1. Treatment

Pursuant to art. 13 of the Legislative Decree n. 196/03 and of the art. 13 of the European Regulation n. 679/2016, we wish to inform you that the data collected by the users of the site https://otisopse.com (hereinafter the "Site") will be processed by Otisopse Web Srl, with offices in Via Guglielmo Melisurgo, 15 - 80133 Napoli (hereafter the "Company"), as Data Controller, in manual, paper or electronic format. The company owning the data, the company proceeds to save the users' personal data in a special server in Italy and to carry out all the other processing operations through the personnel in charge, or, during maintenance operations, through any external appointees. The database is accessible by authorized parties through security and protection measures, thanks to the adoption of security measures to prevent the loss of data, illicit or correct use and access not indicated. The data is stored to be in relation to the data of a user, a second of his choices, preferences and indications, as well as in relation to the expectations indicated below.

2. Purpose of the processing

The provision of the User's personal data is necessary for the provision of services by the Company. Having ascertained, the non-conferment, even partial, of the same will make it impossible for the Company to proceed with the provision of the same. Please note that the processing of data will serve to: i) Allow the sending of informative, commercial, advertising and / or promotional material regarding the Company's services and products through "automated" contact systems (for example SMS and / or e-mail); ii) Collect data and information about a detailed profile of the same, to offer an increasingly efficient and personalized service. iii) Allow the same to execute the orders correctly, to guarantee, at the same time, that it can be processed in a timely manner and in full compliance with the scheduled times. iv) Administrative purpose. v) Follow up the report (s) and / or request made by the User to Customer Service.

3. Release of consents

The Company uses the User's data in accordance with the choices that it has freely exercised through its consent, at the time of their collection or subsequently, as well as to comply with obligations established by law, a regulation or a community directive. In some cases, the data may be processed even in the absence of the User's express consent - pursuant to Article 24 of the Privacy Code, - for example. to fulfill a specific request formulated by the User, to fulfill contractual obligations or, again, in cases where processing is necessary to protect the Company's rights in the context of a judicial proceeding or to comply with any requests made by the authorities competent.

4. Provision of data and release of consents

The provision of data: • for the purposes referred to in point (i) and (ii) of this information, is optional. Failure to provide the data does not compromise the correct use of the website; • for the purpose referred to in point (iii) it is optional, but necessary to complete the purchase procedure. Therefore, failure to provide data compromises the complete use of the website; • for the purpose referred to in point (v) it is necessary to allow the Customer Service to correctly follow the request formulated by the User. Failure to provide the data will make it impossible for the Customer Service to take charge of the User's request but will not compromise the correct use of the site. The release of consent to processing: • for the purposes referred to in points (iii), (iv) and (v) is not required pursuant to art. 24 of the Legislative Decree n. 196/03. Therefore, the relative use of the services will take place following the simple provision of data. • for the purposes referred to in points (i) and (ii) it is always optional and the User is given the opportunity to exercise the choice at the time of registration.

5. Data Controller and Data Processor

The Data Controller of personal data is Otisopse Web S.r.l., based in Via Guglielmo Melisurgo n. 15 - 80133 Naples.

The Person in charge of the processing of personal data is Francesco Esposito, electively domiciled for the function at Otisopse Web S.r.l., based in Via Guglielmo Melisurgo n. 15 - 80133 Naples, under the deed of appointment of ......

The data may also be communicated by the Company to the companies responsible for shipping the products purchased by the User. The aforementioned companies will process the data only to the extent that it is necessary for the performance of the tasks assigned to them, proceeding to the subsequent cancellation once completed.

6. Rights of the interested party

The User, as interested in the processing of personal data, can exercise the rights referred to in art. 7 of the Legislative Decree n. 196/03 through a request addressed without formalities to the Data Controller, by writing to the e-mail address inserting an email address that can be refereed to Otisopse Web s.r.l. This request will be provided with a suitable reply without delay. In particular, the User has the right to: • obtain confirmation of the existence or not of personal data concerning him; • obtain information on the purposes and methods of processing; • obtain the identification details of the Data Controller; • obtain the updating, rectification, integration, cancellation, transformation into anonymous form or blocking of your data; • object, in whole or in part, for legitimate reasons to the processing of personal data concerning him.

