Privacy Policy

In compliance with the new GDPR - EU Privacy Regulation 679/2016, we provide you with the following information on how Italian Exhibition Group SPA ("IEG") processes your personal data.

The processing includes the following:

• collection (on paper/hard copy, by computer and telematic means, by telephone - also through apps made available to the data subject by the Data Controller - and/or by e-mail, or from public registers, lists of deeds and documents and/or public and/or private databases (commercial information companies);
• recording, organisation, storage and processing on paper/ hard copy, magnetic, automated or telematic supports, processing of data collected from third parties, amendment, selection, extraction, comparison, use, interconnection also with data of other entities on the basis of qualitative, quantitative and temporal criteria, recurring or definable from time to time, temporary processing aimed at a rapid aggregation or transformation of the same data;
• profiling ("basic");
• soft spam;
• communication, dissemination, erasure and destruction of data, or combinations of two or more of the above operations.

Processing shall in no case include the adoption of fully automated decisions by the IEG.

Any information relating to an identified or identifiable natural person ('data subject') shall be considered personal data; an identifiable natural person is one who can be identified, directly or indirectly, by reference in particular to his or her name, identification number, location data, online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

In the event that the user or organization to which the personal data relate, is a natural person or a sole proprietorship company, the same are defined as "data subjects" for privacy purposes. In any other case (e.g. corporations) the information relating to natural persons of the company is considered personal data with limited effects regarding the application of the substantial rules on disclosure obligations and obtaining prior consent to processing, only if processed for profiling and direct marketing purposes of:

1. users of the web services accessible from the web site under the domain www.iegexpo.it and/or any other subdomain of IEG;
2. clients (e.g. exhibitors, buyers, other visitors), suppliers, journalists and media representatives, third party partners;
3. other general users of the website (who are the data subject and/or another person who is presumed to have given the relevant authorization).

The rules set out here apply when you access our sites, browsing inside the web pages even without registering and without filling in or entering data in web forms. These rules do not apply to any websites operated by third parties that may be accessible by the user through links contained in our sites.

Index of topics (you can navigate between them by placing the mouse on the list and clicking on the text)

• Types of data
• Logics and forms of processing. Security measures.
• Purpose of processing
• Legal basis of processing
• Mandatory or optional consent
• Does the consent of the data subject to the processing for profiling and direct marketing purposes also apply to the communication of data to third parties?
• Legal exceptions to the need for your consent for marketing purposes
• Disclosure of data to third parties
  
• Dissemination of data
• Mergers and other events involving automatic transfer
• Data transfer abroad
  
• Period of data retention
• Data controller
• Rights of the data subject
• Changing the policy

types OF data

Through the web forms available on the sites, we never ask you for "particular" personal data (personal data disclosing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data disclosing health and sexual orientation) or "criminal" (data on criminal records, or relating to the status of defendant or suspect, etc.). The data we process can be of three general categories: navigation data, data provided in an active form by the person concerned and data collected from third parties.

Navigation data

When you access this website or use our services (including in mobile mode, via smartphone or tablet), the computer systems and software procedures used to operate the website acquire, during their normal operation, some information about you, qualifying as "personal data" the transmission of which is implicit in the use of the Internet communication protocols.

These include the hardware model, operating system and version, information on the mobile network and the country of access, the time of the request, the method used to submit the request to the server, the access time, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.), details of the itinerary followed within the web pages with particular reference to the pages visited and other parameters relating to the operating system and computer environment of the user (browser used, version, geographical location, last page visited before accessing the services of the IEG Site) and unique device identifiers (e.g. IP address or domain names of computers used by users, address in notation URI - Uniform Resource Identifier, MAC address - Media Access Control).

This information is not collected to be directly associated with identified data subjects, but by its very nature could, in theory, through processing and association with data held by third parties (in particular, third-party providers of Internet connectivity services), allow users to be identified.

However, these data are only used by us to obtain aggregate and anonymous statistical information on the use of the site, to better understand the user's browsing behaviour in order to provide the user with a better browsing experience, to make the technical functions of the site possible, to monitor and optimize its operation, to improve the quality of services offered by the site and ensure the maintenance of its database and IT infrastructure support.

After such anonymous processing, these navigation data will be deleted within 12 months of the date of collection.

Navigation data may also be used to ascertain responsibility in the event of crimes against the Site or committed through the Site (attempts at malware, spamming, unauthorized access to computer systems, etc..) and in this case the retention lasts for as long as necessary to protect the rights of IEG and/or third parties.

