PRIVACY POLICY PURSUANT TO ART. 13 Reg. EU 2016/679 (the so-called GDPR) (c.d. GDPR)

Several data are recurring in this text, so we will refer to them as follows:

The Websites www.ferrarigbw.com and www.ferrarigbw.it are under the company Azienda Officina Ferrari GBW s.r.l. s.u. Via Cafiero 18 – 42124 Reggio Emilia, Società soggetta a direzione e coordinamento di FH s.r.l., which is referred to as the “Company” in this text.
The above Websites, identified as www.ferrarigbw.com and www.ferrarigbw.it are referred to in this text as the “Website”.
The corporate e-mail address is amm@ferrarigbw.it, which is referred to in this text as “the Company’s e-mail address”.

SCOPE OF THIS PRIVACY POLICY

The protection of your personal data is very important to our Company, and, to protect you as best as possible, we provide you with these notes in which you can find indications on the type of information collected online and on the various possibilities you must intervene in the collection and use of such information on the Website.

The Company, in its capacity as Data Controller of your personal data, pursuant to and in accordance with Art. 13 of Reg. EU 679/2016 (GDPR), hereby informs you that the aforementioned legislation provides for the protection of natural persons with regard to the processing of personal data, and that this processing will be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights.

Your personal data will be processed in accordance with the legal provisions of the above-mentioned legislation and the confidentiality obligations provided therein.

The processing of personal data applies to those interacting with the Company’s web services, which are accessible telematically from our Website address, corresponding to the home page of the Company’s official Website. 4

This policy applies exclusively to the Company’s own Website and not to other, different Websites unrelated to the Company that the User may visit via links from our Website.

DATA CONTROLLER

The Data Controller is Azienda Officina Ferrari GBW s.r.l. s.u. Via Cafiero 18 – 42124 Reggio Emilia, Società soggetta a direzione e coordinamento di FH s.r.l., Telephone: 0522301760

TYPES OF DATA PROCESSED

a) BROWSING DATA

The computer systems and software procedures used to operate this Website collect, during their regular operation, data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified subjects, but by its nature could, through processing and association with data held by third parties, allow for the identification of Users.

This category of data includes the IP addresses of the computers used by Users connecting to the Website (anonymised), the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, and so on) and other parameters relating to the User’s operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct operation.

The data could be used to determine responsibility in the event of alleged computer crimes to the detriment of the Website only if requested by the supervisory bodies in charge.

In particular, the Website collects the following browsing data:

• Anonymised IP;

• Date and time of access;

• Place of access.

b) SPECIFIC DATA

The Data Controller does not request or collect any specific personal data through this Website.

OPTIONAL NATURE OF THE PROVISION OF DATA

Except for what has been specified for browsing data, the User is free to provide the personal data indicated in the request forms to the Company or in any case indicated in the sections of the Site relating to contacts with the Company, to request the sending of information material or other communications. Should they not be provided, it may be impossible to obtain what has been requested.

WITHDRAWAL OF CONSENT

The consent given for the data referred to under point b) of the previous paragraph (data provided voluntarily by the User) may be withdrawn at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.

PURPOSE and LEGAL BASIS OF THE PROCESSING

Your data will be processed for purposes related to:

a) To the implementation of fulfilments related to contractual obligations (the legal basis of the processing is the execution of a contract);

b) To the implementation of fulfilments relating to legislative obligations and statutory obligations in the area of taxation and accounting (the legal basis of the processing is the need to fulfil a legal obligation);

c) To the sending of newsletters (legal basis of the processing is the User’s consent);

d) Contact via the contact form to request information (the legal basis of the processing is the User’s consent);

e) Management of the User’s personal area (legal basis for the processing is the User’s consent);

f) Statistics with anonymised IP (Google Analytics) (legal basis for the processing is the User’s consent).

The Data Controller hereby informs that failure to provide, or the incorrect provision of, any of the mandatory information may make it impossible for the Data Controller to guarantee the processing appropriateness.

DATA PROCESSING METHODS

Personal data are processed by electronic means for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent loss of data, unlawful or incorrect use and unauthorised access.

PLACE OF DATA PROCESSING

The processing operations connected to the web services of this Website take place at the Company’s registered office and will be communicated exclusively to the parties in charge for the performance of the services required for the correct management of the relationship, with guaranteed protection of the rights of the data subject. The personal data provided by Users who submit requests for information material to be sent to them (such as requests for information, newsletter subscriptions, and so on) are used for the sole purpose of performing the service or provision requested.

DATA RECIPIENTS

Your data may be communicated to third parties, in particular to public and/or private parties for whom the communication of the data is mandatory or necessary in order to comply with legal obligations or is otherwise required for the administration of the relationship, such as, for example:
– Persons authorised to process data that carry out their activities at the Data Controller’s office (employees, collaborators, partners, and so on);
– The subjects appointed as external data processors;
– Consultants and freelance professionals, also associated, working on behalf of the Data Controller (accountants, IT service providers);
– All those to whom the data must be communicated for the correct fulfilment of the above-mentioned purposes and related or connected activities (credit institutions, etc.).