7. Juvenile users

The Company is aware that the Site and the services it offers may also be of interest to a minor public. For the aforementioned reason, the Company also encourages the registration of parents of registered Users who are minors: in this way parents have the opportunity to take advantage of the same services and always be aware of the initiatives that the Company makes available to children .

Privacy Policy

Otisopse Web s.r.l, the data controller, informs you, pursuant to the applicable national legislation (Dec. Lgs. N. 196/03) and the European Privacy Regulation n. 679/2016 (also called "GDPR"), on the purposes and methods of processing of your personal and sensitive data.
Privacy is very important to us and we want you to always feel protected. For this reason we invite you to read the information carefully.
Using our services, you transmit or share with us some information that allows us in some cases to provide the service, in other cases to meet your needs and improve ourselves. In this document we wish to explain to you:

1. what data we use;

2. why and on what legal basis we collect your data;

3. how your data is used;

4. which data is mandatory and which is optional;

5. how long your data is stored;

6. who can have access to your data;

7. to whom your data can be communicated;

8. where your data can be transferred;

9. what are your rights;

10. who is the Data Controller of your data and who is the Data Protection Officer.

In Otisopse Web s.r.l. we use various personal data (hereinafter "personal data" or "data"), ie:
the data you provide, identifying and non-sensitive such as: name and surname or company name, identity document, tax code, VAT number, address, email, telephone number, bank details and data relating to the Otisopse services you have used. These are the data that you provided when requesting services or products, or even later • data related to your preferences and commercial interests, in particular: the contents, the use of services, the features used.

Why is Otisopse collecting your data?

The data you provide allows us, on the one hand, to carry out all the administrative activities related to your contract and to satisfy your requests, on the other hand, they help us verify any anomalies arising from the use of products and services supplied by us .
Specifically, your personal data is processed for the following purposes and legal bases:

a) without your prior consent for the purposes of the service and in particular for:
• the execution of the contract or the fulfillment of pre-contractual commitments: - activate, supply, suspend and manage your contract and related services, providing for the relative invoicing, sending of service communications and assistance; - to provide you with the services of the Otisopse commercial offer: these services include additional and optional services; - improve technical assistance, customer care activities, our services, content and products through statistical analysis aggregated on an anonymous basis;
• the pursuit of a legitimate interest of the Data Controller: - managing complaints and disputes, recovering credits, preventing fraud and illegal activities; - exercise the rights and protect the legitimate interests of the Owner or Third Party Holders, for example the right to defend in court; - send you commercial communications to the email address you provided, if you are already our client, related to Otisopse services and products similar to those you have already received. Each email sent will allow you, by clicking on the appropriate link, to refuse further transmission of communications.
• the fulfillment of legal obligations: - respect and fulfill the obligations provided by laws, regulations, community regulations, orders and prescriptions of the competent authorities. For example, by law we are required to provide a copy of your identity document and your tax identification number to the Archive of the Ministry of Economy and Finance and managed by Consap S.p.A. to compare them with the data present in the data banks of the Revenue Agency, the Ministry of the Interior, the Ministry of Transport, Inps and Inail, thus verifying their authenticity and thus being able to prevent identity theft fraud in the consumer credit sectors, deferred and deferred payments, electronic and interactive communication services (known as SCIPAFI).

