PRIVACY POLICY FOR THE PROCESSING OF CUSTOMER PERSONAL DATA (B2B)
pursuant to article 13 of the General Regulation for the Protection of Data (EU) 679/2016 ("GDPR")

This information is valid from the date of publication. The Data Controller may make changes and/or additions to this Information, also as a consequence of any subsequent regulatory changes and/or additions

Owner
LB Fashion Srl a socio unico "Owner"), VAT number IT01391700299 with registered office in Via Privata del Gonfalone, 3 – 20123 Milan (MI) which can be contacted at the following email address servizio.clienti@lbfashionsrl.it, is the data controller in relation to the processing of personal data described in this information.

To whom does the Information apply?
This information on the processing of personal data applies to the processing of data by the Data Controller personals of:

a) B2B customers, dealers, resellers in the case of natural persons or individual companies; and

b) legal representatives, partners (natural persons), administrators, attorneys, members of the board of auditors, other subjects with powers of representation and/or management and/or control who are natural persons, as well as employees and collaborators of B2B customers, dealers, resellers, and other contractual counterparties

(hereinafter jointly defined as the "Interested").

Source of the data processed

The Data Controller collects the personal data relating to the Interested Party directly from the latter - where the contractual counterparty of the Data Controller is a natural person or sole proprietorship - or from the company/entity to which the Interested Party belongs, at the time of registration for the event in which the interested party intends to participate, for registration on the digital platform during events, fairs, work meetings and in the negotiation and/or conclusion and/or execution and/or termination phase of the contract established with the Holder. Furthermore, the Data Controller may collect personal data relating to the interested party from lists, registers and other publicly accessible sources - such as, for example, the data reported on the company's certificate of incorporation. to which the interested party pertains - as well as from databases of subjects offering information on the reliability business of entrepreneurs and managers.

The data collected will flow into the Data Controller's database who will process them as as an independent owner, for purposes of selling its Products, online and at its offices, as well as for purposes marketing (as described below). The data may also be collected by companies affiliated and/or controlled and by retailers or commercial partners of Cassina who operate in Italy and abroad and in this case they will be designated by the Data Controller as data controllers.

What data are processed?

Depending on the purposes and at the time of collection, the Data Controller processes the following types of personal data relating to the interested party:

a) personal data, contact details, identity document; and the role held at the company/entity to which the interested party belongs; b) the company name, the address of the main office and any secondary offices, the VAT number and/or the tax code, the details of the bank account or accounts of the interested party, in the event that this is a natural person or sole proprietorship; c) data relating to reliability economic-financial interests of the interested party - in the case of a sole proprietorship or company single-member - collected through the use of databases of subjects who offer information on the reliability commercial of entrepreneurs and managers and who have adhered to the Code of Conduct for the processing of personal data regarding commercial information approved by the Guarantor for the processing of personal data. d) further personal data relating to the interested party that may be collected by the Data Controller during the negotiation and/or conclusion and/or execution and/or termination phase of the contract established with the Data Controller;

(hereinafter jointly the "Data").

Interested parties are recommended not to provide the Data Controller with Data that is not necessary for the pursuit of the purposes of the Data Controller. referred to in this information on the processing of personal data.

For what purposes? Are the Data processed?

The Data Controller processes the Data of the Interested Parties for:

a) carry out negotiations and execute the contract to which the interested party is a party during an online purchase or at the showroom, for registration for one of the events organized by the Owner or for registration on the interactive digital platform of the Data Controller (hereinafter "Contractual Purposes");

b) fulfill the obligations deriving from the applicable legislation, including tax legislation (hereinafter "Purpose of Law"); and

c) if the Data Controller's contractual counterparty is a company, pursue the Data Controller's legitimate interest in carrying out the negotiations and executing the contract to which the company/entity to which the interested party belongs is a party;

d) pursue the legitimate interest of the Data Controller in verifying the security and reliability of the data controller. commercial and financial aspects of its B2B customers, dealers, resellers, and other contractual counterparties, prevent fraud, guarantee the solidity of the management and correct execution of commercial relationships between the Owner and its B2B customers, dealers, resellers, and other contractual counterparties,

e) assert and defend one's rights, including in the context of debt collection procedures, against the interested party or third parties in any dispute;

f) carry out activities functional to company and business branch sales, acquisitions, mergers, demergers or other transformations and for the execution of such operations;

g) send potential professional buyers of the Owner's products and services communications of a commercial nature, on collections, exhibitions and events relating to the Owner;

h) communicate to other companies of the group to which the Owner belongs, the contact information of potential professional buyers of the products and services of the same companies; of the group

On what basis is the Data processed?

Data processing is necessary with reference to the Purposes Contractual and Purposes of law, in order to allow you to participate in the event, register on the platform, negotiate, stipulate, execute and/or terminate the contract between the Owner and the Interested Party, as well as in order to comply with the provisions of the applicable legislation. Failure to provide the Data for these purposes will determine the impossibility for the Owner to allow you to participate in the event, register on the platform or execute the aforementioned contract.

