Information on the Protection of Personal Data pursuant to Regulation (EU) 2016/679 (GDPR)

Dear User,

This policy provides information regarding the processing and protection of personal data pursuant to Regulation (EU) 2016/679 (GDPR), Legislative Decree 196/2003 (Privacy Code) as amended, and the rulings of the Italian Data Protection Authority.

1. IDENTITY AND CONTACT DETAILS OF THE JOINT CONTROLLERS

Maip S.r.l. (VAT: 05427660013), operating office at Via G. Verga no. 30, 10036 Settimo Torinese (TO); Maip Compounding S.r.l. (VAT: 04518350014), operating office at Via Cascina Borniola no. 5, 10036 Settimo Torinese (TO); Ciceri De Mondel S.r.l. a Socio Unico (VAT: 00860840156), operating office at Via Luigi Galvani no. 13, 20080 Ozzero (MI); BIO ON S.p.A. (VAT: 12758630011), operating office at Via Legnana 1900, 40024 Gaiana (BO) — all with registered office at Corso Duca degli Abruzzi no. 5, 10128 Torino (TO); email: privacy@maipsrl.com — hereinafter collectively referred to as "Gruppo Maip" — inform you that they act as Joint Controllers pursuant to Art. 26 of the GDPR.

2. DATA PROTECTION OFFICER (DPO) CONTACT DETAILS

The Joint Controllers have appointed a Data Protection Officer (DPO), reachable at: dpo@maipsrl.com.

3. TYPES OF PERSONAL DATA

• AUTOMATICALLY ACQUIRED BROWSING DATA:

The IT systems responsible for operating the website acquire, during normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols (e.g., IP addresses, domain names of users' computers, request time, method used to submit the request to the server, size of the response file, status code, etc.), and other parameters related to the user’s operating system and IT environment. These data are used exclusively to compile anonymous statistical information about website usage and to ensure its proper functioning. No consent is required for this processing as it is based on the Joint Controllers’ legitimate interests and/or necessary compliance with legal obligations related to the operation of the website.

• PERSONAL DATA VOLUNTARILY PROVIDED BY THE USER:

Through registration, form completion, or other contact methods, users voluntarily provide their personal data to the Joint Controllers. The provision of personal data via registration or other forms (spontaneous contact, event sign-up, webinars, etc.) is optional. However, failure to provide data will prevent proper registration for sites, webinars, or events and the possibility of receiving a response to any inquiries submitted to the Controllers.

4. PURPOSES AND LEGAL BASES FOR DATA PROCESSING

User data collected via the websites https://www.maipsrl.com/?lang=en, https://www.filoalfa3d.com/gb/blog/3_.html, https://www.bio-on.com/en/, are processed for the following specific purposes under EU Regulation 679/2016, which requires all data processing to have a legal basis:

• USER INTERACTION AND WEBSITE FUNCTIONALITY

PURPOSE: Facilitate navigation; provide website services; manage contracts; customer care; respond to information requests; response to messages; register users for events/webinars; distribute informational materials; ensure regulatory compliance.

LEGAL BASIS: Processing is necessary for pre-contractual or contractual obligations. Providing data is mandatory for service delivery.

• PRODUCT AND SERVICE INFORMATION / NEWSLETTERS

PURPOSE: Receive, via email or newsletter er upon explicit request, promotional communications regarding products, services, webinars, events, and trade shows. This is part of B2B marketing activities.

LEGAL BASIS: Processing is based on the Joint Controllers’ legitimate interest, balanced with the rights of the data subject. Users are informed of their right to object at any time, free of charge, by sending an email to privacy@maipsrl.com or using the unsubscribe link in communications.

5. DISCLOSURE AND RECIPIENTS OF PERSONAL DATA

Providing personal data is a contractual requirement necessary for service provision. Failure to do so may prevent service delivery. Data will not be publicly disclosed but may be shared with third parties if required for service delivery, or with entities performing technical or organizational tasks on behalf of the Controllers. These entities are formally appointed as Data Processors under Art. 28 of EU Regulation 679/2016.

6. DATA RETENTION PERIOD AND CRITERIA

In line with the principles of proportionality, minimization, and necessity, personal for the time necessary to fulfil the purposes for which they were collected and to comply with legal, contractual, and accountability obligations. Specific retention periods may vary depending on the processing activity.

7. METHOD AND LOCATION OF DATA PROCESSING

Data are processed using both paper and digital tools, stored in databases with security measures to prevent data loss, misuse, or unauthorized access. Processing may take place at the Controllers' premises or by appointed Data Processors. Processing for marketing purposes involves remote communication tools such as email. HubSpot CRM, provided by HubSpot Inc., is used for managing customer/prospect relationship. The platform operates from European servers and has been appointed as a Data Processor pursuant to Art. 28 GDPR. If necessary, additional data may be requested to deliver further services.

8. DATA SUBJECT RIGHTS AND RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY

At any time, the Data Subject may exercise the following rights by contacting privacy@maipsrl.com:

• Right to withdrawal of consent at any time (if given) (Art. 7);

• Right of access (Art. 15);

• Right to rectification (Art. 16);

• Right to erasure (“right to be forgotten”) (Art. 17);

• Right to restriction of processing (Art. 18);

• Right to data portability (Art. 20);

• Right to object to processing (Art. 21);

• Right not to be subject to a bject to automated processing, including pr decision based solely on automated processing, including profiling (Art. 22);

• Right to lodge a complaint with the supervisory authority if data protection rights are believed to have been violated.

9. FINAL INFORMATION

The Joint Controllers reserve the right to modify or update this Privacy Policy (e.g., in response to legal changes). Updates will be published on this website, and users are encouraged to periodically review this policy to stay informed of their rights.