Pursuant to the articles 13 and 14 of the EU Privacy Regulation 679/2016 ("GDPR") we inform you that the personal data provided by the interested party ("you"), for yourself or for the organization to which you belong, to Italian Exhibition Group S.p.A. ("IEG") and ICE Agency for the promotion abroad and internationalisation of Italian companies (“ICE Agency”), hereinafter also the Joint Controllers (“We”), on the occasion of or in connection of the research activities of buyers/operators of product sectors for project of interest such as events, exhibitions, workshops, webinars and/or “virtual and/or face-to-face business meeting” (the "Events"), they are treated in compliance with the principles of lawfulness, fairness, correctness, proportionality, necessity, accuracy, completeness and security and other legal obligations in force. The "Events" can also be held on online platforms (eg SWAPCARD, My Agenda), both in virtual and on-site form or in full digital form; these platforms allow for online meetings between exhibitors and visitors / buyers, with the creation, among other opportunities, of an agenda of meetings that will put interested parties in direct contact. The aforementioned platforms can also be used by the visitor / buyer to request contacts with the exhibitors present on them, through the following actions: saving one or more exhibitors on the "favorites" list, chat, networking, specific appointment requests, etc.. For interested parties, on this link https://www.iegexpo.it/en/ice-agreement the essential content of the agreement pursuant to art. 26, paragraph 2, of the Privacy Regulation. Categories of interested parties. Processing operations and collection methods The data processed relate to customers (ie exhibitors, visitors, buyers, participants in workshops, webinars and / or "virtual and / or face-to-face business meetings" who have held their respective roles over the last 10 years) and prospect (subjects who have expressed interest in the Events, over the last 10 years - for example also through the delivery of their business card or request for information or quotes), understood as natural persons over the age of 14 acting on their own and / or as internal contacts of legal persons, entities or other organizations. The individual categories of data collected are indicated in our collection forms which supplement this information. The processing takes place with electronic and paper tools and with logic connected to the individual purposes stated below. We collect the data i) through online forms or paper forms or via pre-registration or participation app completed by you and / or acquired by third party operators authorized by us or ii) through mobile devices such as tablets, smartphones present in the place of the Events. The data collected may be processed by the personnel expressly authorized by us, within the limits strictly necessary for the performance of the respective activities assigned to it (for IEG, for example, legal, commercial, marketing, administrative, logistics, IT, management control, etc..., ICE Agency as a whole). Purpose of the processing The processing has the following purposes: 1. Fulfillment of contractual and legal obligations deriving from participation or connected to the already contractual or potential participation of the interested party in the Events. (such as the participation in virtual business meetings through videocalls on specific online links or dedicated platforms, signing up for a webinar). Exhibitors could present texts, videos, presentations, live sections; insights and paths on trends and innovation, guided tour itineraries, sharing and communicating important corporate events, as well as other optional services. Visitors / buyers will have a simplified profile and the ability to search for all the profiles of the exhibiting companies, as well as interact with their contents (with public comment on profile, public comment on content, event page, group, etc.). contact (to request more information or seek interaction with the organizers or exhibitors of the platform, participation in events, private messages, groups by invitation, etc.) IEG may also communicate, in fulfillment of the contractual relationship intended to facilitate relations between exhibitors and visitors / buyers, the contact details of visitors / buyers who have shown interest in requesting a meeting / appointment with the chosen exhibitor or who have expressed interest in one or more exhibitors through specific actions (e.g. chat, networking, saving the exhibitor in favorites, etc ...) on a specific digital platform (eg Swapcard, My Agenda), where available. In this case, the data will be processed by the exhibitor as an Autonomous Owner. (each exhibitor must therefore independently obtain a separate informed consent from the persons concerned for any further direct marketing purposes, since IEG shares personal data solely for the purposes of the aforementioned service and is extraneous to any further processing). 