DATA PROTECTION POLICY With this notice ("Notice") the Controller, as defined below, informs you about the purposes and methods of processing your personal data and about the rights recognized by Regulation (EU) 2016/679 on the protection and free movement of personal data ("General Data Protection Regulation" or "GDPR") and by Italian Legislative Decree 196/2003. 1. DATA CONTROLLER The data controller is Stageair srl with registered office in Via della Croce Rossa n. 112, Padua (Italy), Italian tax code and VAT number 05177530283 ("Controller"). You can contact the Controller at the following addresses: E-mail: info@stage-air.com Address: Via della Croce Rossa n. 112, Padua (Italy) 2. PERSONAL DATA PROCESSED For the purposes indicated in this Notice, the Controller processes the following: "common" personal data: " personal data such as name, surname, place and date of birth, e-mail address and other contact details. 3. PURPOSE AND LEGAL BASIS The processing of your personal data is aimed at transmitting promotional information on the services offered by the Controller (e.g. through newsletters and / or social media or email) or to involve you in market research. This processing activity is based on your specific consent, given by ticking the appropriate box on the data collection page, pursuant to Article 6, first paragraph, letter a) GDPR. Even if you have your consent, you can at any time request the Controller to stop the processing activity by sending an e-mail to the following address: info@stage-air.com, or by clicking on the appropriate link contained in any communication you will receive. Your personal data may also be processed, where necessary, for: " complying with any law or regulation of the European Union or of a Member State of the European Union. This processing activity is based on the need to fulfill a legal obligation to which the Controller is subject, pursuant to Article 6, first paragraph, letter c), of the GDPR; " protecting in Court, the rights of the Controller. This processing activity is based on the legitimate interest of the Controller, pursuant to article 6, first paragraph, letter f) of the GDPR. 4. NATURE OF THE PROCESSING ACTIVITY AND CONSEQUENCES OF A REFUSAL Processing your personal data is a necessary requirement to carry out the activities described above; therefore, in the event of your refusal to provide them, we will not be able to send you marketing communications or involve you in market research. 5. HOW PERSONAL DATA ARE PROCESSED The processing of your data will take place, in compliance with the provisions of the GDPR, using paper and IT tools, for the purposes above indicated and, in any case, with suitable methods to guarantee their security and confidentiality. The Controller does not use automated decision-making processes and does not carry out profiling activities. The processing activity for marketing purposes may performed by e-mail or mail, over the phone, by means of SMS. 6. DATA RETENTION PERIOD The Controller will process your personal details for marketing purposes for 2 years from when your consent and will then be deleted. In any case, at any time you have the right to terminate the processing activity with immediate effect, as indicated in preceding article 3. Please note that, in any case, the Controller may however retain some of your personal data for a longer period, where required by law and / or necessary to protect a right of the Controller. 7. TRANSFER OF PERSONAL DATA For the purposes described in preceding article 3, the Controller may transmit your personal data to its employees, collaborators and, in general, to the company's staff, who will operate as persons authorized to process personal data, specially appointed. The Controller may also transfer your data to: a) IT service providers, for the management of IT systems; b) marketing service providers, for sending the newsletter and/or the organization of events, marketing campaigns, market surveys; c) public authorities and administrations to fulfill legal obligations or to ascertain, exercise or defend a right before judicial or administrative courts and offices; d) other service providers. The subjects belonging to the preceding categories will operate, in certain cases, as autonomous data controllers, in other cases, as data processors specifically appointed pursuant to article 28 of the GDPR. At any time, you can ask the Controller for the list of data processors, at the addresses indicated in preceding article 1. Your personal data will not be spread among the public or transmitted to subjects outside the European Union. 