This information is provided pursuant to art. 13 of EU Regulation 2016/679 of the European Parliament and of the Council of 27.04.2016 concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data (the so-called “General Regulation on the processing of personal data” or “GDPR”) and of Legislative Decree 30.06.2003, n. 196, as amended and supplemented by Legislative Decree 10.08.2018, n. 101 (“Code regarding personal data” or “Privacy Code”) by: PORDENONE FIERE SPA with registered office in 33170 – Pordenone, via Viale Treviso, 1, C.F./P.I. 00076940931, in the person of its pro-tempore legal representative; in the capacity of Data Controller (hereinafter “Owner“).
The Data Controller, aware of the importance of ensuring the security of private information, in accordance with applicable European and Italian legislation, in compliance with the principle of transparency pursuant to art. 12, GDPR, below provides the following information in order to make the user aware of the characteristics and methods of processing personal data.
1. Object of the treatment
The Data Controller processes personal identification data (by way of example, personal data such as name, surname, tax code, contact data such as residential address, e-mail, telephone number), as well as other information (by way of example, domiciles and details of bank current accounts) – hereinafter, “personal data” or even “data”, communicated by you, or otherwise acquired within the limits of the provisions of art. 14, paragraph 5, GDPR, in the context of commercial relations with the Owner himself.
2. Legal basis and purpose of the processing
Your personal data are processed:
a) without your express consent (see Article 6, letter b, GDPR), for the following purposes:
i. execute contract requests (contractual purposes).
In this case, in fact, the execution of a contract of which you are a party or the execution of pre-contractual measures adopted at your request, constitutes the legal basis of the processing.
Furthermore, we mean that your personal data may be processed without your express consent (see Article 6, letters b, c, d, e, f), in order to:
i. fulfil the administrative, accounting and tax obligations deriving from the existing contractual relationship;
ii. fulfil the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
iii. safeguard the vital interests of the data subject or of another natural person;
iv. perform tasks of public interest or related to the exercise of public authority vested in the Data Controller;
v. pursue a legitimate interest of the Data Controller or third parties, within the limits and under the conditions set out in art. 6, letter f), GDPR;
vi. exercise the rights of the owner (by way of example, the right to defence in court).
b) only with your specific and unequivocal consent (see articles 6, letter a, 7, GDPR), for the following additional purposes:
i. send, also through appointed third parties, via email newsletters, sms, push-up messages, messaging functions with mobile devices, telephone calls with operator, social networks and other automated commercial communications tools, advertising material on products and / or services , different and / or dissimilar from those already purchased, offered by Pordenone Fiere Spa, as well as carrying out statistical studies and / or market research also through third parties. (marketing purposes).
ii. analysis of your preferences, habits, behaviours and / or interests for the definition of commercial-individual or group-personalized profiles, also in order to send targeted commercial communications using the traditional and / or automated methods referred to in point I. that comes before. (profiling purposes).
iii. Market analysis as well as profiling and sending by third party partners of Pordenone Fiere Spa, via email newsletters, sms, push-up messages, messaging functions with mobile devices, telephone calls with operator, social networks and other automated tools for commercial communications, advertising material and / or offers for the sale of goods and services relating to such third parties.
In this case, in fact, consent constitutes the legal basis of the processing.
3. Nature of the provision of personal data
The provision of data for the purposes referred to in art. 2, letter a) – contractual purposes – is of a mandatory nature, as your refusal to provide the personal data requested could make it impossible for the Data Controller to fulfil the legal obligations and / or those deriving from the management of the contractual relationship, consequently preventing your formalization and / or execution. The provision of data for the purposes referred to in art. 2, letter b), point I – marketing purposes – is optional and failure to provide it may make it impossible to receive newsletters, commercial communications and / or advertising material on products and / or services offered by the Data Controller, to be subject of statistical studies and / or market research, as well as being subject to publication in catalogues and / or guides in paper and / or telematic format. The provision of data for the purposes referred to in art. 2, letter b), point II. – profiling purposes – it is optional and failure to provide it may make it impossible for the Data Controller to use such data to analyse your preferences, habits, behaviours and / or interests for the definition of commercial profiles – individual or group – personalized, also in order to send targeted commercial communications using traditional and / or automated methods.
4. Processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4, paragraph 1, n. 2), GDPR, or any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage , adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction. The processing of your data will be based on principles of correctness, lawfulness and transparency and can also be carried out through automated methods designed to store, manage and transmit them and will take place using suitable tools, as far as reason and state of the art, to guarantee security. and confidentiality through the use of suitable procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination. Personal data may be stored both on computer media and on paper, as well as on any other type of support deemed most suitable for processing.
