PRIVACY POLICY

This document is intended to provide you with information to illustrate how D3E Studio process your personal data by operationally dictating that is reported on the "Policy for the processing of personal data" adopted by 'D3E Studio'. The personal data provided by the Customer are processed in compliance with EU Reg. 679/2016 (hereafter REGULATION), by the company Nitya Inc.

On the registration or service acquisition pages, brief information on the processing of personal data is provided.

DEFINITIONS

REGULATION: General Regulation on the protection of personal data EU 679/2016.

PERSONAL DATA:

any information concerning an identified or identifiable natural person ('concerned'); an identifiable natural person can be identified, either directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online ID or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social.

SENSITIVE DATA:

personal information related to ethnic origin, political opinions, religious or philosophical beliefs, union membership, health status, life or sexual orientation of the interested party, as well as genetic, biometric and geo-location information. Judicial data: personal information relating to criminal convictions, crimes or related security measures.

DATA CONTROLLER:

the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of processing personal data (data);

DATA PROCESSOR:

the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller (data);

CUSTOMER:

subject (natural person or legal entity) who starts relations with D3E Studio following subscription, including contract electronics.

THIRD PARTIES:

subjects whose personal data are contained in public and private databases, external to 'D3E Studio'..

Interested: identified or identifiable natural person connected to Customers or Third parties to whom the data refer

HOLDER OF THE TREATMENT

Holder of the treatment is 'D3E Studio', 392 E Winchester St., Suite 201 Salt Lake City, UT 84107 +1(510)-378-8077

DATA PROTECTION MANAGER

The 'D3E Studio' as a result of assessing their risk profile on personal data processed, he decided to have a Personal Data Protection Manager (RPD-DPO) available at ' [email protected] (then dpo_ [email protected]).

PURPOSE OF THE PROCESSING OF PERSONAL DATA

The processing of information concerning the CLIENT will be constantly based on the principles of correctness, lawfulness, transparency and protection of confidentiality, whether the processing is done through IT tools or is carried out, where necessary, in paper form.

'D3E Studio' collects and stores, also in electronic form, the personal, commercial and fiscal data relating to each CUSTOMER, in order to:

fulfill the contractual obligations and for the protection of the company in court;

allow the activation, provision, management and / or maintenance of services;

provide assistance, including by telephone, following an explicit request in this regard;

pursue the legitimate interest of 'D3E Studio'. (REGULATION Art. 6.1f), with particular reference to the following activities:

a) verification and improvement of market analysis processes and direct customer contact and communication of tools aimed at customer loyalty and service improvement;

b) advertising, market research and surveys, without prejudice to the possible opposition of the Customer;

c) new contractual proposals;

d) exchange of information: if other companies will belong to the group, they process the data of the Customer in order to fulfill the obligations imposed on them by laws and regulations for the following purposes: (i) internal audits and reports, (ii) accounting needs.

e) protection of the information security of the company;

f) protection of the company in judicial and extrajudicial proceedings;

In any case, the processing of data will be done by balancing the principles of opportunities and needs of the parties, with the Customer's right to express dissent for some of the processing related to the legitimate interest.

Personal data are processed in compliance with current legislation, without prejudice to the obligations of confidentiality and professional secrecy.

The use of data in a manner that is not compliant and/or contrary to the rights and/or rights of the data subject is excluded.

D3E Studio operates in compliance with art. 16 and 17 of Legislative Decree 70/2013 - Implementation of Directive 2000/31 / EC on certain legal aspects of information society services in the internal market, with particular reference to e-commerce.

OBLIGATORY OF DATA CONFERENCE

Failure, partial or incorrect conferment of the requested data, as well as the lack of consent to the processing of data necessary for the pursuit of the purposes specified in the previous paragraph, does not allow the completion of the contract.

Any subsequent revocation of the consent granted, in the same way, excludes the continuation of the existing contractual relationship and the provision of related professional services.

Due to the particular nature of the services provided and the consequences that could derive from the non-renewal of the contract,'D3E Studio'. reserves the right to notify the Customer of the expiry notice of the contract by email.

