INFORMATION FOR THE PROCESSING OF PERSONAL DATA This privacy statement has been in force since May 20, 2020 and will be regularly updated to reflect any changes to the ways in which Vincix Group Srl processes your personal data or any change in the applicable laws. This information, made pursuant to art. 13, Legislative Decree 196/2003 (hereinafter also "Privacy Code") and art. 13 EU Regulation no. 679/2016 (hereinafter also "GDPR"), describes the methods and purposes of processing the personal data of the User who interacts with the web services of Vincix Group Srl, by accessing and browsing the following website: www.rpahackathon.co.uk 1. Subject of the Processing The data controller collects and processes the following data: • Name and Surname; • Contact details (telephone and e-mail address); • Nationality • IP address of your PC. collected from its websites in two ways: (1) directly (for example, when you voluntarily enter your personal data in specially prepared formats and (2) indirectly (for example, through the technology of our website, tracking your IP address in order to monitor the use of the Website). 2. Purpose of the processing Vincix Group Srl collects and processes the personal information of the interested party for the following purposes: • Creation of a personal account for the use of the services on the site and platform • Sending e-mail, mail and/or sms and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Owner; • Use of recruitment services 3. Method of treatment The processing of your personal data will be carried out manually and/ or with the help of computer or telematic or automated tools and will be based on the principles of fairness, lawfulness, transparency and privacy protection. The Owner keeps the information of the interested party for a period of time identified according to the criteria of civil prescription and in compliance with specific laws of the sector, as well as according to the terms necessary for the correct pursuit of the purposes identified above. 5. Communication of data Without the need for express consent (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2. to Supervisory Bodies, Judicial Authorities, as well as to those persons to whom communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers. Your data will not be disclosed. 6. Data transfer Personal data are stored on computer media and servers located within the European Union. It is in any case understood that the Owner, if necessary, will have the right to move computer media and servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission. 7. Rights of the data subject As a data subject, you have the rights referred to in art. 7 of the Privacy Code and art. 15 of the GDPR and precisely the rights to: - obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form; - obtain the indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the help of electronic means; d) the identification details of the owner, managers and appointed representative pursuant to art. 5, paragraph 2 Privacy Code and art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, as managers or persons in charge; - obtain: a) the update, the rectification or, when interested, the integration of the data; b) the cancellation, the transformation into anonymous form or the blocking of the data processed in violation of the law, including those whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except where such fulfilment proves impossible or involves the use of means manifestly disproportionate to the right protected; - oppose, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, by means of automated call system Spindle, without the intervention of an operator by e-mail and/or traditional marketing methods by telephone and/or paper mail. Please note that the right of opposition of the person concerned, set out in the previous point b). for direct marketing purposes by means of automated methods extends to the traditional ones and that however the possibility for the interested party to exercise the right of opposition even in only 3 part remains. Therefore, the interested party may decide to receive only communications through traditional methods or only automated communications or neither of the two types of communication. Where applicable, it also has the rights referred to in art. 16-21 GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right of opposition), as well as the right to complain to the Guarantor Authority. 8. Procedure for exercising rights You can exercise your rights at any time by sending: • a registered letter a.r. to the registered office of the Data Controller; • an e-mail to: privacy@vincix.com 9. Owner, manager and persons in charge Vincix Group Srl with registered office in Viale Regina Margherita 140 - 00198 (RM) C. F. and P. IVA 1458626100. The updated list of data processors and persons in charge of processing is kept at the registered office of the Data Controller.

Behavioral Code a. respect other Participants; b. do not use expressions that incite violence, discrimination, obscenity and/or defamation; c. avoid offensive, defamatory, vulgar content that invades privacy, that encourage illegal behavior, advertising content or that have political/ideological and religious content, or are contrary to current law and which could damage the name, honor or reputation organization and/or any other person or company; d. not violate copyrights, trademarks, or other reserved rights or that, where there are reserved rights, the Participants have previously provided themselves with all the necessary authorizations and licenses by the relevant owner; e. not to violate other third party rights, including, inter alia, patents, industrial secrets, rights deriving from contracts or licenses, advertising rights or privacy rights, moral rights or any other right worthy of protection; f. comply with current legislation on data processing 2016/679.