Registration

PRIVACY
INFORMATION ABOUT PROCESSING VISITORS' PERSONAL INFORMATION Pursuant to arts. 13 and 14 of the EU 679/2016 Privacy Regulation (“GDPR”), you are hereby informed that the personal data provided by the Data Subject and/or acquired by Italian Exhibition Group S.p.A. (“IEG”) in relation to its activities or due to shows, exhibitions, events and/or workshops (“Events”), organized by IEG, also in collaboration with third party partners, are subject to processing in respect of the principles of lawfulness, equity, correctness, proportionality, necessity, accuracy, completeness and security and the other legal obligations in force, as outlined below: Data Subject categories. Processing operations and data collection modalities. The data processed can regard buyers, visitors, journalist, conference’s/workshop’s speakers and/or congressmen/conventioneers (intended as individuals older than 16 years of age who act independently as buyers, visitors, journalist, conference’s/workshop’s speakers and/or congressmen/conventioneers and/or as internal references for legal entities, companies or other organizations that are buyers, visitors, journalist, conference’s/workshop’s speakers and/or congressmen/conventioneers). Collected data categories are indicated, on a case by case basis, on the IEG data collection forms to which this information notice refers. Data processing refers to: data collection, registration, preservation, organization, elaboration, modification, selection, extraction, comparison, re-classification, usage, inter-connection, blockage, communication, dissemination, erasure and destruction. Collection will be carried out by means of on-line forms or printed pre-registration or participation forms completed by the Data Subject and/or acquired from third party operators authorized, in writing, by IEG or through mobile devices, such as tablets and smartphones, inside Event locations. In the case of Event participation (e.g. jewellery shows), which, due to particular reasons of security of the halls and/or goods on display to the public, require the creation of an identity badge bearing the photograph of the Data Subject, the photograph may also be collected through photographic sessions by IEG authorized operators at the entrance to the IEG’ facilities. Data processing will be carried out using electronic and paper instruments and with the logics connected to the individual purposes declared below. The collected data may be processed by first and second level Authorized persons, engaged in writing by IEG, who need to be aware of the data in order to carry out their own activities (e.g. persons in the legal, sales, marketing, administration, logistics, IT, management control offices etc.). Data processing purposes Data processing will be carried out using information technology, printed or manual means for the following purposes: 1. Fulfilment of contractual and legal obligations deriving from the Data Subject's participation/visit, or connected to the already contracted or potential participation/visita, at “Events”. Data Subject participated for the purposes of Exhibitor promotion. Communication, on the Data Subject's request, of pre-contractual information connected to the Events, on the Data Subject's request (e.g. programmes, offers, etc.). 2. Planning and organizational management of the Events, for example, the management of ticket issuing and payment (including verifying the correctness of the payment made through third party operator services), issuing of credits and entry passes, creation and verification of personal identity badges for security purposes, programming and carrying out of specific services that the Data Subject may require from IEG (for example, translation, hostess), request for consular visas, management of contracts drawn up with third party suppliers for goods and/or services used by IEG or by the Data Subject during the Events, anonymous statistics, insertion of company data (name and surname or name and company name, telephone number, fax, e-mail, website) in the public on-line and paper catalog of the single Event in which the interested party participates. Communication of pre-contractual information (eg programs, proposals, etc.) connected to the Events, at the request of the interested party. 3. Market analysis. The sending (by email, sms, mms, push-up messages, interactive messaging functions, such as whatsapp, via mobile devices, fax, telephone call with operator, social network and others automated tools) of commercial communications, press releases, advertising and IEG goods/service. 4. Profiling. It is specified that profiling is a relevant activity for privacy purposes only if it specifically concerns individuals, therefore it refers only to buyers, visitors, journalist, conference’s/workshop’s speakers and/or congressmen/conventioneers who are sole proprietorships or partnerships. The profiling uses the data provided by the same data subject at the time of registration or later: i) in the case of buyers - name and surname, company name to which the interested belongs, brand, residence or registered office, country of origin, website, type of business sector, percentage of business in Italy or Abroad, Italian and foreign regions of interest, main categories of products of interest for the buyers and/or marketed by buyer, as well as the data collected at third-party databases in order to built cluster/group based on own/third-party good and services or declared of interest by the buyer and to enable IEG to plan marketing and commercial promotion actions focused on the same to guarantee the customer satisfaction (through creation of an agenda of meetings between buyers and exhibitors during the Event) As well as for to identify on a statistical basis geographical and