8. YOUR RIGHTS With regard to the processing activities mentioned in this information, you can exercise the rights listed in this section, as enshrined in articles 15 to 21 of the GDPR. In particular: " Right of access - article 15 of the GDPR: to obtain confirmation of whether or not your personal data are being processed and, in such case, receive information regarding: purposes of the processing, categories of data processed and retention period, recipients to whom these can be communicated, etc. " Right to rectification - article 16 of the GDPR: to obtain, without undue delay, the rectification of your data, if incorrect, or the integration of incomplete ones. " Right to erasure - article 17 of the GDPR: to obtain, without undue delay, the erasure of your personal data in the cases provided for by the same article. " Right to restrict the processing activity - article 18 of the GDPR: to obtain the restriction of the processing activities in the cases provided for by the same article. " Right to data portability - article 20 of the GDPR: to receive, in a structured, commonly used and machine-readable format, your personal data and obtain that they are transmitted to another controller without hindrance, in the cases provided for by the same article. " Right to object - article 21 of the GDPR: to object, at any time, to the processing of your personal data, unless there are legitimate grounds for the Controller to continue the processing activity. " Right to withdraw the consent - article 7 of the GDPR: to withdraw the previously expressed consent with the same simplicity with which it was given. " Complaints - lodge a complaint to the Italian Data Protection Supervisory Authority, using one of the following contact details: Piazza Venezia, 11 - 00187 Rome; Certified Email: protocol@pec.gpdp.it (see the website www.garanteprivacy.it/home/diritti for further information on how to lodge a complaint); or to the Data Protection Supervisory Authority of your usual residence, workplace or place of the alleged infringement. You can find a list of references from the Data Protection Supervisory Authorities of EU Member States at the following link: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. The above-mentioned rights can be exercised by contacting the Controller at the addresses indicated in preceding article 1. Please note that the Controller may verify your identity before proceeding with your request. *** CANDIDATES: With this notice ("Notice") the Controller, as defined below, informs you about the purposes and methods of processing your personal data and about the rights recognized by Regulation (EU) 2016/679 on the protection and free movement of personal data ("General Data Protection Regulation" or "GDPR") and by Italian Legislative Decree 196/2003. 1. DATA CONTROLLER The data controller is Stageair srl with registered office in Via della Croce Rossa n. 112, Padua (Italy), Italian tax code and VAT number 05177530283 ("Controller"). You can contact the Controller at the following addresses: E-mail: info@stage-air.com Address: Via della Croce Rossa n. 112, Padua (Italy) 2. PERSONAL DATA PROCESSED For the purposes indicated in this Notice, the Controller processes the following: "common" personal data: " personal data such as name, surname, place and date of birth, tax code, residence, telephone number, e-mail address and other contact details; " data relating to your marital status and family situation, including data of minors; " financial data, such as your bank account details; " data relating to any business travel or the use of benefits or corporate tools for business purposes; special categories of data: " data relating to your state of health and any data relating to his affiliation to trade union organizations. 3. PURPOSE OF THE PROCESSING ACTIVITY AND LEGAL BASIS Performance of a contract The processing of your personal data is necessary for the execution and management of your employment relationship / collaboration with the Controller. The legal basis for the processing of your data is, therefore, the performance of the contract with you, pursuant to article 6, first paragraph, letter b), of the GDPR. Compliance with a legal obligation Your personal data may also be processed, where necessary, to comply with any law or regulation of the European Union or of a Member State of the European Union (e.g. for the purposes of keeping accounts, social security, etc.). The legal basis of this processing activities are: " compliance with a legal obligation to which the Controller is subject, pursuant to article 6, first paragraph, letter c), of the GDPR; " with regard to special categories of personal data: o fulfilling obligations regarding labor law, social security and social protection, pursuant to article 9, second paragraph, letter b) of the GDPR; o preventive medicine or occupational medicine purposes, assessment of the employee's working capacity, medical diagnosis, health or social care system and services, management of public health or social systems and services, pursuant to article 9, second paragraph, letter h) of the GDPR. Legitimate interest Finally, your personal data may be processed in order to protect the rights of the Controller before Court. This processing activity is based on the legitimate interest of the Controller, pursuant to article 6, first paragraph, letter f) of the GDPR. 4. NATURE OF THE PROCESSING ACTIVITY AND CONSEQUENCES OF REFUSAL Processing your personal data is a necessary requirement for the execution and management of the employment / collaboration relationship. Therefore, in case of refusal to provide them, the Controller will not be able to execute or manage the employment / collaboration relationship. 