Information pursuant to art. 13 of the Regulation (EU) n. 679/2016 ("GDPR")

Wait Media srl protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of infringement.

As required by European Union Regulation no. 679/2016 ("GDPR"), and in particular to art. 13, here below is provided to the user ("Interested") the information required by law concerning the processing of his personal data.

SECTION I

Who we are and what data we treat (article 13, paragraph 1 letter a, article 15, lett. B GDPR)

Wait Media srl, represented by its legal representative pt, with headquarters in via Capsoni 21 in Pavia (PV), operates as Data Controller and can be contacted at privacy@shopeauer.com and collects and / or receives information concerning the interested party, such as:

Category of data Examples of data types

Personal data, name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile phone, fax, fiscal code, e-mail address (es)

Telematic traffic data Log, IP address of origin.

Wait Media srl does not require the interested party to provide data c.d. "Special", or, according to the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, data biometrics intended to uniquely identify an individual, data relating to health or sex life or sexual orientation of the person. In the event that the service requested of Wait Media srl requires the processing of such data, the interested party will receive a specific notice in advance and will be required to provide appropriate consent.

The Data Controller has appointed a Data Protection Officer (Data Protection Officer -DPO) who can be contacted for any information and requests:

DPO - DATA PROTECTION OFFICER (RESPONSIBLE FOR DATA PROTECTION) CONTACTS:

PEC: waitmedia@pec.net

Mail: privacy@shopenauer.com

SECTION II

For what purposes we need the data of the interested party (art. 13, 1st paragraph GDPR)

The data are used by the Data Controller to process the registration and the contract for the supply of the chosen Service and / or the Product purchased, manage and execute the requests for contact forwarded by the interested party, provide assistance, fulfill legal and regulatory obligations which the Data Controller is required to perform based on the activity performed. In no case shall De Lama resell the personal data of the interested party to third parties nor use them for undeclared purposes.

In particular, the data of the interested party will be processed for:

1. a) the registration and the requests for contact and / or information material

The processing of the personal data of the interested party takes place in order to carry out the preliminary activities and consequent to the request for registration, to the management of requests for information and contact and / or sending of informative material, as well as for the fulfillment of any other obligation arising.

The legal basis of these treatments is the performance of the services inherent to the application for registration, information and contact and / or sending of informative material and compliance with legal obligations.

1. b) management of the contractual relationship

The processing of personal data of the Interested party takes place in order to carry out the preliminary activities and consequent to the purchase of a Service and / or a Product, the management of the relative order, the supply of the Service itself and / or the production and / or the shipment of the purchased Product, the relative invoicing and payment management, the handling of complaints and / or reports to the assistance service and the provision of assistance, fraud prevention and the fulfillment of any other obligation deriving from from the contract.

The legal basis of these treatments is the performance of the services relating to the contractual relationship and compliance with legal obligations.

1. c) promotional activities on Services / Products similar to those purchased by the interested party (Recital 47 GDPR)

The data controller, even without his explicit consent, may use the contact details communicated by the interested party, for the purpose of direct sales of his / her Services / Products, limited to the case in which the Services / Products are similar to those covered by the sale, unless the interested party explicitly opposes it.

1. d) commercial promotion activities on Services / Products other than those purchased by the interested party

The personal data of the interested party may also be processed for commercial promotion purposes, for surveys and market research with regards to Services / Products that the Owner offers only if the Interested party has authorized the processing and does not object to this.

This processing can be done in an automated way, with the following methods:

- e-mail; - sms; - telephone contact and can be carried out:

1. if the interested party has not withdrawn his consent for the use of the data;

2. if, in the event that the processing is carried out through contact with a telephone operator, the Data Subject is not

registered in the register of oppositions referred to in D.P.R. n. 178/2010;

The legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked freely by the interested party at any time (see Section III).

1. e) information security

The Data Controller, in line with the provisions of Recital 49 of the GDPR, treats, even through its suppliers (third parties and / or recipients), the personal data of the interested party related to the traffic to a strictly necessary and proportionate extent to ensure the safety of the networks and information, namely the ability of a network or information system to withstand, at a given security level, unforeseen events or unlawful or malicious acts that compromise availability, authenticity, or integrity and confidentiality of personal data stored or transmitted.

The Owner will promptly inform the Interested Parties, if there is a particular risk of violation of their data without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR concerning notifications of personal data breach.

