PRIVACY NOTICE FOR THE PROCESSING OF PERSONAL DATA OF CLIENTS OF FIERA MILANO CONGRESSI
PRIVACY NOTICE FOR THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF THE GDPR
In compliance with article 13 of Regulation (EU) 2016/679 ("GDPR"), Fiera Milano Congressi S.p.A. ("FMC"), in its capacity as Data Controller, informs you that the personal data referring to you, in the case of sole traders, small entrepreneurs, professionals, etc., or referring to you as a contact person of the company with which FMC has contractual relations for the organisation of events and/or collected by FMC as part of the performance of the contractual relationship, will be used solely for the purpose of enabling the establishment and performance of the contractual relationship.
This data will be processed in accordance with applicable legislation, including the GDPR, as well as further applicable data protection provisions in the manner and for the purposes described below in this notice (the “Privacy Notice”).
1. Controller's contact details
The Data Controller is Fiera Milano Congressi S.p.A. ("Controller" or "FMC" or “Company”) with registered office in Milan, Piazzale Carlo Magno no. 1, 20149. You may contact the Controller by email at gdpr@fieramilanocongressi.it, or by post at the above address.
2. Types of personal data
The Company mainly processes the following categories of personal data:
· identification and contact data (e.g. name, surname, date of birth, tax code, postal address, e-mail address, telephone contact details);
· economic data to make payments related to the contractual relationship;
· data relating to choices and/or preferences on products and/or services offered by the Company.
3. Purpose and legal basis of processing
Your personal data are collected and processed for the following purposes:
a) for the adoption of pre-contractual measures, the conclusion and execution of the contract and the related preliminary and connected activities, such as, by way of example, the execution and management of services, the handling of any requests for information, complaints and disputes, as well as the fulfilment of legal obligations arising from the contract itself, including all administrative and accounting formalities;
b) to comply with legal obligations to which FMC is subject, including laws, regulations in force at the time and measures also issued by public authorities empowered to do so, and for purposes connected with the investigation and prosecution of offences;
c) sending advertising material, carrying out market research, carrying out commercial promotion of the services offered by FMC, directly or through third-party companies specifically appointed as data processors.
For the purposes set out in points a) and b), FMC processes the data on the basis of the performance of the contract to which you are a party, in the case of sole traders, small entrepreneurs, professionals, pursuant to Art. 6(1)(b) of the GDPR, or of its legitimate interest in the performance and management of the contractual relationship with the company to which you are a contact person pursuant to Art. 6(1)(f) of the GDPR as well as for the fulfilment of legal obligations to which FMC is subject pursuant to Art. 6(1)(c) of the GDPR.
For the purpose referred to in point c), FMC processes the data on the basis of its legitimate interest, taking into account the provisions of art. 130, subsection 4, of Legislative Decree 196/2003 and subsequent amendments and additions, without your consent, to send you communications for the direct sale of products or services similar to those you have already purchased (so-called soft spam), pursuant to art. 6(1)(f) of the GDPR, without prejudice to your right to refuse to receive such communications.
If, as part of the performance of the contract signed between FMC and the company for which you are the contact person, the services provided by FMC via the Exhibitor Services Website (the "Portal") are included, the means and purposes of the processing of personal data carried out by FMC via the Portal are described in the privacy notice available directly on the Portal.
4. Modalities of the processing
Personal data is processed for the above-mentioned purposes, in accordance with the provisions of Article 5 of the GDPR, both on paper and computer, as well as by means of electronic or otherwise automated tools.
Processing is carried out directly by FMC, in its capacity as data controller, by its employees and collaborators who have been authorised to carry out personal data processing operations connected with the contractual relationship and have been instructed to do so, and by external parties who, on behalf of the same company, perform services of various kinds as better specified in paragraph 7 below.
Your personal data will not be transferred outside the European Union and/or the European Economic Area ("EEA").
5. Nature of data provision and consequences of refusal
For the purposes of paragraph 3, the communication of data is necessary for the proper establishment and execution of the contractual relationship and for the performance of the contractual and legal obligations arising therefrom. Failure to provide data may result in the impossibility of establishing the contractual relationship or fulfilling all or part of the contractual and legal obligations arising therefrom.
6. Data retention period
Your personal data will be stored for the duration of the contractual relationship and thereafter:
- within the applicable limitation period. Should interruptive acts of limitation occur, the retention period will be extended accordingly;
- within the limits provided for by regulations on data retention (e.g. tax declarations), in order to properly fulfil any legal obligations;
- within the period necessary to protect the Controller's rights in the event of possible litigation.
Following the expiration of such periods, your data will be deleted or removed from the Controller's active systems.
Furthermore, your data will be deleted or removed from the Controller's active systems if you inform us that you are no longer a contact person for the customer company with which FMC has the contractual relationship.
7. Recipients of personal data
Within the scope of the purposes indicated in paragraph 3, your personal data may be communicated to the following categories of recipients. The full list of these subjects or categories of subjects is available at the Controller's office.
- data processors, pursuant to Article 28 of the GDPR, appointed from time to time;
- companies and professionals whose services are used by the Controller to fulfil obligations for the performance of the contract or the law or in order to protect its own rights (e.g. accountants, lawyers, tax consultants, auditors, consultants in auditing or due diligence operations, etc.);
- banks, insurance financial institutions;
- technical management companies for computer networks and systems;
- public bodies;
- judges and courts, by reason of any request or within the framework of a trial;
- public authorities authorised by law, in the event of audits, verifications and/or inspections.
Your personal data will not be disseminated.
8. Rights of the data subject
You have the right to exercise at any time the rights recognised in Articles 15-21 GDPR, as briefly summarised below:
- Right of access: you may request information about the processing we perform on your data or confirmation that the Controller is processing your personal data. In this case, you may ask us to provide you with a copy of your data and to check what data we hold on you.
- Right of rectification: you have the right to ask us to rectify your personal data if they are incorrect, including the right to request the integration of incomplete personal data.
- Right to erasure: you have the right to request us to erase the data (or part of the data) you have provided to us, including data whose retention is not necessary in relation to the purposes for which the data were collected or otherwise processed.
- Right of restriction of processing: you may request us to restrict the processing of your personal data in the event that the law requires it.
- Right of objection: you may object to the processing of your personal data, subject to the existence of an overriding legitimate reason to continue such processing.
- Right to portability: you may obtain from the Company, in a structured, commonly used and machine-readable format, the personal data that you have communicated to us, in order to transmit them to another party. This right is applicable in the event that the Company processes such data by automated means, on the basis of consent or for the purpose of providing services.
- Revocation of consent: if the processing is based on consent, you may revoke it at any time, without prejudice to the lawfulness of the processing carried out before such revocation.
- Right to lodge a complaint with the Supervisory Authority: without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent Supervisory Authority if you consider that the processing operations carried out violate current legislation on the protection of personal data.
Any requests made, for the exercise of your rights, may be forwarded to the Controller by writing to the e-mail address indicated in paragraph 1 of this Privacy Notice.