IEG complies with the provision of the Supervisory Authority dated 8 May, 2014, which implemented the European Directive 2009/136/EC by requiring operators of web pages to publish a privacy notice regarding the cookie policy of the Site browsed by users. IEG invites you to view and read the following link; here you will find useful information to understand, identify, use or delete the cookies used on our website and the legal requirements relating to privacy and to them.

Data actively provided by the user

Defined as such is:

• information sent by users on an optional and voluntary basis to the email addresses indicated on the Site or by filling out web forms for data collection and/or other features on the site to access or register for, or to use services or content or to purchase services and products accessible on the Site (e.g. participation in events or campaigns; purchase of the magazine VIORO, purchase of TrendBook, etc. ...) or to participate in initiatives promoted through the Site (e.g. business matching between exhibitors and buyers).
  This information may include, for example, your name and  surname, date of birth, name or company name, physical address of residence, domicile or place of business, nationality, business organisation or trade association to which you belong, email, certified mail account, mobile phone number, fax, product sector, VAT or social security number, shipping or billing address, credit or debit card number, information on the means of payment used, and other personal data such as attachments to messages sent by you to IEG.
• personal data provided by users who request the sending of news and/or information material ("newsletters");
• personal data provided by users who submit on-line job application proposals ("curriculum vitae", etc.).

The email boxes corresponding to the addresses indicated on our sites and any other email box of IEG, are not personal even when they show the name and/or surname of a natural person (always followed by the suffix @iegexpo.it). They belong to the company organisation and have the primary purpose of enabling the effective performance of work activities within the companies of the IEG Group. This means that the messages forwarded to the IEG Group's email accounts may be known not only by the recipient, but also by other people in the organisation.

Providing data for specific purposes (e.g. newsletter subscription, information requests, registration to restricted areas, purchase of services/products, customer care, direct marketing, profiling) involves entering the data into our Customer Relationship Management (CRM) computer system dedicated to the management of customers, suppliers and other contacts, which is accessed only by staff authorized by IEG. The CRM is based on cloud services subscribed to by IEG and provided by third party providers (SALESFORCE, SUGAR, HUBSPOT), whose servers are located in the EU and/or in non-EU countries.

Data collected from third parties

IEG also uses the websites of third-party partners that work with IEG to collect and record customer/client data (exhibitors and visitors).

Logics and forms of processing. Security measures.

The logics and forms of processing organization will be strictly related to the purposes respectively indicated above. The processing will take place using electronic, telematic and/or paper media. Processing will be in compliance with the principles of fairness, lawfulness, transparency and proportionality and any legislation on the subject.

The processing of personal data and information of the data subject is subject to appropriate security measures to ensure the integrity, security and availability of the same.

In the case of manual processing, the data are processed at IEG's operational offices and in any other place where the offices of any Joint Data Controllers or external data processors authorised by the Data Controller are located.

We store all the personal information we receive in databases protected by an encrypted password that is within our secure network, located behind the active advanced firewall software. The data managed at computerized level, can be consulted only by having access to the various processing programs or data entry, by the entering of personal passwords only by staff members authorized by IEG who need to be aware of such data for the performance of their usual duties (e.g. legal, commercial and marketing, administrative, logistics, IT, management control, etc.). In any case, staff must comply with predetermined written restrictions on use imposed by IEG (e.g. confidentiality obligations). Data are subject to daily back-up procedure and safe custody mode, with off-site replication.

Our Web Services support secure HTTP protocol (HTTPS) connections with 2048-bit encryption and TLS v1.x protocol (PCI DSS Compliance).

We reserve the right to conduct security checks at any time (e.g. log analysis) to validate your identity, age, registration data provided by you and to verify your use of the services and your financial transactions as well as to verify possible breach of the Terms of Use of the IEG Website and applicable law.

To facilitate these security checks, you agree to provide such information or documents at our request.

Our staff, agents and suppliers may use your personal information and disclose your personal data to third parties for the purposes of validating the information you provide to us when using the services.

Our software package - to access and use the services - contains certain features designed to detect the use of automated programs that allow the use of artificial intelligence (non-human) to register on our Site. The use of such software programs of the 'bot' type breaches our Terms of Use, and IEG therefore reserves all rights to compensation for damages resulting from such conduct.Our software package - to access and use the services - contains certain features designed to detect the use of automated programs that allow the use of artificial intelligence (non-human) to register on our Site. The use of such software programs of the 'bot' type breaches our Terms of Use, and IEG therefore reserves all rights to compensation for damages resulting from such conduct.

Purpose of processing

The navigation data relating to users are processed by IEG to manage access to the portal and the services it provides, manage technical practices, carry out all activities necessary or useful for the constant improvement of the service provided, and to ascertain responsibility in the event of crimes against the Site and/or crimes committed through the Site. Specific additional purposes relating to individual processing may be identified in detail, through additional information, within the various services included in the Site.

