Privacy Policy

The Owner of the Processing of Personal Data , as better defined below, considers the privacy of its Users to be of fundamental importance and guarantees that the Processing of Personal Data is carried out in compliance with the privacy legislation in force, and in particular with the European Regulation nr. 2016/679 and of the national legislation on the protection of personal data, of Legislative Decree 196/2003 for what is still in force and of the related national legislation for adaptation Legislative Decree 101/2018 on the protection of personal data. To this end, the Data Controller of Personal Data has adopted the following Privacy Policy in order to regulate and inform the Users of the Website of the methods and purposes of the Processing of Personal Data of the Users themselves. The User is kindly requested to read this document every time he connects to the Site, as it could be subject to revisions, additions and/or modifications, caused by regulatory requirements and/or modifications and/or additions to the functions of the Site itself. Data Controller of Personal Data: Carbon Credit Consulting SRL, Via Antonio Zanolini 38a – 40126 Bologna (BO), VAT number: 03475401208 Owner’s email address: info@carboncreditsconsulting.com TYPES OF DATA COLLECTED Among the Personal Data collected from the current website, as well as from all the landing pages connected and/or related to it (hereinafter referred to as the » Site «), independently or through third parties, to whose privacy policy, however, please refer, there are: e-mail, personal data of various kinds as better specified below, cookies and usage data. Complete details on each type of data collected are provided in the dedicated sections of this privacy policy, or through specific information texts displayed before the data is collected. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using the Site. Unless otherwise specified, all Data requested by the Site are mandatory. If the User refuses to communicate them, it may be impossible to provide the Service. In cases where some Data are indicated as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or on its operation. Users who have doubts about which Data are mandatory are invited to contact the Owner. Any use of Cookies by the Site or by the owners of third-party services used by the Site, unless otherwise specified, has the purpose of providing the Service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy, if available. The User assumes responsibility for the Personal Data of third parties obtained, published or shared through the Site and guarantees that he has the right to communicate or disseminate them, freeing the Owner from any liability towards himself or third parties. METHOD AND PLACE OF THE PROCESSING OF THE COLLECTED DATA The Data Controller adopts the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The Processing is carried out using IT and/or telematic tools, with organizational methods and with logics strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other subjects involved in the organization of the Data Controller and/or in the management of the Site may have access to the Data (by way of example but not limited to: administrative, commercial, marketing, legal, system administrators, etc. .) or external subjects (by way of example and not limited to: accountants, external lawyers, third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies and/or, address management and message sending service providers e-mail, etc.) also appointed, if necessary, as Data Processors by the Data Controller. LEGAL BASIS OF THE TREATMENT The Data Controller lawfully processes Personal Data relating to the User in the event that one of the following conditions exists:

the interested party has given consent to the processing of their Personal Data for one or more specific purposes, pursuant to the GDPR, art. 6, paragraph 1, letter a). Note: in some jurisdictions, the Data Controller may be authorized to process Personal Data without the User’s consent or without another of the legal bases specified below, until the User objects («opt-out») to this Treatment. However, this is not applicable if the Processing of Personal Data is governed by European data protection legislation;
the Processing is necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures, pursuant to art. 6, paragraph 1, letter b) of the so-called GDPR 2016/679;
the Processing of Personal Data is necessary to fulfill a legal obligation to which the Data Controller is subject, pursuant to the GDPR, art. 6, paragraph 1, letter c);
the Processing is necessary to safeguard the vital interests of the data subject or of another natural person, pursuant to the GDPR, art. 6, paragraph 1, letter d);
the Processing is necessary for the execution of a task of public interest or for the exercise of public powers vested in the Data Controller, pursuant to art. 6, paragraph 1, letter e) of the GDPR;
the Processing of Personal Data is necessary for the pursuit of the legitimate interest of the Data Controller or of third parties, except where such interests prevail over the interests or fundamental rights and freedoms of the Data Subject who requests the protection of personal data, in particular where the interested party is a minor, all pursuant to the GDPR, art. 6, paragraph 1, letter f).

