Information on data processing

Privacy Policy

This Privacy Policy pertains to the website https://www.alpsblockchain.com (hereinafter referred to as the “Site”) and does not apply to other websites that may be accessed through links to external sites/pages. It is intended as a disclosure in accordance with the European Regulation on data protection (hereinafter “GDPR”) and the relevant Italian legislation (hereinafter, collectively, “Applicable Law”) towards those who interact with the Site (hereinafter “Users” or in the singular “User”), by consulting its pages. For information regarding cookies, please refer to the Cookie Policy, which is to be considered an integral part of this Privacy Policy.

DATA CONTROLLER AND CONTACT DETAILS
The Data Controller is Alps Blockchain S.p.A., with its registered office at Vicolo Liceo 1 – 38122 – Trento (TN), Tax Code and VAT No. 02515120224, R.E.A. No. TN – 230317, also referred to as “Data Controller” or simply “Controller”. For any clarification, information, exercise of the rights listed in this Privacy Policy, you can contact the Data Controller at the following addresses: tel. +39 333 2663836, e-mail: amministrazione@alpsblockchain.com, PEC: info@pec.alpsblockchain.com.

PERSONAL DATA SUBJECT TO PROCESSING
The personal data processed through the Site are as follows.
Browsing data
The computer systems responsible for the operation of the Site acquire, during their normal operation, some personal data in aggregate and not immediately identifiable form, the transmission of which is implicit in the use of Internet communication protocols. These are pieces of information that are not collected to be associated with identified subjects, but by their very nature could, through processing and associations with data held by third parties, allow users to be identified. Such technical/information technology data is used exclusively for the purpose of obtaining anonymous or aggregate statistical information on the use of the Site, to monitor the proper functioning of the services offered through the Site, and to identify anomalies and/or abuses. Such information is deleted immediately after processing.
Data provided voluntarily by the user
Through the Site, the User can voluntarily provide personal data such as name, surname, and email address by filling in form present in the section “Contacts” of the Site to request information or to contact the Controller to request a customized quote. The User may also choose to provide their email address to subscribe to the newsletter. The Data Controller will process the User's data in compliance with the Applicable Law, assuming that they refer to the User himself or to third parties who have expressly authorized him to provide them or whose personal data the User had the right to provide. In these cases, the User undertakes to indemnify and hold harmless the Data Controller from any disputes, claims, requests for damages from data processing that may come from such third parties.
Cookies and other tracking tools
Regarding the types of cookies loaded on the Site, please refer to the Cookie Policy.

PURPOSES AND LEGAL BASES FOR PROCESSING
The data acquired will be processed for the purposes and on the basis of the legal grounds indicated below.
Purposes
• Provide feedback to any requests for information/clarifications sent using the forms available on the Site.
• Provide a personalized quote.
• Fulfill the legal obligations to which the Controller is subject, including responding to any requests for exercise of the User's rights as a data subject according to the current data protection legislation.
• Carry out promotional/marketing activities through the sending, by email, of promotional newsletters related to Alps Blockchain S.p.A. and/or the products/services offered by it.
• Check for possible fraudulent or illegal uses of the Site and ensure its security and functionality in the interest of Users and the Controller.
• Conduct research/statistical analyses on aggregated or anonymous data, therefore, unable to identify the User, and measure the traffic and evaluate the use of the Site and the interest shown by Users.
• Assert, exercise, or defend legal claims in court or whenever judicial authorities act in that capacity.
Legal basis
• Processing is necessary for the performance of pre-contractual measures taken at the User's request and/or for the performance of a contract to which the data subject is party [Art. 6(1)(b) of the GDPR].
• Processing is necessary to comply with a legal obligation to which the Controller is subject [Art. 6(1)(c) of the GDPR].
• Processing is based on the consent possibly provided by the User [Art. 130 of Legislative Decree No. 196/2003 (so-called “Privacy Code”) - Art. 6(1)(a) of the GDPR].
• The legitimate interest of the Controller and the Users themselves to prevent or detect any fraudulent or otherwise illegal use of the Site [Art. 6(1)(f) of the GDPR].
• The legitimate interest of the Controller to verify the usability and attractiveness of the Site [Art. 6(1)(f) of the GDPR].
• The legitimate interest in asserting, exercising, or defending a right in court or whenever judicial or administrative authorities exercise their functions [Art. 6(1)(f) of the GDPR].

NATURE OF PROVIDING PERSONAL DATA
The provision of data by the User is optional. However, failure to provide them, in whole or in part, may result in the impossibility to provide feedback to any requests for information/clarifications and/or to requests for exercise of the User's rights as a data subject. Failure to give consent to the sending of commercial communications, on the other hand, will not result in any consequence other than the impossibility of being updated and knowing the news regarding Alps Blockchain S.p.A. and/or its products/services.

METHODS OF PROCESSING PERSONAL DATA
The data is processed with manual and/or electronic tools, in any case, in ways suitable to ensure their security and confidentiality. To this end, the Data Controller has adopted and implements security measures, both technical and organizational, appropriate to the level of risk related to the processing carried out. In particular, the functionality of the Site is provided on an encrypted HTTPS connection and personal data are collected, stored, and preserved on secure servers, protected by firewalls and physically located within the European Union.

