With reference to Section 13 of Legislative Decree no. 196 dated 30 June 2003 (Personal data data protection code)

We inform you that Sixten processes customers’, suppliers’, workers’ and consultants’ and other subjects’ personal data ("personal information" is defined as any information that identifies or can be used to identify the person to whom such information pertains). Those subjects notified their personal data directly to our sales or customer service department by fax, telephone, mail or e-mail.

Sixten grants that personal data will be managed in accordance to Section 2 of the a.m. Law exclusively for fulfilment of company’s management and, specifically

- company databases management;

- internal statistics;

- issue of invoices and packing lists, offers, inquiries etc.;

- payments and collections;

- mailings and other communications exchanges;

- fulfilment of Italian and foreign laws and regulations.

Personal data, if necessary, will be managed by our workers and transmitted to our consultants, agents and suppliers, banks and factoring companies and, in general, to subjects involved in the process whenever necessary.

It is optional to allow personal data collection and management but the denial of permission might make it impossible to fulfil contract’s clauses and law requirements. Personal data will be kept in our premises as long as Italian law requests. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

Responsible for the personal data management at Sixten s.r.l. is Tiziano Borsari

Legislative Decree no. 196 dated 30 June 2003 (Personal data data protection code)

Section 7

(Right to Access Personal Data and Other Rights)

1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.

2. A data subject shall have the right to be informed

a) of the source of the personal data;

b) of the purposes and methods of the processing;

c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; 19 d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2);

e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.

3. A data subject shall have the right to obtain

a) updating, rectification or, where interested therein, integration of the data;

b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;

c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.

4. A data subject shall have the right to object, in whole or in part,

a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;

b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.

You might exercise the above mentioned rights by mail, e-mail, fax.