In compliance with current legislation on the processing of personal data, as defined by the provisions contained in art. 13 of Regulation (EU) 2016/679 ("GDPR"), this privacy notice describes the personal data processing activities carried out by Ferrari S.p.A. (“Ferrari” or “Company”). The terms "personal data", "processing", "data controller", "third party", "supervisory authority" have the same meaning as in Article 4 of the GDPR. Please note that when you provide any personal data relating to another person (such as, for example, the members of your family unit), you guarantee that you have informed that person of the collection and use of your data by Ferrari, in accordance with this privacy notice, and having explained to this person that their data will be processed by Ferrari for the accomplishment of the purposes referred to in point 1 below.

1. PURPOSES AND MEANS OF THE DATA PROCESSING The personal data provided to Ferrari, i.e. e-mail address (corporate address, if present, or the private one), name, surname, subject code, company code, employment relationship code ("Data"), will be processed for the creation of your account on the Identity Access Management platform. Through your account, you will be able to register for corporate events, take part in initiatives organized by Ferrari as well as access the corporate intranet. Please note that, for each individual corporate event, a dedicated privacy notice may be provided. The processing of Data takes place using computer and manual tools, with logic strictly related to the purposes indicated in this privacy notice and, in any case, in order to guarantee the protection, confidentiality and security of the Data.

2. LEGAL BASIS OF DATA PROCESSING The legal basis for the processing of your Data for the aforementioned purposes is Article 6 (1) (f) of the GDPR, i.e. Ferrari's legitimate interest in providing its personnel with safe and easy access to the corporate intranet as well as to corporate events.

3. CONSEQUENCES OF NOT PROVIDING THE DATA The provision of data is optional. However, failure to provide the Data may make it impossible to access the company intranet and / or company events. You are free not to provide the Data.

4. OTHER PEOPLE WHO CAN ACCESS YOUR DATA Within Ferrari, the shareholders, the members of the board of directors or other administrative body, the members of the board of statutory auditors, the auditors, the company staff and, in any case, the persons authorized to process the Data may become aware of the Data. In pursuit of the aforementioned purposes, Ferrari may also make use of the following categories of subjects, who may also become aware of the Data: parent companies, subsidiaries and / or investee companies; qualified parties who provide Ferrari with services or services such as, for example, banks, companies and insurance companies, suppliers and subcontractors (e.g. creators of video and photo content, etc.); consultants who assist Ferrari in various capacities with particular reference to legal, tax, social security, accounting and organizational aspects. Ferrari may also disclose the Data to other third parties as indicated in the privacy policy provided to the Personnel as part of the hiring process ("Employee Privacy Policy"). The Data may be disclosed to third parties to comply with legal obligations, to comply with orders from public authorities or to exercise a right of the Company in court.

5. DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA Ferrari will not transfer and will not store the Data in third countries outside the European Economic Area, except in cases where this is necessary based on the Employee Privacy Policy.

6. DATA CONTROLLER AND DATA PROTECTION OFFICER The data controller is Ferrari S.p.A., with registered office in Via Emilia Est, n. 1163, Modena, Italy. You can contact the Data Protection Officer at the email address privacy2@ferrari.com.

7. DATA RETENTION The Data processed for the aforementioned purposes will be kept for the entire duration of the contractual / collaboration relationship with Ferrari, in accordance with the company procedure on the retention of personal data. Furthermore, the Data processed for this purpose may be kept for a longer period, in order to be able to manage any disputes.

8. YOUR RIGHTS You can exercise the following rights:

1. right to access means the right to obtain from Ferrari whether your Data are being processed and, where applicable, have access to them;

2. right to rectification and right to erasure means the right to obtain the rectification of inaccurate and/or incomplete Data, as well as the erasure of Data when the request is legitimate;

3. right to restriction of processing means the right to request suspension of the processing when the request is legitimate;

4. right to data portability means the right to obtain Data in a structured format, ordinary used and readable, as well as the right to transfer Data to other controllers;

5. right to object means the right to object to the processing of Data when the request is legitimate, including when the Data are processed for marketing or profiling, if applicable;

6. right to lodge a complaint with a supervisory authority in case of unlawful processing of Data. You can exercise the abovementioned rights by writing to Ferrari S.p.A., via Abetone Inferiore no. 4, 41053 Maranello (MO), Italy and/or to the email address privacy2@ferrari.com.

Ferrari S.p.A. Direzione e stabilimento: Via Abetone Inf. n. 4 41053 Maranello (MO), Italia Tel. +39 0536 949 111

Sede legale: Via Emilia Est n. 1163 P.O. Box n. 589 41122 Modena, Italia Capitale sociale € 20.260.000 i.v.

Reg. Imprese di Modena, P. IVA e Codice Fiscale n. 00159560366 R.E.A. di Modena n. 88683

Società a socio unico Direzione e coordinamento: Ferrari N.V. ferrari.com