Dear Participant, we wish to inform you that Legislative Decree no. n. 196 of 30 June 2003 (“Personal Data Protection Code”, hereinafter referred to as: the “Code”) and subsequent integrations and amendments, provides for the protection of persons and other entities with regard to the personal data processing. According to the law, this treatment will be based on principles of fairness, legality and transparency and protection of your privacy and your rights. According to Article 13 of the law. n.196 / 2003, we hereby provide the following information: 1. Purpose of the treatment: The information you provide will be used without your prior consent in accordance with article 24, paragraph 1, lett. b) of the Code, for the following purposes: A. enrollment to “Cardif Open-F@b” of the website www.insuranceup.it (hereinafter referred to as: “Website”) as well as the namesake initiative that aims to reward the most innovative projects in the insurance sector; B. content use and management (documents, information, images, etc.) for purposes related to the initiative Cardif Open-F @ b, that users voluntarily decide to upload to the website for the purpose of participating in the initiative; C. enrollment and participation in the activities / initiatives reserved to members of “Cardif Open-F@b” of the Website. 2. Methods of processing: The data processing will be carried out as follows: paper, magnetic media, manually and / or with electronic tools or in any case automated. The personal data will be stored in hard copy and in a computer database archive for the purposes specified in paragraph 1 points A, B, C. 3. Type of data and compulsory nature of their assignment: The bestowal of the data is mandatory and necessary to achieve the purposes referred to in paragraph 1, points A, B, C. The failure to treat all data will result in failure to register in the relevant section of the Website, to the initiative Cardif Open- F@b and will not allow users to sign up for activities / initiatives referred to in paragraph 1, point C. 4. Data Target: data may be processed by qualified persons as leaders or representatives who operate under the direct authority of the Data Holders (employees or partners, as well as members of the Evaluation Committee). Data may be processed by third parties which, on behalf of the Holders, perform treatments on the data for administrative and organizational purposes, appointed as external data controllers. The complete list of those responsible for data processing, is available at the data holders, or can be obtained from: CARDIF VITA Compagnia di Assicurazione e Riassicurazione S.p.A. Registered office: Piazza Lina Bo Bardi, 3 CAP 20124. Tel. +39 02 772241 – Fax +39 02 76008149 – www.bnpparibascardif.it 5. Data holders are: – BNP PARIBAS CARDIF ITALIA , based in MILANO Piazza Lina Bo Bardi, 3 CAP 20124 and ICT and Strategy S.r.l., based in MILANO Via Copernico 38 Cap 20125. 6. Disclosure of data to third parties: Data will not be subject to disclosure to third parties. Some personal data of the participants to the initiative, may be disclosed in order to give information on the results of the same in the manner set out in the Regulation. 7. Right to Access Personal Data and Other Rights under Article 7 of D.lgs.196 / 2003: anytime, you can exercise your rights under Article above, stated below, by contacting the data holders at the abovementioned address. Section 7 of Legislative Decree196/2003. Right to Access Personal Data and Other Rights. 1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form. 2. A data subject shall have the right to be informed a) of the source of the personal data; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2); e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing. 3. A data subject shall have the right to obtain a) updating, rectification or, where interested therein, integration of the data; b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected. 4. A data subject shall have the right to object, in whole or in part, a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys. FLAG (the flag is not to be precompiled). The User claims to have read and understood the privacy statement above and agree to the terms of the Regulation of the initiative.