Data other than navigation data are processed by IEG for primary and secondary purposes.

Primary purposes are:

1. to satisfy pre-contractual requirements (e.g. solvency checks and customer risk control, e.g. fraud also by means of data from public registers, lists, deeds or documents, to instruct and process the specific requests received from the data subject to send information material such as bulletins, newsletters, answers to questions, notices, sending of offers, specifications or price lists, etc.), and to allow users to register on the site and access services and/or purchase products/services;
2. to manage contracts with the data subject (supply or purchase of products and/or services such as the allocation of exhibition space and the sale of additional optional services, the sale of advertising space not linked to events, the after-sales management of warranty claims, the protection of IEG during litigation and to assert or defend a right in court) and/or obligations provided for by law, by regulations or by EU legislation (e.g. accounting; tax formalities, administrative and accounting management; fulfilment of obligations regarding electronic communication services as provided for by Legislative Decree no. 70 dated 9 April 2003; management of obligations for certification of events organised by IEG vis-à-vis the competent bodies);
3. to carry out activities relating to the management of customers/clients and suppliers, for the legitimate interest of IEG or third party recipients of the data, such as: management of credit lines and risk control (illicit prevention, insolvency, etc.); management of litigation and assignment or credit insurance; financial and insurance services instrumental to the management of customers/suppliers; management of electronic payment services; management of warehouse, logistics and transport; management of after-sales service extra warranty (via telephone, email and / or contact form on the Site); activation by registration, and subsequent management and technical maintenance and security, of the online account of the person connected to the IEG website for access to the same and/or services made available therein (e.g. e-commerce) and password or similar authentication credentials; management and use of exhibitor lists and personal data; sales management (pre-sale and sale of tickets online and on site, issue of free tickets); management of relations with customers, buyers, other visitors, journalists, VIPs (e.g. military, politicians, groups, others) such as control and registration of access and accreditation; management of personnel of suppliers responsible for security services; production and distribution of online and paper catalogues of exhibitors;
4. to carry out other IEG organisational and production activities based on a legitimate interest of IEG such as quality system management, management control, general planning of strategic and operational marketing activities, VIP master data management (e.g. for special conditions such as discounts, cards, quick access), production, printing and dissemination of promotional publishing materials on paper or via the web (e.g. house organ), the management of accreditation and involvement of communication bodies, the media and representatives of services connected with the performance of journalistic activities; the management of video surveillance; the management of information points (info points) for exhibitors, buyers and visitors; the management of certification requirements for events organised by IEG with regard to AEFI - Associazione Enti Fieristici Italiani; the management of internationalisation (organisation of non-EU events: please read the section "data transfer abroad"). In some cases, we also ask for your personal data (e.g. photographic images and video-audio) to allow you to participate in events, competitions and thematic initiatives of an extraordinary and temporary nature, which by their nature provide for the communication and dissemination of such data. In these cases, we will notify you by asking you to give your express and specific consent.

Secondary purposes or soft spam (subcategory of direct marketing) are:

1. Basic profiling: (by which is meant the automated processing of personal data consisting in the use of personal data to assess certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to (...) the economic situation, (...) the personal preferences, interests, reliability, behaviour, location or movement of that natural person. Profiling is a relevant activity for privacy purposes only if it specifically concerns natural persons, therefore when the same operations described herein concern information relating to entities other than natural persons, the privacy policy does not apply and therefore these operations can be carried out by IEG without constraints.
   We process the data to also analyse in a predictive way and/or create groups of natural persons divided by market segments based on a minimum set of elements. For your profiling we analyse the data that you  provide when you use our services (e.g. to request our newsletter or to make purchases, or at the time of your registration or later). In particular, we operate a so-called basic profiling, i.e. not particularly invasive of the privacy of the data subjects, since it is limited to the following data (which for convenience we list in relation to the individual categories of data subjects to which they refer):
   
   1. in the case of exhibitors: name and surname, company name of the organisation to which they belong, contact details, residence or head office, country of origin, website, sector of activity, type of product or service offered, annual promotional/advertising budget, type of distribution - shop, department store, concept store, markets of interest, brand;
   2. in the case of buyers/visitors: name and surname, company name of the organisation to which they belong, contact details, work position and level of responsibility of the contact person, residence or head office, country of origin, website, year of establishment of the company, turnover, number of employees, sector of activity, percentage of business connected to Italy and abroad, Italian and foreign regions of interest, main categories of products or services of interest to the buyer and/or marketed by the buyer (also in terms of percentage of sales by geographical area), categories of customers of the company, purpose of the visit;
   3. in the case of journalists: name and surname, contact details, sector and newspaper to which they belong, country of origin, language;
   4. in the case of event/congress/meeting speakers: name and surname, contact details, sector, profession/topics covered.
   
