Last updated: 11 marzo 2020

Privacy Policy of the Website https://theargeo.com.

Fimesp s.r.l., with registered office in Viale Monte Nero 82, 20135 - Milano, Italy, ("Fimesp" or "we" or "our"), as data controller, collects and processes Personal Data in accordance with Regulation (EU) 2016/679, the General Data Protection Regulation ("GDPR"), Legislative Decree 30 June 2003, No. 196 ("Privacy Code), Legislative Decree 10 August 2018, No. 101 adapting the Privacy Code to the GDPR ("Adjustment Decree"), the GDPR, the Privacy Code and the Adjustment Decree all together are referred to as "Italian Privacy Legislation", in accordance with the privacy principles and rights of the data subjects. In accordance with articles 13 and 14 of the GDPR, Fimesp informs the user on how it collects, processes and uses personal data provided by the user when browsing the website https://theargeo.com or registering to ask for information thereon or using the Services provided through it as described in the applicable Terms of Use

In accordance with article 37 of the GDPR, Fimesp appointed a Data Protection Officer (“DPO”), which is in charge for all the relevant legal previsions related to this role. DPO can be contacted at the following address: avv Francesco Angelo Lorusso, Viale Monte Nero 82, 20135 – Milano, Italia, email: lorusso@legalelorusso.it This Privacy Policy does not cover any other information that is published and provided to the user, collected or used by third parties through their own applications integrated into the website https://theargeo.com, if those third parties do not act on our behalf.

Please read this Privacy Policy carefully before browsing and using the website https://theargeo.com.

INDEX

1. Definitions
1.1 User
1.2 Seller
1.3 Data Subject
1.4 Personal data
1.5 Usage Data
1.6 Data Controller
1.7 Data Processor
1.8 Third Parties
1.9 Website https://theargeo.com
1.10 Services or related Services
1.11 European Union (or EU)
1.12 Cookies
2. Types of Personal Data collected
3. Purpose and legal basis of the processing
4. Nature of the provision of Personal Data and consequences in case of failure to provide the
data
5. Methods of processing
6. Retention Period
7. Communication and international transfer of Personal Data
7.1 Service Providers
7.2 Third parties in accordance with a legal obligation or to establish, exercise or defend a claim in court
7.3 Third parties in case of corporate transactions
8. User Rights
9. Contacts of the Data Controller
10. Changes to this privacy policy

1. Definitions
1.1 User: the natural person accessing the website https://theargeo.com by browsing and using the same and related services. 1.2 Seller: owners or representatives of affiliated business, even if they use the website https://theargeo.com as Users. 1.3 Data Subject: a natural person identified or identifiable through personal data and coinciding with the User with respect to the use of the website https://theargeo.com and related Services. 1.4 Personal Data: any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to his/her physical, physiological, genetic, psychic, economic, cultural or social identity. 1.5 Usage Data: Personal Data collected automatically through the website https://theargeo.com, including through third-party applications integrated within the same, namely: the IP addresses of the User's device or the domain names of the devices used by the User accessing the he website https://theargeo.com, the URI (Uniform Resource Identifier) addresses, the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) the country of origin, the characteristics of the browser and operating system used by the visitor, the various time connotations of the visit (for example, the time spent on each page) and details of the route followed within the website https://theargeo.com, with particular reference to the sequence of pages viewed, the parameters relating to the operating system and computer environment of the User. 1.6 Data Controller: the natural or legal person, public authority, service or other body which, alone or together with others, determines the purposes and means of the processing of Personal Data. 1.7 Data Processor: the natural or legal person, public authority, service or other body that processes Personal Data on behalf of the Data Controller. 1.8 Third Parties: natural and/or legal persons who do not have the status of User. 1.9 Website https://theargeo.com: set of connected web pages hosted on a web server, through which users' Personal Data are collected and processed. 1.10 Services or related Services: Services provided by Fimesp in accordance with clause 3 of the Terms of Use applicable to the Website https://theargeo.com [insert link to the Terms of Use]. 1.11 European Union (or EU): unless otherwise specified, any reference in this document to the European Union shall be deemed to extend to all current Member States of the European Union and the European Economic Area. 1.12 Cookies: small portion of data stored within the User's device and released by Fimesp or by Third Parties through the Website https://theargeo.com
2. Types of Personal Data collected
Fimesp collects and processes Personal Data provided by the User when the User requests information on the Website https://theargeo.com and when using the Website and the Services: Personal details: first and last name, gender (male/female), date of birth; Contact details: email address and telephone number; Usage Data: Personal Data as defined in clause 1.5. System log and maintenance: files that record the User's interactions within the Website https://theargeo.com and that can also contain Personal Data, such as the IP address of the User's device. If the User provides Third Parties' Personal Data, the User undertakes to ensure the corresponding communication to Fimesp and the subsequent processing of such data in compliance with this Privacy Policy and the Italian Privacy Legislation, in such a way that before communicating Third Parties' Personal Data to Fimesp, the User (i) informs the Third Parties about the processing of their Personal Data, (ii) provides this Privacy Policy to the Third Parties and (iii) obtains the relative consent to communicate the Third Parties' Personal Data to Fimesp. In such circumstances, Fimesp processes Third Parties' Personal Data only to allow the User to use the Website https://theargeo.com and related Services on the basis of the User's requests.

