New visitor? Register now
Attention! The fields marked with an asterisk (*) are compulsory.
Pursuant to art. 13 and 14 of the EU Privacy Regulation 679/2016 ("GDPR") we inform you that the personal data provided by the interested party ("You"), for himself or for the organization to which you belong, to the company Italian Exhibition Group S.p.A. ("IEG"), on the occasion or in function of the events, exhibitions, events, conferences / congresses, workshops, webinars and / or "business meetings with personal and / or virtual meetings" (the "Events") organized by us, hosted or participated also in collaboration with third party partners are treated in compliance with the principles of lawfulness, fairness, correctness, proportionality, necessity, accuracy, completeness and safety and other legal obligations in force.
The "Events" can also be held on an online platform (eg SWAPCARD), both in virtual and on-site form, or in full digital form, which allows for online meetings between exhibitors and visitors / buyers, with the creation of an agenda of meetings that will put interested parties in direct contact.
Categories of interested parties. Processing operations and collection methods
The data processed relate to customers (i.e. exhibitors, visitors, buyers, congressmen, participants in workshops, webinars and / or business meetings with virtual and on-site or full digital meetings, who have covered the respective role over the last 10 years) and prospects (subjects who have expressed interest in the "Events" over the last 10 years - for example also by completing this form - journalists), intended as individuals over the age of 14 acting on their own and / or as internal referents of legal persons, entities or other organizations. The individual categories of data collected are indicated in our collection forms that supplement this information.
The processing takes place with electronic and paper tools and with logics connected to the individual purposes stated below.
IEG collects data i) through online forms or paper forms or via pre-registration or participation app completed by you and / or acquired by third party operators authorized by us or ii) through mobile devices such as tablets, smartphones present in the place of the "Events".
The data collected may be processed by personnel expressly authorized by IEG, within the limits strictly necessary for the performance of the respective activities assigned to them (e.g. legal, commercial, marketing, administrative, logistic, IT, management control, etc.).
Purpose of the processing
The treatment has the following purposes:
1. Fulfillment of contractual and legal obligations arising from participation in the Event, contracted with the interested party, both in virtual and onsite form, or full digital; this will allow, for example, the participation, through a specific platform, in virtual business meetings also through the presentation by exhibitors of texts, videos, presentations, live sections; insights and paths on trends and innovation, guided tours, sharing and communication of important corporate events, as well as other optional services.
Exhibitors who request the publication of data in the Event catalog will automatically have the data transferred to the platform (eg Swapcard).
Visitors / buyers will have at their disposal a form and the possibility to search all the profiles of the exhibiting companies, as well as to interact with their contents (public comment on event page content, group, etc.) contact form (participation in events, private messages , groups by invitation, etc.).
In this regard, IEG may communicate to the exhibitor, in fulfillment of the contractual relationship, the contact details of visitors who have shown themselves interested in requesting a meeting / appointment with the chosen exhibitor and of interest through specific actions on the platform (eg Swapcard).
2. Planning and organizational management of "Events", eg. issuance and payment of securities, credits and participation / entry passes (including checking the successful completion of payment made through third party services), management of contracts entered into by us with third party suppliers of goods and / or services used by you during or on occasion of "Events", publication of name and surname or name and company name, telephone number, email, in the public online and printed catalog of the "Events" in which you participate; communication, upon your request for pre-contractual information (eg programs, proposals, etc.) connected to the "Events", drafting of invitation letters for the request for consular visas.
3. Sending by IEG (via email, ordinary mail, sms, mms, push-up messages, instant messaging functions such as whatsapp, fax, telephone calls with operator, social networks and other automated tools) of commercial communications, advertising and offers for the sale of products / services similar to those of your interest or relating to exhibition / congress products / services and / or related to them (eg sector publishing, championships / competitions, etc.) - overall activities defined as "soft spam ".
4. Profiling carried out by IEG. Profiling is relevant for privacy purposes only if it concerns natural persons, i.e. sole proprietorships or partnerships and their partners / administrators, or internal contact persons of corporations, entities or organizations.
Profiling uses some data you have provided to us and sometimes associates them with company data taken from public databases (eg Chamber of Commerce Register of Companies). For example, we process the following data:
i) in the case of exhibitors: name and surname, company name of the organization to which they belong, contact details, residence or headquarters, country of origin, website, sector of activity, types of product or service offered, annual promotional / advertising budget , type of distribution - shop, department store, concept store, markets of interest, brand;
ii) in the case of buyers / visitors: name and surname, company name of the organization they belong to, contact details, job position and level of responsibility of the contact person, residence or headquarters, country of origin, website, year of foundation of the company, turnover, no. employees, sector of activity, percentage of business connected to Italy and abroad, Italian and foreign regions of interest, main categories of products or services of interest to the buyer and / or marketed by the same (also in terms of percentage sales by area geographic), categories of customers of the company, purpose of the visit;
iii) in the case of journalists: name and surname, contact details, sector and newspaper, country of origin, language,
iv) in the case of speakers of "Events", congressmen / conference attendees: name and surname, contact details, sector to which they belong, professionalism / topics covered.
