Information on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR). Effective from 01/01/2022

PREAMBLE

This information notice takes into account the provisions of the GDPR and the Privacy Code (Legislative Decree 30 June 2003 no. 196). The document was also drafted based on the Guidelines of the Privacy Authority (especially the Anti-Spam Guidelines issued by the Privacy Authority on 4 July 2013).

Data Controller: Filippo Serafini, Strada Ferranietta 10 – 17014 Cairo Montenotte (SV)

Website to which this privacy policy refers: wildadelasia.com (Website).

The Data Controller has not appointed a DPO (Data Protection Officer). Therefore, you may send any request for information directly to the Data Controller.

GENERAL INFORMATION

This document describes how the Data Controller processes your personal data provided on the Website.

Below are the main ways in which your personal data is processed. In particular, the legal basis of the processing is explained, whether the provision is mandatory, and the consequences of failure to provide personal data. To best describe your rights, where necessary, we have specified if and when a particular personal data processing does not take place.

Registration on the Website

The Website does not offer the possibility of registration. Therefore, the Data Controller does not process your personal data for this purpose.

Purchases on the Website

Purchases cannot be made on the Website. Therefore, your personal data will not be processed for this purpose. The Data Controller does not process user data to send “reminder” emails for purchasing the Controller’s products and/or services.

Responding to your requests

Your data will be processed to respond to your requests for information. Providing data is optional, but refusal will make it impossible for the Data Controller to respond to your questions. The legal basis for the processing is the legitimate interest of the Data Controller in responding to user requests. This legitimate interest is equivalent to the user’s interest in receiving responses to communications sent to the Data Controller.

General marketing

With your prior consent, the Data Controller may process the personal data you provide in order to send you advertising materials and/or newsletters relating to its own or third-party products. The legal basis for this processing is your consent. Providing personal data for this purpose is purely optional. Failure to consent to marketing purposes will result in you not receiving advertising material regarding the Data Controller’s and/or third parties’ products/services, as well as the inability of the Controller to carry out market surveys, including those aimed at evaluating user satisfaction, and to send you newsletters. These communications will be sent to the email you provided on the Website.

Profiling

With your prior consent, the Data Controller may process your personal data for profiling purposes, i.e., for the analysis of your consumer choices through the detection of the type and frequency of purchases made by you, in order to send you advertising material and/or newsletters relating to its own or third-party products of specific interest to you. The legal basis for this processing is your consent. Providing data for this purpose is purely optional. Failure to consent to profiling will make it impossible for the Controller to process your commercial profile by detecting your purchase choices and habits, and to send you advertising material on products of the Controller and/or third parties of specific interest to you. These communications will be sent to the email you provided on the Website.

Data transfer

The Data Controller does not transfer your personal data to third parties.

Geolocation

The Website does not implement tools for geolocation of the user’s IP address.

Communication of personal data

In the course of its ordinary activities, the Data Controller may communicate your personal data to certain categories of recipients. Article 2 lists the entities to whom the Controller may disclose your personal data. To help protect your rights, Article 2 may specify in some cases when your data is not shared with third parties.

“Communication” of personal data to third parties is different from “transfer” (covered in the preceding section). In communication, the third party receiving the data can only use it for specific purposes described in their relationship with the Controller. In a transfer, the third party becomes an autonomous Data Controller of the personal data. Moreover, your consent is always required for transferring your personal data to third parties.

Notwithstanding the above, it is understood that the Data Controller may still use your personal data to properly comply with legal obligations.

SPECIFIC PRIVACY NOTICE

Art. 1 Processing methods

1.1 Your personal data will mainly be processed using electronic or otherwise automated means, in a manner and with tools suitable to ensure its security and confidentiality in accordance with the GDPR.

1.2 The information acquired and processing methods will be relevant and not excessive in relation to the type of services provided. Your data will also be managed and protected in secure IT environments suitable for the circumstances.

1.3 No “special categories” of data are processed through the Website. Special data refers to data that can reveal racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership in parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, health status, and sex life.

1.4 Judicial data is not processed through the Website.

Art. 2 Communication of personal data

The Data Controller may communicate your personal data to specific categories of entities. Below are the recipients to whom the Controller reserves the right to communicate your data:

• • The Data Controller may disclose your personal data to all entities (including Public Authorities) that have access to the data by virtue of legal or administrative measures.

• • Your personal data may also be communicated to all public and/or private entities, individuals and/or legal entities (legal, administrative, and tax consultancy firms, Judicial Offices, Chambers of Commerce, Labor Chambers and Offices, etc.), if the communication is necessary or functional for the proper fulfillment of legal obligations.

• • The Data Controller uses employees and/or collaborators in any capacity. For the proper functioning of the Website, the Controller may disclose your personal data to such employees and/or collaborators.

• • In the ordinary management of the Website, the Data Controller uses companies, consultants, or professionals in charge of installing, maintaining, updating, and generally managing the Controller’s hardware and software or those used to provide services. Therefore, only for these purposes, your data may also be processed by these entities.

• • For sending communications, the Controller uses external companies responsible for sending such messages (CRM platforms). Your personal data (especially your email) may thus be shared with these companies.

• • The Data Controller does not use external companies to provide customer care services.

The Controller reserves the right to amend the list above based on its ordinary operations. Therefore, you are invited to regularly access this privacy notice to check which entities may receive your personal data.

Art. 3 Retention of personal data

3.1 This article describes how long the Data Controller reserves the right to retain your personal data.

• • Your personal data will be retained only for the time necessary to ensure proper service delivery through the Website.

3.2 Without prejudice to article 3.1, the Data Controller may retain your personal data for the time required by specific regulations, as amended from time to time.

Art. 4 Transfer of personal data

4.1 The Data Controller is based within the European Union. Therefore, the processing of your data is secure from a regulatory standpoint, as governed by the GDPR. If your personal data is transferred to a non-EU country for which the European Commission has issued an adequacy decision, the transfer is still considered legally secure. This article 4.1 will list, from time to time, the countries to which your personal data may be transferred and for which the Commission has deemed adequate.

• • You are therefore invited to regularly access this article to check if your personal data is being transferred to a country with such characteristics.

4.2 Without prejudice to article 4.1, your data may also be transferred to non-EU countries for which the European Commission has not issued an adequacy decision. You are therefore invited to regularly review this article 4.2 to determine which such countries your data may be transferred to.

4.3 In this article, the Data Controller indicates the countries to which it may specifically direct its activities. This circumstance may involve the application of the legislation of the target country, together with the GDPR.

• • At the user’s request, the Data Controller will apply to the personal data processing the potentially more favorable rules provided by the user’s national legislation.

Art. 5. Data subject’s rights

Pursuant to art. 13 of the Privacy Regulation, the Data Controller informs you that you have the right to:

• • request access to your personal data and rectification or deletion of such data or restriction of the processing concerning you, or to object to its processing, as well as the right to data portability

• • withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal

• • lodge a complaint with a supervisory authority (e.g., the Data Protection Authority).

The above rights may be exercised by sending an informal request to the contacts provided in the Preamble.

Art. 6. Amendments and miscellaneous

The Data Controller reserves the right to make changes to this privacy notice at any time, providing appropriate notice to users of the Website and in any case ensuring adequate and equivalent protection of personal data. To view any changes, you are invited to regularly consult this notice. In the event of substantial changes to this privacy notice, the Data Controller may also notify you via email.