Privacy Notice pursuant to Article 13 of Regulation (EU) 2016/679 relating to the website www.aristongroup.com

Ariston Holding N.V. (hereinafter, the "Controller" or the "Company"), pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter, the "GDPR"), provides information regarding the processing of personal data (hereinafter, the "Data") of Users carried out in connection with the browsing of this website (hereinafter, the "Website").

1. DATA CONTROLLER
Ariston Holding N.V.
Registered office: Amsterdam, The Netherlands (EU)
Secondary office: Via Broletto 44, 20121 Milan, Italy (EU)

Registered with the Netherlands Chamber of Commerce (KvK) under No. 83078738
Registered with the Milan Business Register – REA MI No. 2630760

Tax Code and Company Register No.: 00760810572
VAT No.: 01527100422

DATA PROTECTION OFFICER ("DPO")
The Data Controller has appointed a Data Protection Officer, who can be contacted at the following email address: DPO.AristonGroup@ariston.com.

2. DATA PROCESSED

2.1 Navigation Data
The IT systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects; however, by its very nature, it could, through processing and association with data held by the Company or third parties, allow Users of the Website to be identified.

This category of personal data includes IP addresses or the domain names of the computers used by Users connecting to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.), and other parameters related to the user's operating system and IT environment.

These data are used for the purpose of monitoring the proper functioning of the Website and to identify anomalies and/or misuse. Navigation data may also be used by the Controller to ascertain liability in the event of hypothetical cybercrimes against the Website or third parties.

2.2 Data collected through cookies
The Website collects and processes Data through cookies or similar technologies. For further information on the use of cookies, Users are invited to consult the Website's cookie policy.

2.3 Data voluntarily provided by the User
Through links to additional domains, the Company may process further Data voluntarily provided by the User. In particular, by completing the relevant registration form, the User may create a personal account and submit applications for open job positions or send unsolicited applications. In addition, it is possible to access the "SupplierNet" platform dedicated to suppliers.

The Controller provides specific privacy notices for the processing activities carried out on such websites directly within the relevant data collection forms available on those additional domains.

3. PURPOSES, LEGAL BASIS AND RETENTION

3.1 Website browsing
Purpose: The Data Controller processes Users' navigation Data to ensure the proper functioning of the Website and to provide Users with a smooth and efficient browsing experience, as well as to provide the services requested by the User while browsing the Website.
Legal basis: Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller (Art. 6(1)(f) GDPR).
Data retention: Data will be retained only for the duration of the User's browsing session on the Website.

3.2 Improving the Website experience
For more detailed information regarding the use of cookies on the Website, please refer to the cookie policy.

3.3 Establishment, exercise and defence of legal claims
Purpose: where necessary, the Controller processes the Data of data subjects collected through the Website in order to establish, exercise or defend its rights before judicial authorities, or whenever judicial authorities exercise their jurisdictional functions.
Legal basis: Processing is necessary for the purposes of the legitimate interests pursued by the Controller (Art. 6(1)(f) GDPR).
Data retention: Data will be retained for the period strictly necessary for the duration of the dispute, until the expiry of the deadlines for exercising any rights of appeal.

4. NATURE OF DATA PROVISION
Except as specified for navigation data, which are necessary to enable navigation of the Website, and for cookies (please refer to the cookie policy), the User is free to provide their Data.

5. RECIPIENTS OF PERSONAL DATA
Data may be shared with the following recipients:

• third parties acting as data processors, such as: (i) companies entrusted with the development and provision of the Website, instrumental to the delivery of services; (ii) entities responsible for carrying out technical maintenance activities on the Website; (iii) individuals, companies or professional firms providing administrative, legal and financial assistance and consultancy to the Company;
• entities, bodies or authorities to whom it is mandatory to disclose personal data pursuant to legal provisions or orders of the authorities, or for the purpose of preventing and/or detecting fraudulent activities or misuse of the Website.

6. PERSONS AUTHORIZED TO PROCESS PERSONAL DATA
Personal Data may be processed by employees and authorized personnel of the Company involved in the achievement of the purposes indicated above, who have been expressly authorized by the Controller, have received appropriate operating instructions and are subject to confidentiality obligations.

7. TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
Data collected through the Website are not transferred outside the European Union. In any case, it is understood that, where necessary, the Controller may transfer Data to countries outside the EU, ensuring from the outset that such transfers will be carried out in compliance with applicable legal provisions, including, where required, by entering into specific agreements ensuring an adequate level of protection of personal data or by adopting the standard contractual clauses approved by the European Commission for the transfer of personal data outside the EU.

8. DATA SUBJECT RIGHTS
By contacting the Company via email at DPO.AristonGroup@ariston.com, the User may request from the Controller access to their Data, erasure of their Data, rectification of inaccurate Data, completion of incomplete Data, restriction of processing in the cases provided for under Art. 18 GDPR, as well as object to processing, on grounds relating to their particular situation, in cases where processing is based on the legitimate interests of the Controller.

Furthermore, where processing is based on the User's consent or on a contract to which the User is a party and is carried out by automated means, the User has the right to receive the Data in a structured, commonly used and machine-readable format, as well as, where technically feasible, to transmit those Data to another controller without hindrance.

The User also has the right to lodge a complaint with the competent supervisory authority, pursuant to Art. 77 GDPR, if they believe that the processing of their Data is in breach of applicable legislation.

9. UPDATES TO THIS PRIVACY POLICY
Users are invited to periodically review this notice, the contents of which may be updated and/or amended over time. Each time the User accesses, uses or browses the Website, they implicitly accept the current privacy policy. Unless otherwise specified, any changes to this notice and privacy policy shall enter into force upon publication and shall apply exclusively to Data collected from the date of the latest update.