Pursuant to art. 6 of the GDPR, the Personal Data acquired through the Site without the consent of the interested party will be processed by the Data Controller for the management and maintenance of the Site, to allow the use of the Services, to satisfy the requests of the Users, to allow effective communication with customers, to fulfill the obligations established by law, regulations, community legislation or by orders from the Authorities or in any case for purposes connected to the activities and functions of the Data Controller or finally to prevent or discover fraudulent activities or abuses to the detriment of the Data Controller through the Site. However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each Processing and, in particular, to specify whether the Processing is based on the law, provided for by a contract, or necessary to conclude a contract. PLACE OF THE PROCESSING OF PERSONAL DATA The Data are processed at the registered and/or operational headquarters of the Data Controller and/or in any other place where the parties involved in the Processing are located and/or at the Offices of the Data Controller and/or at other subjects or IT systems/servers of other subjects specifically designated as (external) Data Processors For further information, the User is invited to contact the Owner. The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the place of processing, the User can consult the relevant section of this information. The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization governed by public international law or constituted by two or more countries (such as the UN), as well as regarding the security measures adopted by the Data Controller to protect the Data. If one of the transfers described above takes place, the User can refer to the respective sections of this document or request information from the Data Controller (as specified in the section «CONTACT INFORMATION «). CONSERVATION PERIOD The Data are processed and stored for the time required by the purposes for which they were collected. The User can obtain further information regarding the retention period of the individual Personal Data processed by contacting the Data Controller (as specified in the «CONTACT INFORMATION» section). At the end of the retention period, the Personal Data will be deleted. Therefore, at the expiry of this term, the right of access, cancellation, rectification and the right to data portability, opposition, limitation to the processing of the same, can no longer be exercised. PURPOSE OF THE PROCESSING OF THE COLLECTED DATA The User Data is collected to allow the Owner to provide its Services, as well as for the following purposes:

Contact the user
Statistics
Viewing content from external/third party platforms
Contact management and sending of messages and/or newsletters
Interaction with external data collection platforms and other third parties
Behavioral targeting and remarketing
Interaction with online quiz platforms
Registration and authentication
Platform Services

To obtain further detailed information on the purposes of the Processing and on the Personal Data concretely relevant for each purpose, the User can refer to the following section of this document. DETAILS ON THE PROCESSING OF PERSONAL DATA To verify the Personal Data Processing methods according to the purposes pursued, the User can consult the appropriate section below.

Contact the user:

In order to contact the User, the Data Controller may use the Personal Data collected through the following tools: – Contact form; Mailing list or sending of newsletters (if the User has subscribed to the related service). Personal data : name; surname; e-mail address, telephone number, gender, date of birth, Data concerning skin, Data on products purchased/for which the User is interested, Cookies, Usage Data, other types of Data. The Google invisible reCaptcha service is active for the contact form (see the specific section below).

Statistics

The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behaviour. These purposes are pursued by means of the following tools: -Google Analytics with anonymized IP; Google Analytics is a web analysis service provided by Google for statistical purposes to understand how visitors interact with the Site, compile reports and share them with other services developed by Google. Google Analytics may use a set of cookies to collect information and generate statistics on the use of the Site, without providing personal information on individual visitors to Google. The User’s IP address is anonymised. The anonymization works by shortening the IP address of the Users within the borders of the member states of the European Union or in other countries adhering to the agreement on the European Economic Area. Only in exceptional cases will the IP address be sent to a Google server and shortened within the United States. However, please note that the data may also be processed outside the EEA. The User is also advised that from 16 July 2020 Google no longer bases the Processing of Users’ Personal Data on the EU-US Privacy Shield (EU-US privacy shield) to transfer data from the European Economic Area and the United Kingdom to the United States; from 30 September 2020, more precisely, Google has updated its legislation on the Processing of Personal Data and uses the standard contractual clauses approved by the European Commission and based on the adequacy decisions of the European Commission itself regarding some countries, depending on the case, for data transfers from the EEA to the US and other countries. As for the use of cookies by Google Analytics, the User is invited, in any case, to carefully consult the relative privacy policy and cookie policy , as well as the paragraph of this Cookie Policy «How can I give or withdraw my consent to the installation of Cookies?” through your browser settings and the Privacy Shield section of this Policy.

