INFORMATION ON THE PROCESSING OF PERSONAL DATA
This information is provided pursuant to art. 13 of EU Regulation 2016/679 of the European Parliament and of the Council of 27.04.2016 concerning the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data (so-called “General Regulations on the processing of personal data” or “GDPR”) and of the D. Lgs. 30.06.2003, n. 196, as amended and supplemented by Legislative Decree 10.08.2018, n. 101 (“Code regarding personal data” or “Privacy Code”) from:
- PORDENONE FIERE SPA with registered office at 33170 – Pordenone, via Viale Treviso, 1, C.F./P.I. 00076940931, in the person of Renato Pujatti in the capacity of Data Controller (hereinafter “Holder”).
The Owner, aware of the importance of ensuring the security of private information, in compliance with applicable European and Italian legislation, in compliance with the principle of transparency pursuant to art. 12, GDPR, below provides the following information in order to make the user aware of the characteristics and methods of processing personal data.
INFORMATION ON THE PROCESSING OF PERSONAL DATA
- Object of the treatment
The Holder processes the personal data of the user that are provided during registration on the website, on paper and / or telephone collection. In particular, the Holder deals with: i. personal data identifying (by way of example, name, surname, tax code, VAT number, email address, telephone number – hereinafter, “personal data” or even “data”) provided by you directly with registration in the manner described above; ii. data not directly supplied by you – and in any case acquired within the limits of the provisions of art. 14, paragraph 5, GDPR – whose transmission is connected to the use of Internet communication protocols (by way of example, access to the page, amount of data transferred, status message to accesses occurred, session ID numbers, IP addresses, URL addresses, etc.).
- Legal basis and purpose of the processing
Your personal data are processed:
- a) without your express consent (see Article 6, letter b, GDPR), for the following purposes:
the. make the website functionalities usable as a result of user access;
- perform customer relationship activities based on pre-contractual and / or contractual agreements.
In such cases, in fact, the execution of a contract for the provision of services of which the user is a party, or the performance of pre-contractual activities upon the user’s request, constitute the legal basis of the processing.
Furthermore, we mean that your personal data may be processed without your express consent (see Article 6, letter b, c, d, e, f), in order to:
the. fulfill the administrative, accounting and tax obligations deriving from the existing contractual relationship;
- fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
iii. safeguard the vital interests of the data subject or another physical person;
- carry out tasks of public interest or connected to the exercise of public authority vested in the Data Controller;
- pursuing a legitimate interest of the Data Controller or third parties, within the limits and under the conditions set forth in art. 6, letter f), GDPR;
you. exercise the rights of the Owner (by way of example, the right to defense in court).
- b) only subject to your specific and unequivocal consent (see articles 6, letter a, 7, GDPR), for the following purposes:
the. send newsletters, commercial communications and / or advertising material on products and / or services offered by the Data Controller (eg invitations to events) through any means of electronic communication (eg email, telephone calls with or without operator, text messages, social networks, etc.) and by traditional methods (eg mail ordianria).
- Profiling. This activity, which is relevant for privacy purposes if it concerns individuals, aims to better understand customers aiming to align Pordenone Fiere Spa services with current and potential demand, measure the results of specific promotions, limit the sending of promotional communications not relevant to the single probable expectations and needs.
In this case, in fact, consent constitutes the legal basis of the processing.
In any case, we point out that the Privacy code allows so-called “soft spam”. This means that without having to acquire the express consent, the Owner may use the e-mail address that was provided by the user in the context of a previous purchase, in order to proceed, by sending by e-mail, to commercial communications and sales offers, provided they are related to products and services similar to those already purchased by the user.
- Nature of the provision of personal data
- The provision of data for the purposes referred to in art. 2, letter a), is of a necessary nature, as your refusal to provide the requested personal data could make it impossible for the Owner to comply with the legal obligations and / or those deriving from the management of the contractual relationship, preventing consequently, its formalization and / or execution, as well as compromising the usability and functionality of the website. The provision of data for the purposes referred to in art. 2, letter b), is optional and failure to provide it may imply the impossibility to receive email newsletters, commercial communications and / or advertising material on products and / or services offered by the Owner.
- Methods of processing
- The processing of your personal data is carried out by means of the operations indicated in art. 4, paragraph 1, n. 2), GDPR, or any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, preservation , adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction. The processing of your data will be based on the principles of correctness, lawfulness and transparency and can also be done through automated methods designed to store, manage and transmit them and will take place through appropriate tools, as far as reason and state of the art, to ensure safety and confidentiality through the use of appropriate procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination. Personal data may be stored both on computer media and on paper, as well as on any other type of support deemed most suitable for processing.
- Period of data retention
- The Data Controller will process the data for the time necessary respectively to pursue the related purposes as stated above, in particular:
- – 10 years from the date of data collection or acquisition of consent in the case of marketing purposes directed towards exhibitors and other third parties that organize events, as well as to visitors, buyers, conventions and journalists;
- – The longest period between the term of 10 years and that of termination of office in relation to the purposes of direct marketing towards CDs. Vip;
- – 10 years from the date of collection of the data or acquisition of consent in the case of sale of exhibition spaces and complementary services, as well as sales of advertising space not connected to the Events:
- – 12 months from the end of the Event in the case of pre-sale and sale of online and onsite tickets to visitors and free invitations, for the purpose of checking and registering visitors and VIPs’ accesses as well as for registration purposes of security personnel ‘Event.
- – 10 days from the registration date in case of management of the video surveillance system;
- – The online and printed catalog of exhibitors created for promotional purposes is kept for the last two editions of the same;- Until obtaining the administrative certification of the Event in case of certification purposes of the same.
