INFORMATION ON THE TREATMENT OF PERSONAL INFORMATION
This information is provided pursuant to art. 13 of EU Regulation 2016/679 of the European Parliament and of the Council of 27.04.2016 concerning the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data (so-called “General Regulations on the processing of personal data” or “GDPR”) and to the D. Lgs. 30.06.2003, n. 196, including its modifications and integrations introduced by the D. Lgs. 10.08.2018, n. 101 (“Norms concerning Personal Data” or “Privacy Code”) by:
► PORDENONE FIERE SPA, with registered office in 33170 Pordenone (PN), Viale Treviso, 1, tax code and VAT number 00076940931, in the person of the legal representative pro tempore, as Data Controller (hereinafter, “Owner“).
The Data Controller, aware of the importance of guaranteeing the security of private information, in accordance with applicable European and Italian legislation, provides below, consistently with the principle of transparency pursuant to art. 12, GDPR, the following information in order to make the user aware of the characteristics and methods of data processing.
1. OBJECT OF THE TREATMENT
The Data Controller processes personal identification data (for example, personal data such as name, surname, social security number, contact details as home address, e-mail, telephone number), as well as other information (for example, domiciliation and contact details, bank current accounts) – hereinafter, “personal data” or even “data”, communicated by you, or otherwise acquired within the limits of the provisions of art. 14, paragraph 5, GDPR, in the context of commercial relationships with the Owner.
Any processing of your personal data may be connected to the measurement of body temperature and to the control of Covid-19 certifications. In this case, the temperature will be detected and the certification checked but the data will not be acquired or stored. The personal identification and the recording of high temperature will take place only if it is necessary to document the reasons preventing access to the exhibition center.
2. LEGAL BASIS AND PURPOSE OF DATA PROCESSING
Your personal data are processed:
a) without your express consent (see Article 6, letter b, GDPR), for the following purposes:
i. carry out the requests for contracts and/or services such as the issue and payment of admission tickets, accreditations, the management of certification obligations for shows and events (eg towards ISF CERT – statistical data certification for obtaining national and international qualifications for the events), as well as the possibility of participating in extraordinary contests and / or thematic initiatives within the events organized directly by Pordenone Fiere Spa (contractual purposes). In this case, in fact, the execution of a contract of which you are part or the execution of pre-contractual measures adopted at your request, constitutes the legal basis of the processing.
ii. in addition to this, we inform you that your personal data may be treated without your explicit consent (see. art. 6, lett. b, c, d, e, f), also to fulfil all the administrative, accounting and tax obligations deriving from the existing contractual relationship; fulfil the obligations imposed by the law, by a regulation, by the European Community legislation or by an order of the Authority; safeguard the vital interests of the concerned subject or another natural person; prevention of Covid-19 infection (implementation of anti-contagion security protocols) perform tasks of public interest or connected to the exercise of public authority vested in the Data Controller; to pursue a legitimate interest of the Data Controller or third parties, within the limits and under the conditions set forth in art. 6, letter f), GDPR; to exercise the rights of the Data Controller (by way of example only, the right of defence in court).
b) only with your specific and unequivocal consent (see art. 6, letter a, 7, GDPR), for the following additional purposes:
i. sending of newsletters, coupons and freebies, commercial communications tools, advertising material on products and/or services, offered by Pordenone Fiere Spa, concerning PORDENONE FIERE or similar to those of your interest, carrying out of statistical surveys or market researches, even through specially appointed companies [Growens Spa (MailUp), Goodnet, Eventbrite or similar] – by means of e-mails, text messages, push-up messages, messaging functions with mobile devices, telephone calls with operator, social networks and other automated communications (marketing purposes);
ii. analysis of your preferences, habits, behaviours and/or interests for the definition of individual or group-customized commercial profiles, also for the purpose of sending targeted commercial communications using the traditional and/or automated methods referred to in point i. even through specially appointed companies (profiling purposes);
iii. communication of data to third parties in partnership with Pordenone Fiere Spa (organisers of events, trade fairs or other operators active in the events), for the purpose of autonomous direct marketing actions concerning goods and services related to these third-party partners.