   In some cases, if you are a customer or prospect, we associate the data you provide to us with additional personal data collected about you while you are visiting our websites or while using the services provided by those websites (e.g. cookies relating to the pages of our website you have visited, the country from which you are connecting) or through other communication channels (e.g. social media) or through services of massive sending of commercial emails (e.g. which messages you have received, which emails you opened, which proposals you accepted through specific actions such as that of opening an attachment or adhering to our request to link to landing pages or attachments to the email message, etc.).
   
   Profiling allows us, in particular, to limit the sending of promotional communications not relevant to your likely expectations and needs or through undesirable channels.
   
   We sometimes associate the above-mentioned data with the following additional data:
   • log data related to your navigation on our websites or to the use of the services provided by our websites (e.g. cookies)
   • data collected through other communication channels (e.g. social media linked from our site, with which you interact).
   
   Such basic profiling activity has a dual purpose: to better understand customers, both by dividing them into groups and considering them individually, and to analyse the effectiveness of marketing to develop and update products, services and offers in line with the preferences of our targets.
   
   Basic profiling aims to align the services and goods offered by IEG with current and potential demand, measure the results of specific promotions, take corrective actions to improve business results (e.g. reducing the risk of investing resources in theme areas marginal to the target) and the effectiveness of business processes (e.g. ascertaining how many messages and promotional content we have sent you have been seen and clicked by you), limit the sending of promotional communications not relevant to your likely expectations and needs or through undesirable channels). This means that IEG does not send the same offers to all data subjects and will be able to send you advertising communications as close as possible to your tastes and interests or preferences, or through the contact methods you prefer, improving your shopping experience, even for your own benefit.
   
   Basic profiling allows us, moreover, to identify and manage the correct positioning of the exhibitor's stand within the different thematic areas of the Event, facilitate meetings between buyers and exhibitors during the Event through the creation of an agenda of meetings between operators based on the automated matching of specific supply and demand.
   
   IEG also uses the data to advertise services and products on social media to other people who have a similar profiles to yours and who may therefore be the most interested in what is offered. In this case, however, IEG does not know the names of the recipients of the promotional measures.
   
   Basic profiling does not imply your exclusion from specific advantages or from the possibility of freely exercising your rights in relation to personal data processed by IEG; in particular, it does not affect your ability to participate in the Events and/or take advantage of our trade fair and/or congress/convention services) (e.g. on-line pre-registration, off-line purchase).
   
   
2. Sending, through any electronic means of communication (e.g. email, text message/sms, instant messaging such as Whatsapp and Telegram, social messages) and through traditional methods (e.g. ordinary mail), commercial communications, advertising and offers to sell products/services similar to those of interest to the customer/prospect or related to products/services for trade fairs/congresses and/or related to them (e.g. industry publishing, championships/competitions, etc.) - on the whole activities defined as "soft spam".
   For further information, see the following chapter "Legal basis of processing".

Mandatory or optional communication of data and consequences of failure to provide

For the primary purposes of processing (provided for above from 1 to 4) processing is lawful even without the consent of the data subject. The provision of data to IEG is mandatory if they are necessary for the fulfilment of legal obligations and failure to provide such data in this case will make it impossible to enter into a contract with you and/or the organization to which you belong.
In other cases, you are free not to provide us with the data, but in this case IEG will not be able to carry out the pre-contractual relations requested by you (e.g. processing of requests for information), register you on the Website and/or provide the services or products in relation to which IEG requests registration and/or the provision of data.

The non-registered user may browse the Site and view only the contents and materials available without registration.

In relation to the secondary purposes of processing (limited to the communication of data from IEG to third parties for the same purposes), your consent is always optional (free and deniable).

cases of simplified consent or Exemptions from the consent requirement for direct marketing purposes

Please note that the Privacy Code allows so-called "soft spam". This means that without having to acquire your express consent, IEG uses the e-mail address and other data that you have provided us with in the context of a previous purchase of services, participation in events, interest in our services, to send you, through email, text messages, instant messaging such as Whatsapp or Telegram, commercial communications and sales offers, provided they relate to products and services (ours and/or of third partners) similar to those of your interest and/or related to them. In general, these activities are referred to as "soft spam".

Upon receipt of any promotional communication made by IEG for the purposes already provided, you will be informed of the possibility of unsubscribing, in which case you will no longer receive promotional communications relating to the event from which you have unsubscribed or from the IEG function relating to communications concerning and sent by the function itself.

