PRIVACY POLICY

Information on personal data processing as per Article 13 of European Regulation No. 679/2016 on the protection of natural persons with regard to the processing of personal data (GDPR)

1. DATA CONTROLLER AND DATA PROTECTION OFFICER

Compar S.p.A., with registered office at Via A. Volta 6 - 35010 Limena PD, with VAT and tax code 00362520280, (hereinafter also referred to as AW LAB Italia), in its role as Personal Data Controller (hereinafter “Data Controller” or “Company”) would like to inform you about the means and purposes of the processing operations carried out on the data collected from users of the website and/or through the use of the AW LAB CLUB Application (respectively “Site" and "App") as well, following this, membership in the “AW Lab Club” initiative (hereinafter also referred to as the ““Program”)

Some services provided may be subject to specific information notices for which we will ensure all the relevant information is provided each time. For personal data processed through the Data Controller's website or mobile application, please see the accepted privacy policies.

- raccomandata a.r. Compar S.p.A, Via A.Volta,6 – 35010 Limena (PD) alla c.a. DPO

As the “AW Lab Club” initiative promoter (hereinafter also referred to as the “Program”), the Company guarantees the utmost confidentiality in the processing of Participants' personal data, in accordance with current legislation on personal data protection.

This Privacy Policy is intended to provide the main information regarding the means used to collect and process Users' personal data in compliance with the GDPR, with Legislative Decree 196/2003 (and subsequent amendments), with the relevant provisions and guidelines provided by Authorities for the protection of national and European data subjects, as well as with applicable national and European legislation (jointly, “Applicable Legislation”).

The Company has identified a Data Protection Officer (DPO) in accordance with Article 37 of the GDPR the DPO may be contacted at the following addresses for matters concerning personal data processing:

- e-mail: privacy@aw-lab.com

- via registered mail with receipt to Compar S.p.A, Via A.Volta,6 - 35010 Limena (PD) to c.a. of the DPO.

2. CATEGORIES OF DATA PROCESSED, PROCESSING PURPOSES, LEGAL BASIS

Tratteremo i suoi dati personali, sia con mezzi manuali che automatizzati, per le finalità e secondo le basi giuridiche descritte di seguito.

  Purposes   Legal Bases   Categories of Data Processed

a) To enable your enrollment in the Program through the creation and management of your personal AW LAB CLUB Account (at stores, via the App and/or on the Site).

The execution of a contract to which the User is a party or of pre-contractual measures undertaken at the User's request - Art. 6(1)(b) GDPR. The conferral of personal data is necessary for this purpose. Failure to provide correct and/or accurate data will prevent your account from being created and registered. In any case, you will always have the option to request and obtain cancellation of your membership at any time by contacting Customer Service at: privacy@aw-lab.com

Identifying and contact information: first and last name, date of birth, gender, email address, and phone number

b) To award AW LAB Club members the benefits strictly related to the Program, including discount vouchers, and free shipping provided by AW LAB Italy.

The execution of a contract to which the User is a party or of pre-contractual measures undertaken at the User's request - Art. 6(1)(b) GDPR. The conferral of personal data is necessary for this purpose. Users who fail to provide correct and/or accurate data will not be able to access the benefits associated with the Program.

Identifying and contact information: first name and surname, date of birth, gender, email address and telephone number

c) To allow you to use the Site and/or App and enjoy the content made available through the Site and/or App.

Execution of pre-contractual measures taken at the request of the data subject and execution of a contract to which the data subject is a party (Art. 6(1)(b) GDPR). The conferral of personal data is necessary for this purpose. Users who fail to provide correct and/or accurate data will not be able to access and enjoy the benefits associated with the Program.

Web browser and IP address details, as well as any additional data pertaining to browsing.

d) To evaluate your CV in case of application.

Execution of pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR and Art. 111 bis of the Privacy Code). Fulfillment of legal obligations placed on the Data Controller (Art. 6 (1)(c) GDPR.The conferral of personal data is necessary for this purpose. If you do not and/or incorrectly provide it, it will not be possible to proceed with the evaluation of your CV.

