PRIVACY POLICY

Privacy Notice pursuant to Article 13 of the EU General Data Protection Regulation 2016/679 (“GDPR”)

This notice is provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter: “GDPR”) to inform users of the website [www.utilgroup.com] (hereinafter “Website”) about the processing of their personal data. The processing will be based on the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity, and confidentiality.

The data controller for the processing of personal data through the Website is Util Industries S.p.A., with registered office at Via Papa Giovanni XXIII, 10 – 14019 Villanova d’Asti AT (Italy) (hereinafter, the “Company” or “Controller”).
The Controller has appointed a Data Protection Officer (“DPO”) in accordance with Article 37 of the GDPR, who may be contacted by e-mail at gnovellini@portolano.it.
This privacy notice applies only to this Website and not to any other websites that may be accessed by users through links, such as social media pages accessible from the Website.

A) Categories of Personal Data
The Company processes users’ personal data, as defined under Article 4(1) of the GDPR (hereinafter “Personal Data”). In particular:

1. Browsing data
   While users navigate the Website, the Company collects Personal Data necessary for its operation, such as IP addresses or domain names of users’ computers, URI (Uniform Resource Identifier) addresses of requested resources, time of the request, method used to submit the request to the server, size of the file received in response, numerical code indicating the response status (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment. These data are collected using cookies. For more information, please refer to the Cookie Policy.

2. Data voluntarily provided by the data subject
   The Company will process the Personal Data provided by users through contact forms on the Website or via e-mail. Such data may include identifying information (e.g. name and surname), contact information (e.g. phone number and email address), job-related details (e.g. job title and role in the company), and any other information voluntarily shared by the user.

B) Purposes and Legal Bases of Processing
The purposes and legal bases for the processing of Personal Data by the Company are as follows:

• Browsing data are processed based on the Company’s legitimate interest to ensure the correct functioning of the Website and/or to detect anomalies or abuses. They may also be processed to compile anonymous statistics to monitor Website performance. For more details, see the Cookie Policy.

• Data provided by the user are processed under Article 6(1)(b) of the GDPR in order to respond to the user’s requests.

The provision of Personal Data for these purposes is optional, but failure to provide such data may make it impossible to navigate the Website or fulfill the user’s requests.

C) Recipients of Personal Data
User Personal Data may be shared, for the above purposes, with:

• Persons authorized by the Company to process Personal Data as necessary to carry out activities strictly related to the operation of the Website or to handle user requests, who are subject to confidentiality obligations or have an appropriate legal obligation of confidentiality (e.g. employees and system administrators).

• Third parties possibly engaged in the management of the Website, who typically act as data processors.

• Authorities, bodies, or entities to which disclosure of Personal Data is required by law or by order of public authorities.

D) Transfers of Personal Data
Personal Data will be processed within the European Union. Occasionally, it may be necessary to transfer Personal Data to countries outside the European Economic Area (EEA). In such cases, before any transfer, the Controller will ensure it is done in compliance with the limitations imposed by the GDPR. The methods of transfer will depend in part on the European Commission’s adequacy decisions concerning the data protection standards in the destination country, which may change over time. In any case, users have the right to contact the Controller via the email addresses provided in the “Data Subject Rights” section below to request more information or obtain a copy of the safeguards in place for such transfers.

E) Data Retention
Personal Data will be retained only as long as necessary for the purposes for which they are collected, in accordance with the data minimization principle set out in Article 5(1)(c) of the GDPR.

For the retention period of browsing data collected via cookies, please refer to the Cookie Policy.

Other Personal Data, especially those voluntarily provided by the user, will be retained for as long as needed to fulfill the user’s requests.

G) Data Subject Rights
Pursuant to Articles 15 et seq. of the GDPR, users may request at any time:

• Access to their Personal Data;

• Rectification or erasure of such data;

• Objection to their processing;

• Restriction of processing in the cases provided for in Article 18 of the GDPR;

• Data portability, i.e., to receive their data in a structured, commonly used, and machine-readable format, in the cases provided for in Article 20 of the GDPR.

Users also have the right to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali) pursuant to Article 77 of the GDPR if they believe that the processing of their Personal Data violates applicable data protection laws.

To exercise these rights, users may contact the Controller at the following email address: personale.util@cert.inrete.it, or the DPO at gnovellini@portolano.it.

H) Changes
This privacy notice is effective as of May 2025. The Company reserves the right to amend or update its content, in whole or in part, including as a result of changes in applicable legislation.

Users are therefore encouraged to regularly consult this section to stay informed about the most recent and updated version of the notice, so they are always aware of the data collected and how it is used by the Company.