Google Tag Manager

This site uses Google Tag Manager. Google Tag Manager is a solution managed by Google LLC that allows you to manage the tags of managed websites using a special interface. Google Tag Manager is a tag management system to manage JavaScript and HTML tags used for tracking and analytics on websites. Tags are small code elements which, among other things, are used to measure visitor traffic and behaviour, to understand the effect of online advertising and social channels, to set up remarketing and orientation towards target groups and to test and optimize websites. The Tag Manager tool itself (which implements the tags) is a cookieless domain and does not record Personal Data. This tool allows the activation of other tags that can, for their part, record Data in certain circumstances. For further information on the privacy policy of Google Tag Manager, the User is requested to consult the following link https://policies.google.com/privacy?hl=en , while for the terms of use https://www.google.com /analytics/tag-manager/use -policy/ and for Google Tag Manager privacy answers https://support.google.com/tagmanager/answer/7207086 . Personal Data : Usage Data; other type of data.

Viewing content from external/third party platforms

This type of service allows you to view content hosted on external platforms directly from the pages of the site and to interact with them. In the event that a service of this type is installed, it is possible that, even if it is not used in practice, it collects traffic data relating to the pages in which it is installed. These purposes are pursued by:

Facebook, Facebook Widgets;

On the Site there are redirection or sharing buttons to the Facebook social platform, and to the individual social network pages attributable to the Data Controller. Facebook shares information worldwide, both internally with the Facebook Companies and externally with its partners and with the people with whom the User connects and shares content around the world. Information controlled by Facebook may be transferred or transmitted or stored and processed in the United States or in other countries outside the EEA. According to what is stated in the relative policy , Facebook may use cookies to show advertisements and make suggestions for companies and other organizations to people who may be interested in their products, services or promoted causes, to measure the performance of the advertising campaigns of the companies that use Facebook products, to show and measure ads across different browsers and devices used by the same person, to provide insights into people who use Facebook products, people who interact with ads, advertiser websites and apps, and about companies that use Facebook products and to enable the functionality that allows Facebook to provide its products. Furthermore, by visiting the Site, the Facebook Pixel cookie may be installed which allows the Data Controller to monitor conversions that occur on the Site as a result of the advertisements it is running on Facebook. The information collected through cookies could be shared with organizations outside of Facebook, such as advertisers and/or advertiser networks for the publication of advertisements and for measuring the effectiveness of advertising campaigns. The User is also advised that from 16 July 2020 Facebook no longer bases the Processing of Users’ Personal Data on the EU-US Privacy Shield (EU-US privacy shield) to transfer data from the European Economic Area and the United Kingdom to United States; but uses standard contractual clauses approved by the European Commission and based on the adequacy decisions of the European Commission regarding certain countries, as the case may be, for data transfers from the EEA to the United States and other countries. In relation to the Privacy Shield, the User is referred to reading the relevant paragraph in the cookie policy. In this case the following Personal Data are processed : Cookies; Usage Data; other types of data. For more information on the installation and use of cookies by Facebook, the User is requested to carefully read the related cookie policy . Finally, please read the privacy policy of the service carefully to obtain detailed information on the collection and transfer of Personal Data, on the User’s rights and on how to configure the privacy settings in a satisfactory way.