RETENTION PERIOD

Your personal data are processed for the time necessary to perform the service you requested or required by the purposes described in this document. The personal data collected will be deleted after 10 years have passed since the performance of the service requested, unless the processing is based on the User’s consent; in this case, the Data Controller will keep the personal data until said consent is revoked. Data provided for commercial promotion activities will be kept until the User revokes consent and, in any case, for a period not exceeding two years.

TRANSFER OF DATA

The Data Controller may transfer personal data collected through the Website to countries outside the European Union. In these cases, if the company is located in a country for which an Adequacy Decision of the European Commission has not been adopted, pursuant to Art. 45 Reg. EU 2016/679, we will only grant access to your personal data if you provide your express consent. The Data Controller does not transfer personal data collected through the Website to international organisations.

AUTOMATED DECISION-MAKING PROCESSES

The Data Controller does not carry out processing that involves automated decision-making processes.

PART RESERVED TO MINORS No person under 18 years of age may send information to this Website without the prior consent of their parents or guardian.

SOCIAL NETWORK PLUG-INS

The Website also incorporates plug-ins that enable easy sharing of content on Social Networks. (e.g., LinkedIn)

When you click on the corresponding Social Network plug-in, a connection is established between your browser and the Social Network’ servers, which will then be able to track your visit to our Website and, if applicable, associate you with your Social Network account, especially if you are logged in at the time of your visit. Should you not wish the Social Network to record data relating to your visit to our Website, you must log out of your Social Network account and delete the cookies that the Social Network has installed in your browser. The collection and use of information by Social Networks is governed by their respective privacy policy to which please refer.

LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=it_IT

The European Commission has currently determined that the US does not offer an appropriate level of data protection. However, Facebook, LinkedIn and Instagram have agreed to comply with the EU-US Privacy Shield agreement published by the US Department of Commerce on the collection, use and retention of personal data from EU Member States.

YOUR DATA PROCESSING RIGHTS

We hereby inform you that, considering your status as a data subject, you may exercise your rights under Articles 15-21 GDPR. You may:

Obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet registered, and its communication in intelligible form;

Obtain:

a) the origin of the personal data,

b) the purposes and methods of processing

c) the logic applied in the event of processing carried out with the use of electronic means,

d) the identity of the data controller, data processors and the representative appointed under Art. 5, paragraph 2, Privacy Code and Art. 3, paragraph 1, GDPR, of the persons or categories of persons to whom the personal data may be communicated or who may become aware of the data in their position of designated representative in the State territory, data processors or persons in charge of the processing;

Obtain:

a) the updating, rectification or, when relevant, the integration of the data,

b) the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, including data that need not be kept in relation to the purposes for which the data was collected or subsequently processed

c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or to which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort in relation to the right that is to be protected;

Object, in whole or in part, to:

a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of the collection,

b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communications, by means of automated calling systems without the intervention of an operator, by email and/or by traditional marketing methods, by telephone and/or by certified mail.

The data subject’s right to object, as set out in point b) above, for direct marketing purposes by means of automated methods is extended to traditional marketing methods and the data subject’s right to object, even in part, remains unaffected. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither of the two types of communication. If applicable, you also have the rights set out in Articles 16-21 GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object).

FILING OF COMPLAINTS

The data subject also has the right to file a complaint before the Supervisory Authority of the State of residence.

HOW TO EXERCISE RIGHTS

To exercise the rights due to data subjects, Users may address a request to the Data Controller’s contact details detailed below:

• By registered mail: Azienda Officina Ferrari GBW s.r.l. s.u. Via Cafiero 18 – 42124 Reggio Emilia, Società soggetta a direzione e coordinamento di FH s.r.l. or by means of PEC (certified email) to: ferrarigbw@pcert.it

Requests shall be filed free of charge and processed by the Data Controller as soon as possible, in any case within one month of receipt of the relevant request.

DEFENCE IN JUDGMENT The User’s personal data may be used by the Data Controller in legal proceedings or in the preliminary phases of its possible initiation for the defence against abuses committed by the User in the use of this Website and the services connected to it. The User declares to be aware that the Data Controller may be obliged to disclose personal data upon order by the Public Authorities.

CHANGES TO THE WEBSITE

The Website owner reserves the right to change the contents of the Website at any time and with no notice. The User agrees to be bound by any such future changes and therefore undertakes to visit the Website periodically to be informed on any changes.

CHANGES TO THIS PAGE

The Data Controller reserves the right to make changes to this page. The User agrees to be bound by any such future changes and therefore undertakes to visit this page periodically to be informed on any changes. This Privacy Policy was updated on 7 June 2022.