The legal basis of these treatments is compliance with legal obligations and the legitimate interest of the Data Controller to carry out processing relating to the protection of corporate assets and the security of Wait Media srl offices and systems

1. f) profiling

The personal data of the interested party may also be processed for profiling purposes (such as analysis of the data transmitted and the chosen Services / Products, propose advertising messages and / or commercial proposals in line with the choices made by the users themselves) exclusively in the event that the interested party has provided explicit and informed consent. The legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time (see Section III).

1. g) fraud prevention (recital 47 and article 22 GDPR)

the personal data of the interested party, with the exception of particular data (Art 9 GDPR) or judicial data (Art 10 GDPR) will be processed to allow checks with the purpose of monitoring and preventing fraudulent payments, by software systems that carry out a verification automated and preliminary to the negotiation of Services / Products;

passing these checks with a negative result will make it impossible to carry out the transaction; the interested party may in any case express his / her own opinion, obtain an explanation or contest the decision by giving reasons for his / her reasons by letter addressed to the office of Wait Media srl or to the e-mail contact: privacy@shopenauer.com

personal data collected for anti-fraud purposes only, unlike the data necessary for the correct performance of the requested service, will be immediately canceled at the end of the control phases.

1. h) the protection of minors

The Services / Products offered by the Data Controller are reserved to subjects legally able, on the basis of the national legislation of reference, to conclude contractual obligations.

The Owner, in order to prevent illegitimate access to its services, implements preventive measures to protect its legitimate interest, such as checking the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the data identification of identity documents issued by the competent authorities.

Communication to third parties and categories of recipients (art. 13, 1st paragraph GDPR)

The communication of the personal data of the interested party takes place mainly towards third parties and / or recipients whose activity is necessary for the performance of the activities pertaining to the relationship established and to respond to certain legal obligations, such as:

Categories of recipients and third parties to whom personal data can be communicated_

Third-party suppliers of Wait Media srl spa for the provision of services (assistance, maintenance, delivery / shipment of products, provision of additional services, providers of networks and electronic communication services) connected to the requested service

Credit and digital payment institutions, banking / postal institutions

Management of receipts, payments, reimbursements related to the contractual service

External professionals / consultants and Consulting companies Compliance with legal obligations, exercise of rights,

protection of contractual rights, credit recovery

Financial administration, public bodies, judicial authorities, supervisory and control authorities

Fulfillment of legal obligations, defense of rights; lists and registers kept by public Authorities or similar bodies based on specific legislation, in relation to the contractual service

Subjects formally delegated or with a recognized legal title

Legal representatives, curators, guardians, etc.

* The Data Controller requires third-party suppliers and Data Processors to comply with security measures equal to those adopted in relation to the Data Subject by restricting the scope of action of the Data Supervisor to processing related to the requested service.

The Owner does not transfer your personal data to countries where GDPR is not applied (countries outside the EU) unless specifically indicated otherwise for which you will be informed in advance and your consent will be required if necessary.

The legal basis of these treatments is the performance of the services inherent in the relationship established, compliance with legal obligations and the legitimate interest of Wait Media srl to carry out treatments necessary for these purposes.

SECTION III

What happens if the interested party does not provide his identified data as necessary for the performance of the requested service? (Article 13, 2nd paragraph, lett. And GDPR)

The collection and processing of personal data is necessary to process the requested services as well as to provide the Service and / or supply the requested Product. If the interested party does not provide the personal data expressly provided for as necessary within the order form or the registration form, the Owner will not be able to process the processing related to the management of the requested services and / or the contract and the Services / Products connected to it, nor to the obligations that depend on them.

What happens if the interested party does not consent to the processing of personal data for commercial promotion activities on services / products other than those purchased?

In the event that the interested party does not give his consent to the processing of personal data for these purposes, said processing will not take place for the same purposes, without this having effects on the provision of the services requested, nor for those for which

In the event that the interested party has consented and should subsequently revoke it or oppose the processing for commercial promotion activities, your data will no longer be processed for such activities, without this involving consequences or effects detrimental to the Data Subject and to the services required.

How we treat the data of the interested party (art. 32 GDPR)

The Data Controller provides for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of personal data of the interested party and imposes similar security measures on third party suppliers and Data Processors.