Instagram, Instagram Widgets

On the Site there are redirection or sharing buttons to the Instagram social platform, owned by Facebook and to the individual pages of the social network attributable to the Data Controller. Facebook/Instagram shares information worldwide, both internally with the Facebook/Instagram companies and externally with partners and people you connect with. Based on what is indicated in the related policies, Instagram uses cookies, pixels, local storage technologies and other similar technologies to show the User relevant content to offer the service and for reasons related to its use, as well as to collect information relating to the use of Instagram by the User. Instagram may also use these technologies to remember choices you make (e.g., your username, language, or the region you’re in) and customize the Service to offer better features and content. Instagram and its advertising partners may use these technologies to show you advertisements that are relevant to your interests. These technologies memorize the visits of the User’s device and may also be able to monitor the browsing activities of the device on sites and services other than Instagram. This information may be shared with organizations outside of Instagram, such as advertisers and/or advertiser networks for the purpose of serving ads and measuring the effectiveness of advertising campaigns. The information controlled by Facebook/Instagram could be transferred and/or transmitted and/or stored and/or processed in the United States or in other countries outside the User’s country of residence or in any case outside the EEA for the purposes described by the legislation referred to in the following links: Facebook conditions ; Instagram Terms . The User is also advised that from 16 July 2020 Facebook/Instagram no longer bases the Processing of Users’ Personal Data on the EU-US Privacy Shield (EU-US privacy shield) to transfer data from the European Economic Area and the United Kingdom United in the United States; but uses standard contractual clauses approved by the European Commission and based on the adequacy decisions of the European Commission regarding certain countries, as the case may be, for data transfers from the EEA to the United States and other countries. In relation to the Privacy Shield, the User is referred to reading the relevant paragraph in the Cookie Policy. In this case, the following Personal Data is processed: Cookies; Usage Data; other types of data. As regards the management of the cookies installed by Instagram and the relative deactivation methods, the User is invited to carefully consult, in addition to the relative privacy policy of the service, also the cookie policy , for detailed information on the collection and transfer of Personal Data , about your rights and how to configure your privacy settings to your satisfaction. Finally , as regards the conditions of use of the Instagram service, the User is invited to consult these conditions.

Google Maps

Google Maps is a map visualization service managed by Google LLC or by Google Ireland Limited, depending on the position in which the Site is viewed, which allows the Site to integrate such content within its pages. Personal Data : Cookies; Usage Data; other types of data. In relation to the methods of processing personal data and the place of processing, the User is invited to carefully consult the relative Privacy Policy . The data may be processed outside the EEA. The User is also advised that from 16 July 2020 Google no longer bases the Processing of Users’ Personal Data on the EU-US Privacy Shield (EU-US privacy shield) to transfer data from the European Economic Area and the United Kingdom to the United States; from 30 September 2020, more precisely, Google has updated its legislation on the Processing of Personal Data and uses the standard contractual clauses approved by the European Commission and based on the adequacy decisions of the European Commission itself regarding some countries, depending on the case, for data transfers from the EEA to the US and other countries. As for the use of cookies by Google Analytics, the User is invited, in any case, to carefully consult the relative privacy policy and cookie policy , as well as the paragraph of this Cookie Policy «How can I give or withdraw my consent to the installation of Cookies?” through your browser settings and the Privacy Shield section of this Policy.

Contact management and sending of messages and/or newsletters

This type of service allows you to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User. These services could also allow the collection of data relating to the date and time of viewing of the messages by the User, as well as the User’s interaction with them (eg tracking the use of the links inserted in the messages). This purpose is pursued by means of the following tool:

MailChimp

For the purpose of sending the newsletter, this Website uses the third-party service MailChimp, which analyzes and classifies requests via the contact form on the Website (see: https://mailchimp.com/legal/data-processing -addendum/ ) Mailchimp is a United States-based software company that specifically provides tools for social media marketing, content management, web analytics, landing pages, customer support, and search engine optimization. Therefore, by filling in the relative form and giving the relative consent, the User’s e-mail address is automatically added to a list of contacts (managed via Mailchimp) to which e-mail messages containing a periodic newsletter on initiatives and activities of the Data Controller, including, by way of example, any awareness and/or fundraising and/or marketing campaigns and/or any extraordinary newsletters for general or urgent information, also of a commercial and promotional nature. By accepting this Privacy Policy, the User expressly consents to the Data Controller communicating and/or transferring such data to the e-mail address management service. If the User does not want MailChimp to process his Data, we advise the User to contact us in another way (e.g. by email) instead of using the contact form. OPT-OUT : If the User does not want . collects his Data, the User can prevent the storage of Cookies at any time using the settings of his browser. In addition to what is indicated in this point of the Privacy Policy, please refer to the MailChimp privacy and cookie policy and to these links: https://mailchimp.com/legal/. The User is informed that the Data collected in this way may be used by the Data Controller also for profiling purposes (direct marketing) in order to suggest to the User the products most suited to his interests. Personal Data : name and surname, e-mail address, telephone number, gender, date of birth, Data relating to the skin, Data on the products purchased/in which the User is interested, Cookies; Usage Data; other types of Data.