In some cases, if you are a customer or a prospect, we associate the data you provide us with additional personal data acquired during your navigation on our websites or during the use of the services provided by these sites (eg cookies relating to pages of our website that you have visited, to the country from which you connect) or through other communication channels (e.g. social media) or through services for the mass sending of commercial emails (e.g. which messages you received, which emails you opened, which proposals you accepted through specific actions such as opening an attachment or adhering to our request to link to landing pages or attachments to the email message, etc.).
Profiling allows us, in particular, to limit the sending to you of promotional communications that are not relevant to your likely expectations and needs or through unwanted channels.
The limited nature of profiling does not exclude you from specific advantages or from the possibility of freely exercising your privacy rights, nor does it have particular legal effects; in particular, it does not in any way affect your ability to participate in the "Events" and / or to use our services (eg online pre-registration, purchase of services).
5. Only with your separate consent: communication of data to our third party partners (eg event organizers, exhibitors, or other operators active in Events), for independent direct marketing actions relating to goods or services relating to such third party partners.
Legal basis of the processing. Obligation or optional nature of providing data and consequences of failure to provide it
The processing for the purposes sub 1 has its legal basis in our need to fulfill the obligations assumed through the contract stipulated or to be stipulated with you (and to carry out all the actions functional to the correct and complete execution of the commitments undertaken therein) and / or to the legal obligations connected to it. Therefore, this treatment does not require your prior consent and you are also free not to provide your data, however, in this case, we will not be able to stipulate the requested contract and / or regularly provide the service requested by you or by the organization to which you belong. following the completion of the online form (e.g. have you subscribe to the platform, let you participate in initiatives of interest (e.g. virtual business meetings and / or provide you with related services) and / or we will not be able to fulfill legal obligations connected to the contract.
The processing for the purposes under 2 has its legal basis in our legitimate interest to organize the "Events", plan and manage all the organizational activities useful to allow you to participate efficiently and effectively in the "Events" and to manage relations with third party suppliers of functional goods and services and / or connected to the aforementioned event.
In particular, the request for personal data and documents, especially for foreign guests, will make the correct understanding of the data more reliable, but above all the verification of the reliability of the company that requires an entry visa safer.
Therefore this treatment does not require your prior consent. You are free not to provide the data, but in such
case will not be able to participate in the initiative.
In the case of an event such as a virtual business meeting, you may be asked to activate the cameras and / or the microphone of the PC for a better and fruitful collaboration and participation among the participants in the event. You will be free to decide not to activate the camera and / or microphone, without prejudice to participation in the virtual business meeting.
The processing for the purposes of sub 3 (soft spam) has its legal basis in our legitimate interest in freely recontacting our customers, as well as prospects, in order to be able to propose to them through electronic / telephone / paper channels new opportunities relating to services or products similar to those previously purchased / contracted (in the case of customers) or to those for which interest has been expressed (in the case of prospects), or only in the case of IEG, relating to exhibition / congress products / services and / or they are related (eg sector publishing, championships / competitions, etc.). Therefore the cd. soft spam, just described, can lawfully occur even without your prior consent, which is therefore not necessary.
The processing for the purposes of sub 4 (profiling) has a legal basis in the legitimate interest of IEG to maintain and analyze a limited set of information concerning you, in order to be able to contact you more effectively if you are one of our customers or prospects. Given the limited perimeter of data used in profiling, it also takes place without your prior consent, which is therefore not necessary.
The processing for the purposes sub. 5 (transfer of data to third parties), takes place only with your specific express consent (thus constituting the legal basis of the lawfulness of the processing) .The consent requested can be freely denied by you, without prejudice to your right to participate in the Events and / or to obtain the services requested by you.