Where we process the data of the interested party

The personal data of the interested party are stored in paper, computerized and telematic archives located in countries where the GDPR (EU countries) is applied.

How long is the data of the interested party stored? (Article 13, 2nd paragraph, letter a GDPR)

Unless they explicitly express their will to remove them, the personal data of the interested party will be kept until they are necessary with respect to the legitimate purposes for which they were collected.

Regardless of the determination of the interested party to remove them, the personal data will in any case be kept in accordance with the terms provided for by the current legislation and / or national regulations, for the exclusive purpose of guaranteeing specific fulfillments, specific to certain services (by way of example but not exhaustive, Certified Electronic Mail, Digital Signature, replacement Storage - in this regard see the relevant section).

In addition, personal data will in any case be kept for the fulfillment of obligations (eg tax and accounting) which remain even after the termination of the contract (Article 2220 of the Civil Code); for these purposes the Data Controller will only keep the data necessary for the related prosecution.

The cases in which the rights deriving from the contract and / or the registry registration are asserted, in which case the personal data of the interested party, exclusively those necessary for such purposes, will be treated for the time necessary to the their pursuit.

What are the rights of the interested party? (articles 15 - 20 GDPR)

The interested party has the right to obtain from the data controller the following:

1. a) confirmation that personal data concerning him is being processed and in this case, to have access to personal data and the following information:

2. the purposes of the processing;

3. the categories of personal data in question

4. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;

5. when possible, the period of storage of the personal data envisaged or, if this is not possible, the criteria used to determine this period;

6. the existence of the right of the interested party to request the data controller to rectify or cancel personal data or limit the processing of personal data concerning him or to oppose their processing;

7. the right to lodge a complaint with a supervisory authority;

8. if the data is not collected from the interested party, all information available on their origin;

9. the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of this treatment for the data subject.

10. the appropriate guarantees provided by the third country (outside the EU) or an international organization to protect any data transferred

11. b) the right to obtain a copy of the personal data subject to processing, provided that this right does not infringe the rights and freedoms of others; In case of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs.

12. c) the right to obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay

13. d) the right to obtain from the data controller the cancellation of personal data concerning him without unjustified delay, if the reasons provided by the GDPR to the art. 17, among which, for example, in the event that they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and always if the conditions established by law exist; and in any case if the treatment is not justified by another equally legitimate reason;

14. e) the right to obtain the treatment limitation from the data controller, in the cases provided for in art. 18 of the GDPR, for example where you have disputed the accuracy, for the period necessary for the Owner to verify its accuracy. The interested party must be informed, in due time, even when the suspension period has been completed or the reason for the limitation of the processing has ceased, and therefore the limitation itself revoked;

15. f) the right to obtain communication from the holder of the recipients to whom requests for corrections or cancellations or limitations of processing have been transmitted, unless this proves impossible or involves a disproportionate effort.

16. g) the right to receive in a structured format, commonly used and readable by automatic device, the personal data concerning him and the right to transmit such data to another data controller without hindrance by the data controller has provided, in the cases provided for by art. 20 of the GDPR, and the right to obtain direct transmission of personal data from one data controller to the other, if technically feasible.

For any further information and in any case to send your request, you must contact the Data Controller at privacy@shopenauer.com. In order to guarantee that the aforementioned rights are exercised by the interested party and not by unauthorized third parties, the Data Controller may request the same to provide any additional information necessary for the purpose.

How and when can the interested party object to the processing of their personal data? (Art. 21 GDPR)

For reasons relating to the particular situation of the interested party, the same may object at any time to the processing of his personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, sending the request to the Owner at the address: privacy @ shopenauer.com

The interested party has the right to the cancellation of their personal data if there is no legitimate prevailing reason of the Owner with respect to the one that gave rise to the request, and in any case in the event that the Data Subject has opposed the processing for commercial promotion activities.

Who can the complainant propose? (Art. 15 GDPR)

Without prejudice to any other administrative or judicial action, the interested party may submit a complaint to the competent control authority in the Italian territory (Guarantor Authority for the protection of personal data) or to the one that carries out its tasks and exercises its powers in the Member State where the violation of the GDPR occurred.

Any update of this Statement will be communicated promptly and by appropriate means and will also be communicated if the Owner processes the data of the Interested Party for purposes other than those referred to in this Notice before proceeding and following the manifestation of the relative consent of the Interested if necessary.