Data processing policy

1. INTRODUCTION

Pursuant to Art. 13 of the GDPR, concerning the protection of natural persons in regards to the processing of personal data, we are providing the requested information on the processing of personal data concerning you (“Data“) by Fiere di Parma S.p.A. and Padova Hall S.p.A. (hereinafter referred to also as “Data Joint Controllers” or “Joint Controllers”).

JOINT CONTROLLER AGREEMENT

Pursuant to Article 26 of Reg. EU 2016/679, the Joint Controllers undertake to: make joint decisions about the purpose and method of processing of the Personal Data of data subjects; jointly design, in a clear and transparent manner, the procedure for providing you with a prompt response should you wish to exercise your rights, as set forth by articles 15 et seq. of Reg. EU 2016/679; to jointly draft this policy in compliance with Reg. EU 2016/679. The joint controller agreement sets down in detail the responsibilities of the joint controllers concerning the protection of the rights and freedoms of natural persons. To this end, the policy outlines the technical and organizational measures in accordance with article 32 of the European Regulation as well as the requirements based on the principles set forth in article 5 of the same Regulation. The essential contents of the agreement concerning the method and purposes of processing, in relation to the above, are available to data subjects, who may request them from either of the Data Controllers at the above specified addresses.

2. JOINT CONTROLLERS’ DATA

Fiere di Parma S.p.A., with registered offices in Parma, Viale delle Esposizioni 393/a, TAX ID and VAT No. 00162790349, email legale@fiereparma.it (hereinafter referred to also as “FDP”).

and

Padova Hall S.p.A., with offices in Padova, Via Tommaseo 59, TAX ID and VAT No. 00205840283, email: privacy@fieradipadova.it  (hereinafter also “PH”).

3. DATA PROTECTION OFFICER

FDP has appointed a Data Protection Officer (DPO) who can be contacted for any information and request via the email address privacy@fiereparma.it

4. PERSONAL DATA PROCESSED

The Data processed by the Joint Controllers for application to the “Flormart Buyers Program” are: personal details, contact details, company and selected product category.

If the Data collected by the Joint Controllers do not fully comply with requirements for admission of the Data Subject to the incoming program offered, but are compatible with the visitor target requested for the event, the data may be used by the Joint Controllers to send an admission ticket to the event; if that is not the case, the data will be deleted.

5. PURPOSE OF PROCESSING AND LEGAL BASIS

The Data supplied by the Data Subjects, including through the completion of special forms, are used for the fulfilment of the following purposes:

Should Data be used by the Data Joint Controllers for purposes other than the ones specified above, the Data Joint Controllers shall be considered, with respect to these additional purposes, Independent Data Controllers.

6. PROCESSING PROCEDURES

Joint data processing is based on principles of correctness, lawfulness, transparency and data minimization (privacy by design); it may be carried out either manually or through automated procedures designed to store, process and transmit them and will take place through appropriate technical and organizational measures, taking into account the current technological level and implementation costs, in order to guarantee, among other things, the security, confidentiality, integrity, availability and resilience of systems and services, avoiding the risk of loss, destruction, unauthorized access or disclosure or, in any case, illicit use, as well as through reasonable steps for ensuring that inaccurate data is erased or rectified in accordance with the purpose for which they are processed.

7. RIGHTS OF THE DATA SUBJECT (ART. 15-22 of the GDPR)

Data subjects have the rights established by articles 15 to 22 of the GDPR, where applicable. Data subjects have the right to request from each Data Controllers access to data, rectification or erasure of such data as well as restriction of or objection to processing. Data subjects may at any time revoke their consent regarding the purposes of point 10 of article “5. PURPOSE OF PROCESSING AND LEGAL BASIS”. For additional information on your specific rights as a Data Subject, and on how to exercise them, please send an email or write to each of the Joint Controllers stated in art. 2, specifying your request and the address where you would like to receive the reply.

Data subjects are entitled to lodge a complaint with the Data Protection Authority through the contact details available on the website  https://www.garanteprivacy.it/

8. CATEGORIES OF DATA RECIPIENTS THE DATA MAY BE PROVIDED TO AS DATA CONTROLLERS OR THAT MAY COME TO KNOW THEM AS DATA PROCESSORS

The Data may be processed by third parties operating as Data Controllers such as, by way of example, authorities and supervisory and control bodies and in general public or private bodies entitled to request the Data.

Your Data may be processed by third parties designated as data processors who perform specific activities on behalf of the Joint Controllers (such as, inter alia: accounting, tax and insurance-related requirements, management of admission tickets and other procedures required for the provision of services), service partners needed for the organization of the show (for example, travel agencies; airlines; car services, for accessory services relating to travel or accommodation). In some cases, the Data may later be processed by the same recipients in a capacity as independent data controllers.

Your Data will be processed by authorized, trained persons and will not be disclosed and disseminated.

Your Data will not be transferred to countries outside the EU.