PRIVACY NOTICE FOR CONTACT REQUESTS

In accordance with Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), the Data Controller provides the following information regarding the processing of personal data you have submitted by filling out the contact request form to receive commercial information.

Data Controller

The Data Controller is Jacob Cohen Company Spa,

with its registered office at Via Vittorio Pisani 20, 20124 Milan.

Privacy Office

May be contacted at the following e-mail address: privacy@jacobcohen.com

Data Protection Officer (DPO)

May be contacted at the following e-mail address: dpo@consulentegrdr.eu

The updated list of external data processors appointed by the Data Controller in accordance with Article 28 of the GDPR, as well as the individuals authorised to process the data, is available at the Company's headquarters or upon request to the Privacy Office.

Purpose and legal basis of data processing

Your personal data will be processed, without needing further consent, to follow up on your contact request for the description of the commercial offer and, if necessary, to proceed with the contractual arrangement for the request you specified in the message field, as explicitly authorised by you by filling out the form and accepting data processing by submitting the request.

These data will also be processed using electronic tools, recorded in specific databases, and used strictly and exclusively to follow up on your contact request.

Recipients of personal data

For the purposes outlined above, the Data Controller may share your personal data with third parties who, if necessary, will be contractually appointed as data processors, such as those belonging to the following entities or categories of entities:

law enforcement agencies, other public administrations, for compliance with obligations established by law, regulations or EU legislation. In such cases, according to applicable data protection regulations, there is no obligation to obtain the data subject's prior consent for these communications;

companies specialised in managing commercial and/or operational information;

other companies contractually linked to the Data Controller that provide, for example, consultancy services, service support, etc.

The Data Controller ensures that the communication of your personal data to these recipients only involves the data necessary to achieve the specific purposes for which they are intended. Your personal data will be stored in the Data Controller's databases and processed solely by authorised personnel, who will receive specific instructions on how and why to process the data. This data will not be shared with third parties, except as outlined above and always within the indicated limits. Lastly, we remind you that your personal data will not be disclosed except for in the cases described above and/or as required by law.

Transfer of personal data outside the European Union

As a general rule, your personal data will not be transferred outside the European Union. Should your personal data need to be transferred outside the EU, the Data Controller will take all appropriate and necessary contractual measures to ensure an adequate level of protection for your personal data, in accordance with this Privacy Notice, including the use of the Standard Contractual Clauses approved by the European Commission.

Data retention period

Data will be retained for a period not exceeding the time necessary for the purposes for which they were collected or subsequently processed, in accordance with legal obligations.

Specifically, your personal data will not be processed for marketing purposes beyond two years from the date of consent, unless such consent is revoked earlier. After this period, the data will be deleted or otherwise irreversibly anonymised, unless further retention is required by law.

Rights of data subjects

As a data subject, you have the following rights regarding the personal data collected and processed by the Data Controller for the purposes outlined above: (i) the right to access, particularly by requesting confirmation at any time of whether your personal data is held in the Company's archives and making this information available to you in a clear and intelligible manner, as well as the right to know the origin, logic and purpose of the processing, with an explicit and specific indication of the individuals responsible for processing and any third parties to whom your data may be communicated; (ii) the right to request the updating and rectification of data (except evaluative data), the deletion of superfluous data or their transformation into anonymous form, as well as the restriction of processing and definitive deletion in the case of unlawful processing; and (iii) where applicable, the right to restrict processing and data portability. You also have the right to lodge a complaint with the Data Protection Authority if you believe your rights have been violated under the applicable data protection regulations.

The Data Controller has made it possible for you to submit a request, including your details, to the following address: privacy@jacobcohen.com