WEBSITE PRIVACY POLICY

1. Data Controller

Under the EU Regulation 2016/679 ("GDPR") and current national legislation on personal data protection, Together Price S.r.l., with its registered office in Rome, Via Marsala 29H, 00185, VAT and tax code n. 13523351008, as Data Controller, informs you that your personal data and information provided will be processed in the manners and for the purposes as follows.

We manage a platform that facilitates the sharing of certain online services among users, allowing them to create and join groups to communicate, share the cost of online service subscriptions, and organize payment, which we have made available through our website www.togetherprice.com (the “ Together Price Service “). This Privacy Policy applies to the Together Price Service. Users are encouraged to ensure they have read this Privacy Policy and understand how we collect, store, use, and disclose users' personal information before accessing or using the Together Price Service.

2. Personal Information We Collect from You When Using the Together Price Service and How We Use It

When using the platform or browsing the Together Price website, we collect both personal information you voluntarily submit to us and information collected automatically.

2.1 Website

Data	Purpose	Legal Basis
Navigation data	To allow the user to navigate on the Togetherprice website	Contractual obligations (Art. 6.1.b GDPR)
Personal details, Contact details;	To contact Togetherprice through the contact form	Contractual obligations (Art. 6.1.b GDPR)

2.2 Platform

Data	Purpose	Legal Basis
Navigation data	To allow the user to navigate on the Togetherprice website	Contractual obligations (Art. 6.1.b GDPR)
Navigation data, Personal details, Contact details, Payment data;	for registration as a VISITOR	Contractual obligations (Art. 6.1.b GDPR)
Navigation data, Personal details, Contact details, Payment data;	for registration as a ADMIN	Contractual obligations (Art. 6.1.b GDPR)
Navigation data, Personal details, Contact details, Payment data;	for registration as a JOINER	Contractual obligations (Art. 6.1.b GDPR)
Navigation data, Personal details, Contact details, Payment data;	for assistance and support management	Contractual obligations (Art. 6.1.b GDPR)
Navigation data, Personal details, Contact details, Payment data;	service-related communications (e.g., communications and notifications regarding deadlines or the need for renewal)	Contractual obligations (Art. 6.1.b GDPR)
Navigation data, Personal details, Contact details, Payment data;	interviews, forms, or platform functions related to service satisfaction or assistance	Contractual obligations (Art. 6.1.b GDPR)
Navigation data, Personal details, Contact details, Payment data, Image (optional);	Allows the creation of a user profile on the platform	Contractual obligations (Art. 6.1.b GDPR) Consent of the data subject (Art. 9.2.a GDPR)
Navigation data, Personal details, Contact details, Payment data, Image (optional);	Allow users to use the group chat through their Togetherprice profile	Contractual obligations (Art. 6.1.b GDPR) Consent of the data subject (Art. 9.2.a GDPR)
Navigation data, Personal details, Contact details, Payment data;	Localization of the country of origin of registered users	Contractual obligations (Art. 6.1.b GDPR)
Navigation data, Personal details, Contact details, Payment data;	Classification of user interests through the user settings functio	Contractual obligations (Art. 6.1.b GDPR)
Navigation data, Personal details, Contact details, Payment data;	Classification of user interests through the user settings function	Contractual obligations (Art. 6.1.b GDPR)
Navigation data, Personal details, Contact details, Payment data;	Information received from third parties such as social networks through the user's interaction with the Together Price Service via the social networks themselves and the information contained therein	Contractual obligations (Art. 6.1.b GDPR)
Personal details, Contact details;	Commercial communications	Contractual obligations (Art. 6.1.b GDPR)
Personal details, Contact details;	Sending of commercial communications related to services similar to those already purchased	Article 130, paragraph 4, Italian Privacy Code

Without such personal information, we may not be able to provide parts of the Together Price Service or respond to other user requests.

3. How Long We Keep Personal Information

We retain the personal information we collect from you no longer than necessary for the purposes outlined in this document and in any case no more than 6 years after deleting the Account from the Together Price Service, in accordance with our legal obligations and legitimate business interests. Together Price adheres to national legislation, particularly regarding the statute of limitations for civil action. However, we may need to retain personal information longer if required by law.