RECIPIENTS OF PERSONAL DATA
Processing is carried out by the Controller's personnel specifically authorized based on their respective duties, as well as by Data Processors specifically identified in writing, within the scope of their functions and in accordance with the instructions given by the Controller, ensuring the use of measures suitable for the security of the processed data and guaranteeing their confidentiality, for example, companies, consultants, or professionals possibly in charge of the installation, maintenance, updating of the Site and, more generally, of the management of the hardware and software of the Data Controller, including the hosting provider and the providers of cloud computing and email marketing services (in this case, “MailUp®”). The complete list of Data Processors is available upon request.
The Data may also be communicated to the following categories of recipients:
• subjects, entities, or Public Authorities to whom it is mandatory to communicate your personal data as independent data controllers by law or by orders of the authorities or to prevent and/or ascertain any fraudulent activities or abuses in the use of the Site and the services offered by the Controller;
• companies of lawyers, associated firms, consultants, or professionals (for example, legal, administrative, and/or tax consulting firms) possibly entrusted to support the Data Controller in the proper fulfillment of the legal obligations to which he is subject and/or in the assertion, exercise, or defense of a right in court or out-of-court or whenever judicial or administrative authorities exercise their functions.

TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
The servers of the hosting provider of the Controller, as well as those of the e-mail marketing service provider used by the Controller, are located within the European Economic Area (EEA). However, please refer to what is described within the Cookie Policy for a complete examination of the tools used by the Site that, in particular regarding the products provided by Google Inc., may involve data transfers to third countries.

PERIOD OF RETENTION OF PERSONAL DATA
The personal data of the User or provided by the User will be kept for a period not exceeding that necessary for the pursuit of the purposes previously indicated and for which they are processed. In particular, personal data will be kept for the period necessary to respond to the information/clarification requests received and in any case, for a period not exceeding three months from the date of their provision. In any case, the personal data of the User will be kept for a period not exceeding ten years from the date of their provision, in compliance with the legal obligations incumbent on the Controller. This maximum retention period may be extended, if there are grounds for doing so, to allow the Controller to assert and defend a right in court or whenever the Judicial Authority exercises its functions and/or at its request. Regarding the processing for promotional/marketing communications, the data will be kept for a maximum period of 24 months from the moment consent was given for marketing purposes, without prejudice to the possibility, at any time, to request the revocation of the consent given, without affecting the lawfulness of the processing based on consent before its revocation.

THE DATA SUBJECT'S RIGHTS
The User and/or the third party on whose behalf the User has provided the data has the right to:
• obtain confirmation as to whether or not personal data concerning him or her are being processed and, if so, to access such data and a range of relevant information, including, by way of example, the following: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed; d) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the source of the personal data, if they were not collected from the user himself;
• request and obtain the updating of data, the rectification of inaccurate data or, when interested, the integration of incomplete data;
• request and obtain the deletion of data if: a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) if the User objects to the processing carried out on the basis of a legitimate interest of the Controller and there is no overriding legitimate reason for continuing the processing; c) the data have been unlawfully processed; d) the data must be deleted by the Controller to comply with a legal obligation;
• request and obtain the restriction of processing in the case of: a) dispute of the accuracy of the data for the time necessary for the Controller to carry out the required verifications; b) unlawful processing of data by the Controller, if the user opposes the deletion of the data and instead requests the limitation of their use; c) assertion, exercise, or defense of a right of the User in court, although the Controller no longer needs them for processing purposes; d) waiting for the outcome of the verification regarding the possible prevalence of the legitimate reasons of the Controller over those of the data subject;
• in cases where the processing is based on a contract and is carried out by automated means, request and receive in a structured, commonly used and machine-readable format the data concerning him or her and, if technically feasible, to have them transmitted directly from the Controller to another controller;
• oppose, in whole or in part, for legitimate reasons related to his or her particular situation, to the processing of data concerning him or her, even though they are relevant to the purpose of the collection;
• where the processing is based on the User's consent, withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
• lodge a complaint with the Garante per la protezione dei dati personali (Italian Data Protection Authority) pursuant to and for the effects of Art. 77 of the GDPR and Articles 140-bis and following of the Italian Privacy Code, if he or she believes that the rights he or she enjoys under the Applicable Law have been violated.
The Controller will communicate to each of the recipients to whom the personal data have been transmitted any rectifications or deletions or limitations of processing carried out, except in cases where this proves impossible or involves a disproportionate effort.

HOW TO EXERCISE THE RIGHTS OF THE DATA SUBJECT
As a data subject, the User may at any time exercise the above rights by contacting the Data Controller at the above-mentioned addresses. To lodge a complaint with the Garante per la protezione dei dati personali, you can use the forms available on its website.

UPDATES TO THE PRIVACY POLICY
This Privacy Policy may undergo changes and/or additions and/or updates, also as a result of the updating of the applicable data protection legislation. In such cases, the Data Controller will inform the User about the changes and/or additions and/or updates that have affected this Privacy Policy by publishing them on the Site.