Interaction with data collection platforms and other third parties

This type of service allows Users to interact with data collection platforms or other services directly from the pages of the Site for the purpose of saving and reusing data. In the event that one of these services is installed, it is possible that, even if the Users do not use the service, it collects Usage Data relating to the pages in which it is installed. Instruments:

Google invisible reCaptcha

reCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human visitors. This service is used more when filling out contact forms to ensure that specific actions on the internet are performed by humans and not bots. Classic captchas work with small tasks that are easy for humans to solve, but provide significant difficulty for machines. With reCAPTCHA, the User no longer has to actively solve puzzles. The tool uses modern risk techniques to distinguish people from bots. The only thing the User has to do is tick the text field «I’m not a robot». However, with Invisible reCAPTCHA even this is no longer necessary. reCAPTCHA, embed a JavaScript element in the source text, after which the tool runs in the background and analyzes the User’s behavior. The software calculates a so-called captcha score from the User’s actions. Google uses this score to calculate the probability that the User is a human being before entering the captcha. reCAPTCHA and Captcha in general are used whenever bots could manipulate or abuse certain actions (such as registrations, surveys, etc.). Using reCAPTCHA, data is transmitted to Google to determine if the User is truly human. reCAPTCHA thus ensures the security of our website and, consequently, also of the user himself. IP addresses and other data required by Google for its reCAPTCHA service can be sent to Google, whose servers may be located in the USA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed in the User’s browser. Then reCAPTCHA sets an additional cookie in the User’s browser and takes a snapshot of the browser window. The IP address that your browser transmits to Google is generally not merged with other Google data from other company services. However, the data will be merged if you are logged into your Google Account while using the reCAPTCHA plug-in. If you want to prevent your data and behavior from being transmitted to Google, you must log out of Google completely and delete all Google cookies before visiting our website or using the reCAPTCHA software. Generally, data is automatically sent to Google as soon as you visit our website. To delete this data, you need to contact Google Support at https://support.google.com/?hl=en-GB&tid=111401120 . If you use our website, you agree to Google LLC and its representatives automatically collecting, modifying and using data. You can find more information about reCAPTCHA on the Google developer page at https://developers.google.com/recaptcha/ . For more information, please read the Google Privacy Policy and Terms of Service carefully. Personal Data : Cookies; Usage Data; other types of Data.,

Google Tag Manager

Behavioral targeting and remarketing

This type of service allows this Site and its partners to inform, optimize and prepare advertisements based on past use of this Site by the User. This activity is facilitated by the tracking of Usage Data and the use of trackers to collect information which is then transferred to the partners who manage the remarketing and behavioral targeting activity. Some services offer a remarketing option based on email address lists.

Facebook and Instagram Remarketing

Facebook (and Instagram) remarketing is a remarketing and behavioral targeting service provided by Facebook Inc. With the help of the Facebook pixel (or equivalent functions for transferring event data or contact information via interfaces or other software in the apps) Facebook (/Instagram) is able to frame the visitors of this website online services as a target for the presentation of advertisements. Therefore, this Site uses the «Custom Audiences» remarketing function of Facebook Inc.: this allows Site Users to view interest-based advertisements («Facebook Ads» or «Instagram Ads») when they browse the social networks Facebook or Instagram or other websites that use this process. In this way, the advertisements of interest to the User are shown in order to make the online offers more interesting for him/her. The use of Custom Audience causes the User’s browser to automatically establish a direct connection to the Facebook/Instagram server. The Data collected is processed by Facebook Inc. in the United States. This Site has no power over the extent of the Data collected and the further use of the aforementioned Data by Facebook Inc.: therefore, please read the related Facebook Privacy Policy and Instagram Privacy Policy carefully. The User can obtain more information on Facebook’s behavioral advertising by visiting this page: https://www.facebook.com/help/164968693837950 To opt out of Facebook interest-based ads, please follow these instructions: https://www.facebook.com/help/568137493302217 Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising set forth by the Digital Advertising Alliance. To opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the United States http://www.aboutads.info/choices/ , the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca / or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/ , or opt out using your mobile device settings. The deactivation of the «Facebook Custom Audiences» function is available for logged in users at https://www.facebook.com/settings/?tab=ads# . Personal Data : Usage data; e-mail, Cookies, other types of Data.