b) only after you have given your consent, for other non-service purposes, namely:
• marketing purposes, ie to inform you with ordinary letters, telephone calls, emails, TV messages, SMS, MMS, notifications and newsletters of Otisopse initiatives and offers and to propose questionnaires and market research Otisopse;
• profiling purposes, namely: - to analyze, even automatically, your preferences and interests (for example, the use of content and services, including those purchased, the features used, connection times, data of traffic, etc.) and offer you (with ordinary letters, telephone calls, emails, TV messages, SMS, MMS, notifications and newsletters) services, contents, initiatives and personalized offers for you; - to analyze, even automatically, your preferences and interests related to the use of Otisopse and offer products and offers (with ordinary letters, telephone calls,
emails, TV messages, SMS, MMS, notifications and newsletters) services, contents, initiatives and personalized offers for you; - to analyze, even automatically, data relating to the use of Otisopse services - subject to the consent provided during the activation of the service - to analyze your preferences and interests and propose them (with ordinary letters, telephone calls, emails, messages on the television, SMS, MMS, notifications and newsletters) services, contents, initiatives and personalized offers for you.

3. How is your data used?

Your personal data is used for collection, registration, organization, storage, consultation, analysis, matching, processing, modification, selection, extraction, comparison of databases (for example, to verify the saleability of the offer), use, interconnection , crossing, blocking, communication, cancellation and destruction of data. Your personal data is subject to paper, electronic and automated processing and stored in databases.

4. Which data are mandatory and which are optional?

Among the information we collect some are essential to the stipulation and administration of your contract, others help us to offer you a better service, day after day. In particular:
• the provision of your personal data, processed for the purpose of service, is necessary to subscribe and use the Otisopse services; • the provision of your personal data, processed for other purposes, is optional. Failure to provide them will not prevent you from using Otisopse services, but you will not be able to receive our commercial communications and personalized offers.

5. How long is your data stored?
Otisopse Web maintains and uses your personal data for no more than 10 years from the end of the relationship for the purposes of service and, anyway, for the prescription time required by law, for no more than 13 months from the end of the relationship for marketing purposes ; for the time of your consent and, in any case, for no more than 36 months from collection, for the purposes of profiling. Subsequently, your data is made anonymous and processed for aggregate and anonymous statistical analysis.

6. Who can have access to your data?

We care about your privacy and do everything to protect you. This is why we share your data only when strictly necessary and only with those who help us offer you better service every day. Your data is in fact accessible to: • employees and / or collaborators of Otisopse or companies of the Otisopse Group, which contribute to creating, maintaining and improving all Otisopse's services in their capacity as appointees and / or internal processors and / or system administrators; • companies of the Otisopse Group, commercial partners and service providers that perform outsourcing activities on behalf of Otisopse - in their capacity as external processors - carrying out related, instrumental or support activities to those of Otisopse, for example: management and maintenance of the contents of websites and apps, customer assistance, customer care and call center services, management of information technology systems, editorial services, credit recovery, billing data processing services, archiving of documentation relating to customer relations , etc. 7. To whom can your data be communicated? Otisopse can communicate your data without your express consent for the purposes of service: • to the judicial authorities, at their request; • to the companies of the Otisopse Group and to all the other subjects to whom it is necessary to communicate them, by law or by contract, to allow the carrying out of the purposes described above (such as, for example, credit institutions, professional offices, commercial partners). Otisopse can communicate the data to the companies of the Otisopse Group or its partners to allow the carrying out of the autonomous marketing purposes described above: for this purpose Otisopse will ask for a specific consent before the communication. These parties will retain your data as independent Data Controllers. In any case, we want to assure you that your data will not be disclosed. 8. Where can your data be transferred? Your data may also be transferred outside the European Union to persons specified in paragraph 6 and 7 (including, in particular, to persons established in the USA and Albania). To protect your data as part of these transfers, Otisopse adopts appropriate safeguards, including adequacy decisions and standard contractual clauses approved by the European Commission, in accordance with the provisions of Chapter V, Articles. 45, 46 and 47, of the European Regulation n. 679/2016.

