of consent will not affect the enjoyment of services described in Article 2.A).

8. Rights of the Data Subject
In accordance with Articles 15 et seq. of the GDPR, the data subject has the right to:
•    Obtain confirmation of the existence of data concerning them and access its content;
•    Request the update, rectification, integration, deletion, or blocking of data processed in violation of the law;
•    Object, in whole or in part, to the processing of their data for legitimate reasons;
•    Request the limitation of the data processing and the portability of the data. Additionally, the data subject can oppose the sending of promotional communications in whole or in part, deciding to receive communications via traditional methods, automated methods, or none of the above. To exercise these rights, the data subject can send a request by email to coproget@coproget.com or to the PEC mailbox coproget@legalmail.it, or alternatively contact the Data Controller at the provided contact details.

9. Complaint to the Supervisory Authority
If the data subject believes that their personal data is being processed in violation of the GDPR, they have the right to lodge a complaint with the Data Protection Authority.

10. Data Controller
The Data Controller is COPROGET S.R.L., headquartered at VIA BARLETTA 158 - 10136 - TORINO (TO). The updated list of data processors and persons responsible for processing is stored at the Data Controller's legal headquarters.