PRIVACY POLICY - FLORMART

1.INTRODUCTION

Pursuant to article 13 of the GDPR, concerning the protection of natural persons in regards to the processing of personal data, we are providing the requested information on the processing of personal data concerning you (“Data“) by Fiere di Parma S.p.A. and Padova Hall S.p.A. (hereinafter referred to also as “Data Joint Controllers” or “Joint Controllers”).

JOINT CONTROLLER AGREEMENT

Pursuant to article 26 of Reg. EU 2016/679, the Joint Controllers undertake to: make joint decisions about the purpose and method of processing the Personal Data of data subjects; jointly design, in a clear and transparent manner, the procedure for providing you with a prompt response should you wish to exercise your rights, as set forth by articles 15 et seq. of Reg. EU 2016/679; to jointly draft this policy in compliance with Reg. EU 2016/679. The joint controller agreement sets down in detail the responsibilities of the joint controllers concerning the protection of the rights and freedoms of natural persons. To this end, the technical and organizational measures pursuant to article 32 of the European Regulation are programmatically defined, as well as the requirements relating to the principles established by article 5 of that Regulation. The essential contents of the agreement concerning the method and purposes of processing, in relation to the above, are available to data subjects, who may request them from either of the Data Controllers at the above specified addresses.

2. JOINT CONTROLLERS’ DATA

Fiere di Parma S.p.A., with registered offices in Parma, Viale delle Esposizioni 393/a, Tax code and VAT No. 00162790349, email legale@fiereparma.it (hereinafter referred to also as “FDP”).

and

Padova Hall S.p.A., with offices in Padova, Via Tommaseo 59, TAX ID and VAT No. 00205840283, email privacy@fieradipadova.it (hereinafter also “PH”).

3. DATA PROTECTION OFFICER

FDP has appointed a Data Protection Officer (DPO) who can be contacted for any information or requests via the email address privacy@fiereparma.it

4. PERSONAL DATA PROCESSED

“Data” is intended as personal data of natural persons which is handled by the Data Controller for the stipulation and execution of the contractual relationship with the exhibitors (customers/clients legal entities) (“Exhibitors” or “Data Subjects”), such as the data of the legal representative who signs the contract for and on behalf of the Exhibitor, as well as of the Exhibitor’s employees/ consultants, involved in the activities referred to in the contract. In the latter case, the source from which the Data comes is the Exhibitor.

5. PURPOSE OF PROCESSING AND LEGAL BASIS

The Data supplied by the Data Subjects, including information entered on forms, are used for the following purposes:

PURPOSES OF DATA PROCESSING

LEGAL BASIS FOR PROCESSING

DATA STORAGE PERIOD

Purposes concerning the establishment and performance of the agreement between the Exhibitor and the Joint Controllers, including notices related to the services offered.

Execution of the contract for the Data of the legal representative.

Duration of contract and, following termination thereof, for a period of 10 years.

Customer satisfaction with the services provided directly and/or indirectly by the Data Controller.

Legitimate interest.

Duration of contract.

To confirm the supply of the services requested. In case of denial, we cannot confirm the presence on the catalogue or provide you the services requested.

Since processing is necessary for the services requested and their subsequent provision, the data subject’s consent is not required.

Processing shall finish at the end of the exhibition, but, since the catalogue is on line, some Data may remain visible till the end of the following edition of the exhibition.

Implementation of administrative/accounting obligations – such as accounting and treasury management, as well as invoicing (for example, the verification and registration of invoices) – in compliance with the requirements of current legislation.

Need to fulfil a legal obligation to which the Company is subject.

In accordance with the law.

If necessary, to ascertain, exercise or defend the rights of the Controller in court. Out-of-court collection of receivables.

Legitimate interest.

In the case of court litigation, for the entire duration of the same, until expiration of the time limits of the appeals.

Sending general communications concerning the same type of services/exhibitions or events via e-mail to the address provided by you.

The procedures to provide the service follow the rules of soft spam pursuant to article 130 of Legislative Decree 196/2003. The Data Subjects may at any time request to opt out from receiving newsletters using the email address given above.

Until request of erasure.

Marketing purposes (sending of commercial/promotional communications), through electronic means of contact (e-mails, newsletters) and traditional ones (telephone calls with operator and traditional mail) about the products/services of Padova Hall SpA and Fiere di Parma SpA.

Consent of the Exhibitor’s legal representative (optional and revocable at any time).

Until request of erasure.

Once the aforementioned retention period has elapsed, the Data will be destroyed or made anonymous, in compliance with the technical erasure and backup procedures.

Should Data be used by the Data Joint Controllers for purposes other than the ones specified above, the Data Joint Controllers shall be considered, with respect to these additional purposes, Independent Data Controllers.

6. PROCESSING PROCEDURES

The joint processing of Data is based on principles of correctness, lawfulness, transparency and data minimization (privacy by design); it may be carried out either manually or through automated procedures designed to store, process and transmit them and will take place through appropriate technical and organizational measures, taking into account the current technological level and implementation costs, in order to guarantee, among other things, the security, confidentiality, integrity, availability and resilience of systems and services, avoiding the risk of loss, destruction, unauthorized access or disclosure or, in any case, illicit use, as well as through reasonable steps for ensuring that inaccurate data is erased or rectified in accordance with the purpose for which they are processed. There are no transfers of Data of the Data subjects to non-European countries.

7. RIGHTS OF THE DATA SUBJECT (ART. 15-22 of the GDPR)

The Data Subject has the rights established by articles 15 to 22 of the GDPR, where applicable. Data subjects have the right to request from each Data Controller access to Data, rectification or erasure of such data as well as restriction of or objection to processing. The data subjects are entitled to revoke consent at any time regarding the purposes of point 7 chapter “5. PURPOSE OF PROCESSING AND LEGAL BASIS”. For additional information on your specific rights as a Data Subject, and on how to exercise them, please send an email or write to each of the Joint Controllers stated in article 2, specifying your request and the address to which you would like your reply sent.

Data Subjects are entitled to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) through the contact details available on the website https://www.garanteprivacy.it/

8. CATEGORIES OF DATA RECIPIENTS THE DATA MAY BE PROVIDED TO AS DATA CONTROLLERS OR WHO MAY COME TO KNOW THEM AS DATA PROCESSORS

Data may be processed by third parties operating as Data Controllers such as, by way of example, authorities and supervisory and control bodies and in general public or private bodies entitled to request the Data.

The Data may be processed, on behalf of their respective Joint Controllers, by third parties designated as data processors who perform specific activities on behalf of the Joint Controllers, for example, accounting, tax, insurance companies, correspondence, management of receipts and payments, and other tasks that are necessary for the correct provision of the service.

Data will be processed by authorized, trained persons and will not be disclosed and disseminated.