EXTENDED INFORMATION PURSUANT TO ARTICLES 12, 13 AND, WHERE APPLICABLE, 14 OF THE GDPR – REGULATION (EU) 2016/679 ON THE PROTECTION OF NATURAL PERSONS WITH REGARD TO THE PROCESSING OF PERSONAL DATA (HEREINAFTER THE GDPR) 1. The data controller provides, below, the information pursuant to articles 12, 13 and, where applicable, 14 of the GDPR relating to the processing of personal data provided by the Customer/data subject by completing and signing the Contract to purchase the products/services offered for sale by the data controller itself, by spontaneously uploading personal data to this website (the “Site”) (in particular by filling out forms) or simply by browsing it. 1. Data controller and contact details Data controller: WASISCO S.r.l. (Tax code and VAT number 07210700485, with registered office at Via Modigliani, 73). 2. Principles applicable to processing. In accordance with the provisions of the GDPR, the data controller constantly strives to ensure that personal data are: processed lawfully, fairly, and in a transparent manner; collected for specified, explicit, and legitimate purposes, and not further processed in a manner that is incompatible with those purposes; adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed; accurate and, where necessary, kept up to date; retained for no longer than is necessary for the purposes for which they are processed; processed using appropriate technical and organizational measures to ensure their security; processed, where based on consent, by freely taken decision of the Customer/data subject, on the basis of a request presented in a manner clearly distinguishable from other forms of processing, in an intelligible and easily accessible form, using clear and plain language. The data controller adopts appropriate technical and organizational measures to ensure the protection of personal data by design and to guarantee that, by default, only the data necessary for each specific processing purpose is processed. The data controller collects and takes into account the indications, observations, and opinions of the Customer/Data Subject sent to the contact details above, in order to implement a dynamic privacy management system that ensures effective protection of individuals with regard to the processing of their data. This Privacy Policy may be subject to changes, consistent with developments in the relevant legislation and the technical and organizational measures adopted by the data controller; the Customer/Data Subject is therefore requested to periodically visit this section of the Website to review updates and the Privacy Policy in its current form. 3. Methods of processing personal data. Personal data is processed manually and electronically, using procedures strictly related to the purposes indicated below and, in any case, in a manner that guarantees the security and confidentiality of the data. 4. Purposes of processing personal data. (4a) Purposes for which data processing is necessary. The personal data provided by the Customer/data subject are primarily processed for the performance of the Contract and credit management and, more generally, the relationship arising from the Contract itself. The provision of data in the Contract or subsequently, during the contractual relationship, for the processing purposes in question is mandatory; therefore, failure to provide such data, or partial or incorrect provision of such data, makes it impossible to stipulate and/or perform the Contract and, for the Customer/data subject, to use the products/services offered by the data controller, potentially exposing the Customer/data subject to liability for breach of contract. The personal data provided by the Customer/data subject may also be processed if this is necessary to comply with a legal obligation to which the data controller is subject, to safeguard the vital interests of the Customer/data subject or of another natural person, to perform a task carried out in the public interest or in connection with the exercise of public authority vested in the data controller, or to pursue the legitimate interest of the data controller or of third parties, provided that the interests or fundamental rights and freedoms of the Customer/data subject do not prevail; even in these cases, the provision of data is mandatory and, therefore, failure to provide, partial or incorrect communication of data may expose the Customer/data subject to possible liabilities and sanctions provided for by the legal system. (4b) Further purposes of processing following the specific and express consent of the Customer/data subject. In addition to the processing purposes mentioned above, the personal data