In accordance with current legislation, each CLIENT is therefore required to declare that he has read this information by ticking the box in the appropriate registration form.

METHOD OF TREATMENT OF PERSONAL DATA

D3E Studio informs that the processing of personal data takes place through manual and/or computerized tools with logic strictly related to the purposes set out above.

Personal data will be kept for the entire duration of the contractual relationship and for a further 10 years from the termination of the same, in compliance with the obligations to keep the accounting records.

The updating of the customer's personal data is always the responsibility of the latter.

Personal data are collected in a minimized manner linked to identification only for administrative and fiscal aspects. The data concerning the online work sessions are kept for the sole purpose of highlighting the client of the activities carried out. The data can be managed through the use of systems in cloud mode to guarantee the CLIENT the best opportunities in terms of flexibility and flexibility of the service, physical security and data resilience, availability and resource redundancy. The cloud equipment chosen by the owner may be internal to the company, at its headquarters, or at companies that will be connected (controlled or controlling), or related to external companies in compliance with specific contractual agreements with indication of physical location some data. The physical location of the data, in any case, will always be in Europe or in countries authorized by the REGULATION in compliance with the relative adequacy clauses, or the specific standard contractual clauses established by the Guarantor of the country of origin, or binding rules of enterprise (the policies on the protection of personal data applied by a controller or controller established in the territory of a Member State to the transfer or set of transfers of personal data to a controller or processor in one or more third countries, within a business group or group of companies that perform a common economic activity), without prejudice to the exercise of the rights of the interested party (see Rights section of the interested party). Personal data are subjected to the minimum security measures provided by the previous Legislative Decree 196/2003 (Privacy Code), updated and adjusted regularly. The Data Controller has also activated supplementary protection systems in order to improve the level of security and adequacy against loss, illicit, incorrect or unauthorized use of data.

It is the Client's responsibility to keep his access credentials to safeguard the integrity of personal data and the information contained on his profile.

D3E Studio authorizes access to its services only to identify customers and does not provide access through trustees or other authorized personnel. The security systems and generally the security of the hardware and software infrastructure are subject to periodic audits by both internal company bodies and external bodies. The external auditing or verification structures, with independence and third-party requisites, are appointed, with the exception of the checks envisaged by the Ministry of Justice, and are responsible for the treatment of confidentiality.

The assistance is provided, to date, by personnel who work under the authority of 'D3E Studio'..

In the event of a request for assistance presented by the Customer by telephone or e-mail, the Customer will come into contact with a skilled specialist operator of 'D3E Studio'. or of identified Managers. The assistance operator operating in direct contact with the Customer could get in touch with personal data of the latter. In these conditions the operator, instructed on the maximum respect for the confidentiality of the information processed and on the obligations imposed by the Regulation, will be submitted to the Client authority who must give specific instructions on the processing of data and any limitations always behaving in a lawful, correct and transparent, limiting itself to statistical annotations on the request itself.

The telephone conversations, opportunely sampled, could be recorded to verify the correctness and regularity on the service delivery.

COMMUNICATION AND DIFFUSION OF DATA

The CUSTOMER is informed that the data provided by the same, with the exception of third parties, may be transferred, within the terms provided for by law, to the companies that may be connected and / or controlling and / or subsidiaries and / or distribution companies of correspondence with which the principle of minimization of transmitted data is applied, limited to those indispensable for providing the service. 'D3E Studio'. provides that external OWNERS provide services upon request by the Customer. Among the external owners are present:

• "Database managers" for the parts related to the services provided by them: The transfer of data to these companies will be notified to the CUSTOMER, with the warning that, if this occurs, the transmission must be considered necessary and finalized particular service required: any refusal to transfer may make it impossible to provide the service. Explicit information on the processing of data made by the above mentioned "Data Management Company" companies is available on the respective websites or on the website www.d3estudio.com which contains the indications provided by the Code of Ethics and Good Conduct of ANCIC (see Annex A7 of Legislative Decree 196/2003 );

• D3E Studio informs that processing may also be carried out with the help of natural or legal persons in charge of these activities as "Data Processors". Data controllers can be:

companies that manage the maintenance services of the hardware and software equipment of 'D3E Studio' .;

correspondence distribution company (when not self-employed);

distribution and resale company of products and services on the territory;

companies that manage the expiry notice service (The deadline notice service may be delegated to other companies that will treat only the identification data (surname and first name) and the customer's email address, as mere persons in charge of communication.