In the event of IEG so requesting - for direct marketing purposes other than soft-spam (i.e. to be able to send commercial communications through channels other than those used in the aforementioned soft-spam) - IEG will ask for your prior consent.

Revocation of consent

Even after you have given your consent to the processing of data for the aforementioned direct marketing, as a data subject you may at any time notify IEG of a different desire, through one of the following alternative methods:

• by clicking on the "unsubscribe" button, made available to the user at the bottom of the promotional emails sent to the data subject, an email will automatically be sent to IEG and consequently the name of the data subject registered in a special black-list (managed by our software MAGNEWS), preventing further future direct marketing actions by IEG towards the same;
• by sending a declaration of revocation of consent to IEG by ordinary mail or email (which in this case will be manually recorded in the MAGNEWS software by IEG and in the CRM of the Company). This method of communication is always necessary if the data subject wishes to express a more analytical selective will, either regarding the use of certain individual means and not others (e.g. only paper, only electronic, rejecting that sent by automated systems, etc.) for the reception, with prior consent, of marketing communications of IEG, or regarding individual marketing purposes among those actually feasible (for example, choosing to receive only newsletters and not invitations to our Events);
• by sending, without formalities, a clear communication by telephone that consent has been withdrawn to IEG. Upon receipt of this opt-out request, IEG will remove and delete the data from the databases used for processing for direct marketing purposes and, where possible, inform any third parties to whom the data have been communicated for the same purposes of such deletion.
• If you wish to revoke your consent to any advertising communications that come from social channels (e.g. Facebook, Twitter, etc.), you must directly notify the revocation to the individual social platform, in the manner made available from time to time by the same and/or by the browser you use (IEG not being technically able to affect for such purpose the social platforms of third parties).

The above objection will not have any effect on the provision of any ongoing contract activities.

In the event of IEG requesting your telephone number and of your having given your consent (optional, optional and specific) to this direct marketing purpose, IEG may process it even if you have registered the user in the Public Register of Objections: because the number in this case is communicated by you and not taken from public telephone directories.

IEG may also process personal data, through the use of telephone calls with operator and the use of ordinary mail, for the above purposes of direct marketing other than soft-spam, without your prior specific consent (in which case it is always without prejudice to your right to object to processing in a simplified manner and also electronically through registration in the Public Register of Objections (http://www.registrodelleopposizioni.it) provided for by Presidential Decree 178/2010) of your fixed or mobile telephone number of which you are the holder and other personal data concerning you as a "subscriber" in paper and electronic directories available to the public.

Consent to the communication of data to third parties

IEG may also, only with your further, separate, additional, documented, express and optional consent, communicate or transfer the data to third parties who process them as Joint Data Controllers or independent data controllers (usually third party partners in the promotion of Events) and who use them at their own discretion for their own purposes of direct marketing or profiling. In the event of you not giving your consent, IEG may not disclose data to third parties for such purposes but will not interfere with the relationship -pre-contractual or contractual- between IEG and you or the organization to which it belongs.

Legal bases of processing

IEG may lawfully process the data for the following reasons:

• In the case of the primary purposes, processing is necessary, as the case may be, for the execution of pre-contractual measures taken at the request of the data subject (e.g. requests for clarification, sending of information or commercial offers), for the execution of a contract to which the data subject is a party, or for fulfilling a legal obligation to which EGF is subject (e.g. to allow verification of the correct fulfilment of legal and contractual obligations towards the data subject or towards third parties by the administrative and tax authorities, the audit board or the auditors, etc.).) and/or to pursue the legitimate interest of IEG (prevailing over the interests or rights and fundamental freedoms of the data subject) to process the data in order to effectively and efficiently manage the relationship with customers and/or suppliers and to organise the related production, organisational and management processes (including relations with its subcontractors and/or with parent companies, subsidiaries or affiliates pursuant to art. 2359 of the Italian Civil Code or with companies subject to common control).
• In the case of the secondary purposes of basic profiling and soft-spam, the processing is based on IEG's legitimate interest in promoting its products and/or services to current and potential customers, including on the basis of personalised, albeit non-invasive, criteria.
• In the case of secondary purposes consisting in the transfer of data to third parties,  processing is based on the prior consent of the data subjects (for further information see the following chapter "Communication to third parties".

Communication of data to third parties

IEG communicates your personal data to third parties only when this is necessary and functional to achieve the purpose of data processing pursued as a function of the service or product you requested. The communication to third parties is limited to the data strictly necessary for the respective purposes of IEG.

