Privacy Policy Whitepaper

With this notice, released pursuant to Article 13 of the Regulation (EU) 2016/679 ("GDPR" or "Regulation"), Prysmian wishes to inform you how and for what purposes it will process your personal data collected in connection with your request to receive a copy of the White Paper [•] ("Request").

Such data will be processed in full compliance with current legislation on the protection of personal data and, in particular, in accordance with the GDPR and Italian Legislative Decree No. 196 of June 30, 2003, as amended ("Italian Privacy Code").

1. Data controller

The data controller of the personal data collected in the context of the Request is Prysmian S.p.A. ("Prysmian" or the "Controller"), with the registered office at Via Chiese n.6, 20126, Milan.

2. Categories of personal data processed

To fulfil your Request, the Controller intends to collect the following data: (i) first name; (ii) last name; (iii) organization for which you operate; and (iv) e-mail address.

3. Purpose and legal basis for processing

Prysmian will process your personal data to fulfil your Request (Article 1.1.b of the GDPR), and on the basis of its legitimate interest of knowing the general interest of the market about its initiatives connected to and contents published in the White Paper (Article 1.1.f of the GDPR).

Only on the basis of your express and free consent (Article 1.1.a of the GDPR), Prysmian may use your data provided within the Request to send you, periodically, the newsletter "Nexst" dedicated to the world of Digital Solutions.

4. Communication and outreach

Except for communications put in place in fulfilment of legal obligations, or at the request of the competent authorities, and unless they are necessary for the exercise or defense of a right in court, your personal data will not be subject to any communication to third parties.

If the processing activities carried out by the Controller involve any suppliers, they will be duly appointed as data processors pursuant to Article 28 of the GDPR. In addition, your personal data will be processed only by personnel duly bound to confidentiality and compliance with data protection regulations under Article 29 of the GDPR. Your personal data will not be transferred outside the European Economic Area ("EEA").

In any case, should Prysmian make a transfer abroad, in the absence of an adequacy decision, all necessary measures will be applied, under the provisions of Chapter V of the GDPR (e.g. Standard Contractual Clauses).

5. Processing methods and retention period

Your personal data will be processed with the support of electronic tools. Except for the need to exercise the rights of the Controller and to comply with legal obligations or orders of authorities, the data will be retained only for the time necessary to fulfil the Request, and in any case no longer than [•] .

Should you decide to give your consent to receive the "Nexst" newsletter, your personal information will be retained for a time not exceeding [•] years, unless you request to unsubscribe from the newsletter service before the end of this period. At the end of the aforementioned retention periods, the data will be deleted or anonymized.

6. Data Protection Officer (DPO)

Prysmian has appointed a Data Protection Officer (DPO), who can be contacted at the following email address: [email protected].

7. Your rights

With reference to the processing operations covered by this notice, you may at any time exercise your rights under the Regulation, including:

• The right to request confirmation of whether or not your personal data is being processed;
• The right to access your personal data;
• the right to obtain without delay the rectification of your inaccurate personal data and notification of those to whom the data may have been transmitted;
• the right to obtain, in the cases provided for, the deletion of its data and notification of those to whom the data may have been transmitted;
• The right to obtain restriction of processing, when provided;
• The right to obtain portability of personal data in the cases established by the data protection legislation;
• The right to object to the processing of your data.

This is without prejudice, in any case, to your right to lodge a complaint with the Data Protection Authority (in Italy, GPDP - Autorità Garante per la Protezione dei Dati Personali).

For any further information about the processing of your personal data and/or to exercise your rights, you may contact the Controller at the following e-mail address: [email protected].