In such cases, in fact, the consent provides the juridical base for the treatment.
3. NATURE OF THE PROVISION OF PERSONAL DATA
The provision of data for the purposes referred to in art. 2, letter a) – contractual purpose – is of a mandatory nature, as your refusal to provide the requested personal data could make it impossible for the Controller to comply with the legal obligations and/or those deriving from the management of the contractual relationship, preventing as a consequence, its formalization and/or execution. The provision of data for the purposes referred to in art. 2, letter b), point i. – marketing purposes – it is optional and failure to provide it may make impossible to receive newsletters, commercial communications and/or advertising material on products and/or services offered by the Data Controller, to be subjected to statistical studies and/or market researches. The provision of data for the purposes referred to in art. 2, letter b), point ii. – profiling purposes – it is optional and failure to provide it may make it impossible for the Data Controller to use such data to perform analysis of your preferences, habits, behaviours and/or interests for the definition of customized commercial profiles, individual or by group, also for the purpose of sending targeted commercial communications using traditional and/or automated methods.
4. METHODS OF DATA PROCESSING
The processing of your personal data is carried out by means of the procedures indicated in art. 4, paragraph 1, n. 2), GDPR, i.e. any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction. The processing of your data will be based on the principles of correctness, lawfulness and transparency and can also be executed through automated methods designed to store, manage and transmit them and will take place by means of appropriate tools, as far as reason and state of the art, to ensure safety and confidentiality through the use of appropriate procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination. Personal data may be stored both on computer media and on paper, as well as on any other type of support deemed most suitable for processing.
With reference to the possible detection of body temperature, the owner does not make any registration of the acquired data. The identification of the interested party and the recording of the exceeding of the temperature (equal or higher than 37.5°) could take place only if it was necessary to document the reasons that prevented the access to the exhibition center. In this case, however, the interested party will be informed of the circumstance.
5. DATA RETENTION PERIOD
The Data Controller will process the data for the time necessary respectively to pursue the related purposes as stated above, in particular:
– 10 years from the date of collection of the data or acquisition of consent in the case of marketing purposes directed towards visitors, buyers, conference participants and journalists;
– The longest period between the 10-year term and the one of termination of the office in relation to the marketing purposes directed towards the VIP;
– 12 months from the end of the Event in the case of pre-sale and online and onsite ticket sale to visitors and of free invitation tickets, for purposes of control and registration of visitor accesses and VIPs as well as registration purposes for security personnel of the Event.
– 10 days from the date of registration in the case of video surveillance system management;
– The online and printed catalogue of exhibitors created for promotional purposes is kept for the last two editions of the same Event;
– Until the administrative certification of the Event is obtained in the case of certification purposes of the same.
– 14 days referring to acquired data for COVID-19 tracing and until the end of the emergency for contact tracing purposes.
After this retention period has expired, the data will be destroyed or made anonymous and, in any case, they will be rendered unusable for the purposes for which the detention terms have expired.
6. DATA COMMUNICATION
The personal data processed by the Data Controller will not be disclosed, or will not be made available to indeterminate subjects, in any possible form, including that of their availability or simple consultation. Instead, they may be made accessible to workers and / or collaborators who work in dependencies and for the Data Controller and / or to some external subjects who provide sufficient guarantees that they have adopted appropriate legal, organizational and technical measures so that the treatment satisfies the requirements set out in the GDPR and guarantee the protection of the rights of the data subject. In particular, your data may be made accessible to: i. employees and collaborators of the Owner, in their capacity as internal managers, delegates, designated and / or authorized to process personal data and / or System Administrators; ii. third-party companies or other subjects, (by way of example, credit institutions, professional firms, consultants, insurance companies, etc.) who carry out outsourcing activities on behalf of the Controller, in their capacity as external managers of personal data, third party companies or other subjects (by way of example: subjects that send information and / or promotional communications, marketing services, telemarketing services, statistical studies and / or market researches, etc.), so that they can carry out the activities referred to in art. 2, letter b), points i. ii. and iii. Health authority for the reconstruction of the Covid-19 infection chain.
