Privacy Policy and Cookie Policy

Privacy Policy pursuant to EU Regulation 679/2016

Dear User, we wish to inform you that the "European Regulation 2016/679 relating to the protection of natural persons with regard to the processing of Personal Data, as well as the free movement of such data" (hereinafter "GDPR") provides that the protection of personal data relating to individuals is to be considered a fundamental right of the individual. Pursuant to Article 13 of the GDPR, we therefore inform you of the following.

1. Categories of data

Con Lor S.p.A. will process your personal data such as:

Data collected automatically. The IT systems and software dedicated to the functioning of this website detect, during their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable users. The data collected includes IP addresses and domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.) and other parameters relating to the operating system, browser and IT environment used by the user. These data are processed, for the strictly necessary time, solely for the purpose of obtaining statistical information on the use of the site and to check its regular operation. The provision of such data is mandatory as it is directly linked to the web browsing experience.

Data voluntarily provided by the user. The voluntary and explicit sending of emails to the addresses indicated in the various access channels of this site does not require consent and the possible completion of specifically prepared forms involves the subsequent acquisition of the sender/user's address and data, necessary to respond to requests made and/or provide the service requested.

For more information, please refer to the Cookie Policy section below.

2. Source of personal data

The personal data in the possession of Con Lor S.p.A. is collected directly from the data subject.

3. Data Controller

The Data Controller is Con Lor S.p.A., with registered office at Via Bronzino 8, 20133 Milan (MI), Italy. Email: conlor.mi@conlor.com PEC: conlor.mi@pec.it

4. Purpose of data processing and legal basis

The processing of your data has as its legal basis the execution of the contract (letter a.), your consent (letter b.), and the legitimate interest of the Controller (letters c. and d.) and will be carried out:

a. for the management of the contract and pre-contractual communications between the user and the Controller; b. for sending automated newsletters relating to the Controller's activities; c. to comply with obligations required by law, regulation, EU legislation or an order of the Authority; d. to exercise the rights of the Controller, for example the right of defence in court.

5. Methods of data processing

The personal data you provide will be subject to processing operations in compliance with current legislation and the confidentiality obligations that inspire the Controller's activity. The data will be processed both with IT tools and on paper supports and on any other type of suitable support, in compliance with adequate security measures pursuant to art. 5 par. 1 lett. f) of the GDPR.

6. Data recipients

Within the limits relevant to the indicated processing purposes, your data may be communicated to partners, consulting firms, private companies, if appointed as Data Processors by the Data Controller, or for legal obligations, or to fulfil your specific requests. Your data will in no way be subject to dissemination.

7. Transfer of data abroad

The data collected may not be transferred outside the European Union.

8. Data dissemination and profiling

Data is not subject to dissemination. Data is not subject to profiling.

9. Retention period

The data collected will be retained for a period not exceeding the achievement of the purposes for which they are processed ("storage limitation principle", art. 5, GDPR) or based on the deadlines provided by law. Verification of the obsolescence of data stored in relation to the purposes for which they were collected is carried out periodically.

10. Rights of the data subject

The data subject always has the right to request the Controller for access to their data, rectification or erasure of the same, restriction of processing or the possibility of objecting to processing, to request data portability, to withdraw consent to processing by exercising these and the other rights provided by the GDPR through simple communication to the Controller. The data subject may also lodge a complaint with a supervisory authority (Garante per la protezione dei dati personali) or by sending a registered letter to the Controller's headquarters, or an email to the PEC address conlor.mi@pec.it.

11. Mandatory nature of consent

The provision of your data is not mandatory during navigation of our website.

12. Security of personal data

Con Lor S.p.A. declares that the personal data collected are processed lawfully and fairly, collected and recorded for the stated purposes, and used in other operations that are compatible with such purposes. Con Lor S.p.A. undertakes to adopt appropriate and preventive security measures to safeguard the confidentiality, integrity, completeness and availability of the data subject's personal data.

13. Consultation, modification and deletion of personal data

The data subject, as provided by EU Regulation 679/2016, has the right at any time to obtain from the Data Processor: confirmation of the existence of data and communication thereof; updating, rectification, integration, deletion, transformation; blocking of data processed in violation of the law, and may object to the processing of their personal data by sending a registered letter to the Controller's headquarters, or a PEC email to conlor.mi@pec.it.

---

Cookie Policy

What are cookies

Cookies are small text files that websites visited by the user send to their device (usually to the browser), where they are stored to be retransmitted to the same sites on the next visit by the same user. Cookies are used for various purposes, have different characteristics, and can be used both by the owner of the site being visited and by third parties.

Types of cookies used

Technical cookies. This site uses technical cookies, necessary for the correct functioning of the site and to provide the services requested by the user. These cookies do not require user consent as they are essential for navigation. This category includes:

• Session cookies: they guarantee correct navigation on the site and are deleted at the end of the browsing session.
• Functionality cookies: they allow the user to navigate based on certain selected criteria (for example, the language) in order to improve the service provided.

Analytical cookies. This site may use analytical cookies (e.g. Google Analytics) to collect information, in aggregate form, on the number of users and how they visit the site.

Third-party cookies. This site may incorporate third-party content (e.g. Google Maps, Google Fonts) which may install their own cookies. The Controller has no control over cookies managed independently by third parties and for more information the user is invited to consult the respective privacy policies:

• Google Maps / Google Fonts: https://policies.google.com/privacy

How to disable cookies

The user can manage cookie preferences through the settings of their own browser. Here are the links to the instructions of the main browsers:

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge

Disabling cookies may limit the possibility of using the site and prevent you from fully benefiting from the features and services offered.

Updates to this policy

This policy may be modified. It is therefore advisable to regularly check this web page.

Last updated: March 2026