Full policy for website users – cookies

Who are we and what do we do with your personal data? Montefeltro Sport S.r.l. with headquarters in (61029) Urbino (PU), via della Stazione, 50, (hereinafter also the Data Controller), as data controller, is concerned with the confidentiality of your personal data and guarantees them the necessary protection from any event that may put them at risk of infringement. For this purpose, the Data Controller implements policies and practices regarding the collection and use of personal data and the exercise of your rights under applicable legislation. The Data Controller is responsible for updating the policies and practices adopted for the protection of personal data whenever it becomes necessary and, in any case, in the event of regulatory and organisational changes that may affect the processing of your personal data. Montefeltro Sport S.r.l. has identified an internal privacy representative who you can contact at the following e-mail address privacy@montefeltro.com if you have questions about the policies and practices implemented by Montefeltro Sport S.r.l. How does the Data Controller collect and process your data? Personal information about you will be processed in relation to:

• Navigating the Site

The processing of your personal data, such as navigation data e.g. the IP address and cookies issued by browsing the site are processed by the Data Controller to follow up the management of the site and to collect information of an aggregate nature. Your personal data will not be disseminated or disclosed to any indeterminate party.

• Communication to third parties and recipients

The communication of your personal data takes place mainly with regard to third parties and / or recipients whose activity is necessary for the performance of activities related to the aforementioned purposes, and also to meet certain legal obligations. Any communication that does not fall under these purposes will be submitted to you for your consent. In particular, your data will be communicated to third parties/recipients for:

• the performance of the service (e.g. IT service provider);

• communications to the financial administration, and to the public supervisory and control bodies towards which the Data Controller must fulfill specific obligations deriving from the specific nature of the activity carried out;

The personal data that the Data Controller processes for this purpose are: navigation data (IP address) Cybersecurity reasons The Data Controller processes also through suppliers (such as third parties and/or recipients) your Personal Data (e.g. IP address) or related to internet use collected, or obtained, from services displayed on the website. This data processing will only be carried out if strictly necessary and solely to ensure the security and ability of a network or servers connected to it to withstand at a given level of security unforeseen events or illicit/malicious acts that compromise the availability, authenticity, integrity and confidentiality of the Personal Data stored or transmitted. For this purpose, the Data Controller has established procedures for the management of Personal Data violations (data breaches). What are cookies and for how are they used A “cookie” is a small text file from a website created on the user’s computer when they access a site for the purpose of storing and transporting information. Cookies are sent by a web server (which is the computer which is running the website visited) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the user’s computer. They are resent to the website when the user makes later visits. Some operations may not be executed without the use of cookies, which, in some cases, are therefore technically necessary. In other cases, the site uses cookies to facilitate browsing by the user or to allow them to use the services that have been specifically requested. Cookies can remain in the system for long periods of time and can also contain a unique ID code. This allows websites that use them to keep track of the user’s browsing of the site for statistical or advertising purposes, i.e., to create a personalised profile of the user starting from the pages he or she has visited and then show and/or send him/her targeted advertising (so-called Behavioral Advertising). Which cookies are used and for which purposes The Data Controller reports below the specific categories of cookies used, the purpose and the consequence that derives from their de-selection:

Social buttons What are social buttons? On montefeltro.com (as well as on all individual sites traceable to products and promotions of Montefeltro Sport S.r.l.) there are special “buttons” (called “social buttons/widgets”) that depict the icons of social networks (e.g. Facebook, Linkedin, etc.) and other web services (e.g. Youtube, etc.). They allow users who are browsing the site to interact with a “click” directly with the social networks and web services depicted therein and share the information collected on this website. In this case, the social media networks and web services acquire data relating to the user’s visit, however the Data Controller will not share any navigation information or user data acquired through their website with the social media networks and web services accessed via the social media buttons/widgets. These services release “third party cookies”. Below are the links to the privacy policies of the most used social networks and the websites which the buttons refer to:

• for Facebook: Cookie Policy
• for Instagram: Cookie Policy

Unselecting and activating cookies “customize” Personalizza What happens if you do not provide your data? We invite you to read the consequences arising from the deselection of individual cookies, as shown in the table above. How and for how long are your data retained? How we process your data The processing of personal data is carried out through computer procedures by specially authorized and trained internal individuals. They are allowed access to your personal data to the extent and to the degree that it is necessary for the performance of data processing activities concerning you. The Data Controller periodically checks the tools with which your data is processed and the security measures provided for the same, which are constantly updated, verifying, also by means of the subjects authorised to the processing, that no personal data is collected, processed, kept or stored for which no processing is necessary, as well as verifying that the data is kept with the guarantee of integrity and authenticity and its use for the purposes of the processing is actually performed. Where we process your data The data are stored in computerized and telematic archives located within the European Economic Area. In addition, yours may be subject to transfer to the United States, through the guarantee of Standard Contractual Clauses stipulated for the protection of yours. How long do we process your data? -Cookie: You are invited to read the terms of storage of personal data as indicated in the previous table. -Site navigation: Personal data are retained for the time necessary to allow navigation of the site and in any case no later than 12 months, except in cases where events occur that involve the intervention of the competent Authorities, also in collaboration with the third parties/recipients to whom it is entrusted the computer security activity of the Data Controller data, to carry out any investigations on the causes that led to the event, as well as to protect the Data Controller’s interests related to any liability related to the use of the site and related services. What are your rights? At any time, free of charge and without any special charges and formalities for your request, you can:

• obtain confirmation of the processing carried out by the Data Controller;
• access your personal data and learn its origin (when the data is not obtained directly from you), the purposes and scope of the processing, the data of the subjects to whom it is communicated, the retention period of your data or useful criteria to determine the same;
• update or rectify your personal data so that it is always accurate;
• delete your personal data from the Data Controller’s databases and/or archives, including backup archives, in the event, among others, that they are no longer necessary for the purposes of the processing or if the processing is assumed to be unlawful, and always if the conditions provided for by law are met; and in any case if the processing is not justified by another equally legitimate reason;
• limit the processing of your personal data in certain circumstances, for example where you have challenged its accuracy, for the period necessary for the Data Controller to verify its accuracy. You must also be informed, in a reasonable time, of when the period of suspension has ended or the cause for the restriction of processing has ceased, and thus the restriction itself lifted;
• obtain your Personal Data, if received or otherwise processed by the Data Controller with your consent and/or if its processing is carried out based on a contract and with automated tools, in electronic format, as this would allow transmission to another Data Controller.

The Data Controller must comply with such a request without delay and, in any case, no later than one month after receiving your request. The deadline may be extended by two months if necessary, considering the complexity and number of requests received by the Data Controller. In such cases, the Data Controller will inform you about the reasons for the extension within one month from receiving your request. To exercise your rights, write to privacy@montefeltro.com How and when can you object to the processing of your personal data? For reasons relating to your particular situation, you may object to the processing of your personal data at any time if it is based on legitimate interest, by sending your request to the Data Controller at privacy@montefeltro.com. You have the right to have your Personal Data cancelled if there is no legitimate overriding reason to the one that gave rise to your request. Who can you send a complaint to? Without prejudice to any other action in administrative or judicial proceedings, you may lodge a complaint with the competent supervisory authority or the authority that performs its duties and exercises its powers in Italy where you have your permanent residence or work or if different in the member state where the violation of (EU) Regulation 2016/679 occurred.