Registration and authentication

Instruments: -WordPress.com To register in the private area and authenticate when logging in, this site uses the WordPress platform. For more information on the processing of Data by WordPress, the User is invited to read the relative privacy policy . Personal data : various types of data.

Platform Services

The site was created using the WordPress.com platform. The User is invited to view the related privacy policy . Personal Data : various types of Data. PRIVACY SHIELD The Privacy Shield , or the «privacy shield» between the EU and the US, is a self-certification mechanism for companies established in the US that intend to receive Personal Data from the European Union. It was also deemed adequate by the European Commission in 2016. In particular, the companies undertake to respect the principles contained therein and to provide the interested parties (ie all subjects whose Personal Data have been transferred from the European Union) with adequate protection tools, under penalty of elimination from the list of certified companies (“Privacy Shield List”) by the US Department of Commerce and possible sanctions by the Federal Trade Commission . However, with Decision 2016/1250 of 16 July 2020 on the adequacy of the protection offered by the EU-US privacy shield regime – the so-called However, the “ Schrems II Judgment ”, the Court of Justice of the European Union (CJEU) held that the Privacy Shield does not offer an adequate level of protection for Personal Data transferred from the EU to a company established in the United States. With the same ruling, the European Court of Justice instead confirmed decision 2010/87, judging the standard contractual clauses valid for the transfer of personal data from the EU to a non-EU country. The User is invited to consult the FAQ relating to the Schrems II sentence and its effects prepared by the European Data Protection Board (EDPB), the website www.privacyshield.gov and the website of the Italian Privacy Guarantor to better understand the question. DATA COMMUNICATION AND TRANSFER The Data Controller specifies that the utmost care and confidentiality in the processing of data is one of its fundamental values. User data may be disclosed to third parties. The Owner may avail himself of Data Processing, to the extent necessary to provide the services, of Data Processors and service providers such as, for example, authentication, hosting and maintenance services, data analysis services, e-mail messaging services , delivery services, payment transaction management, creditworthiness, address and e-mail checking. Some of the data processors/service providers referred to in the previous sections are located outside the European Union (EU)/European Economic Area (EEA). In any case, your Personal Data will be shared with countries outside the EU/EEA, provided that:

the country in question is considered a safe third country;
the Data Controller/service provider in question has adhered to the standard contracts of the European Commission relating to the transfer of Personal Data to third countries;
the Data Processing Manager/service provider in question is certified according to art. 40 of the GDPR or
the data processor/service provider in question has an approved set of binding corporate rules.

It is possible that the User’s Personal Data are communicated or shared in order to comply with a legal obligation or with the indications of a Court / Judicial Authority or any other competent body or in order to enforce or apply the Privacy Policy of the Site and/or other agreements or to protect the rights or safety of the Data Controller, the Data Processors, the service providers and/or other third parties or for the protection against fraud or the reduction of credit risk. It is also possible that the User’s Personal Data, and in particular the email, are communicated or shared with companies and/or third parties with which the Data Controller collaborates and/or has entered into agreements if the Users have subscribed to the newsletter, expressly consenting with the cd mode. «point and click» to the transfer of said Data to companies and/or third parties for the purposes indicated in the relative consent, including marketing purposes also through Profiling. YOUR RIGHTS The User can exercise, with reference to the Data processed by the Owner, the following rights:

right to withdraw consent at any time . The User can revoke the previously expressed consent to the processing of their Personal Data (see GDPR, art. 7);
right of access . The User has the right to obtain confirmation from the Data Controller as to whether or not Personal Data concerning him is being processed and, in this case, access his Personal Data and receive all information on them (including the purposes of the treatment), as well as a copy of the aforementioned Data (see GDPR, art. 15);
right to have your Personal Data rectified . The User has the right to obtain from the Data Controller the rectification of inaccurate Personal Data concerning him without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration (see GDPR, art. 16);
right to cancellation (“right to be forgotten”). The User has the right to obtain from the Data Controller the cancellation of Personal Data concerning him without unjustified delay in such cases: if the Personal Data are no longer necessary or the User revokes the consent on which the treatment is based and not there is another legal basis for the processing or if the User opposes the processing or the Personal Data have been processed unlawfully or if they must be canceled to fulfill a legal obligation established by Union or Member State law to which the Data Controller is subject o if the Personal Data have been collected in relation to the offer of information society services (see GDPR, art. 17);
right to limitation of treatment. The User has the right to obtain from the Data Controller the limitation of the same treatment in the following cases: if the accuracy of the Personal Data is disputed by the User or if the treatment is illegal and the interested party opposes the cancellation of the Personal Data and requests the limitation of their use or if the User who has opposed the processing is awaiting verification regarding the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the User himself (see GDPR, art. 18) ;
right to data portability. The User has the right to receive the Personal Data concerning him, which he has provided to the Data Controller, in a structured format, commonly used and readable by an automatic device and has the right to transmit such data to another data controller without impediment of the Data Controller to whom the personal data have been provided (see GDPR, art. 20);
right to object to the processing of Personal Data . The User can oppose the processing of personal data concerning him at any time (when carried out on a legal basis other than consent). In particular, if the Personal Data is processed for direct marketing purposes, the User has the right to object at any time to the processing of personal data concerning him carried out for these purposes, including profiling to the extent that it is connected to such direct marketing (see GDPR, art. 21);
right to lodge a complaint with the competent supervisory authority. The User can lodge a complaint with the competent personal data protection supervisory authority (in Italy: www.garanteprivacy.it ) and before the competent courts of the Member States (see GDPR, art. 77 and following).

