1. INTRODUCTION - WHO ARE WE? 

API S.r.l. with registered office in Via Giosuè Carducci, 8, 20123 - Milan, Tax Code/VAT No. 07681260159 (hereinafter, "Owner"), owner of the website https://www.api-srl. com/ (hereinafter, the "Site"), as the owner of the processing of personal data of users browsing the Site (hereinafter, "Users") provides below the privacy policy pursuant to Article 13 of the EU Regulation 2016/679 of April 27, 2016 (hereinafter, "Regulation", or "Applicable Legislation"). 

2. HOW TO CONTACT US? 

The Controller holds in the highest regard the right to privacy and protection of personal data of its Users. For any information in relation to this privacy policy, Users may contact the Controller at any time using the following methods: 

• By sending a registered letter with return receipt to the registered office of the Holder: Via Giosuè Carducci, 8, 20123 - Milan; 
• By sending an e-mail message to: info@api-srl.com  

The Controller has not identified a Data Protection Officer (DPO or DPO), as it is not subject to the designation requirement under Article 37 of the Regulations. 

3. WHAT WE DO. - PURPOSE OF PROCESSING 

Through browsing the Site, the User can obtain information and/or request a quote on the services offered by the Owner through the Site; send a message to the Owner through the "contact us" section; as well as be able to apply for one of the job positions open in the "work with us" section. 

In connection with activities that may be carried out through the Site, the Owner collects personal data about Users. 

This Site and any services offered through the Site are restricted to individuals who are eighteen years of age or older. Therefore, the Owner does not collect personal data relating to individuals under the age of 18. Upon the request of Users, the Owner will promptly delete all personal data unintentionally collected relating to individuals under the age of 18.  

Specifically, personal data of Users will be lawfully processed by the Controller for the following processing purposes: 

1. Allow navigation of the Site. The User data collected by the Owner for the sole purpose of browsing the Site include all those personal data whose transmission is implicit in the use of Internet communication protocols, such as: IP addresses used by users connecting to the Site, addresses in URI(Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, log files and other parameters relating to the User's operating system and computer environment. More information about the cookies used on the Site is available in Section 8 below of this policy. 

2. Fulfilling the User's Request: The User's data collected by the Owner for the purpose of fulfilling its request, in the "Build Your Project" section of the Site include: the User's first name, last name, email address, telephone number, company, own role, as well as any personal information of the User that may have been eventually and voluntarily posted. The User's personal information will be used by the Data Controller for the sole purpose of ascertaining the User's identity, thus avoiding possible fraud or abuse, and contacting the User for service reasons only (e.g. responding regarding his/her request). Notwithstanding the provisions elsewhere in this privacy policy, under no circumstances will the Controller make Users' personal data accessible to other Users and/or third parties. 

3. Contact and/or Information Request. The User's data collected by the Owner for the purpose of any contact request and/or information request on the Site include: the User's first name, last name, e-mail address, telephone number, company, own role, as well as any personal information of the User that may have been possibly and voluntarily posted. The User's personal information will be used by the Data Controller for the sole purpose of ascertaining the User's identity, thus avoiding possible fraud or abuse, and contacting the User for service reasons only (e.g. responding regarding his/her request for information). Notwithstanding the provisions elsewhere in this privacy policy, under no circumstances will the Controller make Users' personal data accessible to other Users and/or third parties. 

4. Application Submission. The User's personal data collected and processed by the Owner for the sole purpose of processing the request regarding the possibility of establishing a collaborative activity with the Owner include: first name, last name, e-mail address, city of residence, date of birth, nationality, area of expertise, educational qualification, as well as any personal information of the User that may have been voluntarily and voluntarily published. No other processing will be carried out by the Data Controller in relation to Users' personal data. Notwithstanding the provisions elsewhere in this privacy policy, under no circumstances will the Controller make Users' personal data accessible to other Users and/or third parties; 

5. Administrative-accounting purposes, i.e. to carry out activities of an organizational, administrative, financial and accounting nature, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations; 

6. legal obligations, i.e., to fulfill obligations required by law, authority, regulation or European legislation. 

The provision of personal data for the processing purposes indicated above is optional but necessary, as failure to provide such data will result in the impossibility for the User to browse the site and take advantage of the services offered by the Owner on the Site. 

4. LEGAL BASIS. 

Contractual obligations and fulfillment of the User's request (as described by par. 3, lett. a), b), c), d) and e) above): the legal basis consists of art. 6, par. 1, lett. b) of the Regulations, i.e. the processing is necessary for the performance of a contract to which the User is a party or for the execution of pre-contractual measures taken at the User's request. 

Legal obligations (as described by para. 3(f) above): the legal basis consists of Art. 6(1)(c) of the Regulations, as the processing is necessary to fulfill a legal obligation to which the Data Controller is subject. 

5. DATA PROCESSING METHODS AND RETENTION TIMES 

The Data Controller will process Users' personal data using manual and computerized tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure the security and confidentiality of the data. 

