Privacy Policy

Information on Personal Data Processing for the Data Subject under Article 13 of Regulation (EU) 2016/679 (GDPR)

Under Article 13 of EU Regulation No. 2016/679 (hereinafter, “GDPR”), we inform you that the processing of personal data you provide will be conducted with methods and procedures aimed at ensuring respect for your fundamental rights and freedoms, as well as your dignity, with particular reference to confidentiality and security, personal identity, and the right to data protection.

We remind you that “processing” means any operation or set of operations performed, with or without automated means, on personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction (Article 4 GDPR).

1. Identity and Contact Information

The Data Controller is Expomeeting S.r.l. (VAT no. 03883990487), based at Via Giovanni Antonio Dosio No. 45, Florence (50142), represented by the Sole Administrator Morozzi Filippo. Appointments of data processors, any joint controllers, and authorized internal personnel, as well as any other requests or information regarding your data, can be requested by emailing giulia@expomeeting.it.

2. Purpose of Processing, Legal Basis, and Legitimate Interest

Personal data in our possession will be processed for the following purposes:

2.1 Purposes related to contract execution: identification and provision of connected services, assistance, management of correspondence, and communications.

2.2 Purposes related to promotional and marketing activities: subscription to newsletters, commercial communications, and/or advertising material on products or services offered by the controller via email or mail; commercial communications and/or advertising material on products or services offered by third parties (e.g., business partners). In this latter case, subsequent information will be provided by the third party.

2.3 Profiling purposes: Expomeeting S.r.l. will conduct profiling activities to offer you products and discounts aligned with your preferences. This activity is conducted through IT and/or paper-based tools, in compliance with security measures as provided for by the GDPR.

2.4 Fulfillment of all legal obligations arising with the establishment of the relationship between the data subject and the controller.

The lawful basis for processing by the controller is i) the necessity of executing the relationship between the parties as per Article 6(1)(b) of the GDPR and ii) consent provided by the data subject, when required. Refusal to consent only prevents optimal fulfillment of obligations. Consent provided by the data subject is subject to Article 6 GDPR principles, i.e., it must be free, specific, informed, unequivocal, explicit, verifiable, and revocable.

The processing is necessary to pursue the legitimate interest of the controller in fulfilling contractual obligations.

3. Processing Methods

Processing will be carried out in accordance with the aforementioned purposes and as specified by Article 4 of the GDPR, with or without electronic means, by the controller and/or authorized personnel, specifically:

Collection of data from the data subject through paper forms;
Recording and processing on computerized and paper media;
Organizing files in predominantly automated form, through business applications and computerized records;
Automated profiling through business applications;
Destruction and/or deletion of data.

4. Data Security

The controller has adopted specific security measures to ensure confidentiality, integrity, accuracy, and availability of personal data and to prevent unauthorized access.

5. Retention Period

The Data Controller will process personal data for the time necessary to fulfill the purposes mentioned above.

This retention time derives from the need to:

Ensure regular progress of the matters in point 2.1;
Comply with Italian and EU data retention regulations (mainly for administrative and tax purposes).

Retention is conducted with the most suitable scientific tools, which will be continuously updated. Note that data will be retained for up to one year following the non-renewal or revocation of consent solely for internal organizational purposes, but marketing and profiling activities will cease upon receipt of communication.

6. Scope of Disclosure and Communication

The data in question may be disclosed to public or private entities for the purposes listed above or to comply with legal obligations.

7. Access to Processing

Processing will be carried out by personnel authorized to process data within the duties assigned by the Data Controller. Personal data will not be disseminated and may be disclosed and processed by third parties appointed as Data Processors or joint controllers.

For example:

Companies or entities providing specific instrumental or support services on behalf of Expomeeting S.r.l.;
Entities with lawful access to your data by legal provisions or EU legislation.

Without requiring express consent, the Data Controller may disclose your data to the following:

Judicial authorities;
Control entities;
Other entities with lawful access by legal provisions or EU legislation.

8. Storage and Data Transfer

The management and storage of personal data will take place at the Data Controller’s premises, on its servers located within the EU and/or third-party companies duly appointed as Data Processors. Data will not be transferred outside the EU.

9. Different Processing Purposes

If the controller intends to process data for a purpose other than that for which it was collected, it will provide the data subject with information on this different purpose and any additional relevant information.

10. Data Subject Rights

According to the GDPR, the data subject has the following rights:

Obtain confirmation of data processing concerning them and, if so, access to their data (Right of Access, Article 15);
Rectify inaccurate data without undue delay (Right to Rectification, Article 16);
Delete their data without undue delay if certain conditions apply (Right to Erasure, Article 17);
Restrict processing in specific situations (Right to Restriction of Processing, Article 18);
Receive their data in a structured, commonly used, and machine-readable format and transmit it to another Data Controller, without obstruction (Right to Data Portability, Article 20);
Object at any time to the processing of data concerning them (Right to Object, Article 21);
Receive communication of personal data breaches without undue delay (Article 34);
Withdraw consent at any time (Conditions for Consent, Article 7);
Object to automated decision-making, including profiling.

The address for exercising these rights is giulia@expomeeting.it. Requests will be processed within 30 days, which may be extended based on the complexity of the request or the specific right. The data subject may file a complaint with the Italian Data Protection Authority, following procedures and instructions on the official website www.garanteprivacy.it. Exercising these rights is free and has no form requirements.