product trend related to the interested parties (number and type of participants from foreign states and/or in the Italian and foreign geographical areas considered most interesting) ii) in the case of visitors - name and surname, contact details, to record preferences and interests and trend / expense modalities related to interest / hobbies in order to build clusters / homogeneous groups classified towards which to develop related direct marketing actions and / / or commercial promotion, as well as to identify geographical trends of origin and thus direct the development of the IEG business to the Italian and foreign geographical areas considered most interesting; iii) in the case of journalists - name and surname, contact details, sector and heading of belonging, country of origin, language, to identify geographical trends of origin and thus direct the development of direct marketing actions and / or commercial promotion towards geographical areas Italian and foreign and the types of publications (eg newspapers, magazines, specialist magazines, etc.) considered to be more interesting; iv) in the case of conference / workshop speakers - name and surname, contact details, sector of belonging, to record interest, professionalism in order to build clusters / homogeneous groups classified towards which to develop related actions of direct marketing and / or commercial promotion, as well as to identify on a statistical basis professional trends and market products related to interested parties / participants v) in the case of congressmen / conventionees - name and surname, contact details, sector of belonging, country of origin, sectors of activity, to record interest, preferences in order to build clusters / homogeneous groups classified towards which to develop related marketing actions direct and / or commercial promotion, as well as to identify on a statistical basis geographical trends and market products related to the interested parties / participants. These activities are also carried out by third-party commercial partners on behalf of IEG (eg sending emails via the IEG suppliers cloud service). Profiling does not imply the exclusion of those concerned from specific advantages or from the possibility of freely exercising their rights in relation to personal data processed by IEG; in particular, it does not prejudice the possibility for the data subject to participate in the Events and / or to use the ordinary services (eg online pre-registration, purchase of services) sold by IEG. 5. Market analysis as well as profiling and the sending, by IEG third party partners (e.g. Event organizers, exhibitors or other operators working within the Events), by email, sms, mms, interactive messaging functions, such as whatsapp, via mobile devices, fax, telephone call with operator, social network of commercial communications, advertising and goods/service sales offers inherent to these third party partners. For this purpose, the data will be communicated or transferred by IEG to these third parties, who will process the data in the role of autonomous Data Controllers or co-Controllers. Legal basis for data processing and the Data Subject's obligatory or optional consent Data processing for the purposes in sub-paragraph 1 is legally based on IEG's need to fulfil the obligations undertaken by means of the contract drawn up with the Data Subject (and to carry out all the functional actions required for a complete and correct execution of the commitments taken on) and/or the legal obligations connected to it. For this reason, this processing does not require the Data Subject's prior consent. The Data Subject is therefore free to withhold the data from IEG. However, in this case, IEG will not be able to carry out the services required by the Data Subject or referable to him/her (e.g. allow the Data Subject to take part in the Event concerned and provide the connected services, for example, the printed and/or digital catalogue of the events which will give his/her "brand" visibility to the Exhibitor's advantage) and/or will not be able to fulfil the legal obligations connected to the relationship. Data processing for the purposes of sub-paragraph 2 is legally based on IEG's legitimate interests in organizing the Events appropriately, planning and managing all the reasonably useful activities to allow the Data Subject to take part in the Events efficiently and effectively and to manage relations with third party suppliers of goods and services that are functional and/or connected to the Events. Only if the participation in the Events that, for particular security purposes of the premises and / or the goods exposed to the public, require the creation and delivery of an identification tag with the photograph of the interested party, this photo is collected and processed by IEG. For these purposes IEG does not need to have the Data Subject's prior consent. The Data Subject is, in any case, free to withhold the data from IEG, in which case, it will not be able to take part in the Event. During the events organized by IEG, generic videos and/or photographs may be taken by IEG and/or by photographers and/or video-makers authorized by IEG, to promote the Events on websites related to said events and on IEG's social profiles (e.g. twitter, facebook, whatsapp, youtube, vimeo, etc.), in brochures, catalogues and other printed promotional material. The photographs and videos published regard Events that, being trade show activities, must be intended as shows of a public nature and therefore bear no indication for which the explicit consent of the Data Subject is required. Moreover, only on the necessary prior and specific written consent of the Data Subject (which constitutes the legal basis of data processing), obtained previously or on site, can