Pursuant to the articles 13 and 14 of the EU Privacy Regulation 679/2016 ("GDPR") we inform you that the personal data provided by the interested party ("you"), for yourself or for the organization to which you belong, to Italian Exhibition Group S.p.A. ("IEG" or "we"), on the occasion of or in connection with events, exhibitions, events, conferences / congresses, championships / competitions and / or workshops (the "Events"), organized by us, hosted or participated also in collaboration with third-party partners, they are treated in compliance with the principles of lawfulness, fairness, correctness, proportionality, necessity, accuracy, completeness and security and other legal obligations in force.
The processed data concerns customers (ie exhibitors, visitors, buyers, conference / congress participants, event speakers, participants in championships / races and / or workshops, exhibition and / or advertising space dealers, organizers third parties and the sponsors who have played their respective roles over the last 10 years) and prospects (individuals who have expressed an interest in the Events over the last 10 years, including through the delivery of their own business card or request for information or quotes or by subscribing to newsletters, journalists, institutional guests / VIPs who have already taken part in the Events over the last 10 years), intended as natural persons over the age of 14 who act on their own and / or as internal contacts of legal entities, institutions or other organizations. The individual categories of data collected are indicated in our collection forms which supplements this information.
The processing takes place with electronic and paper instruments and with logics connected to the single purposes stated below.
We collect data i) through online forms or paper forms or via pre-registration or participation app you filled in and / or acquired by third parties authorized by us or ii) via mobile devices such as tablets, smartphones present in the place of the Events or iii) by visiting card delivered by you. For Events (eg jewelery events) that for security reasons of the premises and / or of the goods exposed to the public require the creation of a photo ID card, we collect your photo either through online registration form or by session photo taken at the entrance of the Exhibition Center by the operators authorized by us. In the case of events organized or hosted by third parties, the data can also be collected through third party partners.
The data collected may be processed by the staff expressly authorized by us, within the limits strictly necessary for the performance of the respective activities assigned to it (eg legal, commercial, marketing, administrative, logistic, IT, management control, etc.).
The processing has the following purposes:
The processing for the purposes of sub 1 has its legal basis in our need to fulfill the obligations assumed through the stipulated contract or to stipulate with you (and to carry out all the actions necessary for the correct and complete execution of the commitments therein) and / or to the legal obligations connected to it. Therefore this treatment does not require your prior consent and you are also free not to give your data, however, in this case, we will not be able to stipulate the requested contract and / or regularly provide the service requested by you or by the organization to which you belong (eg make you participate in the Event of interest and provide you with related services) and / or we will not be able to fulfill the legal obligations connected with the contract.
The processing for the purposes of sub 2 has its legal basis in our legitimate interest to organize Events, plan and manage all organizational activities useful to allow you to participate efficiently and effectively in Events and to manage relations with third party suppliers of functional and event-related goods and services. In particular, the request for personal data and documents, especially for foreign guests, will make the correct understanding of the data more reliable, but above all, the reliability of the company that requires an entry visa is safer.
You are free not to provide the data, but in this case you will not be able to participate in the Event..
During the Events we are made by us and / or by photographers and / or videomakers authorized by us, video footage (including voice) and / or photographs. These generic images concern trade fairs that can be qualified as public events and are therefore treated, without your consent, for publication on our websites / landing pages and social profiles (eg Twitter, Facebook, Whatsapp, Youtube, Vimeo, etc.) and on brochures, catalogs, flyers and other printed material that promotes the Events.
In the event that, however, the aforementioned images portray you in a recognizable way, IEG may publish them for the same promotional purposes, on the aforementioned our printed materials or electronic / digital channels intended for the public (eg catalogs, brochures, flyers, websites / landing pages, blogs, social networks), only with the necessary prior consent (which is the legal basis of the processing), issued on the spot to our official photographer and / or videomaker.
In the latter case, you can deny consent thus inhibiting the aforementioned treatment; on the other hand, by giving us your consent, you expressly waive any financial compensation for using your image. You can request at any time the obscuring of the face portrayed in the images published online, without prejudice to the lawfulness of the processing operated up to the date of obscuration. IEG does not guarantee the obscuration of third-party autonomous data controllers on online channels.