Communication and dissemination of data
For the purposes of sub 1 and 2, the data are communicated by IEG to: suppliers of the management and maintenance service of its IT systems, websites and databases, journalists and newspapers, companies entrusted with the services necessary for the organization and management of Events (e.g. installation of fittings and equipment, publishers of paper and online catalogs, logistics, security, private security, first aid, hostesses, etc.), diplomatic representations, consultants, banks (for the execution or reception of payments connected to the Events), to IEG personnel authorized to process the data (Communication, Travel, Sales, Marketing, etc ...), to any exhibitors of interest to the visitor in order to be able to schedule virtual meetings in fulfillment of the contractual relationship
For the purposes under 3 and 4, the data are communicated to: companies in charge of marketing analysis, advertising, communication and / or public relations agencies, digital and paper publishing companies that produce our advertising or promotional materials, production companies of websites or blogs, web marketing companies, subjects in charge of the design and / or maintenance of promotional materials, IT systems management and maintenance companies, websites and databases used to organize and manage Events, image agencies.
These third parties will process the data as External Managers in accordance with our written directives and under our supervision.
For all the aforementioned purposes, we also communicate the data to third-party business partners who participate in the creation and / or promotion of the Events, who will process the data as independent owners or co-owners or external managers, including in particular, Swapcard Corporation with registered office in 6 rue de Paradis - Paris, which provides the digital platform for the event. You can ask us for a list of co-owners, independent and responsible owners (see the "rights of the interested party" section of this information).
Transfer of data abroad by IEG
We communicate the data to third party recipients based outside the EU (companies controlled by the Data Controller, partners - eg. People's Republic of China, United Arab Emirates, Colombia, Hong-Kong - cloud service providers, or suppliers and customers (hereinafter the "importers ").
The list of third-party recipients of the data is available on the website www.iegexpo.it/informativa ("data importers" section).
This data transfer takes place against adequate guarantees, consisting of the prior stipulation by the third-party importer of a contractual agreement with us through which he, for the treatments under his responsibility, undertakes to comply with privacy obligations substantially equivalent to those provided from EU legislation to ns. load (through the use of standard contractual clauses - or "CCS" - compliant at least with the text adopted by the EU Commission, except for any additions and / or changes more favorable to the interested party).
In some cases of data transfer to cloud suppliers based outside the EU, these suppliers are subject to the regulatory powers of local public authorities and in some situations, according to foreign legislation, (in particular in the USA: the Federal Trade Commission , Art. 702 of FISA and Executive Order EO 12333) the importer may be obliged to communicate the personal data transferred, in response to requests received from public authorities, to meet national security requirements (eg anti-terrorism) o of application of local law (with consequent possible access to data, of which the importer, based on local legislation, may not have to give notice to the exporter and the interested party, who will therefore not be able to exercise the relative rights normally recognized by the GDPR ).
Therefore, in the abstract, the risk cannot be excluded that in certain and exceptional situations linked to the aforementioned specific requirements, the foreign public authority may process such data without applying substantially equivalent safeguards to those provided for by the GDPR to the data subject. However, the risk that in practice there is actually an interest of the public authority (see the American one) in applying local legislation to the data transferred appears to be reasonably negligible on the basis of the following circumstances:
i) the performance of the exporter (IEG) in favor of the interested parties whose data the importer processes and the consequent data processing, have a limited object (the provision of exhibition services) and a limited purpose (the management of technical processes - organizational functional to the aforementioned services and the fulfillment of legal obligations); the performance does not involve the publication of personal opinions, comments or similar information, nor the making available of services or products that can be used in activities against national security;
ii) the types of personal data transferred are limited (eg personal, contact, contractual, administrative data); no particular categories of data are transferred (e.g. on political and religious opinions, biometrics); the categories of interested parties to which the data refer are limited (exhibitors, visitors, participants in events, buyers, journalists, speakers) and they concern operators belonging to product or economic categories that are not reasonably relevant with regard to national security purposes ( eg tourism, wellness, machine handling, sporting activities, and so on).
Therefore, IEG believes that the CCS applied in the relationship with importers (in particular the USA) effectively guarantee protection of the rights of interested parties substantially similar to that provided for by the GDPR, regardless of the application of any additional measures to the processing in question.
The adoption of additional contractual measures by IEG towards importers (e.g. obligations to communicate public access, the right to suspend or terminate the transfer and to terminate the contract with the importer, and the like), may be introduced in at any time by the exporter as a result of any information provided to operators by the EDPB - European Data Protection Board following the judgment of the Court of Justice of the European Communities (ECJ of 17 July 2020 which declared the bilateral agreement called "Privacy Shield").
The transfer of data to the non-EU country takes place in any case also because it is necessary for the execution of i) a contract concluded between the interested party and IEG and / or pre-contractual measures adopted at the request of the interested party, or ii) of a contract stipulated between IEG and another natural or legal person (e.g. our subsidiary, supplier, with headquarters outside the EU, etc.) in favor of the interested party.
The list of third party recipients of the data is available on the website www.iegexpo.it/informativa ("data importers" section).