The third-party recipients shall process the data as:

1. "external data processors" (i.e. on our behalf and in accordance with our written guidelines aimed at ensuring compliance with privacy regulations during processing and under our supervision);
2. "Joint-Controllers" (i.e. on the basis of a written agreement governing their respective activities and responsibilities in relation to personal data);
3. "independent controllers" (in this case they will provide the data subject with all the necessary legal information on respective processing).

As part of the primary purposes and without prejudice to communication to third parties (e.g. tax authorities) made in execution of legal obligations or arising from regulations or other Community legislation, the data may be disclosed by IEG to all persons whose intervention in processing is necessary based on the performance required by the data subject and/or regulatory obligations, including but not limited to: other parent companies, subsidiaries or affiliates of the IEG group and/or third partners that perform activities functional or complementary to the provision of products or services requested by the data subject (e.g. organisational secretarial services, management of requests for information, estimates, orders, contracts, after-sales), third parties in charge of the execution of activities connected with and/or instrumental to the processing (such as sales agents, banks for the management of collections and payments, commercial information companies, debt collection companies, credit transfer companies, credit insurance companies, electronic payment service providers, couriers, carriers and forwarders, enveloping and mail forwarding companies, factoring companies, insurance companies, lawyers and law firms, accountancy experts, accountants, auditors and auditing firms, members of the supervisory body ex Legislative Decree 231/2001 in relation to organisational models aimed at preventing the committing of certain categories of crimes, auditors, third parties responsible for carrying out web hosting services and/or maintenance of this website and/or computer systems used by it and/or electronic files connected to the site, carriers and freight forwarders in charge of transporting goods, call centre service companies that provide customer support during the Events), public security authorities and computer forensics companies in the event of suspected crimes or other offences committed to the detriment of IEG and/or third parties.

To make a payment on the site, you can use the online Paypal service provided by the third-party provider. The user, to complete the purchase, must enter the required data in the screen of interest (e.g. credit card). Such data will be processed by the payment service provider (Paypal Inc. - click on the link: https://www.paypal.com/it/webapps/mpp/ua/privacy-full) which will act as an independent Controller, without passing through the server of IEG, which will only receive notification of payment.

In the case of processing for secondary purposes only (basic profiling, direct marketing limited to soft-spam), pursuant to provisions of the Supervisory Authority dated 4 July, 2013 containing the "Guidelines to combat spam" we will also communicate the data to: advertising and P.R. agencies, companies in charge of marketing analysis, advertising, communication and/or public relations agencies, design companies, press and maintenance of advertising or promotional publishing materials and/or manage them on-line, website production companies, web marketing companies, direct e-mailing service companies (e.g. Mail-ups or similar), call centre service companies with registered offices and operating centres in Italy, consultants and/or other entities to which we entrust activities necessary for these purposes; IT system maintenance companies on which our databases reside or through which they are processed; providers of electronic communications and ICT services; third-party commercial partners - even if operating in production sectors not included in the e-shop, for example other trade fairs or trade associations - with which IEG activates co-marketing or event management actions.

IEG may also share certain data (name, surname, email) with third-party social media platforms (e.g. Facebook, Google) that use them for the sole purpose of identifying other similar people who may be interested in IEG's services and/or products, so as to advertise them through social media platforms. In this case, IEG does not know the names of the data subjects contacted by the social media.

The data are processed within the IEG Customer Relationship Management (CRM) information system dedicated to the management of customers, suppliers and other contacts. This CRM is based on certain cloud services subscribed to by the IEG and provided by third-party providers (SALESFORCE.COM Inc., SugarCRM Inc., HubSpot Inc.), whose servers may be located in the EU or other non-EU countries (see "Transferring Data Abroad" section below).

For the privacy policy of the third provider SALESFORCE, see the URL: https://www.salesforce.com/eu/campaign/gdpr/. SALESFORCE.COM INC. is an American company registered with the competent US body under the EU-US Privacy Shield Convention (see URL: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Privacy/privacy-shield-notice.pdf), which ensures the third-party provider complies with the security requirements of the personal data it processes.

For the privacy policy of the third-party provider SugarCRM INC. see the URL: https://www.sugarcrm.com/legal/privacy-policy. SugarCRM INC. is an American company registered with the competent US body under the EU-US Privacy Shield Convention (see https://www.sugarcrm.com/legal/privacy-shield-notice).

For the privacy policy of the third-party provider HubSpot INC. see the URL: https://legal.hubspot.com/privacy-policy. HubSpot INC. is an American company registered with the competent US body under the EU-US Privacy Shield Convention (see https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG).

IEG has also signed specific agreements with SALESFORCE.COM INC. and HubSpot Inc. for the management of personal data, through which these third-party suppliers have undertaken with IEG to comply with rules that essentially ensure that processing takes place in accordance with legal requirements for the protection of data subjects.