7. DATA TRANSFER
The data will be managed and stored on the Controller’s server and/or the third-party companies’ server – involved and duly named as data controllers – which are located within the European Union, in accordance with the Article 45 and followings of the GDPR.
The server is currently located in Italy. Your data won’t be transferred outside the European Union. It is understood in any case that, if it shall become necessary to move the location of the server to Italy and/or to the European Union and/or to countries outside the European Union, this shall be always take place in accordance with the Article 45 and followings of the GDPR. In such a situation, however, the Controller ensures that the data transfer outside the European Union will take place in accordance with the applicable law, also, if necessary, entering into agreements in order to guarantee an adequate data protection level and/or adopting the European Commission’s standard contractual clauses.
8. RIGHTS OF THE INTERESTED PARTY
Pursuant to the articles from 15 to 21, GDPR, has the right to: i. to obtain from the Data Controller the confirmation that his personal data are being processed and in such case, the access to personal data, even receiving a copy (i.e. access right); ii. To obtain from the Data Controller the rectification of inaccurate personal data and / or the integration of incomplete personal data concerning him (c.d. right of rectification); iii. obtain from the Data Controller the deletion of personal data if one of the reasons provided by the GDPR (i.e. the right to cancel) exists; iv. Obtain from the Data Controller the limitation of the processing only to some personal data if one of the reasons provided for by the GDPR (i.e. the right to limit the treatment) exists; v. request and receive from the Data Controller, in a structured format, commonly used and readable by an automatic device, the personal data concerning him, or request and obtain transmission to another Data Controller without impediment (i.e. portability right); vii. revoke, at any time, any consent given in relation to the processing of your personal data (i.e. consent to revoke the consent); vii. object, in whole or in part, to the processing of personal data (i.e. opposition right); viii. not be subjected to a decision based solely on automated processing in the cases provided for by the GDPR; ix. to make a complaint to the Guarantor Authority for the protection of personal data, as well as to exercise the other rights recognized to him by the applicable European and Italian legislations.
9. HOW TO EXERCISE RIGHTS
You can exercise your rights at any time by contacting the Data Controller:
►by registered letter A / R: PORDENONE FIERE SPA with registered office at 33170 – Pordenone, Viale Treviso, 1 to the kind attention of Mr. Tonelli Gianni;
►by e-mail: firstname.lastname@example.org.
In cases where consent is required, in case the conferring subject is of minor age, the processing is lawful only if and to the extent that, the aforementioned consent is given or authorized by the person who exercises parental responsibility. With specific reference to the processing of personal data in relation to the direct offer of information society services, pursuant to art. 8, GDPR, as well as art. 2 quinquies, the Privacy Code, where the subject that grants is less than 14 years (fourteen), the processing is lawful only if and to the extent that the aforementioned consent is given or authorized by the holder of parental responsibility.
11. DATA CONTROLLER, PERSON RESPONSIBLE, DESIGNATED AND AUTHORIZED PERSONS
The Data Controller is:
► PORDENONE FIERE SPA whose registered office is located in 33170 – Pordenone, Viale Treviso, 1, C.F./P.I. 00076940931, in the person of Renato Pujatti. Additional information on responsible persons, delegates, designated and authorized persons to manage personal data can be requested by contacting the Data Controller according to the indicated contact details.
12. RESPONSIBLE FOR THE PROTECTION OF PERSONAL DATA (SO-CALLED DATA PROTECTION OFFICER – DPO)
By virtue of the processing activities carried out, the Data Controller has deemed it necessary to designate, as Responsible for the protection of personal data – c.d. Data Protection Officer or “DPO” – pursuant to art. 37, GDPR, Ing. Bottacin Fabrizio, who can be contacted for any information and / or request by writing to: Dott. Bottacin Fabrizio, viale Treviso 1, 33170 PORDENONE, or by sending an e-mail to: email@example.com
Pordenone, 26th October 2022
The Data Controller
PORDENONE FIERE SPA