2. Planning and organisational management of the Events, e.g. issuing and payment of tickets, accreditation and entrance passes (including control of the successful completion of the payment through third party services), management of personal identification badges (with passport photo) for security purposes, planning and management of specific services requested by you (e.g. translation services, hostesses, catering, escorting), communication, upon your request, of pre-contractual information (e.g. programmes, proposals, etc.) related to the Events, drafting of invitation letters for consular visa applications, management of contracts we enter into with third party suppliers of goods and/or services used by you during or at the Events; publication of your name and surname or other details of the events. ) connected with the Events; drafting of invitation letters for consular visa applications; management of the contracts we enter into with third-party suppliers of goods and/or services used by you during or on the occasion of the Events; publication of your name and surname or name and company name, telephone number, email, in the public online and printed catalogue of the Event you are attending; communication by IEG of information (e.g. programmes, proposals, updates, notices, reminders, etc.) connected with the Events. For the best organisation and complete implementation of "virtual and/or on-site business meetings", IEG may provide for the buyer's e-mail address to be sent to the exhibitor and vice versa, if a virtual and/or in-person meeting had already been planned and the same was subsequently cancelled due to force majeure. Through the exchange of e-mail addresses the interested parties will be able to independently reschedule the meeting according to their own availability and in any case to send each other communications of their interest. Within the scope of the above-mentioned purpose, IEG may also offer the visitor/buyer the possibility of using QR code technology (the QR code is generated by the supplier - appointed as IEG's External Data Processor - Vivaticket), with which the visitor/buyer may transmit their data directly to the exhibitor of interest at its stand, or, for the same purpose, scan the QR code present at the stand of the chosen exhibitor. In both cases, the data will be processed by the exhibitor in its capacity as Autonomous Controller (each exhibitor must therefore independently obtain a separate informed consent from the interested parties for any further direct marketing purposes), since IEG shares the personal data solely for the purposes of the aforementioned service and is extraneous to any further processing). 3. Sending, exclusively by IEG, (via email, ordinary mail, sms, mms, push-up messages, instant messaging functions such as whatsapp, telefax, telephone calls with operator, social networks and other automated tools) of commercial communications, advertising and sales offers products / services related to those of your interest or relating to exhibition / congress and / or related products / services (eg sector publishing, webinar, “virtual or on-site business meeting” etc..) - overall activities defined as “soft spam”. 4. Exclusive purposes of ICE Agency Exclusively by ICE, personal data are collected, processed, used and disseminated solely for institutional purposes as required by art. 14 paragraph 20 D.L. 98/2011 converted into Law 111/2011, as replaced by art. 22 paragraph 6 D.L. 201/2011 converted into Law 214/2011 and amended by Article 2 of the Civil Code. 6 and 7 of the D.L. 104/2019 converted by Law 132/2019, and for this purpose they will be included in the ICE database. 5. Profiling (carried out exclusively by IEG). The profiling detects for privacy purposes only if it concerns natural persons, that is individual companies or partnerships and relative partners / directors, or internal referents of corporations, institutions or organizations. The profiling uses some data supplied by you and sometimes associates them with company data taken from public databases (eg the Business Register of the Chamber of Commerce). For example, we treat the following data, in the case of event / conference presenters / conference presenters / partecipants in webinar, partecipants in “business virtual meeting”: name and surname, contact details, country of origin, sector to which they belong, professionalism / topics covered. In some cases, if you are a customer or a prospect, we associate the data you provide to us with your personal data acquired during your browsing on our websites or during the use of the services provided by these sites (eg cookies relating to pages of our website that you have visited, to the country from which you connect) or through other communication channels (eg social media) or through mass mailing of commercial e-mail (eg which messages have arrived, such as e-mails you has opened, what proposals you have accepted through specific actions such as opening an attachment or adhering to our request to link to landing pages or attachments to the email message, etc.). In the case of buyers / visitors, the following data: name and surname, company name of the organization to which they belong, contact details, job position and level of responsibility of the contact person, residence or headquarters, country of origin, website, year of foundation of the company, turnover, no. employees, business sector, percentage of business connected to Italy and abroad, Italian and foreign regions of interest, main categories of products or services of interest to the buyer and / or marketed by the same (also in terms of percentage sales by area geographic), categories of customers of the company, purpose of the visit. The profiling allows us, in particular, to limit the sending to you of promotional communications not pertinent to your probable expectations and needs or through unwanted channels. The limited nature of profiling does not exclude you from specific advantages or from the possibility to freely exercise your privacy rights, nor has any particular legal effects; in particular it does not in any way prejudice your ability to participate in the Events and / or take advantage of our services (eg online pre-registration, purchase of services). 