The treatment for the purposes of sub 3 (soft spam) has its legal basis in our legitimate interest in contacting our customers freely, as well as the prospects, in order to be able to offer them new opportunities relating to services through electronic / telephone / paper channels. products similar to those previously purchased / contracted (in the case of customers) or to those for which interest has been expressed (in the case of prospects), or relating to products / services for exhibitions / conferences and / or related to them (eg publishing of sector, championships / races, etc.). Therefore the cd. Soft spam, as described above, can lawfully take place even without your prior consent, which is therefore not necessary.
The treatment for the purposes of sub 4 (profiling) has a legal basis in our legitimate interest to maintain and analyze a limited set of information concerning you, in order to be able to more effectively recontact you if you are our client or prospect. Given the limited data perimeter used in profiling, it also occurs without his prior consent, which is therefore not necessary.
The processing for the purposes of sub 5 (transfer of data to third parties) takes place only upon your specific express consent (constituting, therefore, the legal basis of the lawfulness of the processing).
The consent requested may be freely denied by you, without prejudice to your right to participate in the events and / or to obtain the services requested by you.
For the purposes under 1 and 2 the data are communicated by us to: suppliers of the management and maintenance service of our IT systems, websites and databases, photographers and / or videomakers who make the video-audio materials or the related post production, journalists and newspapers, companies entrusted with services necessary for the organization and management of events (eg installation of fittings and equipment, publishers of paper and online catalogs, logistics, security, private security, first aid, hostesses, etc.), diplomatic representatives, consultants, banks (for the execution or receipt of payments connected to the Events), to IEG personnel authorized to process data (Communication, Travel, Sales, Marketing, etc.).
For the purposes under 3 and 4 the data are communicated to: companies charged with marketing analysis, advertising, communication and / or public relations agencies, digital and paper publishing companies that produce our advertising or promotional materials, production companies of websites or blogs, web marketing companies, subjects in charge of the design and / or maintenance of promotional materials, IT management and maintenance companies, websites and databases used to organize and manage events, image agencies.
These third parties will process the data in the capacity of External Managers in accordance with our written guidelines and under our supervision.
For all the aforementioned purposes, we also communicate the data to third-party commercial partners who participate in the creation and / or promotion of the Events, which will treat the data as autonomous or co-titular or responsible owners. You can ask us for a list of co-owners, autonomous and responsible owners (see the "rights of the interested party" section of this information).
We communicate the data to third party recipients based outside the EU (companies controlled by the Data Controller, partners - eg. People's Republic of China, United Arab Emirates, Colombia, Hong-Kong - cloud service providers, or suppliers and customers (hereinafter the "importers ").
The list of third parties recipients of the data is available on the website section – LINK.
This data transfer takes place in the face of adequate guarantees, consisting of the prior stipulation by the third importer of a contractual agreement with us through which he, for the treatments within his competence, undertakes to comply with privacy obligations substantially equivalent to those provided. from EU legislation to ns. load (through the use of standard contractual clauses - or "CCS" - compliant at least with the text adopted by the EU Commission, except for any additions and / or changes more favorable to the interested party).
In some cases of data transfer to cloud suppliers based outside the EU, these suppliers are subject to the regulatory powers of local public authorities and in some situations, based on foreign legislation, (in the USA: the Federal Trade Commission, 'Article 702 of the FISA and the Executive Order EO 12333) the importer may be obliged to communicate the personal data transferred, in response to requests received from public authorities, to meet national security requirements (e.g. anti-terrorism) or application of local law (with consequent possible access to data, of which the importer, based on local legislation, may not have to give notice to the exporter and the interested party, who will therefore not be able to exercise the relative rights normally recognized by the GDPR).
