Privacy Policy – Association Jehan Alain

The following information describes the procedures for processing the personal data of users browsing the website www. jehanalain.who interact with web services. The information is provided pursuant to art. 13 of EU Regulation no. 2016/679 (hereinafter: the "Regulation") of the European Parliament and of the Council of April 27, 2016 EC (General Data Protection Regulation, published on May 4, 2016 in the Official Journal of the European Union, in force since May 24, 2016). The information is also in accordance with Recommendation no. 2/2001 that the European authorities for the protection of personal data, united in the Group established by art. 29 of directive no. 95/46/EC, adopted on May 17, 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the methods, deadlines and nature of the information that data controllers must provide to users when they connect to web pages, to the Disposition of the Guarantor for the Protection of Personal Data of May 8, 2014 entitled "Identification of simplified procedures for information and obtaining consent for the use of cookies" (hereinafter , the "Measure") and current legislation on the protection and processing of personal data. This information is provided only for this website of which Romina Susini is the data controller and not for other possibly linked websites present on this same site.

THE OWNER OF THE TREATMENT

The person responsible for processing the data collected through the website is the Jehan Alain Association, whose head office is located at Faubourg de l'Hôpital 18 - CH 2000 Neuchâtel.

GENERAL PRINCIPLES ON THE PROCESSING OF YOUR PERSONAL INFORMATION

The user's personal information will be collected, stored, processed and transmitted in accordance with the criteria established by the principles, laws, rules and regulations in force regarding the processing of data, in particular: 1. processed fairly and lawfully; 2. collected for specified, explicit and legitimate purposes and then processed in a manner compatible with those purposes; 3. relevant, complete and proportionate to the purposes for which they are collected; 4. accurate and, where necessary, updated to the best of our abilities; 5. protected against unauthorized access and processing by commercially and technically reasonable technical and organizational security measures and controls; 6. stored as personal data no later than the time necessary to pursue the purposes for which they were collected.

TYPE OF DATA COLLECTED

The website may collect different types of information when the user accesses or uses the website. "Personal Information" means any information that directly identifies the User or any other information defined as "personal identification" under applicable law. This includes, by way of example, information such as name, surname and/or company name, billing and delivery address; payment information; tax code; VAT number; e-mail address; phone number; Location Information; and a username and password combination used to access your private area of the website. The data controller does not envisage the processing of personal data defined as SPECIFIC (personal data likely to reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, unions, associations or organizations of a religious, philosophical, political or union nature, as well as personal data that may reveal the state of health and sex life) or judicial. Unless explicitly requested or specifically invited, we ask the user not to send or disclose sensitive personal information to us on or through the Website or in any other way. Where we may ask or invite you to provide sensitive information, we must obtain your express consent. The systems used may automatically record additional information relating to the use of the Site by the user. For example, our systems may log information that you enter on the Website, areas of the Website that you visit, activities that you perform on the Website, your IP address, or information about the computer or software that you use to access the website. Similar information, such as device type and device ID, may be collected if you access the Website from a mobile device. . These data are used for the sole purpose of obtaining anonymous and aggregated statistical information on the use of the site and to check its correct functioning and are canceled immediately after processing. The data could be used to ascertain responsibility in case of hypothetical and possible crimes under rules or illegal behavior against the site. Browsing data The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which, by its very nature, could allow users to be identified, through processing and association with data held by third parties; This category of data includes the following browsing data: 1. IP addresses, domain names, browsing data and any other data concerning the User's interaction with the site, for example when viewing or searching for content, installing applications or software; 2. the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the User's operating system and computer environment data relating to the devices and/or computers used by the User to access to the site, including browser type, unique device code, language, operating system, referring web page, pages visited, location and cookie information, data about computer and connection (e.g. statistics on page views, incoming traffic and outgoing sites, originating URLs); 3. . Internet Service Provider (ISP) name; 4. date and time of visit; 5. Visitor origin and exit web page; 6. possibly the number of clicks. 7. geolocation data, in particular through the use of mobile devices; 8. cookies and similar technologies. Cookies, unique identifiers and other similar technologies to acquire data on pages and links visited and other actions that are performed when the site is viewed in advertising or email content, are processed in the manner and under the conditions provided for in the specific policy indicated below; 9. social networks. We process the data, as co-owner with the social network manager (which provides its information independently), of visitors to our pages on social networks (Facebook, Twitter, LinkedIn, YouTube, Instagram) with the tools made available provision by the channel manager itself (which also uses cookies and other tracking tools): analysis of visits, interaction with users, transmission of non-private messages and other activities envisaged by the channel. The treatments take place legally for the consent of the interested party given when registering on the social network, to respond to their requests, for the legitimate interest of the owner (tracing of their interactions with users, evaluation of the images of the business, marketing). The data is stored by the social network channels, according to the rules established by them.