Data dissemination

The data will not be disseminated, unless - contractually and by law - it is required to be published on the IEG website (e.g. publication of online or printed catalogues of exhibitors participating in an Event, publication of a list of winners of competitions or prize operations with a list of names).

Mergers and other events involving automatic transfer

In the event of IEG entering into bankruptcy proceedings (bankruptcy, composition, etc.) or transferring all or part of its business or division of which the personal data is part, or its shares, to a third party, or merging with a third party or substantially transferring all or part of its assets to a third party, such third parties involved may automatically acquire the availability of the personal data and all other information provided by the data subject to IEG. By using this website, the data subject consents to such transfer of information, as required by applicable law.

Data transfer abroad

Data are stored on the Controller's servers located at the Controller's headquarters and/or taken on servers in EU countries of companies providing outsourced IT services to the Controller (e.g. disaster recovery).
We disclose data to third party recipients located outside the EU (subsidiaries of the Data Controller, partners - e.g. People's Republic of China, United Arab Emirates, Colombia, Hong-Kong - cloud service providers, or suppliers and customers (hereinafter the "importers").
Such data transfer takes place against appropriate safeguards, consisting of the prior execution by the third-party importer of a contractual agreement with us by which he or she, for the processing operations under his or her responsibility, undertakes to comply with privacy obligations substantially equivalent to those provided by the EU legislation to us (through the use of standard contractual clauses - or "CCS" - that comply as a minimum with the text adopted by the EU Commission, subject to any additions and/or modifications more favorable to the data subject). (See the following link for more information on this subject)

OTHER CASES OF TRANSFER

IEG makes use of website management, email and/or email direct marketing services provided by third-party providers having their headquarters or servers abroad; in this case, the data are transferred by IEG to the servers of such foreign third-party providers, in compliance with the guarantees dictated in this regard by the GDPR (EU Privacy Regulation 679/2016) and thus:

- on the basis of a decision of the European Commission declaring the adequacy of the level of protection of personal data guaranteed by the third country or,

- in the absence of such a decision, on the basis of adequate safeguards constituted by ad hoc written agreements between IEG and the third party provider, or failing that,

- on the basis of your consent, which in that case is requested by IEG through the appropriate personal data collection forms.

The list of foreign third-party transfer recipients (so-called "data importers") can be viewed at this link.

Period of data retention

The Data Controller shall process the data for the time necessary respectively to pursue the relevant purposes as stated above, in particular:

• for 10 years from the date of conclusion of the contract (in the case of clients) or from the collection of the data of the data subject (in the case of prospects);
• for 10 years from the collection of the data of the data subject (in the case of clients and prospects);
• for 5 years from the publication of the product in the case of promotion of editorial products;
• for a period of 60 days, after the end of each Event, in the case of data made available at points of collection of requests for assistance communicated to us by visitors and exhibitors (including insurance desk, Info point and First Aid);
• for a maximum period of 2 editions of the catalogue for the data contained in the promotional catalogue (paper and/or digital) of the individual Events;
• until the end of the certification and therefore until the certification has taken place for the certification data of the Events;
• for 1 year after collection for data necessary for IT security purposes (e.g. log-in records, failed logs and log-outs when accessing restricted areas of Event-related IEG websites);
• for 10 years from the date of collection of the logs relating to the reading of IEG's online privacy policy and to the online actions (e.g. clicks, flags and the like) through which the communication to IEG of the data subject’s consent is made;
• In the event of a dispute between you and us or our third-party suppliers, we will process the data for as long as it is necessary to exercise the protection of our rights or those of our third-party suppliers, i.e. until the issuance and full execution of a legally binding measure between the parties or of a transaction;
• for 3 months from the end of the individual Event to which they refer for data related to the "Business Matching" service provided during the Events;
• for 3 months from the end of the individual Event to which they refer for data related to the drafting of letters of invitation for the application for consular visas (e.g. copy of passport, etc...).

Upon termination of the respective maximum period of time, the personal data shall be permanently destroyed or rendered completely anonymous.

The duration of retention of data collected by cookies is instead explained in the section "Cookie Policy".

Data controller

The Controller of personal data processing is Italian Exhibition Group S.p.A., with registered office in Rimini, Via Emilia, 155. The data controller has appointed as external Data Processors the categories of external entities to whom the Company communicates personal data for the above purposes (unless they assume the direct role of independent data controllers due to their managerial autonomy in relation to the processing entrusted to them). In the case of external processors, processing will be based on our directives and under our general periodic supervision of the security measures taken by the third party.

