This web page describes how www.mflgroup.com is managed in terms of processing of personal data of the users.

Privacy Policy

This web page describes how www.mflgroup.com (the “Site”) is managed in terms of processing of personal data of the users who view it and which are collected through this Site.

This policy is provided, in accordance with Art. 13 of (EU) Regulation 2016/679 (General Data Protection Regulation, hereinafter “EU Regulation”), to those who interact with the services available online on the Site.

This policy is provided exclusively for this Site, and not for any other site that a user might connect to via hyperlink, which are in fact beyond the control of Mario Frigerio S.p.A..

DATA CONTROLLER

The Data Controller is Mario Frigerio S.p.A. (hereinafter “Mario Frigerio.” or “Controller”), with registered office in Milan (Italy), Via del Carroccio 8, Tax ID and VAT number 06795300968, phone +39 031 5488100, email privacy@mflgroup.com, certified email frigeriomacchine@legalmail.it.

TYPE OF PERSONAL DATA COLLECTED

Navigation Data

The IT systems and software procedures utilised to run this Site acquire some user-derived personal data as part of their normal functioning; the transmission of such data is implicit in internet communication protocols. These data are not collected to be associated with identified data subjects, but, by their very nature, they might make users identifiable after being processed and matched with data held by third parties. This data category includes IP addresses or domain names of the computers used to connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used to submit the request to the server, the size of the returned file, the numerical code of the server response status (completed, error, etc.) and other parameters related to the user’s operating system and IT environment.

Data Voluntarily Submitted by the User

The user’s personal data collected through the online form on the Site are: first name, surname, address, email address, company, country of origin and any other data or information (such as order number, type of request, brand of interest, etc.) submitted by user by filling in the online form.

PROCESSING PURPOSES and LEGAL BASIS

Mario Frigerio S.p.A. will process your personal data: 1. to respond to requests for information submitted by Site visitors using the enquiry form and to to enable you to subscribe to and to receive by email the newsletters from Mario Frigerio regarding its own products and services (being said newsletter a service specifically required by the user upon subscription); 2. to provide technical assistance including in relation to any linked administrative and/or accounting matter and for the performance of after-sale activities; 3. to comply with statutory, regulatory requirements (for both Italian and EU legislation) as well as with any order issued by competent authorities; 4. to improve services and browsing experience and to carry out statistical analysis and market research on aggregated data only;

5. to email informational messages relating to products or services offered by Mario Frigerio similar to products or services already purchased by the customer, unless the customer refuse said data processing at any time by notifying Mario Frigerio (so-called soft-spamming); 6. to email advertising and promotional messages from Mario Frigerio with respect to its own marketing campaigns and/or related to its own products and services and/or to products or services of other companies belonging to MFL Group (including, but not limited to, survey, customer satisfaction surveys, invitation to events or to trade fairs, etc.).

Please note that processing of personal data for the purposes listed under 1) and 2) above is necessary in order to manage the request and/or to provide the service requested by the user (as per Art. 6, para. 1 lett. b), EU Regulation) and processing for the purpose under 3) above is required in order to comply with the law (as per Art. 6 para. 1 lett. c), EU Regulation). The purpose listed under points 4) and 5) are based on the legitimate interest of the Controller as per Art. 6, para. 1 lett. f), EU Regulation.

Finally, your consent is required to process data for the purposes under point 6) above. In this respect, please consider that your consent is voluntary and can be withdrawn at any time.

OPTIONAL AND REQUIRED DATA SUBMISSION

It is mandatory to provide your data for the purposes of points 1), 2) and 3), above. Their processing is required so we can respond to requests for information, provide the requested newsletter and technical assistance and comply with legal obligations. Any refusal to provide data for said purposes will make it impossible for Mario Frigerio S.p.A. to respond.

DATA PROCESSING METHODS AND SECURITY MEASURES

Data will mainly be processed using electronic or, in any case, automated (manual, IT, and/or online) tools, using methods and resources that assure the security and privacy of the data. Moreover, all technical, IT, organisational, and security-protocol measures will be taken to ensure appropriate data protection as required by law. Only Data Processors appointed by the Data Controller or by any Data Protection Officers may access the data. Data subject to processing shall be relevant, complete, and limited in scope to the purposes for which they were collected or thereafter processed and will only be stored in a format that allows the data subject to be identified as long as necessary for the purposes for which they were collected, in compliance with applicable law. The Controller states it does not use automated processes to profile the data subject.

