Terms and Conditions
The company EMVISIA Srl, registered in Piove di Sacco (PD), Via Tolomeo n. 14-16, Tax Code and VAT No. 03743520284 in person of its legal representative Daniele Passini, e-mail address email@example.com (hereinafter, "Owner") as the Data Controller. The company informs you that the data you provide will be processed in compliance with current legislation.
1. Purpose of the Processing
The Controller only processes common data and in particular personal identification data (e.g. IP address, first name, surname, company name, tax code, VAT number, address, telephone, e-mail, bank and payment references - hereinafter, "Personal Data") provided by you through access to the site or by sending to the owner on the basis of your free and voluntary choice.
2. Objective for the processing
2.1 Your Personal Data will be processed by the Data Controller, for the following purposes:
- Browsing the site;
- fulfilling of pre-contractual (sending estimates) and contractual obligations deriving from the existing relationship with the undersigned (fulfilment of the contract, access to the fair, issuing and signing of the delivery report, issuing of the invoice);
- compliance with the provisions of law and regulations (for example, tax returns to judicial authorities if requested, notices to be provided to public bodies for any authorization requests, correspondence with the fair organisers);
- to exercise the rights of the Data Controller, for example the right to legal defence;
The provision of data for the aforementioned purposes is mandatory for the pursuit of the purposes described above. The lack of data and/or any express refusal to process data will make it impossible for the Data Controller to fulfil the contract, without prejudice to the provisions of article 8 below.
2.2. Upon express consent, your Personal Data will also be processed by the Data Controller for the following purposes:
- for the purposes of carrying out by the Holder of promotional and marketing activities through automated and non-automatic systems (sent directly by the Company or through the platforms and information tools "Mailchimps" and "Magnews") with regard to sending newsletters, market research and statistics, customer satisfaction, advertising material, commercial communications and invitations to participation and events organized by the Owner;
- automated processing, including profiling ("all data collection and processing activities relating to the users of a service, in order to divide them into groups according to their behaviour"), for promotional and marketing purposes, with the express exclusion of taking decisions, from which legal effects may derive for the data subject, exclusively based on automated processing only;
- for the purpose of the transfer of your Personal Data by the Data Controller to the companies of the Henoto s.p.a., Bologna Fiere and Wydex group (meaning all subsidiaries or affiliates of Wydex S.r.l., bolognafiere S.p.A. and Henoto S.p.A.) so that they can also interact with social networks by displaying sponsored pages, provided that the interactions and information acquired will be subject, in any case, to the User’s privacy settings and cookies related to each social network;
- for the purpose of the interaction of the Data Controller with social networks by displaying sponsored pages; the interactions and information acquired will be subject, in any case, to the User’s privacy settings and cookies related to each social network.
The expression of consent in the cases determined above will not be a condition for the provision of features and services of the Data Controller.
3. Types of personal data processing
Your personal data is processed using the methods indicated in Article 4 of the Privacy Code and Article 4, No. 2) of the GDPR, and more precisely: collection, recording, storage, consultation, processing, extraction, use, blocking, communication, erasure and destruction of data.
The personal data is processed both on paper and electronically. In any case, the logical and physical security of the data and, in general, the confidentiality of the Personal Data processed will be guaranteed, by implementing all the necessary technical and organizational measures adequate to guarantee their security.
4. Access and data processing
4a) For the purposes referred to in Article 2.1) above, your data will be processed or simply made accessible for the purposes referred to above: by the personnel (employees and collaborators) of Emvisia, who will act by virtue of a deed of appointment as appointees and under the liability of the Controller, by companies of the Henoto S.p.A. Group and/or consultants and/or subcontractors, as well as external companies that provide services, including IT services, to which Emvisia and Henoto entrusts the performance of certain services for the pursuit of the purposes set out in Article 2 above, who will act, where appropriate, as external data processors.
4b) For the purposes referred to in Article 2.2 above, your data may be accessed or processed not only by the parties referred to in Article 4a) above but also by third party companies based on service contracts and, where applicable, by virtue of their appointment as external data processors.
5. Retention of Personal Data
Personal Data are stored on servers located at the Data Controller's premises and in the cloud and and will not be transferred, above and subject to the provisions of Article 7 below.
6. Personal Data retention period
The Data Controller will process the Personal Data for the purposes referred to in Article 2.1. (except for the purpose of browsing the site), for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the purposes of protection under the statute of limitation.
For processing subject to consent pursuant to art.2.2. above and for the purpose of browsing the site, taking into account the type of activity of the Data Controller and third parties recipients of data, as indicated in art.2.2. above, as well as the potential recurrent interest times to repeat the purchase by the data subject, Personal Data will be processed for a maximum period of three years, unless the consent is revoked, to be specified in writing by e-mail to: firstname.lastname@example.org.
7. Recipients and recipients categories
In addition to the recipients referred to in Article 4 and to the subcontracting service providers and suppliers of goods, in the event that data transfer is necessary and essential for fulfilment of the contract. The Data Controller may communicate some of your personal data to companies of Henoto Spa group and/or consultants to whom Henoto requests the execution of certain services for the pursuit of the purposes referred to in art.2.1.
In the event of appointment concerning the supply of exhibition stands in territories other than Italian ones, the Data Controller may communicate some of your data to subjects residing abroad, exclusively for the purposes and if essential to the fulfilment of contractual obligations.
The transfer of data is regulated, as required by law, by appointment of the third parties as Data Processor.
The list of Data Processors is updated by the Data Controller and is available for consultation at the Data Controller's registered office.
8. Rights of the data subject
In your capacity as a data subject you have the rights referred to in Article 7 of the Privacy Code and Articles from 15 to 21 GDPR including:
- Right of access - To obtain confirmation of whether or not your personal data is being processed and, if so, to receive information regarding, among others: the purpose of the processing, the categories of personal data processed and the retention period, recipients to whom it may be communicated (Article 15 of the GDPR);
- Right of rectification - To obtain, without undue delay, the correction of inaccurate personal data concerning you, as well as the integration of incomplete personal data (Article 16 of the GDPR);
- Right to erasure - To obtain, without undue delay, the erasure of personal data concerning you, in the cases provided for by the GDPR (Article 17 of the GDPR);
- Right to the restriction of processing - To obtain the restriction of processing, in the cases provided for by the GDPR (Article 18 of the GDPR);
- Right to data portability - To receive the personal data concerning you in a structured format, in common use and readable by an automatic device, and to have the data transferred to another Data Controller without hindrance, in the cases provided for by the GDPR (Article 20 of the GDPR);
- Right to object - To object to the processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue processing (Article 21 of the GDPR);
- Right to withdraw consent - To revoke, at any time, one or more consents expressed for the processing of data, subject to the expression of consent (Article 7 of the GDPR);
- Right to file a complaint to the competent supervisory authority To file a complaint to the Data Protection Authority Piazza di Montecitorio, 121, 00186, Rome (RM).
9. How to exercise your rights
The Rights of Article 8) may be exercised at any time by sending a written communication to: email@example.com.
It should be noted that, the data controller will respond to the request within 30 days and, in the event of acceptance of the request, the Data Controller ensure that third parties responsible for processing employee data are duly notified.
If the request is accepted, the Data Controller undertakes to delete it also from any archives, allowing remote verification by the user.
If you intend to lodge a complaint regarding the methods of processing your data or regarding the response to your requests, you have the right to submit a request directly to the Supervisory Authority. Please note that the Emvisia Data Protection Officer can be contacted at: firstname.lastname@example.org