5. HOW PERSONAL DATA ARE PROCESSED The processing of your data will take place, in compliance with the provisions of the GDPR, using paper and IT tools, for the purposes above indicated and, in any case, with suitable methods to guarantee their security and confidentiality. The Controller does not use automated decision-making processes and does not carry out profiling activities. 6. DATA RETENTION PERIOD The Controller will process your personal data, for the purposes indicated in preceding article 3, for as long as necessary for the management of the employment / collaboration relationship with you and to fulfill the necessary legal obligations. At the termination of the employment / collaboration relationship, the Controller will process your personal data to manage such termination, and shall have the right to keep and process the same, for the longest time allowed by law, where required by law, to meet a request from a public authority or to manage possible disputes, in compliance with the applicable limitation period. 7. TRANSFER OF PERSONAL DATA For the purposes described in preceding article 3, the Controller may transmit your personal data to its employees, collaborators and, in general, to the company's staff, who will operate as persons authorized to process personal data, specially appointed. The Controller may also transfer your data to: a) IT service providers, for the management of IT systems; b) labor, legal, tax and accounting consultants for the management of the employment relationship or of legal obligations; c) credit and insurance institutions for managing the relationship, wages and any corporate credit cards; d) public authorities and administrations to fulfill legal obligations or to ascertain, exercise or defend a right before judicial or administrative courts and offices; e) conciliators, mediators, technical consultants and other subjects who may be involved in the prevention or resolution of disputes in relation to the management of the employment relationship; f) providers of training services or benefit providers such as pass lunches; g) travel agencies and other service providers related to business travel; h) other service providers. The subjects belonging to the preceding categories will operate, in certain cases, as autonomous data controllers, in other cases, as data processors specifically appointed pursuant to article 28 of the GDPR. At any time, you can ask the Controller for the list of data processors, at the addresses indicated in preceding article 1. Your personal data will not be spread among the public or transmitted to subjects outside the European Union. 8. YOUR RIGHTS With regard to the processing activities mentioned in this information, you can exercise the rights listed in this section, as enshrined in articles 15 to 21 of the GDPR. In particular: " Right of access - article 15 of the GDPR: to obtain confirmation of whether or not your personal data are being processed and, in such case, receive information regarding: purposes of the processing, categories of data processed and retention period, recipients to whom these can be communicated, etc. " Right to rectification - article 16 of the GDPR: to obtain, without undue delay, the rectification of your data, if incorrect, or the integration of incomplete ones. " Right to erasure - article 17 of the GDPR: to obtain, without undue delay, the erasure of your personal data in the cases provided for by the same article. " Right to restrict the processing activity - article 18 of the GDPR: to obtain the restriction of the processing activities in the cases provided for by the same article. " Right to data portability - article 20 of the GDPR: to receive, in a structured, commonly used and machine-readable format, your personal data and obtain that they are transmitted to another controller without hindrance, in the cases provided for by the same article. " Right to object - article 21 of the GDPR: to object, at any time, to the processing of your personal data, unless there are legitimate grounds for the Controller to continue the processing activity. " Right to withdraw the consent - article 7 of the GDPR: to withdraw the previously expressed consent with the same simplicity with which it was given. " Complaints - lodge a complaint to the Italian Data Protection Supervisory Authority, using one of the following contact details: Piazza Venezia, 11 - 00187 Rome; Certified Email: protocol@pec.gpdp.it (see the website www.garanteprivacy.it/home/diritti for further information on how to lodge a complaint); or to the Data Protection Supervisory Authority of your usual residence, workplace or place of the alleged infringement. You can find a list of references from the Data Protection Supervisory Authorities of EU Member States at the following link: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. The above-mentioned rights can be exercised by contacting the Controller at the addresses indicated in preceding article 1. Please note that the Controller may verify your identity before proceeding with your request. *** PARENTS: With this notice ("Notice") the Controller, as defined below, informs you about the purposes and methods of processing your personal data and about the rights recognized by Regulation (EU) 2016/679 on the protection and free movement of personal data ("General Data Protection Regulation" or "GDPR") and by Italian Legislative Decree 196/2003. 