photographs and videos (including voice) showing the face of the Data Subject be published for promotional purposes on IEG printed materials or electronic channels to be divulged to the public (for example, catalogues, brochures, flyers, websites, landing pages, blogs, social networks). In this case, the Data Subject can deny consent, thus making it impossible for the data to be processed for these specific purposes. In doing so, the Data Subject renounces any payment for the use of his/her image. Afterwards, the Data Subject can ask, at any moment, for his/her face to be blacked out from the images processed by IEG, without prejudice to the lawfulness of data processing carried out by IEG or by authorized third parties up until the date of consent withdrawal and without prejudice to any divulgation of the images that is not within IEG's control. Data processing for the purposes of sub-paragraphs 3, 4 and/or 5 only occurs on the Data Subject's prior written consent, which can be freely denied without prejudice to the right to take part in the Events and/or to obtain the services that the Data Subject requires from IEG. However, lack of or denied consent will prevent IEG from processing the data for the purposes outlined in sub-paragraph 3) (e.g. the email address or mobile phone number for sending promotional messages) or for third party partner processing purposes outlined in sub-paragraph 4 and to prevent from communicating the data to the third Partners for the autonomous treatment in the case sub 5. Personal data communication and divulgation For the purposes outlined in sub-paragraphs 1 and 2, the data may be communicated by IEG to: information technology management service and system maintenance suppliers, photographers and/or video-makers who produce video-audio materials or the relative post-production, journalists and newspapers, IEG website and database suppliers, contractors for services needed to organize and manage the Events (e.g. outfitters and equipment installers, printed and on-line catalogue editors, logistics, security, private surveillance, first aid, hostesses, etc.) and consultants, which will process the data as external Data Controllers. For the purposes outlined in sub-paragraphs 3, 4 e 5, the data may be communicated to: companies appointed to carry out marketing analysis, advertising, communication and/or public relations, digital and printed publishing companies that produce IEG's advertising or promotional materials, website or blog creation companies, web marketing companies and other subjects appointed to devise and/or maintain promotional materials, information technology system management and maintenance companies, websites and databases used to organize and manage the Events. These third parties will process the data in the role of external Data Controllers conforming to IEG's written instructions and under IEG surveillance. For all the above purposes, the data may also be communicated by IEG to third party commercial partners with whom IEG shares Event creation and/or promotion activities. These third party partners will process the data in the role of autonomous Data Controllers or co-Controllers or External Controllers. In this later case, IEG will draw up a written agreement with the co-Controller to outline the respective data processing activities. A list of co-Controllers, autonomous Data Controllers and External Controllers is available on request (for the relative modalities, refer to the section on "Data Subject rights" in this information notice). Transferring the data abroad In the case of Events in the U.S.A. organized by IEG and/or at which IEG participates under its own initiative, data communication carried out by IEG as described above may include third party receivers with premises in one or more US States. In this case, data transfer will be based on the following juridical grounds: a) the bilateral "Privacy Shield" convention in force between the EU (European Union) and the U.S.A., which foresees companies and other organizations that import these data into the U.S.A. being obliged to apply a series of protection measures to safeguard the Data Subject's personal data as it is received or otherwise acquired and processed; b) if the importer of data into the U.S.A. has not previously adhered to the Privacy Shield mechanism, in conformity with the rules outlined in the Privacy Shield itself, data transfer by IEG to the importer will only take place with adequate guarantees which particularly include the prior stipulation of a specific contractual agreement between the third party importer in the U.S.A. and IEG and according to which the third party receiver, for its own data processing activities, will endeavour, in regard to IEG, itself and its employees, to respect the privacy obligations that are substantially equivalent to those foreseen in the EU regulation, to which IEG is bound. The contractual clauses must therefore conform to the text adopted by the EU Commission (art. 46.1.c.GDPR). It is pointed out as of now, that, only in the unlikely event that drawing up such a contractual data transfer agreement with the third party data importer in the U.S.A. is not possible or excessively costly, IEG, in its role as the Data Controller, will apply an exemption from the prohibition to transfer data outside the EU. Said exemption shall constitute the fact that data transfer to the USA is i) necessary for executing a contract drawn up between the Data Subject and the co-Controller of the processing, or rather, for executing pre-contractual terms adopted at the Data Subject's request; ii) necessary for concluding or executing a contract drawn up between the Data Controller and another physical or juridical person on behalf of the Data Subject (this other physical or juridical person