4. Recipients of Personal Data

We may share your personal information with:

• Service providers and consultants for activities they perform for us or on our behalf, which may include professional services such as legal and accounting services, mailing, email or chat services, fraud prevention, web hosting, or provision of analytics services.
• Affiliates meaning other companies belonging to Together Price or having the same ownership, including our subsidiaries (i.e., any organization we own or control) and our parent company (i.e., any organization that owns or controls us) and all the subsidiaries it owns. These companies will use the personal information in the same way we can under this Privacy Policy.
• Buyers and third parties in relation to a business transaction, such as a merger, a sale of assets or shares, a reorganization, financing, a change of control, or the acquisition of all or part of our business.
• Law enforcement regulatory authorities, and third parties for legal reasons as required by law or if we reasonably believe such action is necessary to (i) comply with the law and reasonable requests of law enforcement; (ii) detect and investigate illegal activities and violations of agreements, including our Terms of Use; and/or (iii) exercise or protect the rights, property, or personal safety of Token, its users, or others.

If you wish to learn more about the type of protections adopted, please contact us using the information provided at the end of this Privacy Policy.

5. International Transfers of Personal Information

The personal information we collect may be transferred and stored in countries outside the user's jurisdiction where we and our service providers operate. If the user resides in the European Economic Area (" EEA" )), their personal information may be processed outside the EEA, including in the United States. In the case of such a transfer, we ensure that:

• personal data is transferred to countries recognized as having an equivalent level of protection; or
• personal information is transferred to entities certified under the EU-US Privacy Shield; or
• the transfer is carried out based on appropriate safeguards, such as the standard data protection clauses adopted by the European Commission or the UK Information Commissioner's Office.

6. User Rights in Relation to Their Personal Information

The Data Controller informs you that, as a data subject, unless legal limitations apply, the user has the right to:

• Obtain confirmation of the existence or not of their personal data, even if not yet registered, and that such data be made available to the user in an intelligible form;
• Obtain information and, if applicable, a copy of: a) the origin and category of personal data; b) the logic applied in case of processing carried out with the aid of electronic tools; c) the purposes and methods of processing; d) the identifying details of the Controller and the processors; e) the entities or categories of entities to whom the personal data may be communicated or who may become aware of it, especially if recipients are in third countries or international organizations; f) when possible, the period of data retention or the criteria used to determine that period; g) the existence of automated decision-making processes, and in such cases, the logic used, the significance and the expected consequences for the data subject; h) the existence of adequate safeguards in case of data transfer to a non-EU country or an international organization;
• Obtain, without undue delay, the update and rectification of inaccurate data or, where interested, the integration of incomplete data;
• Obtain restriction of processing in the case of: a) contesting the accuracy of the personal data; b) unlawful processing by the Controller to prevent its deletion; c) exercising a right in legal proceedings; d) verification of the possible prevalence of the legitimate reasons of the Controller over those of the data subject;
• Revoke at any time, easily, without hindrance, any consents given, using, if possible, the same channels used to provide them;
• Obtain the deletion, anonymization, or blocking of data: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) if consent on which the processing is based is withdrawn and there is no other legal ground for processing; d) if the user objects to the processing and there is no overriding legitimate reason to continue the processing; e) in case of compliance with a legal obligation; f) in the case of data concerning minors. The Controller may refuse deletion only in the case of: (1) exercising the right to freedom of expression and information; (2) compliance with a legal obligation, performance of a task carried out in the public interest or in the exercise of official authority; (3) reasons of public health interest; (4) archiving in the public interest, scientific or historical research purposes or statistical purposes; (5) the establishment, exercise or defense of legal claims;
• Receive, in case the processing is carried out by automated means, without hindrance and in a structured, commonly used and machine-readable format, the personal data concerning them, to transmit them to another controller or - if technically feasible - to have them directly transmitted from one Controller to another;
• Object, in whole or in part: a) on legitimate grounds related to the particular situation of the user, to the processing of personal data concerning them; b) to the processing of personal data concerning them for the purpose of sending advertising material, through the use of automated calling systems without the intervention of an operator via email and/or through traditional methods by telephone and/or paper mail;
• Lodge a complaint with the Data Protection Authority.

Nei casi di cui sopra, ove necessario, il Titolare porterà a conoscenza i soggetti terzi ai quali i dati personali dell’utente sono comunicati dell’eventuale esercizio dei diritti da parte di quest’ultimo, ad eccezione di specifici casi (es. quando tale adempimento si riveli impossibile o comporti un impiego di mezzi manifestamente sproporzionato rispetto al diritto tutelato).

7. Tracking technologies used in our emails

Our emails may contain tracking technologies that provide us with information about the user's interactions with our emails, including identifying if and when a user has opened an email sent to them, how many times it was read, and whether they clicked on any links within the email. This helps us measure the effectiveness of our email marketing campaigns, make the emails we send to the user more relevant to their interests, and understand whether the user has opened and read any important administrative emails we may have sent.