9. DATA CONTROLLER The data controller is Stageair srl with registered office in Via della Croce Rossa n. 112, Padua (Italy), Italian tax code and VAT number 05177530283 ("Controller"). You can contact the Controller at the following addresses: E-mail: info@stage-air.com Address: Via della Croce Rossa n. 112, Padua (Italy) 10. PERSONAL DATA PROCESSED For the purposes indicated in this Notice, the Controller processes the following: "common" personal data: " personal data such as name, surname, place and date of birth, tax code, residence, telephone number, e-mail address and other contact details; " financial data, such as your bank account details. 11. PURPOSE OF THE PROCESSING ACTIVITY AND LEGAL BASIS Performance of a contract The processing of your personal data is necessary for the execution and management of the contractual relationship between the Controller, on one side and the underage under your responsibility, on the other. The legal basis for the processing of your data is, therefore, the performance of the contract with you, pursuant to article 6, first paragraph, letter b), of the GDPR. Compliance with a legal obligation Your personal data may also be processed, where necessary, to comply with any law or regulation of the European Union or of a Member State of the European Union. The legal basis of this processing activities is the compliance with a legal obligation to which the Controller is subject, pursuant to article 6, first paragraph, letter c), of the GDPR. Legitimate interest Finally, your personal data may be processed in order to protect the rights of the Controller before Court. This processing activity is based on the legitimate interest of the Controller, pursuant to article 6, first paragraph, letter f) of the GDPR. 12. NATURE OF THE PROCESSING ACTIVITY AND CONSEQUENCES OF REFUSAL Processing your personal data is a necessary requirement for the execution and management of the agreement between the Controller, on one side, and the underage under your responsibility, on the other side. Therefore, in case of refusal to provide them, the Controller will not be able to execute or manage such contractual relationship. 13. HOW PERSONAL DATA ARE PROCESSED The processing of your data will take place, in compliance with the provisions of the GDPR, using paper and IT tools, for the purposes above indicated and, in any case, with suitable methods to guarantee their security and confidentiality. The Controller does not use automated decision-making processes and does not carry out profiling activities. 14. DATA RETENTION PERIOD The Controller will process your personal data, for the purposes indicated in preceding article 3, for as long as necessary for the contractual relationship. And particularly until the underage under your responsibility will remain registered to the Controller's website or will become of age, as well as for complying to mandatory law obligations. At the termination of the contractual relationship, or from the becoming of age, the Controller shall have the right to keep and process your personal data for 10 years to meet a request from a public authority or to manage possible disputes. 15. TRANSFER OF PERSONAL DATA For the purposes described in preceding article 3, the Controller may transmit your personal data to its employees, collaborators and, in general, to the company's staff, who will operate as persons authorized to process personal data, specially appointed. The Controller may also transfer your data to: a) IT service providers, for the management of IT systems; b) credit and insurance institutions for the payment of the contractual services; c) public authorities and administrations to fulfill legal obligations or to ascertain, exercise or defend a right before judicial or administrative courts and offices; d) conciliators, mediators, technical consultants and other subjects who may be involved in the prevention or resolution of disputes in relation to the management of the employment relationship; e) other service providers. The subjects belonging to the preceding categories will operate, in certain cases, as autonomous data controllers, in other cases, as data processors specifically appointed pursuant to article 28 of the GDPR. At any time, you can ask the Controller for the list of data processors, at the addresses indicated in preceding article 1. Your personal data will not be spread among the public or transmitted to subjects outside the European Union. 