INFORMATION ON THE PROCESSING OF PERSONAL DATA FOR THE APP “THermo” and “Thermo Wi-Fi”

1. Purpose and legal bases of the processing

1.1 Pursuant to articles 13.1 of EU Regulation no. 679/2016 called “General Data Protection Regulation” and to art. 13 of Italian Legislative Decree no. 196-2003 called “Privacy Code”, CAME S.p.A., as data controller of personal data (the “Data Controller”) informs you that the processing of your personal data provided by you through the registration form of the App is finalized to:

i) create a user profile to access the App and to use it, as well as other CAME cloud services on the website www.cameconnect.net ("Site") and

ii) to allow the configuration of the App in your smartphone and to associate, configure and manage the devices compatible with it.

1.2 The data provided by you during the registration, as well as those available at the Data Location (hereinafter together as “Data”), may also be used from the Data Controller for the following purposes:

i) for legitimate interest for statistical purposes in anonymous form;

ii) with your written consent, for sending periodic informative communications of promotional nature, as well as carry out market research (“Direct Marketing”) through automated contact methods such as e-mail and banners within the Apps or through an external Processor who has its server located in the EU territory;

iii) with your written consent, to locate the position of your thermostat and therefore make the App more functional.

2. Data collection. Necessity

2.1 The communication of Data marked as “mandatory” is necessary for the creation of a user profile inside the App. Their communication and their treatment are obligatory and in their absence it will not be possible to follow up the subscription request.

2.2 The browsing data available in the Location Data include the IP addresses or identifiers of the devices on which the App is installed, the addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment, such as wifi network name.

3. Method of processing and storage times

3.1 The processing of Data for any of the purposes mentioned above is executed via paper, automated or electronic means and via mail, e-mail, telephone (calling, SMS, MMS), fax and any other IT channel (websites, mobile, app) able to guarantee security and confidentiality according to what is known as “data protection by default”, which means we handle your data in the most secure way possible to mitigate the risk of diffusion.

3.2 Data will be processed as mentioned above, by complying with confidentiality and lawfulness obligations, to which our company is committed and only for as long as is needed to provide the services, that is, until you delete your own user profile. You can request to do this at any time according to the provisions of point 8.

3.3 Without prejudice to the provisions of art. 1.3, the Data Controller could have access to the Location Data as long as you use the App and in any case until the cancellation of the user profile by described procedure.

3.4 In any case, provided Data will be processed no later for a period of twentyfour months if they are collected for marketing purposes.

3.5 The provision of Data via the registration form allows the profile you created to access further specific areas of the Site and for further purposes pursuant to the privacy policy published at the link.

4. Categories of recipients of personal data

4.1 Data will be processed by employees and/or collaborators of the Data Controller, who will be appointed as authorized data processors and may be disclosed to third-party companies, appointed for this purpose as data processors, which provide ancillary and instrumental services to the Data Controller's activity. In no case will the Data be diffuse.

5. Consent

5.1 Your consent is not required when the data processing:

a) is required for complying with legal obligations, regulations or EU standards;

b) is required for complying with contractual obligations which the user have entered into, or for complying, before the winding up of the contract, with the user’s specific requests;

c) is carried out with reference to data sourced from public records, lists, freely available acts or documents, with no prejudice to any limits and terms that any laws, regulations or European standards establish for the knowledge and disclosure of data;

5.2 The consent for the above purposes is facultative.

6. Transfer

6.1 The processing and storage of personal data takes place on servers located within the European Union owned and/or available to the Data Controller and/or third-party companies duly appointed as data processors, except as follows.

7. Subjective limitations

7.1 Registration and subscription are allowed to users who are over 18 years old.

8. Rights of the data subject

8.1 We inform you about your rights:

• il right of access to your data, i.e. the right to obtain from the Data Controller confirmation about the current processing of you data and, whether required by you, the access;
• il right of rectification and cancellation, i.e. the right to obtain – based legitimate grounds - the rectification of inaccurate personal data and/or the integration of incomplete personal data and/or cancellation;
• il right to restriction of processing, i.e. the right to obtain restriction of processing for legitimate reasons;
• il right to Data portability, i.e. the right of the user to receive its personal data in a structured, commonly used and machine-readable format for the transmission to another;
• il right to withdraw your consent at any time. The withdraw of the consent does not affect the legitimacy of the processing carried out before withdrawal.
• il Right to object, that is right to object to processing of personal data, included the data used for profiling or marketing purposes, for legitimate reasons;
• il right to complain to the competent supervisory authority in case of unlawful processing of the data or to take legal actions.

8.2 Please, send your requests to: CAME S.p.A. at the following email address: privacy@came.com

9. Data Controller

9.1 The Data Controller is CAME S.p.A., Fiscal Code and Vat Code 03481280265 – with registered office at Via Martiri della Libertà, 15, 31030 Dosson di Casier (TV).