Privacy policy on the processing of personal data in accordance with the terms of Article 13 of Regulation EU 679/2016
INTRODUCTION
Pursuant to Art. 13 of the GDPR, concerning the protection of natural persons in regards to the processing of personal data, we provide the requested information on the processing of personal data concerning you ("Data") by Fiere di Parma S.p.A. and PR ITALIA S.r.l.s. (hereinafter referred to also as "Data Joint Controllers” or “Joint Controllers”).
JOINT CONTROLLERS’ DATA
- Fiere di Parma S.p.A., with registered offices in Parma, Viale delle Esposizioni 393/a, TAX ID and VAT No. 00162790349, mail info@fiereparma.it (hereinafter “FDP”).
- PR ITALIA S.r.l.s. with registered offices in Reggio Emilia, Via Guasco, 17, VAT No. and TAX ID 02717350355, mail pritaliasrls@legalmail.it, (hereinafter referred to as “PRI” and also GDO News).
DATA PROTECTION OFFICER
FDP has appointed a Data Protection Officer (DPO) who can be contacted for any information and request via the email address privacy@fiereparma.it
PERSONAL DATA PROCESSED
"Data" is intended as data necessary for users (natural persons hereinafter referred to also as “Data Subjects”) for the creation of the account and registration with the Workshop of the Data Joint Controllers.
PURPOSE OF PROCESSING AND LEGAL BASIS
The Data supplied by the Data Subjects, including through the completion of special forms, are used for the fulfillment of the following purposes:
- Purposes connected to the correct subscription of the participants to the platform to follow the Workshops made available by the Joint Controllers and to receive all the necessary information to use the service property. Legal basis for data processing: Execution of the contract. Data retention period: Contract duration and, after termination, for a period of 10 years.
- Purposes connected to the download of the E-books/any contents related to the Workshop. Legal basis for data processing: Execution of the contract. Data retention period: Until the end of the event and, after such end, for 5 years.
- Customer satisfaction regarding the services and/or online workshop events provided by the Data Joint Controllers. Legal basis for data processing: Execution of the contract. Data retention period: Until the end of the event and, after such end, for 5 years.
- Sending general communications concerning the same type of services/ online events, workshops via email to the address provided by you. Legal basis for data processing: The procedures to provide the service follow the rules of soft spam pursuant to art. 130 of Legislative Decree 196/2003. Data retention period: Until request of erasure by the Data Subject.
- Purposes of marketing by the partners of the Joint Controllers and Third Parties, but also by FDP and PR Italia in their capacity as Independent Data Controllers. Legal basis for data processing: Consent of the data subject. Data retention period: Until withdrawal of consent by the Data Subject.
- Defensive purposes. Legal basis for data processing: Legitimate interest. Data retention period: For the entire duration of the dispute and for the 2 years following the settlement of the dispute.
Once the aforementioned retention period has elapsed, the Data will be destroyed or made anonymous, in compliance with the technical erasure and backup procedures.
Should Data be used by the Data Joint Controllers for purposes other than the ones specified above, the Data Joint Controllers shall be considered, with respect to these additional purposes, Independent Data Controllers.
PROCESSING PROCEDURES
Joint data processing is based on principles of correctness, lawfulness, transparency, and data minimization (privacy by design); it may be carried out either manually or through automated procedures designed to store, process and transmit them and will take place through appropriate technical and organizational measures, taking into account the current technological level and implementation costs, in order to guarantee, among other things, the security, confidentiality, integrity, availability, and resilience of systems and services, avoiding the risk of loss, destruction, unauthorized access or disclosure or, in any case, illicit use, as well as through reasonable steps for ensuring that inaccurate data is erased or rectified in accordance with the purpose for which they are processed.
RIGHTS OF THE DATA SUBJECT (ART. 15-22 of the GDPR)
Data subjects have the rights established by articles 15 to 22 of the GDPR, where applicable. The data subjects have the right to request from the Data Controllers access to data, rectification or erasure of such data as well as restriction of or objection to processing. The data subjects are entitled to revoke consent at any time regarding the purposes of points 4 and chapter “5. PURPOSE OF PROCESSING AND LEGAL BASIS”. For more information on your specific rights as a Data Subject, and on how to exercise them, please send an email or write to the Data Controller's address, given in art. 2, specifying your request and indicating the address where you would like to receive the reply.
Data subjects are entitled to file a complaint with the Data Protection Authority through the contact details available on the website https://www.garanteprivacy.it/
CATEGORIES OF DATA RECIPIENTS TO WHOM THE DATA MAY BE PROVIDED AS DATA CONTROLLERS OR WHO MAY HANDLE IT AS DATA PROCESSORS
The Data may be processed by third parties operating as Data Controllers such as, for example, authorities and supervisory and control bodies and in general public or private subjects entitled to request the Data.
The Data may be processed, on behalf of their respective Joint Controllers, by third parties designated as data processors who perform specific activities on behalf of the Joint Controllers, for example, accounting, tax, insurance companies, correspondence, management of receipts and payments, services necessary for the exhibition event, etc.
Limited to Workshops attendance, the Data will be handled by the conference manager remotely to respond to your request for access and to enable connection via streaming.
Data shall be processed by persons in charge and duly trained, and shall not be disclosed and disseminated.
DATA TRANSFER OUTSIDE THE EU
Structured transfers of Personal Data of the Data subjects to non-European countries are not planned. For organisational reasons it is possible that cloud services are activated outside the EU; in these cases, the Data Controller shall comply with the provisions contained in Chapter V of Regulation EU 2016/679 to ensure an adequate level of protection. If possible, precedence shall be given to countries recognized as adequate by the European Commission or that have implemented adequate mechanisms.