16. YOUR RIGHTS With regard to the processing activities mentioned in this information, you can exercise the rights listed in this section, as enshrined in articles 15 to 21 of the GDPR. In particular: " Right of access - article 15 of the GDPR: to obtain confirmation of whether or not your personal data are being processed and, in such case, receive information regarding: purposes of the processing, categories of data processed and retention period, recipients to whom these can be communicated, etc. " Right to rectification - article 16 of the GDPR: to obtain, without undue delay, the rectification of your data, if incorrect, or the integration of incomplete ones. " Right to erasure - article 17 of the GDPR: to obtain, without undue delay, the erasure of your personal data in the cases provided for by the same article. " Right to restrict the processing activity - article 18 of the GDPR: to obtain the restriction of the processing activities in the cases provided for by the same article. " Right to data portability - article 20 of the GDPR: to receive, in a structured, commonly used and machine-readable format, your personal data and obtain that they are transmitted to another controller without hindrance, in the cases provided for by the same article. " Right to object - article 21 of the GDPR: to object, at any time, to the processing of your personal data, unless there are legitimate grounds for the Controller to continue the processing activity. " Right to withdraw the consent - article 7 of the GDPR: to withdraw the previously expressed consent with the same simplicity with which it was given. " Complaints - lodge a complaint to the Italian Data Protection Supervisory Authority, using one of the following contact details: Piazza Venezia, 11 - 00187 Rome; Certified Email: protocol@pec.gpdp.it (see the website www.garanteprivacy.it/home/diritti for further information on how to lodge a complaint); or to the Data Protection Supervisory Authority of your usual residence, workplace or place of the alleged infringement. You can find a list of references from the Data Protection Supervisory Authorities of EU Member States at the following link: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. The above-mentioned rights can be exercised by contacting the Controller at the addresses indicated in preceding article 1. Please note that the Controller may verify your identity before proceeding with your request. *** INTERNATIONAL PARTNERS AND COMPANIES: With this notice ("Notice") the Controller, as defined below, informs you about the purposes and methods of processing your personal data and about the rights recognized by Regulation (EU) 2016/679 on the protection and free movement of personal data ("General Data Protection Regulation" or "GDPR") and by Italian Legislative Decree 196/2003. 17. DATA CONTROLLER The data controller is Stageair srl with registered office in Via della Croce Rossa n. 112, Padua (Italy), Italian tax code and VAT number 05177530283 ("Controller"). You can contact the Controller at the following addresses: E-mail: info@stage-air.com Address: Via della Croce Rossa n. 112, Padua (Italy) 18. PERSONAL DATA PROCESSED For the purposes indicated in this Notice, the Controller processes the following: "common" personal data: " personal data such as name, surname, place and date of birth, tax code, residence, telephone number, e-mail address and other contact details; " your role in the entity you represent; " financial data and bank accounts details. 19. PURPOSE AND LEGAL BASIS Performance of a contract The processing of your personal data is necessary for the negotiation, conclusion, performance and management of the contract for the supply of services with you or with the entity you represent. The legal basis for the processing of your data is, therefore, the performance of a contract with you, pursuant to article 6, first paragraph, letter b), of the GDPR. If you act on behalf of an entity, the legal basis for the processing of your personal data may be the legitimate interest of the Controller to deal with such entity for the purposes indicated above and to the extent strictly necessary for the management of the commercial relationship between the Controller and the entity for which you work. Compliance with a legal obligation Your personal data may also be processed, where necessary, to comply with any law or regulation of the European Union or of a Member State of the European Union (e.g. for the purposes of keeping accounts, social security, etc.). The legal basis of this processing activities is the compliance with a legal obligation to which the Controller is subject, pursuant to article 6, first paragraph, letter c), of the GDPR. Legitimate interest Finally, your personal data may be processed in order to protect the rights of the Controller before Court. This processing activity is based on the legitimate interest of the Controller, pursuant to article 6, first paragraph, letter f) of the GDPR. 20. NATURE OF THE PROCESSING ACTIVITY AND CONSEQUENCES OF REFUSAL Processing your personal data is a necessary requirement for the execution and management of the supply agreement with you or with the entity you represent, and therefore, in case of refusal to provide them, the Controller will not be able to execute or manage the supply agreement with you or with the entity you represent. 