INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA
Lineapelle S.r.l., a single shareholder company, with registered offices in via Brisa 3, Milan, Tax Code and VAT no. 12629090155 (hereinafter, “Data Controller”), in its capacity as Data Controller, hereby informs you pursuant to Art. 13 Legislative Decree no. 196 of 30.6.2003 (hereinafter, “Data Protection Code”) and of Art. 13 EU regula-tion no. 2016/679 (hereinafter, “GDPR”) that your Data will be processed in the following manners and for the following purposes:
1. Subject-matter of the processing
The Data Controller processes personal, identifying data (e.g. name, surname, name of the company/organization you belong or represent, reference sector, telephone/e-mail address – hereinafter, “Personal Data” or “Data”) provided by you when entering into a relationship or in a pre-negotiation/preliminary phase with the Data Controller (or with entities belonging to the same Group as the Controller) or in any case in relation with the supply of a service (such as the issue of the admission ticket) or of a product by the Data Controller (or by entities belonging to the same Group as the Controller) to you and which was by you requested.
2. Purposes of the processing
Your Personal Data are processed:
A) without your express consent (previously Art. 24 letter a), b), c) Data Protection Code and currently Art. 6, co. 1, letter b), c) e), f) GDPR), for the following Service Purposes:
i. when you enter into a relationship with the Data Controller (or with entities belonging to the same Group as the Controller) in order to provide you with services or products requested by you (e.g. issue of admission tickets to the exhibition, dispatch of service communications, access to current and future exhibitions of the Data controller) on a contractual legal basis and, in any case, for the legitimate interest of the Data Controller in identifying the subjects admitted to the individual events organised by the Data Controller, which consist exclusively of business-to-business exhibitions or events by invitation only and reserved for selected operators in the reference sectors; in this regard, we would like to point out that each admission ticket to the exhibition is only valid for that exhibition and it is nominative, i.e. it contains a QRcode that identifies a numerical code associated by the Data Controller with the person requesting to visit the event at the time of the service request; therefore, we invite you to keep the title with care and, where no longer necessary, to destroy it once the exhibition is over, as well as to contact us if the title is lost, in order to allow us to issue a new one and to take all appropriate measures to protect your privacy with respect to the lost title;
ii. to verify the regularity of the admission ticket and the correspondence of the same with the ticket holder, by means of optical reading of the QRcode at the moment of passage through the ticket gates of the individual events; in this regard, we would like to point out that, for your greater protection, the identification of the name attached to the ticket is only possible for the Data Controller, since the simple optical reading of the QRcode on the ticket (when passing through the ticket gates at the exhibition centre) by means of the appropriate application (usually managed by the exhibition centre or by delegated staff) is absolutely incapable of identifying the name of the ticket holder in itself, since it only identifies the aforementioned numerical code; only when the application used transmits the numeric code to the Data Controller will it be possible for the latter and only for him to associate the number with the code and identify the ticket holder;
iii. to comply with obligations deriving from the law or regulations or EU regulations or an order from an Authority, on the basis of a statutory obligation;
iv. to protect the assets and personnel of the Data Controller, as well as to manage emergency procedures, by virtue of a legitimate interest of the Controller;
v. to exercise the Data Controller’s rights, for example the right to defend oneself before the courts, by virtue of a legitimate interest of the Controller;
please note that the provision of the Data necessary for the purposes referred to in point A) is "compulsory" and that refusal to provide such Data will make it impossible for the Data Controller to provide the services requested and to admit you to the individual exhibition or event;
B) only with your express and specific consent (previously Arts. 23 and 130 Data Protection Code and currently Art. 7 GDPR), for the following Marketing Purposes:
i. without prejudice to the provisions of paragraph 2 of this Article, to send you, via e-mail, post and/or text message and/or telephone contact, newsletters, commercial communications and/or advertising material relating to products or services offered by the Data Controller and different from the ones mentioned in previous letter A and/or to acquire the degree of customer satisfaction relating to the quality of the services;
Please be informed that if you already have a juridical relationship with the Data Controller, the latter may send you communications to perform pre-negotiation and preliminary activity with a view to providing you with Data Controller’s services and products analogous to those which you have previously requested, unless you dissent (previously Art. 130 c. 4 Data Protection Co-de and currently Art. 6, co. 1 lett. B GDPR).
