PRIVACY NOTICE

Privacy notice pursuant to Article 13 of Regulation (EU) 2016/679

This privacy notice is drafted pursuant to Art. 13 of Regulation (EU) 2016/679 (“GDPR”) to provide information regarding the processing of personal data of users of the website www.utilgroup.com (“Website”) or through third-party platforms used by the Company (as defined below) for the provision of specific services. Processing will be carried out in accordance with the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimisation, accuracy, integrity and confidentiality.

The data controller for the processing carried out through the Website is Util Industries S.p.A., with registered office at Via Giovanni XXIII, 10 – 14019 Villanova d’Asti AT (Italy) (“Company” or “Controller”).

The Controller has appointed a Data Protection Officer (“DPO”) pursuant to Article 37 GDPR, who may be contacted by users via email at gnovellini@portolano.it.

This privacy notice applies solely to this Website and to third‑party platforms used by the Company to provide specific services and not to other websites that users may access via links, such as social network pages accessible from the Website.

A) Categories of Personal Data

The Company will process personal data, as defined in Art. 4(1) GDPR, of Website users (“Personal Data”). Specifically:

1) Browsing Data

While browsing, the Company collects Personal Data necessary for the operation of the Website, such as IP addresses or domain names of the computers used by users connecting to the Website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment. These data are collected through cookies. For more information, please refer to the Cookie Policy.

2) Data Voluntarily Provided by the User

The Company will process Personal Data provided by the user through contact forms on the Website, via email, or through third‑party platforms used by the Company to provide specific services. The processed Personal Data include identification data (e.g., name and surname), contact data (e.g., phone number and email address), information about the user’s job position (e.g., role within the company), information regarding any appointments and/or events (e.g., appointment time), and any additional information the user chooses to provide.

B) Purposes and Legal Bases of Processing

The purposes and legal grounds for processing Personal Data are as follows:

• Browsing data are processed based on the Company’s legitimate interest in ensuring the proper functioning of the Website and/or identifying anomalies or abuses. They may also be used to generate anonymous statistics to monitor Website performance. For further details, please refer to the Cookie Policy.
• Data voluntarily provided by the user are processed pursuant to Art. 6(1)(b) GDPR in order to respond to the user’s requests.

The provision of Personal Data for these purposes is optional; however, failure to provide them may limit the ability to browse the Website or for the Company to fulfil the user’s requests.

C) Recipients of Personal Data

Personal Data may be shared, for the purposes described above, with:

• persons authorised by the Company to process Personal Data strictly necessary for the operation of the Website or to handle user requests, who are bound by confidentiality obligations (e.g., employees and system administrators);
• third‑party service providers responsible for managing the Website or for the operation of third‑party platforms used by the Company to provide certain services, typically acting as data processors;
• entities, public bodies or authorities to which the communication of Personal Data is mandatory under applicable law or orders of authorities.

D) Transfers of Personal Data

Personal Data will be processed within the European Union, except where the Company uses third‑party platforms to provide certain services. In such cases, Personal Data may be transferred to the United States based on an adequacy decision issued by the European Commission.

Occasionally, it may be necessary to transfer Personal Data to countries outside the European Economic Area (EEA). In these cases, prior to the transfer, the Controller will verify that the transfer complies with the limits imposed by the GDPR. The transfer methods may depend on the European Commission’s adequacy assessment, which may change over time.

Users may contact the Controller at the email addresses listed in the section “Data Subject Rights” below to obtain further information regarding such transfers and receive a copy of the safeguards adopted.

E) Retention of Personal Data

Personal Data will be stored only for the time necessary to achieve the purposes for which they are collected, in accordance with the principle of minimisation set out in Art. 5(1)(c) GDPR.

For retention periods of browsing data collected via cookies, please refer to the Cookie Policy.

Other Personal Data, particularly those voluntarily provided by the user, will be retained for the time necessary to fulfil the user’s requests.

F) Data Subject Rights

Pursuant to Articles 15 et seq. GDPR, users may request from the Company, at any time, access to their Personal Data, rectification or erasure of such data, object to processing, request restriction of processing under the conditions of Art. 18 GDPR, and obtain their Personal Data in a structured, commonly used and machine‑readable format under Art. 20 GDPR.

Users always have the right to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali) pursuant to Art. 77 GDPR if they believe that the processing of their Personal Data is in breach of applicable law.

Users may exercise their rights by contacting the Controller at personale.util@cert.inrete.it or the DPO at gnovellini@portolano.it.

G) Amendments

This privacy notice is effective as of April 2026. The Company reserves the right to amend or update its content, in whole or in part, also due to changes in applicable law.

Users are therefore encouraged to regularly review this section to stay informed about the most recent and updated version of the privacy notice, so as to be aware of the data collected and how the Company uses it.