Identification and contact information (i.e. first name, last name, date and place of birth, email address, gender, residential address, telephone number), data on previous work and/or academic experience (e.g. qualifications, professional experience, education, hard skills and soft skills) and photo. Special categories of personal data (i.e. membership in protected categories, if any).

e) To allow you to purchase our products as provided on the Site and/or App.

The execution of pre-contractual measures taken at the request of the data subject and the contract to which the data subject is a party (Art. 6(1)(b) GDPR). The conferral of personal data is necessary for this purpose. Users who fail to provide correct and/or accurate data for this purpose will not be able to proceed with purchases or receive delivery of our products.

Identifying and contact data collected in connection with the requested service (i.e. first name, last name, email address, telephone number, gender (optional), date of birth, delivery address, billing address, and payment information).

f) To allow you to exchange or return a product you have purchased.

The execution of a contract to which the User is a party - Art. 6(1)(b) GDPR. The conferral of personal data is necessary for this purpose. In case of non-delivery/or inaccurate delivery, return or exchange of the product will not be possible.

Order number and email address.

g) To process and observe any requests made by you through the contact channels indicated on the Site and/or App (e.g. the “Contact Us” or “Check Order” sections, or to provide you with the material or information you requested).

The execution of a contract to which the User is a party, or of pre-contractual measures taken at the User's request - Art. 6(1)(b) GDPR. The conferral of personal data is necessary for this purpose.

It will not be possible to respond to requests by users who fail to provide accurate data for this purpose. Personal data collected through our Site and/or App, e.g., data provided directly by you or collected by us when you send an information request email (e.g. first and last name, subject of the request, email address and phone number), order number, details about the web browser used, and the IP address.

h) To send you Newsletters and general marketing communications regarding our products and services via email.

Your freely-given consent - Art. 6(1)(a) GDPR. The provision of personal data is optional for this purpose. Failure to provide data for this purpose will have no consequence of any kind and will not prevent your participation in the Program. Once your consent has been given, you may withdraw it at any time.

Email address and identification information from you may have provided through your AW LAB Club account registration (e.g. name, surname).

i) To carry out profiling activities by analyzing your behavior on the Site and understanding your preferences, habits, interests, purchase history, Site browsing experiences and interactions with our advertisements (including via email), in order to use your interests to personalize marketing communications, making them more interesting to you, as well as to improve the effectiveness of our marketing strategy.

Your freely-given consent - Art. 6(1)(a) GDPR. The provision of personal data is optional for this purpose. Failure to provide data for this purpose will have no consequence of any kind and will not prevent your participation in the Program. Once your consent has been given, you may withdraw it at any time.

Email address and identifying information you provided through your AW LAB Club account registration (e.g. first name, surname). Information about your preferences, habits, previous purchases. Personal data collected by tracking technologies installed on your browser or email (e.g., tracking products you purchased, left in your shopping cart, or products/content you interacted with or showed interest in), may also be combined with personal data collected when you register.

l) To fulfill legal obligations and comply with the requirements of the relevant authorities.

Fulfilling a legal obligation placed on the Data Controller (Art. 6(1)(c) GDPR). The conferral of personal data is necessary for this purpose. Users who fail to provide correct and/or accurate data for this purpose will not be able to access our services and products.

Any information that may be required under the law or to comply torequests received from the relevant public Authority.

m) To protect our rights in and out of court.

Pursuit of our legitimate interest of the Data Controller (Art. 6(1)(f) GDPR). The conferral of personal data is necessary for this purpose.. You may object to the processing carried out for this purpose at any time.

Any information necessary to ensure this purpose is fulfilled.

n) To carry out extraordinary transactions inherent to the Data Controller (including mergers, acquisitions, divestitures, company reorganizations,corporate restructuring).