How to exercise your rights To exercise their rights as indicated above, Users, without paying any charge or fee (except as provided for in Article 12 paragraph 5 of the GDPR), can address a request to the contact details of the Data Controller in the «CONTACTS» section : Cookie Policy The Site uses Cookies. To find out more and to view the detailed information, the User can consult the Cookie Policy. Learn more about Treatment Defense in court The User’s Personal Data may be used by the Owner in court or in the preparatory stages for its eventual establishment for the defense against abuses in the use of the Site or related Services by the User. The User declares to be aware that the Owner may be obliged to disclose / communicate the Data by order of the Public Authorities. Specific information At the request of the User, in addition to the information contained in this Privacy Policy, the Site could provide additional and contextual information regarding specific Services or the collection and processing of Personal Data. System and maintenance logs For needs related to operation and maintenance, the Site and any third party services used by it may collect system logs, i.e. files that record the interactions and which may also contain Personal Data, such as the User’s IP address. Information not contained in this Privacy Policy Further information in relation to the Processing of Personal Data may be requested at any time from the Data Controller as specified in the «CONTACT INFORMATION» section. Changes to this Privacy Policy The Data Controller reserves the right to modify or update this Privacy Policy at any time. The User is invited to consult this page regularly to ensure that he is always aware of the latest version of this Privacy Policy (see «Date of last update» at the end of this page). If the changes concern the processing of Personal Data whose legal basis is consent, the Data Controller will collect the User’s consent again, if necessary. DEFINITIONS AND LEGAL REFERENCES “ Cookies” or “Cookies” Small portion(s) of data stored within the User’s device. “ Personal Data” or “Data” or “Personal Data” or “Data” Any information referable to an interested party. “ Sensitive and/or particular data” Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data relating to health or sexual life or sexual orientation of the person. » Usage Data» This is information collected automatically through the Site and/or by third-party applications integrated into the Site, including: IP addresses or domain names of the computers used by the User who connects to the Site, addresses in URI notation (Uniform Resource Identifier), the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details relating to the itinerary followed within the Application,with particular reference to the sequence of the pages consulted, to the parameters relating to the operating system and the IT environment of the User. “ Interested” or “Interested” The identified or identifiable natural person to whom the Personal Data refers. An identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social. » Profiling» Any form of automated processing of Personal Data consisting of the use of such Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning professional performance, economic situation, health, personal preferences, the interests, reliability, behaviour, location or movements of that natural person. “ Service” The service(s) provided by the Site as defined(s) in the relative terms (if any) on this site/application. » Data Controller» or «Owner» The natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of processing Personal Data; when the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria applicable to his designation may be established by Union or Member State law. The Data Controller, as better identified above, unless otherwise specified, is the owner of the Site. “ Treatment” or “Data Processing” Any operation or set of operations, performed with or without the aid of automated processes and applied to Personal Data or sets of Personal Data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction. “ European Union” or “EU” Unless otherwise specified, any reference to the European Union contained in this document is understood to be extended to all current member states of the European Union and the European Economic Area (the so-called EEA). “ User” or “Users” The individual or individuals who use/s the Site and who, unless otherwise specified, coincide with the interested party. Legal references This privacy statement has been drawn up on the basis of current legislation on the subject, and in particular on the provisions of articles 13 and 14 of Regulation (EU) 2016/679 (so-called GDPR), by the related adaptation legislation Legislative Decree 101/2018, and within the limits of what is still applicable by Legislative Decree 196/2003. Date of last update: 8th February 2021.

Name	Provider	Purpose	Expiration
wordpress_{hash}	https://carboncreditsconsulting.com/	WordPress utilizza il cookie wordpress_{hash} di accesso per memorizzare i dettagli di autenticazione. Il suo utilizzo è limitato all'area Schermata di amministrazione, /wp-admin/
wordpress_logged_in_{hash}	https://carboncreditsconsulting.com/	Verifica se è possibile impostare il cookie. WordPress imposta anche il cookie wordpress_test_cookie per verificare se i cookie sono abilitati sul browser per fornire un'esperienza utente appropriata agli utenti. Questo cookie viene utilizzato sul front-end, anche se non sei loggato.	Session
wordpres_test_cookie	https://carboncreditsconsulting.com/	Verifica se è possibile impostare il cookie. WordPress imposta anche il cookie wordpress_test_cookie per verificare se i cookie sono abilitati sul browser per fornire un'esperienza utente appropriata agli utenti. Questo cookie viene utilizzato sul front-end, anche se non sei loggato.	Session
wp-settings-{user_id}	https://carboncreditsconsulting.com/	Cookie di personalizzazione. Utilizzato per rendere persistente la configurazione wp-admin di un utente. L'ID è l'ID dell'utente. Viene utilizzato per personalizzare la visualizzazione dell'interfaccia di amministrazione ed eventualmente anche dell'interfaccia principale del sito.	1 anno
wp-settings-time-{user}	https://carboncreditsconsulting.com/	Cookie di salvataggio automatico: wp-saving-post è un cookie di WordPress creato durante il salvataggio automatico di un post nell'editor. Utilizzato per monitorare se esiste un post salvato per un post attualmente in fase di modifica. Se esiste, consenti all'utente di ripristinare i dati.	1 giorno
wp-postpass_{hash}	https://carboncreditsconsulting.com/	Utilizzato per mantenere la sessione se un post è protetto da password	10 giorni

Name	Provider	Purpose	Expiration
__ga_#	https://analytics.google.com	Il cookie _ga è un cookie che permette di numerare le visite del sito e quindi conoscere l’efficacia dello stesso.	2 anni
_fba	https://facebook.com/	per memorizzare e tenere traccia delle visite attraverso i siti web attraverso il servizio Facebook Pixel	3 mesi