9. What are your rights? So far we have talked about how we treat your data and how we behave; now we show you what your rights are, so you always have control over your privacy and your information. If the limitations provided for by the law do not exist, you have the right, pursuant to art. 15 of the European Regulation n. 679/2016, to: • have confirmation of the existence or not of your personal data, even if not yet registered and request that such data be made available to you in a clear and understandable way; • ask for directions and, if necessary, a copy: a) of the origin and category of your personal data: b) of the logic of use, if your information is processed by electronic means; c) of the purposes and methods of processing; d) of the identification data concerning the Data Controller and data processors; e) the subjects or categories of subjects to whom your personal data may be communicated or who can learn about them; f) the period in which your data is stored or the criteria that are used to determine this period, when possible; g) the existence of an automated decision-making process, including profiling. In this case you can request the logics used, the importance and the consequences foreseen for you; h) the existence of adequate guarantees in case of transfer of your data to a non-EU country or to an international organization; • obtain, without a justifiable delay, the updating, modification, correction of your incorrect data or the integration of your incomplete data, if you are interested in it (art. 16 of European Regulation n. 679/2016 ); • obtain the cancellation, blocking of your data or, where possible, transformation into anonymous form, pursuant to Articles. 17 and 18 of the European Regulation n. 679/2016: a) if processed unlawfully; b) if no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in the event of

evocation of the consent on which the treatment is based and in the event of no other legal basis; d) if you are opposed to the processing and there are no other legitimate reasons to continue using your data; e) if we are required by law; f) if they refer to minors. The Owner, or Otisopse, may refuse to delete your data in the case of: a) exercise of the right to freedom of expression and information, b) fulfillment of a legal obligation, performance of a task performed in the public interest or the exercise of public powers; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) ascertainment, exercise or defense of a right in court; • obtain the processing limitation in the event of: a) disputing the accuracy of personal data, if you have not preferred to request the modification, updating, modification or correction of your data; b) unlawful processing of the Owner, or Otisopse, to prevent its cancellation; c) exercise of your right in court; d) verification of the possible prevalence of the Data Controller's legitimate reasons with respect to those of the interested party; • receive, if the processing is carried out by automatic means, without impediments and in a structured, legible and commonly used format, the personal data concerning you that you have provided us with prior consent or on contract to transmit them to another Owner or - if technically feasible - to obtain direct transmission by the Data Controller to another Data Controller (Article 20 of European Regulation No. 679/2016); • oppose, pursuant to art. 21 of the European Regulation n. 679/2016, at any time, in whole or in part: a) for legitimate and prevailing reasons, connected to your particular situation, to the processing of personal data concerning you; b) to the processing of personal data concerning you for marketing and / or profiling purposes if performed (eg you may object to the sending of advertising material or direct sales or to carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator, with email and with traditional marketing methods, with telephone and paper mail). For all the cases mentioned above, if necessary, Otisopse will inform third parties to whom your personal data are disclosed of any exercise of rights by you, except in specific cases (eg when such fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right).

You may at any time modify and revoke the consent given and exercise your rights, pursuant to and for the purposes of art. 7 of the European Regulation n. 679/2016, sending a request to Otisopse Web s.r.l. - Legal Affairs, Via Guglielmo Melisurgo n. 15 - 80133 - Naples, or by sending an email to the following email address privacy@otisopse.com
Finally, for the treatments referred to in this statement, you have the right to file a complaint with the Guarantor for the Protection of Personal Data (www.garanteprivacy.it).

10. Who is the Data Controller of your data? Who is the Data Protection Officer?

Who is the DPO? Remember, for any need, that the Data Controller of your personal data is Otisopse Web s.r.l. with headquarters in Via Guglielmo Melisurgo n. , 15 - 80133 - Naples.  The Data Processing Manager is Francesco Esposito, who is domiciled at Otisopse Web s.r.l. with headquarters in Via Guglielmo Melisurgo n. 15 - 80133 - Naples, in force of appointment deed of May 2018. Our The DPO (Data Protection Officer) of the company was not deemed appropriate to appoint it, given the regulatory content on the point of European Regulation n. 679/2016.  operates in the Legal Affairs Department. You can contact the Data Processing Officer at privacy@otisopse.com This information may be subject to change, especially in the event of future legislative action on the subject.