Pursuant to art. 13 of the EU Regulation n. 2016/679 (“GDPR” or “Regulation”), Veronafiere SpA in its capacity as Data Controller, provides You with some information regarding the use of Your personal data.
1. Data controller and Data Protection Officer (DPO)
2. Personal Data Provision
Personal data are processed within the institutional activity of the Company, for the following purposes:
3. Data retention period
a) purposes for which the applicant is not required to give consent:
• purposes strictly related to the management of actual and/or potential customer relationships (e.g. acquisition of preliminary data at the conclusion of a contract; carrying out tasks and services on the basis of the obligations arising from the contract, etc.). In this case, the legal basis for the processing consists in the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject's request.
• purposes connected with the obligations under laws and regulations as well as regulations issued by competent authorities (e.g. Fiscal regulations, statistics, etc.).
In this case, the legal basis of the processing thereof consists in the fulfilment of obligations deriving from law, regulations or EU legislation;
b) purposes connected to the development of the Company business activities, for which the data subject has the right to give or deny consent.
This category includes the following activities:
• developing customer profiles;
• sending of communications, information, newsletters, research, and advertising materials, even customized, regarding the exhibitions organized by the Company and performance of market surveys using automated contact means (e-mail, fax) as well as traditional contact means (paper mail, operator-assisted phone calls);
• sending of communications, information, newsletters, research, and advertising materials, even customized, regarding specific products and services of others using automated contact means (e-mail, fax) as well as traditional contact means (paper mail, operator-assisted phone calls).
c) purposes of verification, exercise or defence of the rights of the Data Controller in judicial proceedings.
d) purposes connected to credit protection (appointments to debt collection companies, companies providing financial factoring and/or credit institutions).
In these cases, the legal basis for the processing consists in the legitimate interest of the Controller
For the purposes described in paragraph 2 letter a) data will be retained for the entire duration of the contract and then for 10 years from its termination or expiration.
4. Personal Data Provision
For the purposes described in paragraph 2 letter b) data will be retained until revocation of consent.
For the purposes described in paragraph 2 letter c) data will be retained for the entire duration of the litigation, and in addition, until the limitation period foreseen for an appeal has expired.
For the purposes described in paragraph 2 letter d) data will be retained for the whole period necessary for the debt collection and then, for 10 years.
Once the above data retention terms have expired, the Data will be destroyed or anonymized, compatibly with the technical procedures of cancellation and backup.
The provision of data to achieve the purposes of processing specified in paragraph 2 a) of the information notice is compulsory. In the event of non-provision, it will not be possible to execute the contract and perform the services required by you.
5. Processing modalities
The provision of data to achieve the purposes of processing specified in paragraph 2 b) of the information notice is optional. In the event of non-provision, there will be no consequences in relation to the execution of the contract or to the services required.
The processing of personal data takes place through manual, digital and computer tools, with rationales strictly related to the purposes described hereabove.
6. Categories of subjects to whom the data may be communicated
Data may be processed by the Company employees, and by company functions in charge of pursuing the purposes indicated above, which have been expressly authorised for processing and which have received adequate operating instructions.
7. Dissemination area
For carrying out the activities listed in paragraph 2 a) the Company also addresses to:
a) Companies/enterprises/external companies carrying out activities closely related to the management of the relationship between the Company and the customer for which they operate as data processors. The data processing performed by these subjects have the following purposes:
• provision of services relating to the exhibitions (organizational, technical, logistics, insurance, etc.);
• printing of the official catalogs of exhibitions;
• printing, enveloping, posting and delivery of customer communications;
• on behalf of the Company, acting as agents, brokers or similar roles for the promotion of the acquisition of visitors and exhibitors to shows and events organized by the Company;
• on behalf of the Company, promotion of services related to the trading activity of visitors and exhibitors;
• Companies performing debt collection services.
b) Companies/enterprises/external companies carrying out activities closely related to the management of the relationship between the Company and the customer. These subjects act as data controllers:
• subjects providing supervision and safety services for the exhibition centre of Verona;
• individuals and/or companies providing debt collection services, companies providing financial factoring and banks.
Moreover, Data may be disclosed or made available to visitors of the exhibition in the context of ancillary services
activated upon request by the exhibitor. To achieve the purposes of processing specified in paragraph 2 b) hereabove the Company may also involve:
a) Companies/enterprises/external companies or subsidiaries of the Company performing functional or ancillary activities for the Company itself and that operate as external data processors. This processing is performed by the entities mentioned above for the following purposes:
• sending communications, information and advertising material regarding the exhibitions annually organized by the Company to Company customers;
• sending communications, information and advertising material regarding products or services of third parties to Company customers;
• on behalf of the Company, carrying out market surveys on specific clients chosen as “representative” or “leading examples”.
In the event of a successful conclusion of a contract for the participation in exhibitions, in accordance with Company General Rules for participation, the organization will add Your personal data in the Official Exhibition Catalogue, which will be nationally/internationally disseminated. The data provided by the exhibitors may be disseminated by the Company through IT media, including multimedia devices. These data will allow visitors and exhibitors to detect the position of the stands at each event and get to know the product and/or exhibition details related to the exhibitor.
8. Rights of the data subject - complaint to the supervisory authority
The data subject may request the Company to access the data concerning him/her, the correction of inaccurate data, the integration of incomplete data, the erasure of data, the limitation of processing in the cases provided for by Article 18 GDPR, as well as to object, on grounds relating to his/her own particular situation, to the processing carried out in the legitimate interest of the controller. Furthermore, the data subject, in the event that the processing is based on consent or contract and is carried out by automated means, has the right to receive his/her data in a structured format, in common use and readable by an automatic device, as well as, if technically feasible, to transmit them to another data controller without hindrance.
The data subject shall have the right to lodge a complaint with the competent supervisory authority in the Member State where he/she has his/her habitual residence or employment or in the Member State where the suspected breach has occurred.
Last update: May 2018