6. Only with your separate consent: communication of data to our third party partners (eg event organizers, exhibitors for which eg. the visitor / buyer has not expressed interest or other operators active in the Events), for autonomous direct marketing actions relating to goods / services relating to such third party partners. Legal basis of the processing. Mandatory or optional nature of providing data and consequences of failure to provide data The processing for the purposes of sub 1 has its legal basis in our need to fulfill the obligations assumed through the stipulated contract or to stipulate with you (and to carry out all the actions necessary for the correct and complete execution of the commitments therein) and/or to the legal obligations connected to it, including facilitating the management of relations between exhibitors and buyers. Therefore this treatment does not require your prior consent and you are also free not to give your data, however, in this case, we will not be able to stipulate the requested contract and / or regularly provide the service requested by you or by the organization to which you belong (eg make you participate in the Event of interest and provide you with related services for example for the webinar of interest and/or “business virtual meeting” of interest) and / or we will not be able to fulfill the legal obligations connected with the contract. The processing for the purposes of sub 2 has its legal basis in our legitimate interest to organize Events, plan and manage all organizational activities useful to allow you to participate efficiently and effectively in Events and to manage contacts with exhibitors of interest and relations with third party suppliers of functional and event-related goods and services. (In particular, for example, by joining and perfecting the request to participate in a webinar you can receive, via e-mail, updates / notices and / or reminders relating to webinars of interest or similar to those of your interest; while by joining the virtual or on-site business meeting you may receive the email address of the buyer and / or exhibitor of your interest to proceed independently, through the platform made available by IEG, to organize those meetings that have not taken place or have been canceled or postponed). Especially the request for data and personal documents, especially for foreign guests, make the correct understanding of the data more reliable, but above all the assurance of the reliability of the company that requires an entry visa. Therefore such treatment does not require your prior consent. You are free not to provide the data, but in this case you will not be able to participate in the Event. In case of an event such as the webinar and/or “business virtual meeting”, you may be asked to activate the pc cameras for a better and more profitable relationship and communication between the participants in the event and the speaker of the event. You will be free to decide not to activate the camera and even in this case you can participate in the webinar and/or “business virtual meeting”. The treatment for the purposes of sub 3 (soft spam) has its legal basis in legitimate interest of IEG in contacting our customers freely, as well as the prospects, in order to be able to offer them new opportunities relating to services through electronic / telephone / paper channels. products similar to those previously purchased / contracted (in the case of customers) or to those for which interest has been expressed (in the case of prospects), or relating to products / services for exhibitions / conferences and / or related to them (eg publishing of sector, championships / races, webinar, “virtual or on-site business meeting” etc.). Therefore the so-called soft spam, as described above, can lawfully take place even without your prior consent, which is therefore not necessary. The treatment for the purposes of sub 4 (activities carried out by ICE Agency) is based on the following legal bases: (i) the processing is necessary for the performance of activities in the public interest carried out by the data controller art. 6 co. 1 letter "e"; (ii) the processing is necessary to fulfil legal obligations to which the data controller is subject, e.g. legal obligations, regulations, execution of judicial or administrative authority orders (art. 6 co.1 letter "c") of the Regulation. The personal data provided to us will be used to organise events and incoming foreign buyers, and to manage any related organisational activities that may be necessary for the successful outcome of the Event in which you are participating. Your personal data will also be included in the Central Data Bank (BDC) of the ICE Agency and may also be used as part of its institutional activity and therefore to promote and develop trade in its product and/or service abroad, as provided for by art. 14, paragraph 20, Decree Law 98/11 converted into Law 111/11 as replaced by art. 22 c. 6 Decree Law 201/11 converted into Law 214/11 and amended by art.2 cc. 6 and 7 of Decree Law 104/2019 converted into Law 132/2019. Your data may, therefore, be used to send proposals for participation in other initiatives organised by the Data Controller such as trade fairs, workshops, seminars, training courses, etc. and used to propose customer satisfaction surveys and carry out other surveys pertaining to institutional activities and of public interest. The treatment for the purposes of sub 5 (profiling - activities carried out exclusively by IEG) has a legal basis in legitimate interest of IEG to maintain and analyze a limited set of information concerning you, in order