5. Data retention period
The Data Controller will process the data for the time necessary respectively to pursue the related purposes as stated above, in particular:
> 10 years from the date of data collection or acquisition of consent in the case of direct marketing purposes to exhibitors and other third parties who organize Events, as well as to visitors, buyers, conference attendees and journalists;
> The longer period between the term of 10 years and that of termination of the office in relation to the purposes of direct marketing towards the so-called Vip;
> 10 years from the date of data collection or acquisition of consent in the case of the sale of exhibition spaces and complementary services, as well as the sale of advertising spaces not connected to the Events;
> 12 months from the end of the Event in the case of the pre-sale and sale of online and onsite tickets to visitors and free invitations, for the purpose of checking and registering the access of visitors and VIPs as well as for the purpose of registering the security personnel of the ‘Event;
> 10 days from the date of registration in the case of management of the video surveillance system;
> The online and paper catalogue of exhibitors created for promotional purposes is kept for the last two editions of the same;
> Until the administrative certification of the Event is obtained in the case of certification purposes.
After this retention period, the data will be destroyed or made anonymous and, in any case, will be rendered unusable for the purposes for which the retention terms have elapsed.
6. Data Communication
The personal data processed by the Data Controller will not be disseminated, that is, it will not be disclosed to indeterminate subjects, in any possible form, including that of making them available or simple consultation. Instead, they may be made accessible to workers and / or collaborators who work as employees an adopted adequate legal, organizational and technical measures so that the processing meets the requirements of the GDPR and guarantees the protection of the rights of the data subject. In particular, your data may be made accessible to: i. employees and collaborators of the Data Controller, in their capacity as internal managers, delegates, designated and / or authorized to process personal data and / or System Administrators; ii. third-party companies or other subjects (by way of example: credit institutions, professional firms, consultants, insurance companies, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external managers of the processing of personal data; third-party companies or other subjects (by way of example only: subjects who send information and / or promotional communications, marketing services, telemarketing services, statistical studies and / or market research, etc.), so that they can carry out the activities referred to in art. 2, letter b), points I and II.
7. Data transfer
The management and storage of personal data will take place on the server of the Data Controller and / or third-party companies appointed and duly appointed as data processors, located within the European Union, or in accordance with the provisions of Articles 45 et seq., GDPR. The servers are currently located in Italy. The data will not be transferred outside the European Union. In any case, it is understood that, should it be necessary to transfer the location of the servers, in Italy and / or the European Union and / or non-EU countries, such movement will always take place in compliance with Articles 45 et seq., GDPR. In this case, however, the Data Controller ensures from now on that the transfer of non-EU data will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses. provided by the European Commission.
8. Rights of the interested party
Pursuant to art. from 15 to 21, GDPR, has the right to:
i. obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed and, in this case, access to personal data, also by receiving a copy (so-called right of access);
ii. obtain from the Data Controller the correction of inaccurate personal data and / or the integration of incomplete personal data concerning you (so-called right of rectification);
iii. obtain from the Data Controller the cancellation of personal data if one of the reasons provided for by the GDPR exists (so-called right to cancellation);
iv. obtain from the Data Controller the limitation of the processing only to some personal data if one of the reasons provided for by the GDPR exists (so-called right to limit the processing);
v. request and receive from the Data Controller, in a structured format, commonly used and readable by an automatic device, the personal data concerning you, or request and obtain the transmission to another Data Controller without impediments (so-called right to portability);
vi. revoke, at any time, any consent given in relation to the processing of your personal data (so-called right to withdraw consent);
vii. to object, in whole or in part, to the processing of personal data (so-called right of opposition);
viii. not be subjected to a decision based solely on automated processing in the cases provided for by the GDPR; ix. to lodge a complaint with the Guarantor Authority for the protection of personal data, as well as to exercise the other rights recognized to you by the applicable European and Italian legislation.
9. How to exercise the rights
You can exercise your rights at any time by contacting the Data Controller: by registered letter with return receipt: PORDENONE FIERE SPA with registered office in 33170 – Pordenone, via Viale Treviso, 1 at the c. To. by dr. Gianni Tonelli; by e-mail: firstname.lastname@example.org
In cases where consent is required, where the person conferring is a minor, the processing is lawful only if and to the extent that the aforementioned consent is given by the parental responsibility holder. With specific reference to the processing of personal data in relation to the direct offer of information society services, pursuant to art. 8, GDPR, as well as art. 2 quinquies, Privacy Code, where the person conferring is under the age of 14 (fourteen), the processing is lawful only if and to the extent that the aforementioned consent is given or authorized by the holder of parental responsibility.
11. Owner, managers, delegates, designated and authorized
The Data Controller is: PORDENONE FIERE SPA with registered office in 33170 – Pordenone, via Viale Treviso, 1, C.F./P.I. 00076940931, in the person of the pro tempore legal representative. More information about the managers, delegates, designated and authorized to process personal data can be requested by contacting the Data Controller at the addresses indicated in this statement.
12. Responsible for the protection of personal data (so-called Data Protection Officer – DPO)
Due to the processing activities carried out, the Data Controller has deemed it necessary to designate, as Responsible for the protection of personal data – the so-called Data Protection Officer or “DPO” – pursuant to art. 37, GDPR, Eng. Fabrizio Bottacin, who can be contacted for any information and / or request by writing to: DPO dott. Bottacin Fabrizio, viale Treviso 1, 33170 Pordenone, or by sending an e-mail to: email@example.com
Pordenone, 04 August 2021