PRIVACY POLICY

Pursuant to the Legislative Decree of 30 June 2003, no. 196 and following edits (hereinafter "Privacy Code") and the European Regulation no. 2016/679 (hereinafter "Privacy Regulation"), WP Lavori in corso S.r.l. intends to inform you about the loyalty program "WP Club" on the use of personal data collected.

1. Data Controller, Data Processors and Data Protection Manager.

The Data Controller for the processing of personal data is WP Lavori in corso S.r.l. (Italian Tax Code and VAT no. IT02370420370), with registered office in 40129 Bologna, Via dell’Arcoveggio n. 59/5, e-mail privacy@wplavori.com, (hereafter referred to as “Data Controller”).

The updated list of designated Data Processors may be provided following a request on the part of the parties concerned and/or Users.

The Data Protection Manager (designated pursuant to art. 37 of the GDPR) can be contacted by writing to the following email address: privacy@wplavori.com.

2. The personal data you provide: purposes for processing

Your personal data is used to allow you, following your registration with WP Club, to activate the customer loyalty programme and allow us to send you information regarding the relative promotions and discounts of interest to you.

Your data is processed for the following purposes:

• to carry out activities of "loyalty in the strictest sense" connected to the registration to the WP Club program, which cannot be carried out in an anonymous form, and are necessary for assigning the advantages inherent to its use. These include the use and recognition of promotions, the offer and sending of rewards, participation in the collection of points, as well as promotional events reserved for loyal customers, etc.;
• to update you, subject to your express consent, on all our promotional and direct marketing initiatives, also by sending advertising and/or promotional material, using automated tools and/or traditional methods of contact, such as e-mail, SMS, MMS, instant multimedia messaging applications (“Marketing”);
• to carry out, subject to your express consent, customer profiling based on purchasing choices and information provided as an optional during registration to the loyalty program, in order to create personalised promotions based on your profile (hereafter referred to as “Profiling Activities”).

The processing of personal data for the above stated purposes will be carried out in compliance with the Privacy Code, the Privacy Regulation and all specific sector regulations, including the provisions of the "Guarantor Rules for loyalty programs" of 24 February 2005.

In compliance with the “Guidelines on promotional activity and action against spam” of 4 July 2013, please note that any consent given by you for sending commercial, promotional and marketing communications through automated tools will also extend to traditional methods of contact.

The personal data you provide will be processed mainly using IT tools under the authority of the Data Controller, by persons specifically appointed, authorised and trained in processing in accordance with articles 28 and 29 of the Privacy Regulation. We inform you that suitable security measures are observed also pursuant to articles 5 and 32 of the Privacy Regulations to prevent the loss of data, illicit use or misuse and unauthorised access.

3. Consent of a necessary or optional nature for the provision of personal data, the consequences of refusal to provide data and the legal basis for processing.

Please be aware that for the purposes referred to in point (i) of art. 2 above, the provision of your personal data is compulsory as by failing to provide the required information, you will not be able to register and activate the WP Club loyalty programme, enjoy the advantages associated with it, including the use and recognition of promotions, the offer and sending of rewards, participation in collection points and promotional events reserved for loyal customers, etc.

The provision of your personal data is not mandatory, but rather optional for the purposes referred to in points (ii) and (iii) of art. 2 above. Failure to provide data for the abovementioned purposes will not allow us to carry out Marketing activities and Profiling Activities. To this end, you can also freely decide whether or not to give your consent for these purposes, without this affecting the possibility of using the services offered through the WP Club program.

Remember that, for any reason and at any time, you can ask the Data Controller to delete your personal data simply by sending a request, without particular formalities, to the addresses indicated in art. 1 above.

With reference to the purposes referred to in point (i) of art. 2 above, the legal basis for processing is, in fact, the implementation of the services provided through the WP Club loyalty program (pursuant to article 6, paragraph 1, letter b of the Privacy Regulation) instead, with reference to the purposes referred to in points (ii) and (iii) of art. 2 above, the legal basis of the processing is your freely expressed consent (pursuant to article 6, paragraph 1, letter a of the Privacy Regulation).

4. To whom and where we may send your personal data.

Your data may be communicated, within the EU, in full compliance with the provisions of the Privacy Code and the Privacy Regulation, to the following subjects:

• to the financial and/or other public authorities, where this is required by law or at their request;
• to the structures, subjects and external companies that the Data Controller employs to carry out activities which are instrumental and/or ancillary to the management of the WP Club program or the provision of the services and benefits connected to it; these include software solution providers, web applications and storage services also provided through Cloud Computing systems (all data will be stored on servers located within the European Community);
• to the structures, subjects and external companies that the Data Controller employs to carry out activities which are instrumental and/or ancillary to the performance of Marketing and/or Profiling activities to which you have given your express consent to these purposes for processing your data;
• where you have given your express consent for specific marketing purposes, to the partner companies, to which the Data Controller is a part;
• to external third party consultants (for example, for the management of tax obligations), if not designated in writing, Data processors.

5. Rights of the Data Subject

Remember that you can exercise your rights at any time, pursuant to articles 15, 16, 17, 18, 20 and 21 of the Privacy Regulation, in the manner established by article 12 of the Privacy Regulation.

If our Company does not provide you with a reply within the time allowed by law, or the response to a request to exercise your rights is not deemed acceptable, you may appeal to the Guarantor for the protection of personal data. If you believe that our Company has committed a violation of the Privacy Code and/or the Privacy Policy, you may appeal to the Guarantor for the protection of personal data. Contact details for the Guarantor of Privacy: Guarantor for the protection of personal data, www.gpdp.it - www.garanteprivacy.it, Email: garante@gpdp.it, Fax: (+39) 06.69677.3785, Telephone: (+39) 06.69677.1.

6. DURATION OF THE processing

Without prejudice to legal obligations, personal data will be kept for the duration of your participation in the WP Club program.

In any event, the data relating to the details of purchases with reference to identifiable customers can be stored for Profiling and Marketing purposes for a period not exceeding 12 and 24 months, respectively, from the time of customer registration, excluding the actual transformation into anonymous form that does not make it possible to identify you, even indirectly or by connecting to other data banks.

The data necessary for the provision of Marketing services will be processed through an "OPT-OUT" management model, that is until the explicit declaration by the interested party to unsubscribe to the aforementioned services is received.

7. Security of personal data

Your data is processed in accordance with the applicable law and using adequate security measures in compliance with current applicable legislation, pursuant to the articles 5 and 32 of the Privacy Regulation.

In this regard, we confirm, among other things, the adoption of appropriate security measures to prevent unauthorised access, theft, disclosure, modification or unauthorised cancellation of your data.

8. CHANGES TO THE PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Statement: in this case, you will be promptly informed through its publication.