TYPE OF DATA COLLECTED

The website may collect different types of information when the user accesses or uses the website. "Personal Information" means any information that directly identifies the User or any other information defined as "personal identification" under applicable law. This includes, by way of example, information such as name, surname and/or company name, billing and delivery address; payment information; tax code; VAT number; e-mail address; phone number; Location Information; and a username and password combination used to access your private area of the website. The data controller does not envisage the processing of personal data defined as SPECIFIC (personal data likely to reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, unions, associations or organizations of a religious, philosophical, political or union nature, as well as personal data that may reveal the state of health and sex life) or judicial. except from explicit request or specific invitation, we ask the user not to send or disclose sensitive personal information to us on or through the website or in any other way. Where we may ask or invite you to provide sensitive information, we must obtain your express consent. The systems used may automatically record additional information relating to the use of the Site by the user. For example, our systems may log information that you enter on the Website, areas of the Website that you visit, activities that you perform on the Website, your IP address, or information about the computer or software that you use to access the website. Similar information, such as device type and identifier, may be collected if you access the Website from a mobile device. These data are used for the sole purpose of obtaining anonymous and aggregated statistical information on the use of the site and to check its correct functioning and are canceled immediately after processing. The data could be used to ascertain responsibility for hypothetical and possible computer crimes or illegal behavior against the site. Browsing data The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which, by its very nature, could allow users to be identified, through processing and association with data held by third parties; This category of data includes the following browsing data: 1. IP addresses, domain names, browsing data and any other data concerning the User's interaction with the site, for example when viewing or searching for content, installing applications or software; 2. the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the User's operating system and computer environment data relating to the devices and/or computers used by the User to access to the site, including browser type, unique device code, language, operating system, referring web page, pages visited, location and cookie information, data about computer and connection (e.g. statistics on page views, incoming traffic and outgoing sites, originating URLs); 3. . Internet Service Provider (ISP) name; 4. date and time of visit; 5. Visitor origin and exit web page; 6. possibly the number of clicks. 7. geolocation data, in particular through the use of mobile devices; 8. cookies and similar technologies. Cookies, unique identifiers and other similar technologies to acquire data on pages and links visited and other actions that are performed when the site is viewed in advertising or email content, are processed in the manner and under the conditions provided for in the specific policy indicated below; 9. social networks. We process the data, as co-owner with the social network manager (which provides its information independently), of visitors to our pages on social networks (Facebook, Twitter, LinkedIn, YouTube, Instagram) with the tools made available provision position of the manager of the channel itself (which also uses cookies and other tracking tools): analysis of visits, interaction with users, transmission of non-private messages and other activities envisaged by the channel. The treatments take place legally for the consent of the interested party given when registering on the social network, to respond to their requests, for the legitimate interest of the owner (tracing of their interactions with users, evaluation of the images of the business, marketing). The data is stored by the social network channels, according to the rules established by them.

PURPOSE OF THE PROCESSING

We collect, store and process your personal data for the purpose of providing you with the services offered through our website, or for legal obligations. The data collected will be used exclusively for the following purposes: • To fulfill legal obligations arising from tax and accounting legislation and any other legislation in force; • Provide the services offered and manage the daily needs of the company. • To allow users to complete registration procedures to access particular sections of the Site and purchase the products indicated; • For efficient management of the Site and the services it offers; • For sending the newsletter; • To contact users directly (for example, by e-mail) following requests received via the website; • To exercise a right;

LEGAL BASES The legal bases on which the personal data of the interested party are processed may be different, and specifically: • the contracts established or to be established (with the interested parties) to use the owner's services; • the express consent of the interested party, which can always be revoked by writing an e-mail to info@association_jehan_alain • the legitimate interests of the owner, i.e. for example: 1. fraud prevention; 2. the sending of informative e-mails about the Owner's services to subjects who have already provided the e-mail contact details in the context of the sale of a similar service, as required by art. 130 IV paragraph of Legislative Decree no. 196/2003 (called Privacy Code); 3. the improvement and development of the site to control its technical operation and performance. The processing of personal traffic data, to the extent strictly necessary and proportionate to ensure network and information security, also constitutes the legitimate interests of the owner, i.e. the ability of a network or an information system to withstand, at a level of security, unforeseen events or illicit or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the related services offered or made accessible via these networks.

DATA PROVISION

Apart from what is described specifically for browsing data, you are free to provide all the personal data requested and reported in the various subscription request forms to receive the newsletter, information material, request for information, product availability or other communications. Failure to provide them will make it impossible to obtain what has been requested.

DATA PROCESSING METHODS AND SECURITY

The use of your personal data will take place with the support of paper, computer or telematic means for the purposes indicated above and below, for the time strictly necessary to achieve the purposes for which they were collected, or, if possible , until the moment in which the data controller should receive your request for the deletion of data whose consent to the treatment is optional and not mandatory. In order to guarantee an adequate level of data protection to limit the risk of misuse or illegal use of the same, technical and organizational security measures have been adopted, in accordance with the parameters established by art. 32 GDPR. In particular, we use commercially reasonable technical and organizational measures and controls to protect your personal information from loss, misuse and unauthorized access. Unfortunately, data transmitted or accessed via the Internet cannot be 100% secure. Accordingly, while we safeguard all personal information, we cannot guarantee or warrant that such personal information will be fully protected from misuse by hackers or other heinous criminal activities, or in the event of hardware or software failure or failure of the telecommunications network. . The data controller will inform the user, in the event of knowledge of a security breach concerning his personal identification information (known as "Data Breach") in our possession, in accordance with the legislation in force. Your personal data is, in any case, treated in accordance with the provisions relating to the confidentiality of personal data contained in the Regulation, in Legislative Decree No. 196/2003 and in the Provisions issued by the Guarantor Authority. The data collected is processed only by personnel authorized to process personal data, in accordance with current legislation. The data collected may be periodically updated with information acquired during the established relationship. If you decide to provide us with your email address for any reason, you expressly agree to receive electronic alerts in the event of a security breach.