Pursuit of a legitimate interest of the Data Controller, subject to balancing that interest with the fundamental rights and freedoms of data subjects (Art. 6(1)(f) GDPR). The conferral of personal data is necessary for this purpose. You may object to the processing carried out for this purpose at any time.

Only the information necessary to ensure fulfillment of this purpose (e.g. identifying data, contact information, etc.).

3. PROCESSING MEANS

I Suoi dati personali saranno trattati con il supporto di strumenti informatici e/o cartacei, protetti da dispositivi di sicurezza adeguati a garantire la segretezza e la sicurezza dei dati personali. In particolare il Titolare adotterà adeguate misure amministrative, tecniche e organizzative volte a salvaguardare i dati da eventuale perdita, furto ed uso non autorizzato, divulgazione o modifica dei dati personali.
Il trattamento potrà essere effettuato anche attraverso strumenti automatizzati atti a memorizzare, gestire o trasmettere i dati stessi.

4. RETENTION PERIOD

I Suoi dati personali saranno conservati per un periodo di tempo non superiore a quello strettamente necessario a raggiungere le finalità per i quali sono raccolti, nonché per l’eventuale maggior periodo necessario per adempiere ad obblighi di legge e/o per fini di tutela giudiziaria, e comunque non oltre i termini prescrizionali ordinari. Al termine del periodo di conservazione, i Suoi dati personali saranno cancellati o resi anonimi.

In particolare, i Suoi dati personali, trattati per le finalità di cui alla precedente sezione 2, sono conservati nel rispetto dei termini e criteri di seguito specificati:

  • Finalità a), b): i dati personali raccolti per consentire l’adesione a AW LAB Club saranno conservati fino a che l’Utente non proceda alla cancellazione dell’account personale.

    • Your personal data will be retained for a period of time no longer than is strictly necessary to achieve the purposes for which they are collected, as well as for any period longer than that necessary to fulfill legal obligations and/or for purposes of judicial protection, and in any case no longer than the ordinary prescriptive periods. At the end of the retention period, your personal data will be deleted or anonymized.

    Your personal data is processed specifically for the purposes set forth in Section 2 above, are retained in accordance with the terms and criteria specified below:

  • Purpose a), b): personal data collected to enable the creation and management of the AW LAB Club account will be retained until the User proceeds with the cancellation of the same.

  • Purposes c), e), f), g), l), m), n): personal data collected for these purposes will be kept for the time strictly necessary for the fulfillment of these purposes, and in any case no longer than 10 years from the date of termination of the contractual relationship, in order to comply with a legal obligation, such as those of an administrative-accounting nature, unless it is necessary to keep it longer to comply with an order from an Authority or to defend one of our rights. In such cases, the time limits provided for the performance of judicial and/or inspection activities shall be observed.

  • Purpose d): Personal data collected for this purpose will be retained for a period of time not exceeding that which is strictly necessary for the fulfillment of these purposes and which, in any case, will not exceed 6 months from the time the CV is received, unless an extension of this period is necessary for the defense of a right, in court and not, of the Company or for the fulfillment of a legal obligation.

  • Purpose h): your personal data will be processed for the purpose of sending communications of a commercial nature, newsletters, until you decide to withdraw your given consent or to exercise your right to object, and in any case after five years and without renewed consent given by the data subjectpertaining data will be deleted or anonymized.

  • Purpose i): your personal data will be processed for the purpose of carrying out profiling activities until you decide to withdraw your given consent or to exercise your right to object and in any caseafter three years and without renewed consent given by the data subjectyour data will be deleted or anonymized.

    • RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA

    Personal data may be made accessible, for the purposes indicated above, to the following subjects:

  • Data Controller personnel authorized for processing under Article 29 of the GDPR.

  • Electronic payment service providers, in order to handle payments related to your orders. Electronic payment service providers relative to this processing will process your personal data as an autonomous data controller, in accordance with the GDPR and, in general, with applicable Legislation.

  • Independent authorities, law enforcement and/or judicial and administrative authorities for their institutional purposes within the limits preseen by law.