is an IEG branch or partner with head offices in the U.S.A). As an alternative to these exemptions, IEG reserves the right to ask the Data Subject for specific consent to transfer the data to the U.S.A. In the case of Events outside the EU in a country other than the U.S.A. (eg Peoples’ Republic of China, United Arab Emirates, Colombia, Honk Kong), organized or attended by IEG, data communication carried out by IEG as described above, may include third party receivers with premises in these countries. In this case, data transfer will be based by IEG to the importer will only take place with adequate guarantees which particularly include the prior stipulation of a specific contractual agreement between the third party importer and IEG and according to which the third party receiver, for its own data processing activities, will endeavour, in regard to IEG, itself and its employees, to respect the privacy obligations that are substantially equivalent to those foreseen in the EU regulation, to which IEG is bound. The contractual clauses must therefore conform to the text adopted by the EU Commission. Only if drawing up such a contractual data transfer agreement with the third party data importer is not possible or excessively costly, IEG will apply an exemption from the prohibition to transfer data outside the EU. Said exemption shall constitute the fact that the data transfer to the non-EU country is i) necessary for executing a contract drawn up between the Data Subject and the co-Controller of the processing, or rather, for executing pre-contractual terms adopted at the Data Subject's request; ii) necessary for concluding or executing a contract drawn up between the Data Controller and another physical or juridical person on behalf of the Data Subject (this other physical or juridical person is an IEG branch or partner with head offices in a non-EU country). As an alternative to these exemptions, IEG reserves the right to ask the Data Subject for specific consent to transfer the data to another country outside the EU. The list of the subjects third recipients of the transfer (so-called importers of the data) it is available on the site www.iegexpo.it/privacy information(section“data importer”) Data processing duration In the case of the purposes in sub-paragraph 1 and/or 2, as specified above, IEG processes the data for 10 years from the date on which contractual relations with the Data Subject terminated. In the case of the purposes in sub-paragraph 3, as specified above, IEG processes the data for 10 years from the date on which contractual relations with the Data Subject terminated. IEG processes the data for a period of 5 years from publication in the case of publishing and advertising (production, printing and dissemination of editorial and promotional material, either printed or via the internet, house organ, VOplus magazine, etc.). IEG processes the data for a period of 60 days after the closure of the Show and then removes the names in the case of data processing at collection points at which visitors and exhibitors requested assistance, including insurance desks, Info points and First Aid areas. Currently, IEG processes data for a period of 10 days (at the Vicenza Exhibition Centre) and 24 hours - with the exception of special circumstances relating to police or judicial inquires - (at the Rimini Exhibition Centre) from their recording on: video-camera activation and controls and video-surveillance systems. For purposes linked to exhibitor promotion, IEG processes the data contained in the catalogue (printed and/or digital) for a period that includes a maximum of 2 issues of the catalogue. IEG processes Show/Event certification data up until certification termination. For the profiling purposes outlined in sub-paragraph 4, as specified above, the data are processed for 10 years from termination of contractual relations with the Data Subject, with the exception of: profiling data used for the "Business Matching" service carried out by IEG in relation to Events which are processed for three months from the closure of the individual Event to which they refer. Data required for information technology security purposes (e.g. log-in registrations, failed logs and log-outs when accessing the reserved areas on IEG Event websites) are processed by IEG for a period of 1 year after collection in order to carry out security checks and to document the results. The recording of logs relating to events such as consulting IEG privacy information notices on-line or communicating the Data Subjects consent to IEG through the website or by email, are preserved by IEG for the amount of time considered useful for the relative Authorities or Data Subject to check them if they should ask to do so (6 years from their collection date). In case of dispute between IEG (or IEG third party suppliers) and the Data Subject, the data will be processed for the entire time needed to exercise the Data Controller's protection rights or those of the third party suppliers, in other words, until a valid judgement between the parties has been issued or a settlement has been made. Once the above duration terminates, the personal data will be erased, destroyed or made anonymous by means of the appropriate security measures. Data Subject rights It is also hereby notified that the Data Subject will have the right to: - ask the Data Controller for confirmation that personal data regarding him/her are or are not being processed and, if they are, obtain access to said personal data and the following information: a) the processing purposes; b) the personal data categories concerned; c) the receivers or categories of receivers to which the personal data have been or will be communicated, especially if the receivers are in third countries or are international