INFORMATION ON THE PROCESSING OF PERSONAL DATA
This information is provided pursuant to art. 13 of EURegulation 2016/679 of the European Parliament and of the Council of 27.04.2016concerning the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data (so-called “GeneralRegulations on the processing of personal data” or “GDPR”) and of the D. Lgs.30.06.2003, n. 196, as amended and supplemented by Legislative Decree10.08.2018, n. 101 (“Code regarding personal data” or “Privacy Code”) from:
BONAVERI Srl Unipersonale with registered office at 44042 Cento, Fraz. di Renazzo, via Salvi 3, C.F./P.I. 01802460384, in the capacity of Data Controller (hereinafter “Holder”).
The Owner, aware of the importance of ensuring the security of private information, in compliance with applicable European andItalian legislation, in compliance with the principle of transparency pursuant to art. 12, GDPR, below provides the following information in order to make the user aware of the characteristics and methods of processing personal data.
1. Object of the treatment
TheHolder processes the personal data of the user that are provided during registration on the website, on paper and / or telephone collection. In particular, the Holder deals with:
i. personal data identifying (by way of example, name, surname, tax code, VAT number, email address, telephone number –hereinafter, “personal data” or even “data”) provided by you directly with registration in the manner described above;
ii. data not directly supplied by you – and in any case acquired within the limits of the provisions of art. 14, paragraph 5, GDPR – whose transmission is connected to the use of Internet communication protocols (by way of example, access to the page, amount of data transferred, status message to accesses occurred, session ID numbers, IP addresses,URL addresses, etc.).
2. Legal basis and purpose of the processing
Your personal data are processed:
a. without your express consent (see Article 6, letter b,GDPR), for the following purposes:
i. make the website functionalities usable as a result of user access; perform customer relationship activities based on pre-contractual and / or contractual agreements. In such cases, in fact, the execution of a contract for the provision of services of which the user is a party, or the performance of pre-contractual activities upon the user’s request, constitute the legal basis of the processing.
Furthermore, we mean that your personal data may be processed without your express consent (see Article 6, letter b, c, d, e, f), in order to:
i.fulfil the administrative, accounting and tax obligations deriving from the existing contractual relationship;
ii. fulfil the obligations established bylaw, by a regulation, by community legislation or by an order of the Authority;
iii. safeguard the vital interests of the data subject or another physical person;
iv. carry out tasks of public interest or connected to the exercise of public authority vested in the Data Controller;
v. pursuing a legitimate interest of theData Controller or third parties, within the limits and under the conditions set forth in art. 6, letter f), GDPR;
vi. exercise the rights of the Owner (by way of example, the right to defence in court).
b. only subject to your specific and unequivocal consent(see articles 6, letter a, 7, GDPR), for the following purposes:
i.send newsletters, commercial communications and / or advertising material on products and / or services offered by the Data Controller (e.g. invitations to events) through any means of electronic communication (e.g. email, telephone calls with or without operator, text messages, social networks, etc.) and by traditional methods (e.g.mail).
ii.Profiling. This activity, which is relevant for privacy purposes if it concerns individuals, aims to better understand customers aiming to align Bonaveri services with current and potential demand, measure the results of specific promotions, limit the sending of promotional communications not relevant to the single probable expectations and needs.
In this case, in fact, consent constitutes the legal basis of the processing.
In any case, we point out that the Privacy code allows so-called “soft spam”. This means that without having to acquire the express consent, the Owner may use thee-mail address that was provided by the user in the context of a previous purchase, in order to proceed, by sending by e-mail, to commercial communications and sales offers, provided they are related to products and services similar to those already purchased by the user.
3. Nature of the provision of personal data
The provision of data for the purposes referred to in art. 2, letter a), is of a necessary nature, as your refusal to provide the requested personal data could make it impossible for the Owner to comply with the legal obligations and / or those deriving from the management of the contractual relationship, preventing consequently, its formalisation and / or execution, as well as compromising the usability and functionality of the website.
The provision of data for the purposes referred to in art. 2, letter b), is optional and failure to provide it may imply the impossibility to receive email newsletters, commercial communications and / or advertising material on products and / or services offered by the Owner.
4. Methods of processing
The processing of your personal data is carried out by means of the operations indicated in art. 4, paragraph 1, n. 2), GDPR, or any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organisation, structuring, preservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
The processing of your data will be based on the principles of correctness, lawfulness and transparency and can also be done through automated methods designed to store, manage and transmit them and will take place through appropriate tools, as far as reason and state. of the art, to ensure safety and confidentiality through the use of appropriate procedures that avoid the risk of loss, unauthorised access, illicit use and dissemination.
Personal data may be stored both on computer media and on paper, as well as on any other type of support deemed most suitable for processing.
5. Period of data retention
The Data Controller will process the data for the time necessary respectively to pursue the related purposes as stated above, in particular:
- 10 years from the date of data collection or acquisition of consent in the case of marketing purposes directed towards exhibitors and other third parties that organise events, as well as to visitors, buyers, conventions and journalists;
- The longest period between the term of 10 years and that of termination of office in relation to the purposes of direct marketing;
- 10 years from the date of collection of the data or acquisition of consent in the case of sale of exhibition spaces and complementary services, as well as sales of advertising space not connected to the Events:
- 12 months from the end of the Event in the case of pre-sale and sale of online and onsite tickets to visitors and free invitations, for the purpose of checking and registering visitors accesses as well as for registration purposes of security personnel ‘Event.