  • Third parties, such as companies belonging to the Group of which the Data Controller is part and/or third parties who carry out outsourcing activities on behalf of the Data Controller (by way of example: professional firms, consultants and/or external system administrators for the time strictly required for the optimal execution of such services), who will process the data in their role as Data Processors as pursuant to Article 28 of the GDPR, duly appointed by means of a specific appointment order, with an indication of the processing means and security measures that must be adopted for the management and storage of the personal data of which the Company is the Controller.

  • Third parties involved in an extraordinary corporate transaction such as a merger or the sale of a business unit, including any parties advising them as part of the transaction.

    • The full list of individuals to whom personal data have been or may be disclosed is available upon request to be made by email to privacy@aw-lab.com.

    6) TRANSFER OF DATA OUTSIDE THE EEA

    The management and storage of personal data takes place on servers, located within the European Economic Area (“EEA”), of the Data Controller and/or third party companies engaged and duly appointed as Data Processors.

    Data is not currently being transferred outside the EEA. It is in any case understood that, should it become necessary, the Data Controller will be entitled to move the location of the servers within the EEA and/or to countries outside the EEA.

    When your personal data is transferred outside the EEA and, in particular, to states that do not benefit from an adequacy decision by the European Commission, a safeguard for this purpose will be adopted from the applicable Legislation, for example by signing the standard contractual clauses adopted by the European Commission, ensuring they are kept up to date, and that any additional technical, organizational and/or contractual measures are sufficient to guarantee an adequate level of protection for your personal data and, in any case, one that is essentially equivalent to that guaranteed within the EEA.

    7) RIGHTS OF DATA SUBJECTS

    The individuals to whom the personal data refers may exercise their rights under Articles 15 to 22 of the GDPR at any time.

    In particolar:

    Data subjects may obtain confirmation from the Controller as to the existence of Personal Data concerning themselves, as well as access to the following information, if it exists:

  • Processing purposes

  • Categories of personal data processed

  • Recipients or categories of recipients to whom personal data has been or will be disclosed, especially if recipients are in third countries or international organizations

  • Expected retention period of personal data or, if unavailable, the criteria used to determine this period

  • Where data is not collected from the data subject, all available information about its origin

  • The existence of an automated decision-making process and, in such cases, meaningful information about the logic used, as well as the importance and expected consequences of such processing for the data subject

  • The existence of adequate guarantees under Article 46 relative to third-country transfer or international organizations.

    • Data subjects also have the right to:

  • Obtain the updating, rectification or integration of your data, their deletion, within the terms allowed by the regulations, or request that they be anonymized, limitation of processing, and has the right to object, in whole or in part, for legitimate reasons, to the processing of personal data that concerns you

  • Obtain portability of electronically processed data provided on the basis of consent or contract

  • To withdraw one's consent, if given, without affecting the lawfulness of the processing based on the consent before withdrawal

  • To send a complaint to a Supervisory Authority. The relevant authority in Italy is the Authority for the Protection of Personal Data (“Garante”). More information on how to file complaints is available on the Garante's website athttp://www.garanteprivacy.it;

  • To submit an appeal to a judicial authority

    • The data subject may at any time exercise their rights in the following ways:

  • i. sending a registered letter with receipt to: Compar S.p.A, Via A. Volta n. 6 35010 LIMENA (PD) to the attn. of the DPO

  • ii. sending an email to privacy@aw-lab.com

    The Data Controller shall provide information regarding the action taken on the request pursuant to Articles 15 to 22 without undue delay and, in any event, no later than one month after the request is received. This period may be extended by up to two months, if necessary, to account for the complexity and number of requests. The Data Controller will inform the data subject of this extension, and the reasons for the delay, within one month of receiving the request.

    • 8) AMENDMENTS TO THIS POLICY

    This Policy may be subject to change. Should any substantial changes be made, you will receive specific communication before it comes into effect.

    Current version: May 2023