organizations; d) when possible, the foreseen length of time that the personal data will be kept or, if not possible, the criteria used to determine said period; e) the existence of the Data Subject's right to ask the Data Controller to rectify or cancel the personal data or to limit personal data processing or to object to their processing; f) the right to submit a complaint to a Data Protection Authority; g) whenever the data were not collected directly from the Data Subject, all the information available regarding their origin; h) the existence of an automated decisional procedure, including profiling and, at least in this case, significant information on the logic used as well as the importance and consequences of this processing for the Data Subject; - be informed of the existence of adequate guarantees regarding the transfer of data should the personal data be transferred to a third country or an international organization; - ask for, and obtain without justified delay, the amendment of any imprecise data; taking the purposes of the processing into account, integration of any incomplete personal data, also by providing an additional declaration; - ask for the data to be cancelled if a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; b) the Data Subject revokes his/her consent on which the processing is based and there are no legal grounds for their processing; c) the Data Subject objects to the processing and there is no prevalent lawful reason for continuing to process them, or the Data Subject objects to the processing carried out for direct marketing purposes (including any profiling used for said direct marketing); d) the personal data were processed unlawfully; e) the personal data should have been cancelled in order to fulfil a legal obligation foreseen by European Union law or the law of the Member State to which the Data Controller is subject; f) the personal data were collected in relation to a service offer from the information company; - ask for the processing to be limited when one of the following hypotheses occurs: a) the Data Subject questions the exactness of the personal data for the period of time needed for the Data Controller to check the exactness of said personal data; b) processing is unlawful and the Data Subject objects to personal data cancellation and asks instead for their use to be limited; c) although the Data Controller no longer needs the personal data for the purposes of processing, the Data Subject needs them for verification or for the exercising or defence of a right in court; d) the Data Subject objects to the processing for direct marketing purposes while waiting for the any prevailing lawful reasons for processing by the Data Controller to be checked; - obtain, on request, communication from the Data Controller of the third party receivers to whom the personal data has been transmitted; - withdraw, at any moment, consent to the processing of his/her personal data for one or more specific purposes in the understanding that doing so will not prejudice the lawful processing based on consent given prior to its withdrawal; - receive, in a commonly-used structured format that can be read on automatic devices, the personal data that concerns him/her from the Data Controller and, if technically feasible, to have these data transmitted directly to another Data Controller with no hindrance from the Data Controller that provided them, should the following conditions (cumulative) arise: a) data processing is based on the consent of the Data Subject for one or more specific purposes, or on a contract of which the Data Subject is part and for which the data processing is necessary; and b) data processing is carried out with automated means (software) (including the right to so-called "portability"). Exercising the right to so-called portability is without prejudice to the right of cancellation foreseen above; - the Data Subject has the right not to be subject to a decision based exclusively on automated processing, including profiling, which produces legal effects regarding him/her or that significantly and similarly affects his/her person; - the Data Subject has the right, at any moment, to submit a complaint to the competent Data Protection Authority in accordance with the GDPR (the Authority in his/her place of residence or domicile). The Data Subject can exercise his/her rights by writing to the Data Controller Italian Exhibition Group S.p.A., Data Protection Officer, with registered premises in Via Emilia, 155 – 47921 Rimini (Italy) or to the e-mail address: privacy@iegexpo.it. A list of co-Controllers, autonomous Data Controllers and external Data Controllers can be requested. For the purposes of guaranteeing that the GDPR and the laws applicable to the Data Subject's personal data and their processing are observed, IEG has nominated and appointed an independent third party subject for these activities (Data Protection Officer). IEG's Data Protection Officer as of 25th May 2018 is lawyer Luca De Muri, domiciled for the position at Italian Exhibition Group S.p.A. The Data Subject can exercise his/her rights by writing to the Data Controller Italian Exhibition Group S.p.A., Data Protection Officer, with registered premises in Via Emilia, 155 – 47921 Rimini (Italy) or to the e-mail address: privacy@iegexpo.it. A list of co-Controllers, autonomous Data Controllers and external Data Controllers can be requested. For the purposes of guaranteeing that the GDPR and the laws applicable to the Data Subject's personal data and their processing are observed, IEG has nominated and appointed an independent third party subject for these activities (Data Protection Officer). IEG's Data Protection Officer as of 25th May 2018 is lawyer Luca De Muri, domiciled for the position at Italian Exhibition Group S.p.A.