The rights of the data subject

As data subject you are entitled to:

• ask the Data Controller to confirm whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data and the following information: (a) the purposes of processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular when these are recipients from third countries or international organisations; (d) where possible, the intended retention period for the personal data or, where that is not possible, the criteria used to determine that period; (e) the existence of the right of the data subject to request the controller to correct or erase the personal data or to restrict the processing of personal data concerning him or her or to object to their processing; (h) the existence of an automated decision-making process, including profiling and, at least in such cases, meaningful information on the logic used, and the importance of and expected consequences for the data subject of such processing.
• where personal data are transferred to a third country or an international organisation, to be informed of the existence of appropriate guarantees relating to the transfer;
• to request, and obtain without undue delay, the amendment  of inaccurate data; taking into account the purposes of processing, the supplementing of incomplete personal data, including by providing a supplementary statement;
• to request the erasure of data if (a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; (b) the data subject withdraws the consent on which the processing is based and there is no other legal basis for processing; (c) the data subject objects to the processing, and there is no overriding legitimate reason to proceed with the processing, or objects to the processing for direct marketing purposes (including profiling functional to such direct marketing); (e) the personal data must be erased in order to comply with a legal obligation under Union law or the law of the Member State to which the controller is subject; f) the personal data have been collected in relation to the offer of services of the information company.
• to request the restriction of processing regarding the data subject where one of the following situations applies: a) the data subject disputes the exactness of the personal data for the period required by the data controller to check the exactness of such personal data; (b) the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that their use be restricted; c) although the data controller no longer needs them for processing purposes, the personal data are required by the data subject to ascertain, exercise or defend a right in court (d) the data subject has objected to processing carried out for direct marketing purposes, pending verification as to whether the legitimate reasons of the data controller take precedence over those of the data subject.;
• to obtain from the data controller, on request, the communication of the third parties to whom the personal data have been sent;
• to revoke at any time the consent to processing of personal data if previously communicated for one or more specific purposes, its being understood that this will not affect the lawfulness of the processing based on the consent given before revocation.
• to receive in a structured format, commonly used and readable by automatic means, the personal data concerning the data subject provided by him or her to the Controller and, if technically feasible, to have such data sent directly to another controller without any impediment by the Controller to whom they were provided, if the following (cumulative) condition is met: (a) processing is based on the data subject's consent for one or more specific purposes, or on a contract to which the data subject is a party and to the performance of which processing is necessary; and (b) processing is carried out by automated means (software) (overall right to so-called "portability"). The exercising of the so-called right to portability is without prejudice to the right to erasure provided for above;
• the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or which significantly affects him or her in a similar manner.
• the data subject may at any time also lodge a complaint with the competent supervisory authority on the basis of the GDPR (that of his or her place of residence or domicile).

The data subject may exercise his or her rights by writing to the Data Protection Officer of the Data Controller, Italian Exhibition Group S.p.A., with registered office in Via Emilia, 155 - 47921 Rimini (Italy) or by email: privacy@iegexpo.it.

It is also possible to request a list of Independent Controllers, Joint-Controllers and External Data Processors.

IEG in order to monitor compliance with the GDPR and the laws applicable to the processing of personal data of the data subject by IEG, the latter has appointed an independent third party (Data Protection Officer): lawyer Luca De Muri, domiciled for the office at the headquarters and the email of Italian Exhibition Group S.p.A.

JOINT-CONTROLLER OF STATISTICAL DATA PROCESSING WITH FACEBOOK

The Privacy Policy on the website www.iegexpo.it is also provided for the Facebook pages of the events of the Italian Exhibition Group (list available HERE). In this regard, Italian Exhibition Group Spa is Co-Chairman of the statistical data processing, together with Facebook Ireland Limited. The data processed also includes the statistical data produced by the Insight function of the Facebook page. - see also Joint statistical data controller together with Facebook.

To view the data regulations of Instagram click HERE

Policy change

This privacy policy, from the date of its publication, supersedes any previous versions. Unless otherwise stated, the above privacy policy will continue to apply to personal data collected up to that time. IEG reserves the right to make changes to this privacy policy at any time by notifying users on this page. Please refer to this page often, taking as reference the date of last amendment indicated at the bottom. In the event of non-acceptance of future changes, the data subject must cease to use the website or the functions to which the change in privacy refers, and in the absence of such abstention the changes will be deemed to have been accepted (except those that change the conditions for obtaining consent to processing, where required).

Privacy Notices –rev.12.07.2022

1. Customers & Prospect Privacy notice (on-site events)
2. Customers & Prospect Privacy notice (for event that use at least one digital platform)
3. Video surveillance notice

Cookies Policy