Privacy Policy – Retailer

Dear Sir/Madam, We wish to inform you that Chapter III of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data provides for the protection of individuals. According to the aforementioned regulation, such processing will be based on principles of correctness, lawfulness, transparency, and protection of your privacy and rights. Therefore, Labware Spa (hereinafter referred to as the “Company"), as the Data Controller, is required to provide you with certain information regarding the processing of your personal data. 1) Data controller operated by the Company The Data Controller is: Labware Spa Via Enzo Ferrari, 3 62012 Civitanova Marche (Mc) VAT number 01424730438 Contact details Tel. 0733 829696 Email info@labware.it 1.1 Data Protection Officer The Data Protection Officer (hereinafter also referred to as “DPO”) is Dr. Dellabiancia Stefano, who can be contacted at the following email address: s.dellabiancia@hotmail.it 2) Personal Data subject to processing Complete personal details, tax details (tax code and VAT number), contact details, names of certain employees, 3) Purpose of the processing carried out by the Company 1) Personal data is processed by the Company specifically for the following purposes:

• Bookkeeping, issuing tax documents or documents of fiscal relevance, compiling tax and civil law documentation.
• Internal company logistics and operations management, management of operational communications related to customer and supplier relations and to the contract entered into with the Company

3.1 Legal basis for processing by the Company Data processing for these purposes is therefore carried out by the Company only if required or authorized by express provision of law and to fulfill the contract entered into between your organization and Labware. 4) Legitimate minor interests No processing of minors' data is envisaged. 5) Categories of subjects to whom the data may be disclosed In relation to the first two purposes indicated in point 3 above, the Company may communicate your personal data to the following public (non-economic) entities:

• Police forces, armed forces, and other public administrations, in compliance with obligations under laws, regulations, or EU legislation;
• Financial Administration and Public Officials.

The Company also discloses your personal data to private individuals and/or public economic entities only if necessary for mutual legitimate interests, and in particular to the following parties:

• Entities authorized to file tax returns, intermediaries such as banks, post offices, tax assistance centers, trade associations, professionals, etc.;
• Credit institutions that may be responsible for collections and/or payments;
• Carriers responsible for deliveries and/or pickups of goods or services.

6) Transfer of data to third countries The data will not be transferred, communicated, or disseminated to entities, associations, or companies outside the European Community. The data is stored on servers owned by the Company or on third-party servers located in the Italian Republic, which are used for this specific purpose and are appropriately protected. If servers located outside the European Community are used in the future, only those systems that comply with Article 28 of the GDPR will be used, which requires the data controller to “use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing meets the requirements of the Regulation and ensures the protection of the rights of the data subject” in accordance with best practices. 7) Data retention period Personal data will be kept for the entire duration of the customer-supplier relationship and will be deleted at the request of the person concerned. Please note that accounting data, whether in paper or digital form, must be kept for at least 10 years and that, therefore, at the request of the person concerned, the only data that can be deleted are contact details, once all outstanding financial matters have been settled. In any case, when the deletion is carried out, the persons concerned will receive a confirmation email or SMS. 8) Rights of the data subject The data subject may request the Data Controller

• access to personal data
• the correction or deletion of the same (see considerations in point A2).

The rights of the data subject may be exercised by sending a request directly to the Data Controller. The data subject may also request the restriction of processing or object to it. These rights may be exercised provided they do not violate the law or the legitimate interests of the Company. 9) Right to withdraw consent It is not provided for in this case. 10) Right to lodge a complaint with a supervisory authority The person concerned has the right to lodge a complaint with a supervisory authority, which is currently the Italian Data Protection Authority, on whose website http://www.garanteprivacy.it The complaint procedures to be used are indicated. 11) Mandatory or optional nature of data provision and consequences of failure to provide data With reference to the purposes of processing indicated above: The provision of data is mandatory, as failure to provide it would prevent us from recording VAT documents in our accounts and therefore complying with tax regulations. 12) Existence of automated decision-making No profiling activities are planned. 13) Date of validity This policy came into effect on November 27, 2024.