For all online payment services 'D3E Studio'. transfers skills to bank management portals that have their own personal data protection policies. The relevant information is available at online payment sites. Any transfer of CUSTOMER data to other service companies will be indicated, if performed, for each individual service acquired. The Customer may request a list of the Data Processors at the following address [email protected] (then [email protected]), attaching a valid identity document.

⎫ companies that manage the expiry notice service (The deadline notice service may be delegated to other companies that will treat only the identification data (surname and first name) and the customer's email address, as mere persons in charge of communication.

RIGHTS OF THE INTERESTED PARTY

For all the treatments carried out directly by 'D3E Studio', the CLIENT may at any time exercise the rights referred to in the Regulations and in particular the interested party has the right to obtain:

¬ access to personal data;

¬ updating, rectification or integration of data;

¬ treatment limitation;

¬ cancellation or transformation into an anonymous form;

¬ the opposition including the blocking of data processed in violation of the law, including those whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;

¬ the appeal to the Supervisory Authority to propose a complaint.

Most of the operations mentioned above can be carried out directly by the Customer on their profile page.

Also the Managers of the Treatment appointed by 'D3E Studio'. will be obliged to make the above listed rights exercisable. The Customer also has the right to object, in whole or in part:

¬ for legitimate reasons, to the processing of personal data concerning him / her, even though they are relevant to the purpose of the collection;

¬ to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.

¬ The correction or the opposition can be requested / communicated to the address [email protected].

For the client it is always possible to withdraw consent at any time without prejudice to the lawfulness of the processing based on consent before revocation and the right to lodge a complaint with a supervisory authority.

In the case of information from other sources, the correction can be directly requested from the original operator as required by the unified information ANCIC (national association of information companies) at https://www.informativaprivacyancic.it/richiesta-informativa.aspx.

NOTE FOR THE TREATMENT OF EVEN SENSITIVE AND JUDICIAL DATA OF THIRD PARTIES

For this type of personal data, including sensitive data in accordance with the Regulation, the CLIENT must be considered as independent HOLDER of the TREATMENT and subject, as such, to the obligations in terms of personal data protection and responsible for any violation of the law. For this type of data the CLIENT NAMES expressly 'D3E Studio'. as "Data Processor" pursuant to art. 28 of the Regulations regarding the computerized processing of the same, including storage and assistance. 'D3E Studio', as a subject that for experience, ability and reliability can provide a suitable guarantee of full compliance with the current provisions on treatment, including the profile relating to security, for the processing of personal data, including those referred to in Articles 9 and 10 of Reg. 679/2016, accepts the APPOINTMENT responsible for processing according to the indications of the Data Controller and in compliance with the Regulations. 'D3E Studio' declares that the treatment will always be carried out in compliance with the provisions of the REGULATION through the systems, also cloud, by the 'D3E Studio' itself controlled through the minimum security measures coupled with other measures such as to make the level achieved adequate.

THE HOLDER OF THE TREATMENT

may at any time request changes to the methods of processing performed by the Manager on his behalf, provided these do not conflict with the provisions of the Regulations. Requests for changes must be made in writing by PEC at [email protected].

By virtue of the REGULATION, the HOLDER of the TREATMENT, in case of termination of the contractual relationship, may request the return and / or cancellation of all the information that constitutes the database object of the treatment.

Sensitive data (as mentioned in articles 9 and 10 of the Rules) will be deleted in a secure manner within 90 days from the voluntary termination of the contractual relationship.

The DATA CONTROLLER is informed that the return of data can be done through a special download function available on the systems of the Owner.