Access to data
The personal data processed by the Data Controller will not be disclosed, or will not be disclosed to indeterminate subjects, in any possible form, including that of their availability or simple consultation. Instead, they may be made accessible to workers and / or collaborators who work in dependencies and for the Data Controller and / or to some external subjects who have sufficient guarantees that they have adopted appropriate legal, organizational and technical measures in such a way that the treatment satisfies the requirements of the GDPR and guarantee the protection of the rights of the data subject. In particular, your data may be made accessible to: i. employees and collaborators of the Owner, in their capacity as internal managers, delegates, designated and / or authorized to process personal data and / or System Administrators; ii. third-party companies or other subjects, (by way of example, credit institutions, professional firms, consultants, insurance companies, etc.) who carry out outsourcing activities on behalf of the Owner, in their capacity as external managers.
13. Communication of data
Your data may also be disclosed, to the extent strictly necessary, to parties who for purposes of processing orders or to process other requests relating to the contractual relationship with the Data Controller, must provide goods and / or perform services or services. The Data Controller may also communicate your data to authorized persons to access it under the provisions of the law, regulations, community regulations, the judicial authorities, as well as to all other subjects to whom the communication is mandatory by law.
14. Data transfer
The management and storage of personal data will be carried out on servers of the Owner and / or third-party companies appointed and duly appointed as data processors, located within the European Union, or in compliance with the provisions of Articles 45 et seq., GDPR. Currently the servers are located in Italy. The data will not be transferred to outside the European Union. In any case, it is understood that, if it becomes necessary to transfer the location of the servers, in Italy and / or the European Union and / or non-EU countries, this movement will always take place in accordance with the Articles. 45 et seq., GDPR. In this case, however, the Joint Data Controllers ensure from now on that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements guaranteeing an adequate level of protection and / or adopting the standard contractual clauses. provided by the European Commission.
15. Browsing data
The computer systems and software procedures used to operate the site may acquire, during their normal activity, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, addresses in URI / URL notation (“Uniform Resource Identifier” and “Uniform Resource Locator”) of the requested resources, the timetable of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (by way of example, good order, error, etc.) and other parameters related to the system operating environment and the user’s computer environment. These data, necessary for the use of web services, are also processed for the purpose of: i. obtaining statistical information on the use of services (for example, most visited pages, number of visitors per hour or day, geographical areas of origin, etc.); ii. check the correct operation of the services offered. These data are deleted immediately after processing (except for any need to ascertain criminal offenses by the judicial authorities)
- Rights of the interested party
- Pursuant to articles from 15 to 21, GDPR, has the right to: i. obtain confirmation of the existence or not of personal data concerning you, even if not yet registered and their communication in an intelligible form; ii. obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of the Data Controller and of those responsible; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware as representative appointed in the territory of the State, delegated, designated or authorized to process; iii. obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where this fulfillment is finds it impossible or involves the use of means which are manifestly disproportionate to the protected right. Always pursuant to the aforementioned articles from 15 to 21, GDPR, may exercise the following specific rights: i. right of access; ii. right of rectification; iii. right to cancellation (right to be forgotten), except in the event that the processing is necessary for the Data Controller, for the exercise of the rights to freedom of expression and information, for the fulfillment of a legal obligation or for the execution of a task carried out in the public interest, for purposes of archiving in the public interest, scientific or historical research or for statistical purposes, for the assessment, exercise or defense of a right in court; iv. right to limitation of treatment; v. right of opposition; you. right of withdrawal of consent at any time, while the lawfulness of the treatment based on consent before the revocation remains firm; vii. right to propose a complaint to the Guarantor for the protection of personal data.
How to exercise rights
You have the right to ask the Owner: i. access to data concerning you, their correction or cancellation; ii. the integration of incomplete data; iii. the limitation of treatment; iv. to receive data in a structured format, commonly used and readable by automatic device; v. to revoke any consent given to the processing of your personal data at any time and to object, in whole or in part, to the use of data; you. to propose a complaint to the Authority, as well as to exercise the other rights recognized by the applicable European and Italian legislation. You can exercise your rights at any time by contacting the Data Controller:
- by registered letter A / R: PORDENONE FIERE SPA with registered office at 33170 – Pordenone, via Viale Treviso, 1 to the attention of dr. Tonelli Gianni;
- by e-mail: firstname.lastname@example.org.
Pursuant to art. 8, GDPR, as well as the art. 2 quinques, the Privacy Code, in cases where consent is required, where the subject that gives is less than 14 (fourteen) years, the processing is lawful only if and to the extent that, the aforementioned consent is given or authorized by the owner of parental responsibility.
18. Owner, managers, delegates, designated and authorized
The data controller is:
- PORDENONE FIERE SPA with registered office in 33170 – Pordenone, via Viale Treviso, 1, C.F./P.I. 00076940931, in the person of Renato Pujatti. More information about the managers, delegates, designated and authorized to process personal data can be requested by contacting the Owner at the addresses indicated in this statement.
19. Responsible for the protection of personal data (so-called Data Protection Officer – DPO)
By virtue of the processing activities carried out, the Data Controller has deemed it necessary to designate, as Responsible for the protection of personal data – c.d. Data Protection Officer or “DPO” – pursuant to art. 37, GDPR, the dott. Bottacin Fabrizio, who can be contacted for any information and / or request by writing to: Fabrizio Bottacin, viale Treviso 1, 33170 Pordenone, or by sending an e-mail to: email@example.com.
Pordenone, 7 gennaio 2019
The Data Controller
PORDENONE FIERE SPA