3. Purpose and legal bases of the processing



Purposes of the processing Legal bases
A. Fimesp processes the User's Personal Data, including those manifestly made public by the same to allow the User to request information registering in the "Contact Us / Contact Us" form, available on the Website https://theargeo.com, to browse on such website, to use the related Services, to describe the functionalities of the ARGeo application.
• The processing is necessary for the execution of pre-contractual measures adopted at the request of the Data Subject and for the performance of a contract to which the Data Subject is a party. • The processing concerns Personal Data made manifestly public by the Data Subject.
B. Fimesp processes the User's Personal Data to ensure that the Website https://theargeo.com is updated and meets the User's necessities, to analyze, review and improve this website, to offer the User an facilitated user-browsing experience, to ensure compliance with the Terms of Use of the Website https://theargeo.com, for the security of such website and its users and for the protection of Fimesp's rights and/or assets.
• The processing is necessary for Fimesp's legitimate interest in protecting and improving its business, assets and rights. • The processing is necessary for Fimesp to comply with legal obligations such as the obligation to ensure the security of information pursuant to the applicable data protection laws.
C. Fimesp processes the User's Personal Data to comply with legal obligations, laws and regulations, as well as to act before judicial and administrative authorities.
• The processing is necessary to comply with a legal obligation to which Fimesp is subject. • The processing is necessary to establish, exercise or defend a claim in court or whenever courts are acting in their judicial capacity

4. Nature of the provision of Personal Data and consequences in case of failure to provide the data
With regard to Personal Data whose processing is essential for compliance with laws and regulations or to execute the contract in place between Fimesp and the User as detailed in the Terms of Use applicable to the Website https://theargeo.com, as detailed in the Terms of Use applicable to the Website https://theargeo.com, the provision of User's Personal Data is mandatory, therefore failure to do so would make it impossible for Fimesp to provide the Website https://theargeo.com the and related Services to the User.
5. Methods of processing

Fimesp processes User's Personal Data by means of electronic and/or telematic as well as through non-electronic means, in an organised manner and with logics strictly related to the purposes indicated in this Privacy Policy and in compliance with the Italian Privacy Legislation. In particular, given the main functionality of the Website https://theargeo.com, Fimesp processes User's Personal Data through automated systems directed to receive requests for information and to interact with the User as well as to allow browsing the Website https://theargeo.com and the download of the ARGeo application through the App Store and Google Play channels. During the processing of User's Personal Data, Fimesp adopts appropriate security measures to prevent unauthorised or unlawful access, disclosure, modification or destruction of Personal Data.

6. Retention Period
Fimesp retains User's Personal Data only for the time strictly necessary to allow the use of the Website https://theargeo.com and for the other purposes for which they were collected. In any event, Fimesp will retain User Personal Data necessary to comply with a legal obligation or to exercise our rights of defence in the context of legal proceedings. Please note that Personal Data contained in contracts, communications and business letters may be subject to retention periods established by law, which may provide for a retention period of up to 10 years, based on the ordinary statute of limitations in force in Italy.

7. Communication and international transfer of Personal Data
User's Personal Data may be accessed by Fimesp personnel duly authorised to process Personal Data. Furthermore, while making the Website https://theargeo.com available and providing related Services, Fimesp may communicate User's Personal Data to external subjects such as: 7.1 Service Providers. In order for the User to access the Website https://theargeo.com and use the Services through it, Fimesp may share User's Personal Data with its service providers who will act as Data Processors on the basis of Fimesp's instructions. By way of example, such service providers may include communication agencies, technical service providers, IT companies, companies that manage or maintain the IT infrastructure on which the Website https://theargeo.com is based (e.g. GoDaddy LLC). 7.2 Third parties in accordance with a legal obligation or to establish, exercise or defend a claim in court. Fimesp may disclose Users' Personal Data to institutions, law enforcement agencies, judicial authorities, administrative authorities or public security authorities, in the context of a judicial or administrative procedure, or in order to fulfil a legal obligation or protect its rights. 7.3 Third parties in case of corporate transactions. The communication of User's Personal Data may also occur in the presence of events such as mergers, acquisitions, sales of companies (or its assets) or other extraordinary operations in which Fimesp may have to share information with potential buyers or counterparties and their consultants. Some of the above parties may be established outside the territory of the European Union and the European Economic Area in countries that do not guarantee an adequate level of protection of Personal Data (e.g. the United States of America). In such circumstances, Fimesp will adopt the appropriate safeguards to ensure the protection of User's Personal Data in accordance with article 46 of the GDPR (e.g. adherence to the US-EU Privacy Shield scheme, Standard Contractual Clauses adopted by decision of the European Commission, currently decision 2010/87/EU of 5 February 2010). Under no circumstances User's Personal Data will be disclosed.