Therefore, in the abstract, the risk cannot be excluded that in certain and exceptional situations related to the aforementioned specific requirements, the foreign public authority may process such data without applying substantially equivalent safeguards to those provided for by the GDPR to the data subject. However, the risk that the American public authority actually has an interest in applying local legislation to the transferred data appears to be reasonably negligible based on the following circumstances:
i) the performance of the exporter (IEG) in favor of the interested parties whose data the importer processes and the consequent data processing, have a limited object (the provision of exhibition services) and a limited purpose (the management of technical processes - organizational functional to the aforementioned services and the fulfillment of legal obligations); the performance does not involve the publication of personal opinions, comments or similar information, nor the making available of services or products that can be used in activities against national security;
ii) the types of personal data transferred are limited (eg personal, contact, contractual, administrative data); no particular categories of data are transferred (e.g. on political and religious opinions, biometrics); the categories of interested parties to which the data refer are limited (exhibitors, visitors, participants in events, buyers, journalists, speakers) and they concern operators belonging to product or economic categories that are not reasonably relevant with regard to national security purposes ( eg tourism, wellness, machine handling, sports activities, and so on).
Therefore, IEG believes that the CCS applied in the relationship with importers (in particular the USA) effectively guarantee protection of the rights of interested parties substantially similar to that provided for by the GDPR, regardless of the application of any additional measures to the processing in question.
The adoption of additional contractual measures by IEG towards importers (e.g. obligations to communicate public access, the right to suspend or terminate the transfer and to terminate the contract with the importer, and the like), may be introduced in at any time by the exporter following any information provided to operators by the EDPB - European Data Protection Board following the judgment of the Court of Justice of the European Communities (ECJ of 17 July 2020 which declared the bilateral agreement called "Privacy Shield").
The transfer of data to the non-EU country takes place in any case also because it is necessary for the execution of i) a contract concluded between the interested party and IEG and / or pre-contractual measures adopted at the request of the interested party, or ii) of a contract stipulated between IEG and another natural or legal person (e.g. our subsidiary, supplier, with headquarters outside the EU, etc.) in favor of the interested party.
In the case of the purposes sub 1 e/o 2 we treat the data for 10 years from date of the contract (in the case of customers) from the collection of the data of the interested party (in the case of prospects).
In the case of the purposes sub 3 and 4 we treat the data for 10 years from the collection of the data of the interested party (in the case of customers and prospects).
We process the data for a period of 5 years from the publication of the product in the case of promotion of editorial products.
We process the data for a period of 60 days, after the end of each Event, in the case of data made available at collection points for requests for assistance, communicate to us by visitors and exhibitors (including insurance desk, Info point and Emergency Room).
We treat the data contained in the promotional catalog (paper and / or digital) of the individual Events for a maximum of 2 editions of the catalog.
We treat certification data of the Events / Events up to the end of the certification and therefore until certification has taken place.
We treat the data necessary for the purposes of computer security (eg log-in registrations, failed logs and log-outs, when accessing restricted areas on the IEG websites related to the Events) for 1 year from collection. The recordings of the logs related to the reading of IEG online privacy information and the on-line actions (eg clicks, flags and the like) through which IEG is informed of the data subject's consent are kept for 10 years from collection.
In the event of a dispute between you and us or our third party suppliers process the data for the time necessary to exercise the protection of our rights or those of the third party suppliers, that is up to the issue and full execution of a provision having the value of a res judicata between the parties or of a transaction.
The data connected to the "Business Matching" service provided during the Events are treated for 3 months from the end of the single Event to which they refer.
The data related to the drafting of invitation letters for the request of consular visas (eg. Copy of the passport, etc.) are processed for 3 months from the end of the single Event to which they refer.
Once the aforementioned maximum duration has ceased, the personal data are definitively destroyed or made totally anonymous.
You have the right to:
You can exercise your rights by writing to the Data Controller Italian Exhibition Group S.p.A., with registered office in Via Emilia, 155 - 47921 Rimini (Italy), e-mail address: firstname.lastname@example.org.
In order to ensure compliance with the GDPR and the laws applicable to the processing of personal data, we have appointed Avv. Luca De Muri, domiciled for the position at Italian Exhibition Group S.p.A.
The Legal Representative of the company or the Representative of the organization undertakes to communicate this Information to the other subjects belonging to the company or to the organization itself and of which it declares to legitimately supply the relative data. Likewise, the consent given for the purposes sub 5 by the Legal Representative of a company or by the Representative of an organization is also extended to other subjects belonging to the company or to the organization itself.