The processing of Data for the Purposes of Legitimate Interest is carried out pursuant to article 6, letter f) of the European Regulation for the pursuit of the legitimate interest of the Data Controller, which is equally balanced with the legitimate interest of the interested parties, as the activity of processing of Personal Data is (i) limited to what is strictly necessary for the execution of economic operations and other activities; indicated in the previous letters. from c) to f) and is (ii) functional to maintaining commercial relationships with professional customers for business activities referred to in points g) and h). The treatment for the Purposes of Legitimate Interest is not mandatory and the interested party may object immediately or subsequently to each treatment with the methods indicated in paragraph 12) of this Information, but if the interested party objects to said processing, his/her data cannot be used for the purposes & agrave; of Legitimate Interest. For example, in the case of activities referred to in points g) and h), the interested party may object both to the communication of your contact details to other companies; of the Group but also in general to receive any communication of a promotional nature from the Owner, without this in any way jeopardizing the contractual relationship with the Owner.

How is the Data processed?

In relation to the above-mentioned purposes, the Data will be processed both with the aid of IT or automated tools, and on paper, and will be protected through suitable measures to guarantee the confidentiality and security of personal data. In particular, the Data Controller adopts appropriate organizational and technical measures to protect the Data in its possession against loss, theft, as well as the unauthorized use, disclosure or modification of the Data.

To whom is the Data communicated?

For the purposes referred to in paragraph 6, the Data Controller can communicate - in whole or in part - the Data of the Interested Parties to the following categories of subjects:

a) workers of the Data Controller or of the subjects indicated below, as data processors, within the scope of their respective duties and within the limits established by law; b) suppliers of instrumental or support services to those carried out by the Data Controller and therefore, by way of example but not limited to, legal, administrative and tax consultants, banking institutions for the management of collections and payments deriving from the execution of the contract between the Data Controller and the interested party or the company/entity to which he/she belongs, company of auditing, company of commercial information authorized pursuant to art. 134 T.U.L.P.S., company those in charge of event management, companies responsible for sending marketing newsletters, technology service providers, as of independent data controllers or data processors; c) subcontractors and/or subcontractors engaged in activities connected to the execution of the contract between the Data Controller and the Interested Party or the company/entity to which the latter belongs, in their capacity as of external data controllers; d) resellers or commercial partners of the Owner or company of the group to which the Data Controller belongs who carry out services on behalf of the Data Controller, including the collection of data to be included in the "CRM" customer relationship management system. These subjects will act in their capacity as of data controllers; f) public bodies and/or authorities judicial and/or supervisory authorities whose right of access to the data of the interested party is provided for by the applicable legislation, as of independent data controllers; and g) transferees of a company or business branch, company resulting from possible mergers, splits or other transformations of the Data Controller, as independent data controllers.

Some of the entities listed above may be located in countries outside the European Union or the European Economic Area. Specifically, the Data that will be inserted into the CRM database, whose servers are located in the territory of the European Union, will be shared with subjects who may however be located both inside and outside the EEA, since the Data Controller offers its products and services to customers and business partners in all countries where it is present. present. In this case, the communication of the Data will take place in accordance with what is indicated in the following paragraph.

How long is the Data retained?

The Data will be stored by the Owner:

a) For registration for the event, for registration on the interactive digital platform or in the event of a positive outcome of contractual negotiations, for a period equal to the duration of the contract stipulated between the Data Controller and the Interested Party , or the company/entity to which it belongs, and for 10 years following its termination; b) in the event of a negative outcome of the contractual negotiations, the Data will be deleted at the end of the negotiation phase;

and in any case unless further storage of the Data is necessary in order to exercise or defend a right of the Data Controller against the interested party or third parties in any dispute.

With reference to the data processed for the purposes of sending commercial communications, the Data Controller will deal with the data of the interested party until the possible exercise of the right of opposition and, in any case, no later than 2 years from the end of the contractual relationship between the Data Controller and the company/entity to which the interested party belongs.

Upon termination of the retention period, the data will be deleted, anonymized or aggregated.

What are the rights of the interested parties?

Without prejudice to the possibility of the interested party not to provide their data, the interested party, at any time and free of charge, may:

a) obtain confirmation of the existence or otherwise of Data concerning him; b) know the origin of the Data, the purposes of the treatment and its methods, as well as the logic applied to the processing carried out using electronic tools; c) request the updating, rectification or - if interested - integration of the Data concerning him; d) obtain the cancellation, transformation into anonymous form or blocking of any Data processed in violation of the law, as well as; to oppose, for legitimate reasons, the processing; e) revoke your consent, where previously given; f) ask the Data Controller to limit the processing of the Data concerning him in the event that (i) the interested party disputes the accuracy of the Data, for the period necessary for the Data Controller to verify the accuracy of such Data; (ii) the treatment is unlawful and the interested party opposes the deletion of the data and instead requests that its use be limited; (iii) although the Data Controller no longer has any necessary for the purposes of processing, the Data is necessary for the interested party to ascertain, exercise or defend a right in judicial or extrajudicial proceedings; (iv) the interested party has opposed to the processing pursuant to article 21, paragraph 1, of the European Regulation pending verification of the possible prevalence of the legitimate reasons of the Data Controller over those of the interested party; g) object at any time to the processing of your Data for purposes of Legitimate Interest; h) request the deletion of the Data concerning him without unjustified delay and i) obtain portability; of the Data concerning him.

The interested party will have furthermore the right to lodge a complaint with the Guarantor for the Protection of Personal Data at the contacts available on the website www.garanteprivacy.it, where the conditions exist.