• 5 Novembre 2019
  • Firenze, Stazione Leopolda
  • Versione in italiano

PRIVACY POLICY PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679.

1. WHO ARE WE AND WHY ARE WE SENDING YOU THIS DOCUMENT?
1.1. Messe Frankfurt Italia Srl is a company belonging to the Messe Frankfurt GmbH international trade fair group, which has organised and promoted exhibitions in Italy and abroad for over twenty years. The company is especially attentive to the protection of personal data supplied by its customers, visitors and users, and ensures that the processing of such data is always carried out in compliance with the safeguards and rights recognised by European Regulation No. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the "Regulation") and the Privacy Code (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.
1.2. Before processing your personal data, we hereby inform you, in accordance with the provisions of articles 13 and 14 of the Regulation, of the methods for processing the data you provide for registration and participation as a visitor and/or exhibitor at trade fairs, and/or for registration to our events, and/or during browsing, the use of or interaction with our website, including the filling in of forms available on the site.
1.3. The policy is issued exclusively for Messe Frankfurt Italia Srl.

2. DEFINITIONS
2.1. We specify that when we speak of your“Personal data” we mean“any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular with reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person “ (Art. 4, para. 4, no. 1 of the Regulation).
2.2. In order to allow you to browse our website and participate in our events, we must process the Personal Data you provide, referring, with the term “Processing” to “any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (art. 4, para. 1, No. 2 of the Regulation
2.3. Messe Frankfurt Italia Srl processes your data as the Data Controller, definable as the “natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” (Art. 4, para. 1, No.7 of the Regulation).
2.4. In the course of our business, we may make use of one or more "Processing managers” understood as “a natural or legal person, public authority, agency or other body” that processes personal data“ on behalf of the controller” (Art. 4, para. 1, No. 8 of the Regulation).

3. WHO IS THE DATA CONTROLLER?
3.1. The Data Controller (hereinafter, the "Controller") is Messe Frankfurt Italia Srl, tax code and VAT No. 12632140153, with registered offices in Corso Sempione 68, 20154 Milan (MI), Italy, in the person of its legal representative pro tempore Joachim Donald Wich, domiciled for this purpose at the company headquarters.
3.2. You can contact the Controller, at any time:
• By sending an email to: privacy@italy.messefrankfurt.com.
• By sending a letter to: Corso Sempione 68, 20154 Milan (MI) Attn: Privacy Office.
• By calling 02 8807781
4. WHICH CATEGORIES OF DATA DO WE PROCESS?
4.1. We process all the data necessary to execute your request, in particular:
- to allow you to complete your registration as an exhibitor/visitor to a trade fair;
- on the basis of the functions on the website you are using;
- on the basis of the personal information that you give us by contacting us directly.
By way of example, we may process the following categories of personal data: name; surname; company contact information (e.g. e-mail and phone number); payment/invoicing coordinates when this is necessary depending on your request.
The categories of personal data processed are easily determined on the basis of the boxes on forms that you fill in. This data is also transmitted to us when you send a message to the email addresses shown in the "contacts" section or when you call the number shown.

4.2. During our trade fairs, it is possible that photographs and/or audio-visual recordings may be made both by the Data Processors designated by Messe Frankfurt Italia Srl or by third parties not connected with our company (e.g. journalists, press offices, private individuals, etc. ). Therefore, by taking part in these events, it is possible that your image may be recorded and consequently published on web pages, social media, print and/or online magazines, or may be broadcast live in other areas of the same trade fair. If you do not wish to be photographed or filmed, you should not attend the event.
By attending the trade fair you consent to the possible use of your image, as described above.

5. WHAT IF I DON’T PROVIDE THE REQUIRED DATA?
5.1. We inform you that if you request information by writing to or calling us, filling in trade fair registration forms, filling in the forms on the website, and/or to downloading material from the website and accessing the services offered, to be able to buy your ticket for the trade fairs and, in general, take advantage of our offers, you must provide the requested data marked with an asterisk.
5.2. You are under no obligation. However, failure to provide all necessary data will prevent the purchase of your ticket and/or attendance at the event or otherwise execute your request.
5.3. It is not necessary, however, to fill in the fields not marked with an asterisk. If you do not fill them in, you can still take advantage of the services you have requested.

6. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS IS YOUR PERSONAL DATA PROCESSED?
6.1. Your data may be collected and processed for the following purposes:
a) to allow you to buy tickets for attendance at the trade fair;
b) to allow you to register as an exhibitor at the trade fair;
c) answer questions and/or requests that you send us via the appropriate Contact form (e.g. visit and/or exhibit at events organised and/or promoted by us, receive newsletters, take part Vision Night, etc.), by writing to our email addresses found in the contact section or by calling our number;
d) to allow you to download useful materials from our website;
e) guide you to the form appropriate to your needs;
f) to allow you to create an exhibitor pass by filling in the appropriate form, having logged into the reserved area;
g) to allow you to create invitations with benefits at our events;
h) to allow you to manage your exhibitor sheet: the data will be published on the trade fair online catalogue and on the App;
i) to allow you to take part in a trade fair as a sponsor and/or as a speaker;
j) to allow us to contact you regarding the promotion of trade fairs organised by Messe Frankfurt Italia or other Messe Frankfurt Group companies, a complete list of which is available online at this link: https://www.messefrankfurt.com/frankfurt/en/company/global.html;
k) to conduct research and market surveys;
l) to perform data analysis and anonymous profiling in order to better identify market development and your preferences.

6.2. The legal basis for the processing of your data is, depending on the circumstances:
a) your consent;
b) responding to your questions and/or requests;
c) the need to execute a contract or pre-contractual measures requested by you;
6.3. Do not hesitate to contact us at privacy@italy.messefrankfurt.com] to ask for more information on the legal basis of the processing of your data.

7. HOW IS YOUR DATA PROCESSED?
7.1. Your data is processed in full compliance with current privacy regulations. Messe Frankfurt Italia Srl undertakes to process your data, in print form and/or automatically, using tools and methods that ensure security in accordance with art. 32 of the Regulation and in full compliance with the guidelines of the Data Protection Authority.

8. WHERE IS YOUR DATA PROCESSED?
8.1. Your data is processed within the European Union and is stored in special electronic and/or hard copy registers, located both within the European Union and the United States of America.
8.2. The storage of your data in the United States is managed by a specially appointed Data Processor, who provides adequate safeguards in accordance with art. 46 of the Regulation. If you would like more information, do not hesitate to contact us at privacy@italy.messefrankfurt.com.

9. FOR HOW LONG WILL YOUR PERSONAL DATA BE STORED?
9.1. The data you provide is processed only for the time needed for the purposes of paragraph 6.1., and for the additional time required by current tax and statutory regulations.
9.2. In the case of marketing communications, we will process your data until you advise us that you no longer wish to receive our communications, which you can do at any time by sending an email request to: privacy@italy.messefrankfurt.com, as well as by clicking on the link when it appears in our communications.

10. TO WHOM CAN THE DATA CAN BE DISCLOSED?
10.1. Your data may be disclosed to the following categories of entities:
a) Data Processors: companies that provide the Controller with the data storage service, companies that provide the Controller with web consulting services and companies that provide the Controller with database services.
For a detailed and updated list of the Data Processors to whom your data may be disclosed, do not hesitate to contact us at privacy@italy.messefrankfurt.com.
b) Companies belonging to the Messe Frankfurt Group, who pledge to process your data with the utmost security.
We advise you that some of the Messe Frankfurt Group companies are located in third countries, where there are no adequate legislative guarantees pursuant to articles 46 and 47 of the Regulation. Therefore, in these countries your data may be processed according to current law, which cannot contemplate the same guarantees provided by European Regulation No. 2016/679.
c) Employees of the Controller and persons authorised by him to manage the processing, who are required and trained to process the data with the utmost confidentiality and in accordance with current privacy legislation.
d) Public and private entities who can access data under the provisions of law, the Regulation or EU legislation, within the limits set by current regulations;
e) Companies/firms providing trade fair preparation services, should you decide to avail of such services or it is strictly necessary for the fulfilment of the contract concluded with us.
f) Companies that provide the Controller with web hosting services and which are located in the United States, a country covered by an adequacy decision of the European Commission. The company undertakes to process your data with maximum security.
g) Other suppliers, if you have so requested or it is strictly necessary for the execution of the contract concluded with us.
h) Court authorities or security forces, if they so request.

11. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
11.1. We advise you that you can exercise the following rights:
a) right of access: you may at any time obtain confirmation that your personal data is being processed, obtain access to the data processed and to the following information: purposes of the processing; categories of data processed; recipients or categories of recipients to whom the personal data has been or will be disclosed; in particular you will be able to know if these recipients are third countries or international organisations; the period of retention of your data, or, if this is not possible, the criteria used to determine this period; if the personal data is not collected from you, all available information on its origin; the existence of an automated decision-making process, including profiling; in such cases, you can obtain significant information on the logic used and on the importance and consequences that this type of processing may have for you.
You can obtain all this information in this policy, but if you have any further questions about this, please do not hesitate to contact us at the address provided below.
b) right of rectification and/or integration: you may ask for and obtain the rectification of your personal data if it is inaccurate. Taking into account the purposes of the processing, you may also request and obtain the integration of your personal data if it is incomplete.
c) right to erasure: you may ask for and obtain the erasure of your personal data, without undue delay, and the Controller will have to erase your personal data, even if only one of the following reasons exist: (i) your personal data is no longer necessary for the purposes for which it was collected and processed; (ii) you have withdrawn the consent on which the processing is based and there is no other legal basis for it to take place; (iii) you have objected to the processing and there is no longer any prevailing legitimate reason to perform the processing; (iv) your personal data has been processed unlawfully; (vi) it is necessary to delete your personal data in order to comply with a legal obligation under an EU law or a national law.
d) right to restriction of processing: you may ask for and obtain the restriction of the processing in the following cases: (i) you have contested the accuracy of your personal data (the restriction will last for the period enabling the Controller to verify the accuracy of the data); (ii) the Processing is unlawful but you have objected to the erasure of your personal data, asking instead for the restriction of its use; (iii) the Data Controller no longer needs your personal data for the purposes of processing, but it is needed for the establishment, exercise or defence of legal claims; (iv) you have objected to the processing pursuant to art. 21 para. 1 of the Regulation and await verification of whether the Data Controller’s legitimate grounds override yours.
In case of restriction of processing, your personal data will be processed, with the exception of storage, only with consent, or for the establishment, exercise or defence of a right in court, or to protect the rights of another natural or legal person or for reasons of significant public interest. In any event, we shall inform you before this restriction is removed.
e) right to object: you may at any time object to the processing of your personal data, (i) if it is processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing (ii) if the legal basis for the processing is the legitimate interest of the Controller.
f) right to data portability: you may ask for and receive all your personal data processed by the Controller, in a structured, commonly used and readable format, or ask for transmission to another data controller without hindrance. In this case, it is your responsibility to provide us with all the exact details of the new data controller to whom you wish your personal data to be transferred, by supplying written authorisation.
g) right to withdraw consent: if the legal basis for the processing consists of your consent, you may withdraw it at any time, without affecting the lawfulness of the processing based on consent given before the withdrawal. In this case, the processing of your personal data will promptly cease, with the exception of its storage for the period imposed by statutory and tax rules in force.
11.2. To exercise these rights at any time please contact the Controller by sending an email to: privacy@italy.messefrankfurt.com.
11.3. We remind you that you also have the right to file, at any time, a complaint with the competent control authority, in this case the Personal Data Protection Authority, or alternatively you can bring proceedings before the judicial authority, pursuant to and in the manner provided by articles 140-bis and following of the Privacy Code (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.
Messe Frankfurt Italia Srl reserves the right to partly or completely alter or update the content, in this disclosure also as a result of changes in the applicable legislation and/or instructions of the competent authority.

25 May 2018
updated version 15 April 2019
Messe Frankfurt Italia Srl