to be able to more effectively recontact you if you are our client or prospect. Given the limited data perimeter used in profiling, it also occurs without his prior consent, which is therefore not necessary. The treatment for the purposes of sub 6 (transfer of data to third parties) takes place only with your specific express consent (constituting, therefore, the legal basis of lawfulness of the processing) The consent requested may be freely denied by you, without prejudice to your right to participate in the Events and / or to obtain the services you requested from us. Communication and dissemination of data For the purposes sub 1 and 2 the data are communicated by us to: suppliers of the management and maintenance service of our IT systems, websites and databases, photographers and / or videomakers who produce the video-audio materials or their post-production, journalists and newspapers, diplomatic representations, consultants, banks (for the execution or receipt of payments related to the Events), to companies entrusted with services necessary for the organization and management of events (eg installation of fittings and equipment, publishers of paper and online catalogs, logistics, security, private security, first aid, hostesses, etc.), consultants, banks (for the execution or receipt of payments connected to the Events), to personnel of the Joint Controllers authorized to process data (Communication, Travel, Sales, Marketing, etc). to any exhibitors of interest to the visitor / buyer in order to schedule virtual and / or on-site meetings in fulfillment of the contractual relationship and / or to interact with them. For the purposes sub 4 ICE Agency may communicate the data to subjects that carry out control activities, public bodies or administrations, including tax authorities, as well as subjects entitled by law to receive such information, Italian and foreign judicial authorities and other public authorities, for the purposes related to compliance legal obligations, or for the fulfillment of obligations arising from the contractual relationship, including the need for defense in court. For the purposes sub 3 e 5 the data are communicated to: companies charged with marketing analysis, advertising, communication and / or public relations agencies, digital and paper publishing companies that produce our advertising or promotional materials, production companies of websites or blogs, web marketing companies, subjects in charge of the design and / or maintenance of promotional materials, IT management and maintenance companies, websites and databases used to organize and manage events. These third parties will process the data in the capacity of External Managers in accordance with our written guidelines and under our supervision. For all the aforementioned purposes, we also communicate the data to third-party commercial partners who participate in the creation and / or promotion of the Events, which will treat the data as autonomous (e.g. exhibitors in which interest has been expressed through specific actions on the digital platform) or joint controllers or external managers, including in particular, Swapcard Corporation with registered office at 6 rue de Paradis – Paris - https://www.swapcard.com/privacy-policy/, which provides the digital platform of the Event). You can ask us for a list of Joint Controllers, autonomous and responsible owners (see the "rights of the interested party" section of this information). Transfer of data abroad by IEG IEG communicates the data to third party recipients based outside the EU (companies controlled by the Data Controller, partners - eg. People's Republic of China, United Arab Emirates, Colombia, Hong-Kong - cloud service providers, or suppliers and customers (hereinafter the "importers "). The list of third parties recipients of the data is available on the website section – https://www.iegexpo.it/images/TAB.IMPORTATORI_DI_DATI_30.07.2019.pdf This data transfer takes place in the face of adequate guarantees, consisting of the prior stipulation by the third importer of a contractual agreement with us through which he, for the treatments within his competence, undertakes to comply with privacy obligations substantially equivalent to those provided. from EU legislation to ns. load (through the use of standard contractual clauses - or "CCS" - compliant at least with the text adopted by the EU Commission, except for any additions and / or changes more favorable to the interested party). In some cases of data transfer to cloud suppliers based outside the EU, these suppliers are subject to the regulatory powers of local public authorities and in some situations, based on foreign legislation, (in the USA: the Federal Trade Commission, 'Article 702 of the FISA and the Executive Order EO 12333) the importer may be obliged to communicate the personal data transferred, in response to requests received from public authorities, to meet national security requirements (e.g. anti-terrorism) or application of local law (with consequent possible access to data, of which the importer, based on local legislation, may not have to give notice to the exporter and the interested party, who will therefore not be able to exercise the relative rights normally recognized by the GDPR). Therefore, in the abstract, the risk cannot be excluded that in certain and exceptional situations related to the aforementioned specific requirements, the foreign public authority may process such data without applying substantially equivalent safeguards to those provided for by the GDPR to the data subject. However, the risk that the American public authority actually