8. User Rights
The User may at any time and at no cost request information on this Privacy Policy, the Website https://theargeo.com and related Services by contacting Fimesp at the contact details indicated in clause 9. Likewise, the User may request an updated list of our Data Processors and exercise his/her privacy rights enshrined in Articles 15 et seq. GDPR as specified below: (i) Right of Access: Under certain circumstances, the User has the right to obtain from us confirmation as to whether or not Personal Data relating to him/her exists and, if so, request access to such Personal Data. Access information includes, among others, the purposes of the processing, the categories of Personal Data processed, the recipients or categories of recipients to whom Personal Data have been or will be disclosed, the sources of Personal Data, the data retention periods and the technical security measures adopted to safeguard Personal Data in the event of transfer outside the European Economic Area. However, this is not an absolute right and the interests of other people may limit the right of access. The User has the right to request a copy of the Personal Data. If the Users requests additional copies, we may charge him/her a reasonable fee taking into account the administrative costs incurred. (ii) Right of rectification: under certain circumstances, the User has the right to obtain from us the rectification (i.e. correction) of inaccurate Personal Data concerning him/her. Depending on the purpose of the processing, the User has the right to obtain the integration of incomplete Personal Data, also by means of supplementary statement. (iii) Right to Erasure (right to be forgotten): under certain circumstances, the User has the right to obtain from us the erasure of Personal Data relating to him/her. In such cases, we will take steps to delete, or make permanently unintelligible, such Personal Data. (iv) Right to restriction of processing: under certain circumstances, the User has the right to obtain from Fimesp the restriction of the processing of his/her Personal Data. In such cases, the data will be marked and may be processed by us only for certain purposes. (v) Right to data portability: under certain circumstances, the User has the right to receive in a structured, commonly used and machine-readable format, Personal Data about him/her that the User has provided and the right to transmit such data to another entity. (vi) Right to object: under certain circumstances, as provided for by applicable law, the User has the right to object, at any time, for reasons related to his/her particular situation, to the processing of his/her Personal Data by us and we may be required to no longer process his/her Personal Data. If the User has the right to object and if exercises this right, his/her Personal Data will no longer be processed by us for such purposes unless Fimesp proves legitimate compelling grounds under the GDPR. If the data is processed for marketing purposes, the User has the right to object at any time to the processing for such purposes, including profiling to the extent that it is related to direct marketing. The User can exercise his/her right to object by contacting us as indicated in clause 9. This is not an absolute right and does not apply in certain situations, for example when the processing is necessary for compliance with the applicable law of the European Union or the Member States, or to defend a right in court. (vii) Automated decision making: The User has the right not to be subject to a decision based solely on automated processing that produces legal effects that affects him/her or affects his/her person. The above prohibition does not apply if the User consents to a decision based on automated processing of his/her Personal Data or such a decision is needed for the conclusion or execution of a contract between the User and Fimesp, or if the decision is authorised by European Union or Italian law. (viii) Withdrawal of consent: The User also has the right to withdraw his/her consent provided with regard to certain types of Personal Data processing activities, also using the appropriate contact section within the Website https://theargeo.com in addition to sending the notice of withdrawal to the email address specified in clause 9. Such withdrawal shall not affect the lawfulness of the processing based on consent prior to the withdrawal. Finally, the User has the right to lodge a complaint before the National Supervisory Authority (the "Garante"). We inform the User that under certain circumstances pursuant to Article 2-undecies of the Privacy Code, as introduced by the Implementing Decree, the exercise of privacy rights may be delayed, limited or excluded. In this case, the Company will provide the User without delay with a reasoned statement and the User may still request that the Garante ascertains that the delay, limitation and exclusion referred to above are based on legitimate reasons.

9. Contacts of the Data Controller
Fimesp s.r.l., Viale Monte Nero, 20135 – Milano, Italy, Email address: info@fimesp.com avv Francesco Angelo Lorusso, Viale Monte Nero 82, 20135 – Milano, Italia, email: lorusso@legalelorusso.it

10. Changes to this privacy policy
Fimesp reserves the right to amend this Privacy Policy at any time by informing the User: a) on the page dedicated to it on the website https://theargeo.com. Please therefore regularly consult the Privacy Policy available on the website https://theargeo.com, referring to the date of the last change indicated at the bottom. If the changes involve processing activities whose legal basis is consent, Fimesp will collect the User's consent again, if necessary.