Please also note that the Data Controller will process your Data (name, surname, name of organization/company, reference sector and e-mail address) also for the purpose of transmitting them to the individual exhibitors of its events, who have requested them after signing a suitable agreement pursuant to art. 28, paragraph 3, GDPR (also containing the standard contractual clauses provided for by the European Commission in the case of non-EU exhibitors), for the exclusive purpose of enabling them to satisfy their own legitimate interest (pursuant to art. 6, paragraph 1, lett. f GDPR) to identify the persons accessing their stand and only in the event that you allow the respective exhibitor, when entering its stand, to scan/read the QRcode on your admission ticket, using a special application provided by the Data Controller. If you do not want the aforementioned data to be transmitted to the exhibitor at whose stand you want to enter or have entered, you must refuse to have your ticket scanned/read by the exhibitor, but be aware that in such an eventuality it will be in the legitimate interest of the exhibitor not to admit you to the exhibition stand.
3. Manner of Processing
Your Personal Data is processed in the manners set forth in ex art. 4 Data Protection Code, currently Art. 4, no. 2) GDPR and specifically: collection, recording, organization, storage, consultation, processing, adaptation or alteration, selection, retrieval, comparison, use, transmission, restriction, disclosure, erasure or destruction of the Data. Your Personal Data may be processed using paper, electronic and/or automated means.
The Data Controller will process the Personal Data for the time necessary to comply with the purposes as set out hereinabove and, however, for no longer than ten years after the termination of the business relationship with regard to the Service Purposes and for no longer than two years from the date on which the Data were collected for Marketing Purposes.
4. Access to the Data
Your Data may be made accessible for the purposes set forth in Art. 2.A) and 2.B) to employees and collaborators of the Data Controller or of companies in the Group that the Data Controller is part of in Italy and abroad, in their capacity as appointees and/or internal data processors and/or system administrators.
As a rule, the Data Controller does not make the data accessible to third parties, except in the following two cases:
i. for the sole case in which you request the issuance of each ticket at the exhibition centre's ticket offices (and not through the Data Controller's web portal), the Data necessary for issuing the ticket are accessible to the staff of the organization managing the exhibition centre (or to the companies appointed by the latter) solely for the purpose of issuing the paper ticket. In this case, your Data is collected exclusively on a paper form filled in by you, which contains the information notice and is kept by the aforementioned personnel in charge of issuing the ticket (without it being made accessible to others, copied or transferred to third parties), who then deliver the paper forms directly to the personnel in charge of the Data Controller at the end of each event;
ii. if you allow the scanning/reading of the QRcode on your admission ticket by each individual exhibitor at the relevant event, by means of an application provided by the Data Controller, at the time of your access to the exhibitor's stand, your Data shall be made accessible to the said exhibitor for the sole purpose of allowing him/her to identify those who access his/her stand, excluding all other purposes, for which the exhibitor must ask for your explicit and different consent, as established in the agreement referred to in art. 28, paragraph 3, entered into for this purpose between the exhibitor and the Data Controller (also containing the standard contractual clauses envisaged by the European Commission in the case of non-EU exhibitors).
4bis. Collection and treatment of photographic or audiovisual material
During special events organized by the Data controller and connected to the services or events you are registering for, the Data controller has a legitimate interest in making videos and taking pictures for audiovisual content that can be published and reproduced at the corporate website and on the other social media of the Data controller, as well as kept to archiving purposes. This circumstance will possibly be made known during the event. Participating in these events, therefore, you might be filmed in overall framing.
Please note that, regarding the above, information about your image and your voice thus gathered by photo and video recordings can be freely treated by the Data controller, according to art. 97 of Law no. 633/1941, to make any audiovisual content that can be published and reproduced on the corporate website and the other social media of the Data controller for the only purpose of promoting the event, the activities and services provided by the Data controller. Processing will be free of charge, with no right for you to demand any compensation from the Data controller. The above data, furthermore, can be transmitted to any subjects curating, on the Data controller’s behalf, publication as described above. The legitimate interest mentioned above is shown by processing.