has an interest in applying local legislation to the transferred data appears to be reasonably negligible based on the following circumstances: i) the performance of the exporter (IEG) in favor of the interested parties whose data the importer processes and the consequent data processing, have a limited object (the provision of exhibition services) and a limited purpose (the management of technical processes - organizational functional to the aforementioned services and the fulfillment of legal obligations); the performance does not involve the publication of personal opinions, comments or similar information, nor the making available of services or products that can be used in activities against national security; ii) the types of personal data transferred are limited (eg personal, contact, contractual, administrative data); no particular categories of data are transferred (e.g. on political and religious opinions, biometrics); the categories of interested parties to which the data refer are limited (exhibitors, visitors, participants in events, buyers, journalists, speakers) and they concern operators belonging to product or economic categories that are not reasonably relevant with regard to national security purposes ( eg tourism, wellness, machine handling, sports activities, and so on). Therefore, IEG believes that the CCS applied in the relationship with importers (in particular the USA) effectively guarantee protection of the rights of interested parties substantially similar to that provided for by the GDPR, regardless of the application of any additional measures to the processing in question. The adoption of additional contractual measures by IEG towards importers (e.g. obligations to communicate public access, the right to suspend or terminate the transfer and to terminate the contract with the importer, and the like), may be introduced in at any time by the exporter following any information provided to operators by the EDPB - European Data Protection Board following the judgment of the Court of Justice of the European Communities (ECJ of 17 July 2020 which declared the bilateral agreement called "Privacy Shield"). The transfer of data to the non-EU country takes place in any case also because it is necessary for the execution of i) a contract concluded between the interested party and IEG and / or pre-contractual measures adopted at the request of the interested party, or ii) of a contract stipulated between IEG and another natural or legal person (e.g. our subsidiary, supplier, with headquarters outside the EU, etc.) in favor of the interested party. ICE Agency does not proceed with the transfer of data abroad Duration of treatment In the case of the purposes sub 1 e/o 2 Joint Data Controllers treat the data for 10 years from date of the contract and/or registration for the webinar of interest and/or “business virtual meeting” (in the case of customers) or from the collection of the data of the interested party (in the case of prospects). In the case of the purposes sub 3 and 5 IEG processes data for 10 years from the collection of the data of the interested party (in the case of customers and prospects). In the case of the purpose sub 4 (exclusive of ICE Agency), personal data will be kept for a period of time not exceeding the achievement of the purposes or on the basis of the deadlines set by law. IEG processes the data for a period of 60 days, after the end of each Event, in the case of data made available at the collection points for assistance requests, communicated to us by visitors and exhibitors (including insurance desk, Info point and First Aid). IEG processes the certification data of the Shows / Events until the end of the certification and therefore until the certification is completed. IEG processes the data necessary for IT security purposes (e.g. log-in registrations, failed logs and log-outs, when accessing restricted areas on the IEG websites relating to Events) for 1 year from collection. The recordings of the logs relating to the reading of IEG's online privacy information and the online actions (e.g. clicks, flags and the like) through which the data subject's consent is communicated to IEG are kept for 10 years from collection. The data connected to the “Business Matching” service provided during the Events are processed by IEG for 3 months from the end of the single Event to which they refer. Data related to the drafting of invitation letters for the application of consular visas (e.g. copy of passport, etc.) are processed by IEG for 3 months from the end of the individual event of reference. Once the aforementioned respective maximum duration has ceased (for the treatments sub 1, 2, 3 and 5 carried out by IEG) the personal data are definitively destroyed or made totally anonymous. For processing sub 4, (exclusive of ICE Agency), personal data may be stored for longer periods provided that they are processed exclusively for archiving purposes in the public interest, for scientific and historical research or for statistical purposes, without prejudice to the implementation of adequate technical and organizational measures required by the Regulations to protect the rights and freedoms of the data subject. In the event of a dispute between you and the Joint Controllers or third party suppliers of the Joint Controllers, the Joint Controllers process the data for the time necessary to exercise the protection of the rights of the Joint Controllers or their suppliers, i.e. until the issue and full execution of a provision having the value of res judicata between the parties or of a transaction. Rights of Data Subject The GDPR confers to you