COMMUNICATION OF PE DATA PERSONAL

Without prejudice to communications made in execution of a legal, regulatory or community obligation, your data may be communicated: 1. To natural and/or legal persons engaged by us for the performance of the services and for activities related thereto; 2. Subjects delegated and/or appointed by us to perform professional and technical maintenance activities (including maintenance of network equipment and electronic communication networks of websites where data is posted). In any case, only the data necessary and relevant for the purposes of the processing for which they are responsible as external processors, appointed by the data controller in accordance with current legislation, will be communicated to the aforementioned subjects. Personal data will therefore not be disseminated. The Data Controller collaborates with the police and with other public subjects and public authorities to bring its users to respect the law, the rights of other users and third parties, including their intellectual property rights. Thus, your personal data may be communicated, by way of indication but not limitation, to public subjects, in the event that this is necessary for the purposes of defence, state security, prevention, detection or repression of offences, in compliance with the rules governing this matter. These public subjects will have the right to request and obtain personal information about you even if it is necessary or expedient for investigations or evaluations relating to the commission of fraud, computer fraud, violation of intellectual property rights, acts of computer hacking or other illegal activities, which could expose us or our users to legal, civil or criminal liability.

RIGHTS OF INTERESTED PARTIES AND EXERCISE OF RIGHTS

In accordance with the legislation in force, you can at any time request: 1. Confirmation of whether or not your personal data exists; 2. Know the content and origin, purposes and methods of processing; 3. The logic applied in case of treatment carried out with the aid of electronic instruments; 4. The identification data of the owner, managers and subjects or categories of subjects to whom your personal data may be communicated. In addition, you have the right to obtain: 1. Updating, rectification, integration, right to data portability; 2. The cancellation, transformation into anonymous form or blocking of your data processed in violation of the law; 3. Opposition in any case, for legitimate reasons, to the processing of data relevant to the purpose of the collection; 4. Opposition to data processing for commercial purposes. In accordance with the Regulations, you will also have the right to lodge a complaint with a supervisory authority. To exercise your rights, you can contact the Jehan Alain Association responsible for data processing, whose registered office is located at Faubourg de l'Hôpital 18 - CH 2000 Neuchâtel, by sending an e-mail to info@jehanalain.ch. If the user contacts us to request access to or deletion of their personal information from our systems and records, in accordance with this privacy policy and legal obligations, we will do our best to comply with this request, in a reasonable delay. We inform users that, however, due to technical constraints and due to the safeguarding of their systems, the user's personal information may continue to reside even after it has been deleted for a period of time and in part of our systems. The controller reserves the right to refuse requests to access or delete personal information if the disclosure or deletion of the requested information is not authorized by law or does not meet one of the objectives listed below. -above. To protect against unlawful access requests, we reserve the right to request sufficient information to verify the identity of the requesting party before granting access or making corrections.

DATA RETENTION PERIOD

The retention period of personal data is determined ato (or determinable) depending on the purpose or the legal basis under which the processing is to take place. As far as browsing data is concerned, these will be deleted a few hours after they have been processed. The data processed for the execution of the contractual relationship will be kept for the time necessary for the correct and complete execution of the services provided for in the contract itself (including those strictly related and related to its termination). kept for a period not exceeding the greater of the two periods indicated below, corresponding to: • 10 (ten) years from the end of the relationship; Or • at the end of the limitation period for the initiation of actions and/or initiatives that the data controller could undertake to establish, exercise or defend a right in court as a result and/or as a result of contracts drawn up or to be drawn up ( with the Persons Concerned). Personal data processed for marketing purposes, on the other hand, will be kept until the interested party has expressed the intention to revoke the consent expressed for this purpose. There also remains the case where the greatest retention of data must be carried out to satisfy the needs of justice, for example to comply with a request from the administrative, control and/or supervisory authority or for the exercise and /or for the protection (judicial and/or extrajudicial) of its rights or to exercise the defense against complaints and/or legal actions. Once the retention period is over, your personal data will be securely deleted.

ADDITIONAL PROVISIONS Use of the site by minors The website is not intended for persons under the age of 18 and is therefore not intended for children under the age of 14. We do not knowingly collect or solicit personal information from children under the age of 14. Data transfer Your personal data will be stored in databases on our servers, or on the servers of our trusted suppliers, in Italian territory, or in countries of the European Economic Area or outside Europe where contractual clauses approved apply for the secure transfer of data or to which an adequacy decision of the European Commission is in force.

External services in use in this website:

Google Tag Manager; Google Fonts; Google Analytics 4