Permission to use your data to this extent is, generally speaking, optional, meaning that, in case you disagree, you will not be excluded from participation in the specific event, but in case you do not want to be filmed, you are requested to contact the Data controller in advance so that your request can be taken into consideration (for example, exclusion from recordings can be evaluated, if possible, and any necessary measures can be taken). Otherwise, your permission for data processing will be taken for granted. Please be informed that if it is not possible not to involve you in filming and you should not grant your consent, you might not be admitted to the event.
5. Communication of Data to Supervisory Bodies
Without the need for express consent (ex art. 24 letter a), b), d) Data Protection Code, currently Art. 6 letter b) and c) GDPR), the Data Controller may communicate your Data for the purposes pursuant to Art. 2.A) to Supervisory Bodies, judicial Authorities, as well as to those subjects to whom or to which communication is required by law for the aforementioned purposes. Such subjects will process your Data in their capacities as autonomous data controllers.
Your Data will not be disseminated.
6. Storing of Data
Your Personal Data are materially stored at the registered offices of the Data Controller and of the internal/external data processors, and digitally on the servers of the aforementioned, located at Milano – via Brisa 3, inside the European Union. It is in any event agreed that the Data Controller, if it should prove necessary, shall be entitled to move the server outside the EU. In such case, the Data Controller hereby undertakes to ensure that any transfer of data outside the EU will take place in compliance with applicable law, upon stipulation, wherever required, of standard contractual clauses as required by the European Commission..
7. Nature of the Data to be provided and what happens in the event of failure to provide Data
You are required to provide your Personal Data for the purposes pursuant to Art. 2.A). Without such Data we will be unable to provide the Services as set out in Art. 2.A) (first of all, access to each fair of ours or access to individual stands).
Providing your Personal Data for the purposes pursuant to Art. 2.B) is, instead, optional. Therefore, you may decide not to provide any Data or subsequently to request us to cease processing the Data you provided us with: in such case, you will not be able to receive newsletters, commercial communications and advertising material inherent to the Services offered by the Data controller. You will, however, continue to be entitled to avail of the Services pursuant to Art. 2.A). For data processing as described in art.4bis, please refer to the same.
8. Data Subject’s rights
As Data Subject you have the rights as set forth in Art. 7 Data Protection Code, currently Art. 15 GDPR and specifically the following rights:
i. to obtain confirmation of the existence or not of Personal Data which concern you, even if they have not yet been registered, and for such Data to be provided to you in an intelligible form;
ii. to obtain indication of: a) the category and origin of the Personal Data; b) the purposes and manners of processing; c) the logic applied in the event of processing performed with the aid of electronic tools; d) the identity and the contact details of the Data Controller, Data Processors and the Data Controller’s designated representative pursuant to ex Art. 5, paragraph 2 Data Protection Code, currently Art. 3, paragraph 1, GDPR; e) the subjects or the categories of subjects to whom the Personal Data may be communicated or who may become aware of the Personal Data in their capacity as designated representative in the territory of the State, as Data Processor or as appointees;
iii. to obtain: a) the up-dating, rectification of the Data, or, if wished, the completion of incomplete Data; b) the erasure, the transformation into anonymous form or the restriction of processing of data processed in breach of the law, including Data which do not need to be stored in connection with the purposes for which they were collected or subsequently processed; c) confirmation that the actions pursuant to letters a) and b) have been brought to the attention, including with regard to their content, of those to whom the Data were communicated or disseminated, unless this proves impossible or involves disproportionate effort with respect to the right under protection; d) the right to data portability;
iv. to revoke consent or oppose the processing of all or part of the Data: a) for legitimate reasons pertaining to the processing of your Personal Data, or for reasons connected with the purposes for which the Data were collected; b) for the purposes of sending you advertising material or for direct selling or for performing market research or commercial communications, using automated telephone calling systems that do not involve an operator, by email and/or through traditional marketing methods using the telephone and/or mail.
Where applicable, you also have rights pursuant to Arts. 16-21 GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to make a complaint to the Data Protection Authority.
9. How to exercise your rights
You may exercise your rights at any time by sending:
- a registered letter with return receipt to Lineapelle S.r.l. single shareholder company - Settore Privacy – via Brisa 3 – 20123 Milano;
- an e-mail to the e-mail address firstname.lastname@example.org.
10. Data Controller, Data Processor and Appointees
The Data Controller is Lineapelle S.r.l. single shareholder company.
An up-to-date list of data processors and appointees entitled to process Data is held at the registered offices of the Data Controller.