specific rights in relation to your personal data: - ask us to confirm whether or not a processing of personal data concerning you is in progress and, in this case, to obtain access to personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations; d) when possible, the period of storage of personal data provided or, if this is not possible, the criteria used to determine this period; e) the existence of the data subject's right to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their processing; f) the right to lodge a complaint with a supervisory authority; g) if the data is not collected from the interested party, all available information on their origin; h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the expected importance and consequences of such treatment for the data subject. - if personal data is transferred to a third country or an international organization, the data subject has the right to be informed of the existence of adequate guarantees relating to the transfer; - request, and obtain without undue delay, the correction of inaccurate data; taking into account the purposes of the processing, the integration of incomplete personal data, also providing a supplementary declaration; - request deletion of data if: a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the data subject revokes the consent on which the processing is based and there is no other legal basis for the processing; c) the data subject opposes the processing, and there is no prevailing legitimate reason to proceed with the processing, or he opposes the processing carried out for direct marketing purposes (including the functional profiling of such direct marketing); d) personal data have been unlawfully processed; e) personal data must be deleted in order to fulfill a legal obligation established by Union law or the Member State to which the data controller is subject; f) personal data has been collected regarding the offer of information society services. - request the limitation of the processing that concerns you, when one of the following hypotheses occurs: a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful and the data subject opposes the deletion of personal data and requests instead that its use be limited; c) although the data controller no longer needs it for the purposes of processing, personal data is necessary for the data subject to ascertain, exercise or defend a right in court; d) the person concerned has opposed the processing carried out for direct marketing purposes, pending verification regarding the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party; - to obtain from the data controller, upon request, the communication of the third-party recipients to whom the personal data have been transmitted; - revoke at any time the consent to the processing where previously communicated for one or more specific purposes of one's personal data, it being understood that this will not prejudice the lawfulness of the processing based on the consent given before the revocation. - receive in a structured format, commonly used and readable by automatic device, the personal data concerning you provided by you and, if technically feasible, to have these data transmitted directly to another data controller without hindrance on our part, if necessary the following (cumulative) condition: a) the processing is based on the consent of the interested party for one or more specific purposes, or on a contract to which the interested party is a party and to whose execution the treatment is necessary; and b) the processing is carried out by automated means (software) - overall right to the c.d. "Portability." The exercise of the right c.d. portability is without prejudice to the right to cancellation provided above; - not be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or that significantly affects his person. - lodge a complaint with the competent control authority based on the GDPR (that of its place of residence or domicile); in Italy it is the Data Protection Authority. You can exercise your rights by writing to: Joint Controller Italian Exhibition Group S.p.A., with registered office in Via Emilia, 155 - 47921 Rimini (Italy), e-mail address: privacy@iegexpo.it In order to ensure compliance with the GDPR and the laws applicable to the processing of personal data, IEG has appointed - as Data Protection Officer - Avv. Luca De Muri, domiciled for the position at Italian Exhibition Group S.p.A. Joint Controller ICE Agency, with registered office in Via Liszt, 21 – 00144 Roma (Italy), e-mail address: privacy@ice.it In order to ensure compliance with the GDPR and laws applicable to the processing of personal data, ICE has appointed Dr. Simonluca Dettori, an internal employee, as Data Protection Officer. The Legal Representative of the company or the Representative of the organization undertakes to communicate this information also to other persons belonging to the company or to the organization itself and of which he declares to legitimately provide the related data. Likewise, the consent given for the purposes sub 6 by the Legal Representative of the company or by the Representative of the Organization, is also understood to be extended to other subjects belonging to the company or organization itself and of which the same declares to legitimately provide the related data. Privacy notice - joint controllers ICE – IEG rev.15.11.2022
Having read the information communicated to me, I declare the following intention regarding the processing of data for independent direct marketing purposes by third party partners of the Joint Controllers. (purpose 6 of the information)
