Disclosure pursuant to Articles 13 and 14 of EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 (General Data Protection Regulation)

WAITING LIST PURCHASE NFT year 2022

Dear Sir / Madam The EU General Data Protection Regulation 2016/679 recognizes and regulates the right to protection of personal data, while respecting your fundamental rights and freedoms and your personal dignity.

This notice contains information on the processing of personal, special and judicial data, carried out by the company Autodromo Nazionale Monza SIAS S.p.A., for pre-contractual and contractual activities related to the communications of one or more NFT sales campaigns in the year 2022.

1. OWNERSHIP OF DATA PROCESSING AND DATA PROTECTION OFFICER
2. Data controller (hereinafter referred to as “the Controller”)

The Data Controller is the company Autodromo Nazionale Monza SIAS S.p.A., with registered office in Corso Venezia, 43 – 20121 Milan and administrative office in via Vedano 5 – 20900 Monza – Tax Code 00779970151 – VAT No. 00693420960, Tel: 039/24821, Fax: 039/320324. in the person of the pro-tempore Legal Representative (hereinafter “Data Controller” or “Company”)

contactable at the following references E-mail: segreteria@monzanet.it – PEC: sias-spa@pec.it Phone: 039/24821, Fax: 039/320324

1. Data Protection Officer (so-called Data Protection Officer / DPO) pursuant to Article 37 Regulation (EU) 2016/679, domiciled for the function at the same Offices and contactable at the following references: e-mail: dpo@monzanet.it
2. PURPOSE AND LEGAL BASIS FOR PROCESSING

The company Autodromo Nazionale Monza SIAS S.p.A. will process your personal data (e-mail address) for the following purpose:

1. The sending of one or more “exclusive” communications containing all necessary information aimed at the purchase of NFT in the year 2022.

Legal Basis

Data processing is legitimate for the purpose:

Article 6 paragraph I letter b) of EU Regulation 2016/679 “processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the request of the data subject;”

Specifically, the processing is carried out for the activities of sending “exclusive” communications containing the necessary information for the purchase of NFTs in the year 2022 (privileged access to the sale of NFTs, promotional activities, information on how to purchase, concessions and benefits)

• MODE OF TREATMENT

Your personal data collected for the pre-contractual and contractual activity better specified in the subject, will be processed in accordance with what is provided for and regulated by the Regulations, by means of manual, computerized and telematic tools, with logics strictly related to the purposes already explained, in a lawful manner and according to correctness, as well as in compliance with the principle of minimization, collected exclusively for the purposes indicated in this information or provided for by law, regulations or Community legislation or, again, for the purposes or the achievement of necessary and indispensable purposes in the execution of the activity carried out and/or requested.

The data collected by the Data Controller will be processed by personnel duly authorized and instructed by the Data Controller, and will be stored in a suitable and appropriate place, protecting its confidentiality, in compliance with official secrecy.

In order to carry out certain activities, the Data Controller may make use of external parties, who will be appointed “data processors” pursuant to Article 28 of EU Regulation 2016/679, who are entrusted with the task of carrying out specific operations necessary to ensure the services of the Company, within the limits strictly relevant to the above purposes.

In the present case, the data will, in addition, be processed by:

Rocket Dreams S.r.l., (owner of the brand NFactory) with registered office in Milan, Viale Corsica 42, C.F. and P.IVA 12223150967, previously appointed as “external manager” pursuant to Article 28 of EU Regulation 2016/679, which is entrusted with the task of managing the website and the collection of email addresses.

We also inform you that there is no automated decision-making process, including profiling, at our Company and that it does not intend to transfer your personal data to third countries.

1. COMMUNICATION OF DATA

The Company may disclose your data only to those parties to whom the current regulations require it to be transmitted.

Finally, we inform you that the same data will not be disseminated unless provided for by a regulation, nor will it be further communicated to others without your explicit request.

1. DATA RETENTION TIME

Your personal data will be kept for the time stipulated by current regulations.

The Data Controller will keep the data (e-mail address) until December 31, 2022 for the purposes indicated in the subject; thereafter, the reasons for processing having ceased to exist, the data will be deleted, destroyed, or simply kept anonymous.

1. NATURE OF CONTRIBUTION

The provision of your personal data is mandatory for the establishment and management of pre-contractual and contractual procedures by the Company and any refusal to provide such data would result in the inability to manage the relationship and the performance of the institutional functions of the Company.

• HIS RIGHTS.

The rights may be exercised at any time, in accordance with the terms and conditions set forth therein, provided for in Articles 15 (Right of access of the data subject), 16 (Right to rectification), 17 (Right to erasure or right to be forgotten), 18 (Right to restriction of processing), and 20 (Right to data portability).

In order to assert their rights, data subjects may send a request by contacting SIAS Data Controller, or the Data Protection Officer, at the Company itself, at the contacts indicated in Section I of this policy.

Interested parties who believe that the processing of personal data relating to them carried out by the Company itself is in violation of the provisions of the Regulations have the right to lodge a complaint with the Guarantor for the Protection of Personal Data, as provided for in Article 77 of the Regulations themselves, or to take appropriate legal action (Article 79 of the Regulations).

The constantly updated version of this policy can be found on the company’s institutional website: http://www.monzanet.it.