NOTICE ON THE TREATMENT OF PERSONA DATA (ART. 13 E 14 REG. UE. 2016/679) The FEI FAST & ECOLOGICAL INFORMATION sole proprietorship of Dorigo Mattia, with registered office in via Borgo san Vittore 32, Farra di Soligo, Treviso, tax code : DRGMTT96E21C957L , VAT number : 04957080262 (below referred to as “owner”), as owner of the treatment, informs you according to art. 13 D.Lgs. 30.6.2003 n.196 (below referred to as “Privacy Policy”) and art. 13 UE Regulation n.2016/679 (below referred to as “GDPR”) that your data will be processed in the following manner and for the following purposes: Privacy Point of contact: You can exercise your rights at any time by sending: • a registered letter with return receipt to: Borgo San Vittore 32, Farra di Soligo, Treviso • an e-mail to the address: mattiadorigo@feionline.it Types of personal and sensitive user data : Fei collects data from users like Name, Surname, email, VAT code, blood group, allergies, emergency contacts, diseases, medicines. All those information are shared with selected users called rescuers for a limited time and only for emergencies. Secure data handling for personal and sensitive data: All data is stored on an online database in a server inside the EU. All the information are encrypted with AES 256. Developer data retention and deletion policy: In every moment a user can delete his account and all his data will be put into “sleep”. After 1 year of inactivity all data will be permanently deleted. 1. Object of the Treatment: the owner processes personal, identification, sensitive and health-related data (for example: name, surname, business name, address, telephone number, email, bank and payment references, medical, genetic and healthrelated data) below referred to as “data” you communicated in the moment of the purchase of services provided by the Owner consisting in the supply and programming of an electronic device containing health information or by completing the form to receive marketing information on the Owner's initiatives. 2. Purpose of the Treatment: Your personal, identification, sensitive and health data are processed with your explicit consent for the following Service Purposes: A) - for the regular performance of the services provided by the Owner consisting in the supply and programming of an electronic device containing health information; - fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships with you; - fulfill the obligations established by law, by a regulation, by EU legislation or by an order of the Authority (such as for example in the matter of anti-money laundering); - exercise the rights of the owner, for example the right to defense in court; B) To send you by e-mail, mail and/or sms and/or phone calls, newsletter, commercial communications and/or advertising material on products or services provided by the Owner and detection of the degree of satisfaction with the quality of services. 3. Provision of personal data, refusal and methods of treatment The interested party or who legally represents him (support administrator, authority, guardian, curator) is obliged to provide the personal, identification, sensitive and health-related data as well as the express consent to the processing of the same for the purposes referred to in art. 2.A). Failure to provide the requested data or failure to consent to the processing of the same makes it impossible to carry out the services referred to in point 2.A and the Owner cannot consequently perform the services requested by the interested party. The provision and consent to the processing of data for the purposes referred to in art. 2.B) is, however, optional. The interested party can therefore decide not to give any data and not to give any consent for these purposes or to subsequently deny the possibility of processing already provided data: in this case, he will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by the Holder. The processing of your personal data is carried out by means of the operations indicated in art. 4 Privacy Code and art. 4 no. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper, telematic, electronic and / or automated processing. The treatment is carried out by the Owner and by those specifically authorized by the Owner. 5. Data Access: Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B) to: employees and collaborators of the Owner, to third-party companies or other subjects (by way of example, commercial partners, credit institutions, credit recovery companies, professional firms, consultants, companies operating in the sector of transport, subcontractors, subjects specifically appointed and / or authorized by the Owner that provide the same data processing services, consultancy, as well as to subjects and / or companies that carry out in any case instrumental, complementary and functional activities to those of the Owner execution of activities related to the existing contractual relationship, in their capacity as external data processors , and also to all subjects to whom the communication is due due to legal obligations). 6. Data Communication Without the need for express consent (pursuant to art.24 lett. A), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities, as well as to those subjects to whom communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent owners. Your data will not be further disclosed. 6. Data transfer: Personal data are stored on servers external to the company. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers and data within the European Union countries or to an international organization for the purposes referred to in point 2. 7. Data retention: the data are kept for a period of ten years from the conclusion of the contract. 8. Rights of the person concerned: In your capacity