The most common email clients allow users to block these technologies by disabling some external images in emails. This can be done through the email client's settings, which generally offer the option to choose whether emails will display “remote images,” “remote content,” or “images” by default.

Some browsers also offer the possibility to download and install extensions that block tracking technologies.

8. Interest-based advertising

We engage in interest-based advertising activities and use third-party advertising companies to serve targeted ads based on browsing history and usage of the Together Price Service. We may share or allow external online advertising networks, social media companies, and other third-party services to collect information about the user's use of the Together Price Service over time, so they can play or display Together Price Service ads on other websites, apps, or services (including Facebook) and on other devices the user uses.

Typically, but not always, this information is collected through cookies and similar tracking technologies. The interested third parties may collect mobile device identifiers, such as iOS's ID for Advertising (IDFA), Google's Advertising ID, as well as the device's IP address, information on other apps on the device, location, usage information of the Together Price Service, and information on ads viewed or clicked by the user.

We and our partners use this information to make online ads more relevant to the user's interests, as well as to provide advertising-related services such as reporting, attribution, analysis, and market research.

We may also use certain forms of display advertising and other advanced features through Google Universal Analytics, such as remarketing with Google Analytics, Google Display Network Impression Reporting, DoubleClick Campaign Manager integration, and Google Analytics Demographics and Interest Reporting. These features allow us to use first-party cookies (such as Google Analytics cookies) and third-party cookies (such as DoubleClick cookies) or other third-party cookies to inform, optimize, and serve ads based on past visits to the Service by the user.

Users can manage their advertising preferences or opt-out of specific Google advertising messages by visiting Google Ads Preferences Manager or by visiting the online resources of NAI.

We and our partners may also link various devices so that content displayed on one device can generate relevant advertising on another device. We do this by collecting information about each device used by the user when they access the Together Price Service. We may also collaborate with third-party partners who employ tracking technologies, or the application of statistical modeling tools, to determine whether two or more devices are linked to a single user or household. We may share a common account identifier (such as a user ID) with third-party advertising partners to help them recognize the user across devices used. We and our partners may use this cross-device link to serve the user interest-based advertising and other personalized content across all their devices, perform analytics, and measure our advertising campaigns' performance.

Users can limit the use of these identifiers for interest-based advertising on a particular device through the device's settings by selecting "limit ad tracking" (iOS) or "opt-out of interest-based ads" (Android). It is also possible to opt-out of some, but not all, interest-based ads offered by mobile advertising networks by visiting youradchoices.com and downloading the AppChoices mobile app.

To learn more about interest-based advertising and how to remove some of these ads, you can visit:

• Network Advertising Initiative online resources
• DAA resources
• Your Online Choices resources

Please note that opting out of interest-based advertising messages through NAI, DAA, or Your Online Choices online resources will only prevent interest-based ads on that specific browser or device, but you may still receive interest-based ads on other devices. You must perform the opt-out on each browser or device used. Some opt-out options may not be effective unless your browser is set to accept cookies. If you delete cookies, change your browser settings, switch browsers or devices, or use another operating system, you will need to opt-out again. Please note that disabling interest-based advertising does not mean you will no longer see advertising on your device, but it means that the ads will no longer be tailored to your interests.

9. Links to Third-Party Sites

The Together Price Service may, from time to time, contain links to and from third-party websites, including those of other users, our partner networks, advertisers, commercial partners, news outlets, retailers, and affiliates. If you follow a link to any of these websites, please remember that these sites have their own Privacy Policies, and we do not accept any responsibility for their policies. Please check the individual policies before submitting any information to these sites.

10. Our Policy on Minors

The Together Price Service is not intended for individuals under the age of 18, and we do not knowingly collect personal information from users under the age of 18. If you become aware that a minor has provided us with personal information without their consent, please contact us using the details provided here to take the necessary steps to remove such information and close any accounts that a minor may have created with us.

11. Contacts

Please contact privacy privacy@togetherprice.com for any questions, comments, and requests regarding this Privacy Policy. Should we be unable to resolve an issue raised by the user, they have the right to file a complaint with the Privacy Regulatory Authority in their country of residence. Further information on how to contact your local data protection authority is available here.

12. Changes to This Policy

We reserve the right to update this Privacy Policy from time to time, and therefore users should periodically review this page. In the event we make substantial changes to this Privacy Policy, we will update the "Last Modified" date at the bottom of this Privacy Policy. Changes to this Privacy Policy are effective when they are posted on this page.