- 10 days from the registration date in case of management of the video surveillance system.
6. Access to data
The personal data processed by the Data Controller will not be disclosed, or will not be disclosed to indeterminate subjects, in any possible form, including that of their availability or simple consultation.Instead, they may be made accessible to workers and / or collaborators who work in dependencies and for the Data Controller and / or to some external subjects who have sufficient guarantees that they have adopted appropriate legal, organisational and technical measures in such a way that the treatment satisfies the requirements of the GDPR and guarantee the protection of the rights of the data subject.
In particular, your data may be made accessible to:
i. employees and collaborators of the Owner, in their capacity as internal managers, delegates, designated and / or authorised to process personal data and / orSystem Administrators;
ii. third-party companies or other subjects, (by way of example, credit institutions, professional firms, consultants, insurance companies, etc.) who carry out outsourcing activities on behalf of the Owner, in their capacity as external managers.
7. Communication of data
Your data may also be disclosed, to the extent strictly necessary, to parties who for purposes of processing orders or to process other requests relating to the contractual relationship with the Data Controller, must provide goods and / or perform services or services. The Data Controller may also communicate your data to authorised persons to access it under the provisions of the law, regulations, community regulations, the judicial authorities, as well as to all other subjects to whom the communication is mandatory by law.
8. Data transfer
The management and storage of personal data will be carried out on servers of the Owner and / or third-party companies appointed and duly appointed as data processors, located within the European Union, or in compliance with the provisions of Articles 45 et seq., GDPR.
Currently data is stored on servers located both within and outside of the EU. In any case, it is understood that, if it becomes necessary to transfer data to servers outside of the European Union, this movement will always take place in accordance with the Articles. 45 etseq., GDPR. In this case, however, the Joint Data Controllers ensure from now on that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements guaranteeing an adequate level of protection and / or adopting the standard contractual clauses. provided by the European Commission.
9. Browsing data
The computer systems and software procedures used to operate the site may acquire, during their normal activity, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, addresses in URI / URL notation (“Uniform Resource Identifier” and “UniformResource Locator”) of the requested resources, the timetable of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (by way of example, good order, error, etc.) and other parameters related to the system operating environment and the user’s computer environment.
These data, necessary for the use of web services, are also processed for the purpose of:
i. obtaining statistical information on the use of services (for example, most visited pages, number of visitors per hour or day, geographical areas of origin, etc.);
ii. check the correct operation of the services offered. This data is deleted immediately after processing (except for any need to ascertain criminal offences by the judicial authorities)
11. Rights of the interested party
Pursuant to articles from 15 to 21, GDPR, has the right to:
i. obtains confirmation of the existence or not of personal data concerning you, even if not yet registered and their communication in an intelligible form;
ii. obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of theData Controller and of those responsible; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware as representative appointed in the territory of the State, delegated, designated or authorised to process;
iii. obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where this fulfilment is finds it impossible or involves the use of means which are manifestly disproportionate to the protected right.
Always pursuant to the aforementioned articles from 15 to 21,GDPR, may exercise the following specific rights:
i. right of access;
ii. right of rectification;
iii. right to cancellation (right to be forgotten), except in the event that the processing is necessary for the Data Controller, for the exercise of the rights to freedom of expression and information, for the fulfilment of a legal obligation or for the execution of a task carried out in the public interest, for purposes of archiving in the public interest, scientific or historical research or for statistical purposes, for the assessment, exercise or defence of a right in court;
iv. right to limitation of treatment;
v. right of opposition; you. right of withdrawal of consent at any time, while the lawfulness of the treatment based on consent before the revocation remains firm;
vii. right to propose a complaint to the Guarantor for the protection of personal data.
12. How to exercise rights
You have the right to ask the Owner:
i. access to data concerning you, their correction or cancellation;
ii. the integration of incomplete data;
iii. the limitation of treatment; iv. to receive data in a structured format, commonly used and readable by automatic device; v. to revoke any consent given to the processing of your personal data at any time and to object, in whole or in part, to the use of data; you. to propose a complaint to the Authority, as well as to exercise the other rights recognised by the applicable European andItalian legislation. You can exercise your rights at any time by contacting theData Controller:
- by registered letter A / R: BONAVERI Srl with registered office at 44045 – Cento, Fraz. di Renazzo FE, via Salvi 3 to the attention of Lorenza Barbieri;
- by e-mail: [email protected]
Pursuant to art. 8, GDPR, as well as the art. 2 quinques, the Privacy Code, in cases where consent is required, where the subject that gives is less than 14(fourteen) years, the processing is lawful only if and to the extent that, the aforementioned consent is given or authorised by the owner of parental responsibility.
14. Owner, managers, delegates, designated and authorized
The data controller is: BONAVERI Srl with registered office at 44045 – Cento,Fraz. di Renazzo FE, via Salvi 3, C.F./P.I. 01802460384. More information about the managers, delegates, designated and authorised to process personal data can be requested by contacting the Owner at the addresses indicated in this statement.