21. HOW PERSONAL DATA ARE PROCESSED The processing of your data will take place, in compliance with the provisions of the GDPR, using paper and IT tools, for the purposes above indicated and, in any case, with suitable methods to guarantee their security and confidentiality. The Controller does not use automated decision-making processes and does not carry out profiling activities. 22. DATA RETENTION PERIOD In case of execution of a supply agreement between the Controller, on one side, and you or the entity you represent, on the other side, personal detail will be processed for 10 years following the last accounting movement / registration and then deleted. If, on the contrary, an agreement is not concluded, personal data will be deleted after 5 years from the end of the negotiations. 23. TRANSFER OF PERSONAL DATA For the purposes described in preceding article 3, the Controller may transmit your personal data to its employees, collaborators and, in general, to the company's staff, who will operate as persons authorized to process personal data, specially appointed. The Controller may also transfer your data to: a) IT service providers, for the management of IT systems; b) labor, legal, tax and accounting consultants for the management of the contractual relationship or of legal obligations; c) credit and insurance institutions for managing the relationship and the payment of the contractual services; d) public authorities and administrations to fulfill legal obligations or to ascertain, exercise or defend a right before judicial or administrative courts and offices; e) conciliators, mediators, technical consultants and other subjects who may be involved in the prevention or resolution of disputes in relation to the management of the employment relationship; f) other service providers. The subjects belonging to the preceding categories will operate, in certain cases, as autonomous data controllers, in other cases, as data processors specifically appointed pursuant to article 28 of the GDPR. At any time, you can ask the Controller for the list of data processors, at the addresses indicated in preceding article 1. Your personal data will not be spread among the public or transmitted to subjects outside the European Union. 24. YOUR RIGHTS With regard to the processing activities mentioned in this information, you can exercise the rights listed in this section, as enshrined in articles 15 to 21 of the GDPR. In particular: " Right of access - article 15 of the GDPR: to obtain confirmation of whether or not your personal data are being processed and, in such case, receive information regarding: purposes of the processing, categories of data processed and retention period, recipients to whom these can be communicated, etc. " Right to rectification - article 16 of the GDPR: to obtain, without undue delay, the rectification of your data, if incorrect, or the integration of incomplete ones. " Right to erasure - article 17 of the GDPR: to obtain, without undue delay, the erasure of your personal data in the cases provided for by the same article. " Right to restrict the processing activity - article 18 of the GDPR: to obtain the restriction of the processing activities in the cases provided for by the same article. " Right to data portability - article 20 of the GDPR: to receive, in a structured, commonly used and machine-readable format, your personal data and obtain that they are transmitted to another controller without hindrance, in the cases provided for by the same article. " Right to object - article 21 of the GDPR: to object, at any time, to the processing of your personal data, unless there are legitimate grounds for the Controller to continue the processing activity. " Right to withdraw the consent - article 7 of the GDPR: to withdraw the previously expressed consent with the same simplicity with which it was given. " Complaints - lodge a complaint to the Italian Data Protection Supervisory Authority, using one of the following contact details: Piazza Venezia, 11 - 00187 Rome; Certified Email: protocol@pec.gpdp.it (see the website www.garanteprivacy.it/home/diritti for further information on how to lodge a complaint); or to the Data Protection Supervisory Authority of your usual residence, workplace or place of the alleged infringement. You can find a list of references from the Data Protection Supervisory Authorities of EU Member States at the following link: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. The above-mentioned rights can be exercised by contacting the Controller at the addresses indicated in preceding article 1. Please note that the Controller may verify your identity before proceeding with your request.