This notice is provided, pursuant to Articles 13 and 14 of Regulation (EU) 679/2016 (“GDPR” or “Regulation”), by PWO S.p.A., with registered office at Via degli Aldobrandeschi 300, 00163 Rome, as the data controller (hereinafter referred to as the “Data Controller”), to explain how your personal data, and possibly that of your collaborators or employees, will be used in connection with the registration of an account on the website https://www.planetwin365affiliate.com/ and the request for participation in the partnership program. The Data Controller can be contacted at the email address privacy@planetwin365.it. Additionally, a Data Protection Officer has been appointed and can be contacted at dpo@lottomatica.com.

1. What categories of personal data will be processed?

To allow registration for the partnership program, the following data may be processed:

• Personal data (first name, last name, gender, residential address, date and place of birth, tax code, copy of identity documents, etc.);
• Contact details (personal email, business email, phone number).

After registration and the possible signing of the contract, the following data may also be processed:

• Bank details/IBAN;
• Data related to creditworthiness and financial reliability;
• Economic and financial data.

2. How were my personal data obtained?

The data is collected directly through the completion of registration forms. Subsequently, it may be obtained through databases of entities that provide information about the commercial reliability of entrepreneurs and managers and/or about the possession of the required subjective requirements/reputations (see the following paragraph 3.c).

3. For what purposes will my personal data be processed?
4. a) To comply with legal obligations (Article 6, paragraph 1, letter c) of the Regulation)

• Compliance with the obligations set forth by the current fiscal legislation.
• Compliance with the legal obligations established by Italian and European regulations concerning the prevention of the use of the financial system for the purpose of money laundering and financing terrorism (Legislative Decree 231/2007).

1. b) To execute a contract to which you are a party and to take pre-contractual measures adopted at your request (Article 6, paragraph 1, letter b) of the Regulation). We will process your personal data to enable you to participate in the partnership program.
2. c) To pursue our legitimate interest (Article 6, paragraph 1, letter f) of the Regulation) to:

• Evaluate your creditworthiness, financial reliability, and suitability. The extracted data may include: i) economic and financial data; ii) reputational data; iii) data necessary to conduct asset investigations and mitigate commercial risk;
• Assess your diligence in performing the contract and the commercial performance of your business, in order to determine whether and under what conditions to continue the commercial relationship and to manage it efficiently;
• Exercise or defend our rights in judicial or extrajudicial proceedings, including in the event of non-performance of the contract;
• Send technical, contractual, or communications related to similar products and services.

4. Is providing the data mandatory or optional?

Providing personal data is optional. However, if the data is not provided, it will not be possible to enter into and/or execute the contract.

5. How will my personal data be processed and for how long will they be stored?

Personal data will be processed using both automated and non-automated tools.
The data will be stored for the following periods:

• 10 years from the date of termination of the Contract’s effectiveness, for the purpose of fulfilling the legal obligations set forth by Italian regulations concerning the prevention of the use of the financial system for money laundering and financing terrorism (Legislative Decree 231/2007);
• 10 years from the date of termination of the Contract’s effectiveness, for the purpose of fulfilling the legal obligations set forth by the Civil Code and tax laws concerning the retention of business documents, unless extended due to events interrupting the legal statute of limitations;
• 1 year if, as a result of the pre-contractual evaluation procedure, or verification of the requirements referred to in point 3, letters b) and c), we decide not to proceed with the signing of the Contract.

6. Who may have access to my personal data?

Your personal data may be accessed by:

1. i) Employees and collaborators of the Licensee who are involved in the signing and execution of the Contract, as well as in fulfilling legal obligations related to taxation; ii) Professionals, consultants, and suppliers, who, as independent data controllers or data processors, provide and deliver a range of services instrumental to the Licensee’s activities; iii) Other companies within the Group that provide intra-group services; iv) External auditing firms, where applicable.
2. Will my personal data be communicated to third parties?

If we proceed with the activities for the signing of a contract, your data may be communicated to third parties belonging to the following categories:

• To banks and payment institutions, as necessary to make or receive payments in connection with the Contract;
• To the competent tax and fiscal authorities, as required by law;
• To the authorities involved in the prevention of money laundering and combating the financing of terrorism;
• To the judiciary or law enforcement authorities, if we need to report a crime or when necessary to pursue our legitimate interest in exercising or defending a right in judicial proceedings;
• To lawyers and external consultants, where necessary to pursue our legitimate interest in exercising or defending a right in judicial and extrajudicial proceedings.

8. Will my personal data be transferred outside the European Economic Area?

No, your personal data will only be processed within the European Economic Area.

9. What are my rights?

You can exercise the rights set out in Articles 15 to 22 of the GDPR at any time by sending an email to the address dpo@lottomatica.com.

Additionally, you can always file a complaint with the Data Protection Authority (Garante per la protezione dei dati personali) pursuant to Article 77 of the GDPR.