Privacy Policy Investor Relations

We are aware of how important it is to you that the methods of using and sharing information about you are scrupulous and responsible and we will process your data in such a manner. This privacy policy describes how we collect and process the personal data belonging to you or, as the law defines it, "Data Subject". All processing is carried out in line with what is established by Regulation EU 2016/679 (hereafter GDPR) and domestic regulations in that regard.

Data Controller and Data Protection Officer (DPO)

The Data Controller defines the purposes of the personal data processing and, after having collected them, "uses" them in accordance with the principles ratified by the GDPR. The Controller of your personal data is Lutech S.p.A.

Lutech S.p.A. has appointed a Data Protection Officer, who can be contacted at the following email address: DPO@lutech-group.com

Legal Basis and Purposes of the Processing

The legal bases for the processing are:

• Responding to the data subject’s request to register on the company portal www.lutech.group to view financial data published in the “Investor Relations” section
• Legitimate interest of the Controller in order to understand which parties show interest in the financial performance of the Lutech Group; this interest does not prejudice the rights and freedom of the data subjects as the personal data processed do not belong to the special categories of personal data pursuant to article 9 GDPR.

The aim of this privacy policy is to make you aware of the reasons for the data processing and the recipients who will process your personal data.

As is clear, the provision of the data in question is optional as it is linked to completion of the corresponding form on the website. In the awareness of the importance of your data, we guarantee that we will process them, using electronic tools, adopting all security measures necessary to protect them despite guaranteeing their free movement.

Transfer of Personal Data

We will not transfer your personal data to any other party beyond those specified. Your data will not be transferred to a third country.

Security Measures

Our security system is based on the correct use by all employees and collaborators of the tools made available. For this reason, we invite you to read and to act in accordance with our company procedures on security.

All data that you provide to us will be processed according to principles of lawfulness, fairness and transparency, in line with the company policies on security, published on the intranet, which guarantee, also with your collaboration, the secure processing of the personal data.

In any case, we will require the supplier concerned to comply with the principles ratified by the GDPR in order to guarantee effective protection of your personal data.

Should there be even only a particular risk of breach, we will communicate it promptly to you.

Rights of the Data Subject

The GDPR, as well as guaranteeing the right to lodge a complaint with the Supervisory Authority, which, for Italy, is the Autorità Garante per la protezione dei dati personali, grants to you the following rights:

• Right of access (art. 15): The Data Subject may obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed and may obtain further information, including the purposes of the processing, the categories of personal data and the recipients.
• Right to rectification (art. 16): The Data Subject may obtain from the Controller the rectification of inaccurate personal data.
• Right to erasure (art. 17): The Data Subject may request the erasure of personal data concerning him or her where one of the grounds provided by that article applies, including: withdrawal of consent, unlawful processing and exercise of the right of defense.
• Right to restriction (art. 18): The Data Subject may obtain the restriction, configurable as a total or partial suspension of the data processing or even in some cases an immobilization of the same. This may be requested only in exceptional cases expressly determined by the rule, including the period enabling the controller to verify the accuracy of the personal data, unlawful processing, exercise of a right during judicial proceedings.
• Right to data portability (art. 20): The Data Subject has the right to ask that the data concerning him or her are disclosed, in the exercise of his or her rights, in an easily comprehensible format.
• Right to object (art. 21): The Data Subject may, on grounds related to his or her particular situation, object to the processing concerning him or her pursuant to Art. 6 paragraph 1, points e) and f).
• Right not to be subjected to automated processes (art. 22) The Data Subject may object to being subject to a decision based solely on automated processing which produces legal effects concerning him or her or similarly significantly affects him or her.

We inform you that if you decide to exercise one or more of the above rights, your personal data will be communicated by the Controller to the processing recipients for the connected fulfilments (art. 19 of the GDPR).

If you have any doubts or require clarifications and also to exercise your rights, please contact us by writing to the following address:  https://lutech.group/en/privacy-rights/

Personal data storage time

Your data will be stored on our systems for the entire duration of the bond issuance below; following this, they will be deleted.

Cinisello Balsamo, 30/09/2021

                                               
LUTECH SPA
Chief Financial Officer
Luca Donna