Duration of treatment by IEG
In the case of the purposes under 1 and / or 2, IEG processes the data for 10 years from the date of signing the contract / joining the Events (in the case of customers) or from the collection of the data of the interested party (in the case of prospects).
In the case of the purposes under 3 and 4, IEG processes the data for 10 years from the collection of the data of the interested party (in the case of customers and prospects).
IEG processes the data for a period of 5 years from the publication of the product in the case of the promotion of editorial products.
IEG processes the data for a period of 60 days, after the end of each Event, in the case of data made available at the collection points for assistance requests, communicated to us by visitors and exhibitors (including insurance desk, Info point and First Aid) .
IEG processes the data contained in the promotional catalog (paper and / or digital) of the Events for a maximum of 2 editions of the catalog. IEG processes certification data of its Events up to the end of the certification and therefore up to the certification.
IEG processes the data necessary for IT security purposes (e.g. log-in registrations, failed logs and log-outs, when accessing restricted areas on the IEG websites relating to its Events) for 1 year from collection. The recordings of the logs relating to the reading of IEG's online privacy information and the online actions (e.g. clicks, flags and the like) through which the data subject's consent is communicated to IEG are kept for 10 years from collection. .
In the event of a dispute between you and IEG or its third-party suppliers, the data are processed for the time necessary to exercise the protection of our rights or those of third-party suppliers, i.e. until the issuance and full execution of a provision having res judicata value between the parties or a transaction.
The data connected to the “Business Matching” service provided during the Events are processed for 3 months from the end of the single Event to which they refer.
The data related to the drafting of letters of invitation for the request for consular visas (eg copy of passport, etc ...) are processed for 3 months from the end of each of our individual Events to which they refer.
Once the aforementioned maximum duration has ceased, personal data are definitively destroyed or made totally anonymous.
Rights of the interested party
You have the right to:
- ask us to confirm whether or not personal data concerning him is being processed and in this case, to obtain access to personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations; d) when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the data subject, all available information on their origin; h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
- if personal data are transferred to a third country or to an international organization, the interested party has the right to be informed of the existence of adequate guarantees relating to the transfer;
- request, and obtain without undue delay, the correction of inaccurate data; taking into account the purposes of the processing, the integration of incomplete personal data, also by providing an additional declaration; - request the deletion of data if a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the interested party revokes the consent on which the processing is based and there is no other legal basis for the processing; c) the interested party opposes the processing, and there is no legitimate overriding reason to proceed with the processing, or opposes the processing carried out for direct marketing purposes (including profiling functional to such direct marketing); d) the personal data have been unlawfully processed; e) personal data must be deleted to fulfill a legal obligation under Union law or the law of the Member State to which the data controller is subject; f) the personal data have been collected in relation to the offer of information society services.
- request the limitation of the processing that concerns you, when one of the following hypotheses occurs: a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful and the interested party opposes the cancellation of personal data and requests instead that its use be limited; c) although the data controller no longer needs them for processing purposes, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court; d) the interested party has opposed the processing carried out for direct marketing purposes, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party;
- obtain from the data controller, upon request, the communication of the third party recipients to whom the personal data have been transmitted;
- revoke the consent to the processing at any time if previously communicated for one or more specific purposes of their personal data, it being understood that this will not affect the lawfulness of the processing based on the consent given before the revocation.
- receive in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided by you and, if technically feasible, to have such data transmitted directly to another data controller without impediments on our part, if it occurs the following (cumulative) condition: a) the processing is based on the consent of the data subject for one or more specific purposes, or on a contract of which the data subject is a party and for whose execution the processing is necessary; and b) the processing is carried out by automated means (software) - overall right to the so-called "Portability". The exercise of the so-called right portability is subject to the right to cancellation provided above;
- not be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person in a similar way.
- propose a complaint to the competent supervisory authority based on the GDPR (that of your place of residence or domicile); in Italy it is the Guarantor for the protection of personal data.
You can exercise your rights by writing to:
Italian Exhibition Group S.p.A., with registered office in Via Emilia, 155 - 47921 Rimini (Italy), e-mail address: firstname.lastname@example.org.
In order to ensure compliance with the GDPR and the laws applicable to the processing of personal data, IEG has appointed the lawyer as Data Protection Officer Luca De Muri, domiciled for the position at Italian Exhibition Group S.p.A.
The Legal Representative of the company or the Representative of the organization undertakes to communicate this information also to other persons belonging to the company or to the organization itself and of which he declares to legitimately provide the related data.
Likewise, the consent given for the purposes under 5 by the Legal Representative of the company or the Representative of the Organization, is also intended to be extended to other subjects belonging to the company or the Organization itself and of which the same declares to provide the related data legitimately.