RECIPIENTS OF PERSONAL DATA

Personal data shall be processed onsite at Mario Frigerio, and may be disclosed to its employees and/or contractors, as well as to the following entities: a) Third-party companies in the same corporate group as Mario Frigerio in order to respond to requests you have submitted using the online form; b) Third-party companies, in order to provide the technical assistance requested; c) Any government authority with access to the data pursuant to any court or

administrative order; d) Entities who provide services for the management of the IT system, and the telecommunications network (including email),

that will process the data in their quality as autonomous data controller or as duly appointed data processors, as the case may be and on the basis of a case by case assessments.

In principle, personal data will not be transferred outside EU or in Countries other that those of the European Economic Area.

If and to the extent that, for the above listed purposes, it is necessary to transfer personal data to non EU/EEA Countries, Mario Frigerio will ensure that your data is safe and secure throughout any transfer, as provided by any applicable data protection law and that any international transfer is carried out in accordance with the requirements of EU Regulation, such as, in particular, by executing agreements with the recipients that incorporate the Standard Contractual Clauses adopted by EU Commission or by ensuring that the recipient Country offers an adequate level of data protection according to the adequacy decisions issued by EU Commission.

PERIOD OF DATA STORAGE

The Controller informs users that any personal data collected shall be retained as long as necessary to provide the requested services, including technical assistance and the newsletter and, subsequently, for the period of time allowed by applicable law on statutory or time limitation periods (also with respect to administrative and tax purposes) and, in general, for the time necessary for the exercise/defence of the rights of Mario Frigerio in relation to claims raised by public authorities, public entities and private subjects.

When used for marketing, data will be retained until consent is withdrawn by the customer/user and as long as there is an appropriate relationship with the customer/user.

Once the above periods have elapsed, the data will be destroyed.

DATA SUBJECT’S RIGHTS

Pursuant to Regulation (EU) 2016/679, you may exercise your rights vis-à-vis the Controller as follows: * Pursuant to Art. 15, 16, 17, 18, 19, 20 and 21 of the EU Regulation request the Controller to access your personal data, and to request that such data be rectified or erased, or restrict processing involving the data subject, or object to processing of the data, in addition to the right of data portability. Data that the Controller is required to store by law cannot be erased. * Withdraw consent at any time, pursuant to Art. 7 of the EU Regulation, without prejudice to the lawfulness of earlier processing based on consent provided prior to this.

* User has the right to object at any time, for reasons related to his/her particular situation, to the processing based on a legitimate interest of the Controller, unless the Controller can demonstrate legitimate and mandatory grounds for data processing that prevail on the interests, rights and fundamental freedoms of the data subject or

that the data are necessary for the establishment, exercise or defence of legal claims. Moreover, he/she has the right to object to the processing of data for marketing purposes. Requests by any data subject should be directed to Mario Frigerio S.p.A. in an email sent to privacy@mflgroup.com or by post to: Mario Frigerio S.p.A., Viale Lombardia snc, 23847 Molteno (LC), Italy. It shall remain understood that where requests have been submitted electronically, the information shall be supplied free of charge, and in a commonly used electronic format.

RIGHTS TO LODGE A COMPLAINT WITH THE DATA PROTECTION AUTHORITY

Should you believe that Controller’s processing of your personal data breaches your privacy rights, you may lodge a complaint with the Garante (Italian Data Protection Supervisor), following the instructions available at their website: www.garanteprivacy.it. The present privacy policy may be subject to change to comply with any intervening changes in the law, or any updates to Mario Frigerio S.p.A.’s data-processing policies. Each updated version of the present Privacy Policy shall be posted on the Site.

*

This Privacy Policy can be amended and updated, also depending on modifications of the applicable law provision.

Amendments and updates will be communicated to the user through their publication on the home page of the Site and will be applicable and binding from the moment of their publication.

Mario Frigerio therefore invites users to periodically visit this web page for the purpose of being informed of any change or update.

Last update: June 2023