Information to data subjects on the processing of personal data in accordance with Article 13 of Regulation (EU) 679/2016
I. INTRODUCTION
Pursuant to Article 13 of the GDPR, concerning the protection of natural persons with regard to the processing of personal data, we hereby provide the required information on the processing of personal data concerning you (“Data”) by Fiere di Parma SpA.
II. DATA CONTROLLER
The data controller, hereinafter also called “Controller”, is Fiere di Parma S.p.A. with registered office at Via delle Esposizioni 393, 43126 Parma (PR), Italy – VAT Identification Number and Taxpayer Identification Number 00162790349.
Data Protection Officer
The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted for any information and request via email at the address privacy@fiereparma.it
III. PERSONAL DATA PROCESSED
The term “Data” means personal data of natural persons which are processed by the Controller for the stipulation and execution of the contractual relationship (“Users” or “Data Subjects”). Such Data, as specified in the list below, mean personal details, any company details, contact details.
IV. PURPOSE OF PROCESSING AND LEGAL BASIS
The Data supplied by the User, including through the completion of special forms, is used for the following purposes:
I. Account registration
The purpose of processing regarding the point above is necessary to comply with one of the Controller’s obligations and data will be retained for the time imposed by the legislation in force.
II. Obligations regarding the online participation to the Forum
The purpose of processing regarding the point above is necessary to comply with one of the Controller’s obligations and data will be retained for the time imposed by the legislation in force.
III. Customer satisfaction with the services provided directly and/or indirectly by the Data Controller.
Customer satisfaction questionnaires will be very useful to improve our services and they are thus considered an integral part of the purchasing contract. In any case data subjects will be free to fill it out and results shall be anonymized and not disclosed. Being anonymized, the results shall generate no processing of any kind
IV. If necessary, to ascertain, exercise or defend the rights of the Controller in court.
The purpose of processing regarding the point above is based on the Controller’s legitimate interest and the retention time shall be extended until expiration of the term to start action for all remedies provided by law.
V. Sending general communications concerning the same type of services/exhibitions or events via email to the address provided by you.
The procedures to provide the service in point vi follow the rules of soft spam pursuant to Article 130 of Legislative Decree 196/2003. The data subjects may at any time request to opt out from receiving newsletters using the mail address given above and/or via the relevant unsubscribe tools. Contact details will be retained until data subjects request to erase them.
VI. Marketing purposes (sending sales/promotional communications, invitations to events and exhibitions) for products/services of companies owned by the Data Controller, partners or exhibitors. The provision of the above services may be granted by independent data controllers for which the Data Controller cannot be responsible. The consent to disclose personal and contact details to any new partners or owned companies may be withdrawn at any time writing to the email address written above.
The purposes of processing specified in the point above are subject to the explicit consent by the data subject and, if given, it may be withdrawn at any time by writing to the e-mail address given above. Contact details will be retained until data subjects withdraw their consent.
Once the aforementioned retention period has elapsed, the Data will be destroyed or made anonymous, in compliance with the technical erasure and backup procedures.
5. PROCESSING PROCEDURES
Data processing is based on principles of correctness, lawfulness, transparency and data minimization (privacy by design); it may be carried out either manually or through automated procedures designed to store, process and transmit them and will take place through appropriate technical and organizational measures, taking into account the current technological level and implementation costs, in order to guarantee, among other things, the security, confidentiality, integrity, availability and resilience of systems and services, avoiding the risk of loss, destruction, unauthorized access or disclosure or, in any case, illicit use, as well as through reasonable steps for ensuring that inaccurate data is erased or rectified in accordance with the purpose for which they are processed.
For participation in Cibus Forum through an online streaming service, Data subjects will follow the procedure set by the Data Controller
6. RIGHTS OF THE DATA SUBJECT (ART. 15-22 of the GDPR)
Data subjects have the rights established by Articles 15 to 22 of the GDPR, where applicable. The data subjects have the right to request from the Data Controllers access to data, rectification or erasure of such data as well as restriction of or objection to processing. For more information on your specific rights as a Data Subject, and on how to exercise them, please send an email or write to the Data Controller’s address, given in art. 2, specifying your request and indicating the address where you would like to receive the reply.
Data subjects have the right to lodge a complaint with the competent Supervisory Authority.
7. CATEGORIES OF DATA RECIPIENTS TO WHOM THE DATA MAY BE PROVIDED AS DATA CONTROLLERS OR WHO MAY HANDLE IT AS DATA PROCESSORS
The Data may be processed by third parties operating as Data Controllers such as, for example, authorities and supervisory and control bodies and in general public or private subjects entitled to request the Data.
The Data may be processed, on behalf of the controller, by third parties designated as data processors who perform specific activities on behalf of the controller, for example, accounting, tax, insurance companies, correspondence, management of receipts and payments, platform services. Data shall be processed by persons in charge and duly trained, and shall not be disclosed and disseminated. In case of need, health professionals or bodies (first aid service made available by Fiere di Parma) may communicate your data to us in case of intervention request during the exhibition. In case of access to streaming contents, the data will be handled by the platform manager to respond to your request for access and to enable connection.
8. DATA TRANSFER OUTSIDE THE EU
Structured transfers of Personal Data of the Data subjects to non-European countries are not planned. For organisational reasons it is possible that cloud services are activated outside the EU; in these cases, the Data Controller shall comply with the provisions contained in Chapter V of Regulation EU 2016/679 to ensure an adequate level of protection. If possible, precedence shall be given to countries recognized as adequate by the European Commission or that have implemented adequate mechanisms (Privacy Shield EU-USA).