8. Who can access the data
The personnel of the Company belonging to the categories of administrative, IT technicians, product managers and other subjects, who need to process users’ data in the performance of their tasks, are authorized to process the user’s data, although it could happen in rare and very circumstantial cases. The data may be communicated even in non-EU countries (“Third Countries”) for the same purposes and / or for administrative-accounting purposes. Furthermore, the data can be communicated, even in Third Countries, to: (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, independent collaborators, also in associated form; third parties and suppliers of which the Controller uses for the provision of commercial, professional and technical services that are functional to the management of the website and related functionalities (e.g. IT service and Cloud Computing providers), in pursuit of the purposes specified above and to the services requested by the user; (iii) third parties in the case of mergers, acquisitions, sale of company or business unit, audits or other extraordinary transactions; (iv) the Company Supervisory Responsible for the pursuit of supervisory activities and the application of the Company Code of Conduct. He will receive only the data necessary for the relevant functions and will use them only for the purposes indicated above and to process them in compliance with the applicable privacy legislation. he data can also be communicated to the legitimate subjects according to the applicable legislation. With the exception of the aforementioned, the data are not shared with third parties, physical or legal persons, who do not perform any commercial, professional or technical function for the Controller and will not be disclosed. The subjects who receive the data could process them as Controllers, Responsible or authorized to process, depending on the specific case, for the purposes indicated above and in compliance with the applicable privacy law. Regarding the possible transfer of data to Third Countries, including countries that may not guarantee the same level of protection as the Privacy Law, the data Controller shall inform that the processing will take place according to one of the methods permitted by the Regulation, such as for example the user’s consent, the adoption of standard clauses approved by the European Commission, the selection of subjects adhering to international programs for free circulation of data, (e.g. EU-USA Privacy Shield) or operating in countries considered as safe place by the European Commission.