Personal data of Users of the Site will be retained for the time strictly necessary to fulfill the primary purposes outlined in paragraph 3 above, or otherwise as necessary for the protection in civil law of the interests of both Users and the Data Controller. 

In the case of paragraph 4.1 and 4.2. above, Users' personal data will be kept for the time strictly necessary to fulfill the purposes illustrated in the same and, in any case, until the User revokes his or her consent.  

In any case, any retention periods stipulated by law or regulation are subject.   

6. SCOPE OF DATA COMMUNICATION AND DISSEMINATION 

The personal data of the Users may come to the knowledge of the employees and/or collaborators of the Controller in charge of managing the Site and the requests of the Users. These individuals, who have been instructed to do so by the Controller in accordance with Article 29 of the Regulations, will process Users' data exclusively for the purposes indicated in this notice and in compliance with the provisions of the Applicable Regulations.  

Third parties who may process personal data on behalf of the Data Controller as Data Processors may also become aware of Users' personal data, such as, but not limited to, IT and logistics service providers functional to the operation of the Site, outsourcing or cloud computing service providers, professionals and consultants. 

Users have the right to obtain a list of any data processors appointed by the Controller by making a request to the Controller in the manner set forth in paragraph 9 below. 

7. COOKIE POLICY 

This section describes the characteristics and purpose of the cookies used by the Site, as well as instructions for objecting to their use. 

1.  TYPES OF COOKIES 

The Italian Data Protection Authority's Provision No. 229 of May 8, 2014, as supplemented and amended by the Guidelines of June 10, 2021, requires all operators of websites that use cookies or other tracking technologies to inform users about the types of any cookies used by the site, and has categorized cookies into two macrocategories: "technical" cookies and "profiling" cookies: 

• Technical cookies: these are those used for the sole purpose of providing the services offered by the respective website. They are not used for any further purposes and are normally installed directly by the owner or operator of the website. They can be divided into navigation or session cookies, which ensure the normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas); analytics cookies, assimilated to technical cookies where they are used directly by the website operator to collect information, in aggregate form, on the number of users and how they visit the website itself; functionality cookies, which allow the user to navigate according to a set of selected criteria (for example, language, products selected for purchase) in order to improve the service rendered to the same. The installation of such cookies does not require the prior consent of the users; however, the users must be guaranteed the possibility not to save them; 
• Profiling cookies: they have the functionality of creating profiles related to the user and are used to send advertising messages in line with the preferences expressed by the same in the context of web browsing. Due to the particular invasiveness that these devices can have within the private sphere of users, European and Italian regulations provide that the user must be adequately informed about their use, so that he/she can thus express valid consent to their saving. 

2. TECHNICAL COOKIES USED ON THE SITE 

The Site uses only technical cookies necessary for the proper functioning of the Site itself. In particular, the cookies used in this Site avoid the use of computer techniques potentially prejudicial to the confidentiality of Users' browsing and do not allow the acquisition of personal data identifying the User. 

 This Site does not use profiling cookies. 

8. RIGHTS OF INTERESTED PARTIES 

Users may exercise the rights guaranteed to them by the Applicable Regulations by contacting the Owner in the following ways: 

• By sending a registered letter with return receipt to the registered office of the Holder: Via Giosuè Carducci, 8, 20123 - Milan; 
• By sending an e-mail message to: info@api-srl.com  

The Controller has not identified a Data Protection Officer (DPO or DPO), as it is not subject to the designation requirement under Article 37 of the Regulations. 

Pursuant to the Applicable Legislation, the Data Controller informs that Users have the right to obtain information on (i) the origin of personal data; (ii) the purposes and methods of processing; (iii) the logic applied in case of processing carried out with the aid of electronic instruments; (iv) the identification details of the data controller and data processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as data processors or persons in charge of processing. 

In addition, Users have the right to obtain: 

1. access,update, rectify or, when they have an interest,supplement the data; 

2. the cancellation, transformation into anonymous form or limitation of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; 

3. certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the protected right. 

In addition, Users have: 

1. The right to withdraw consent at any time if the processing is based on their consent; 

2. The right to data portability (the right to receive all personal data concerning them in a structured, commonly used, machine-readable format); 

3. The right to object: 

• in whole or in part, for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection; 
• in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication; 
• where personal data are processed for direct marketing purposes, at any time, to the processing of their data carried out for that purpose, including profiling insofar as it is related to such direct marketing. 

4. should they believe that the processing concerning them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they habitually reside, in the Member State in which they work, or in the Member State in which the alleged violation occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, based at Piazza Venezia n. 11, 00187 - Rome(http://www.garanteprivacy.it/). 

_____________ 

The Owner is not responsible for updating all links viewable in this Policy, so whenever a link is not working and/or updated, Users acknowledge and agree that they should always refer to the document and/or section of the websites referred to by that link.