INFORMATION ON PROCESSING OF PERSONAL DATA

 REGULATION (EU) 2016/679 (GDPR)

 

 

1 INTRODUCTION

This information is provided under article 13 of  Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation)  , in relation to personal data of which CremonaFiere may come in possession of, as a result of:

  1. a) registration on following websites: cremonafiere.it, www.fierezootecnichecr.it, www.cremonamusica.com, www.ilbonta.it (hereinafter referred to as “Website”);
  2. b) registration and participation into events organized by CremonaFiere S.p.a: Cremona International Livestock Exhibitions, Cremona Musica International Exhibitions, Il BonTà (hereinafter referred to as “Event”);

c ) participation in training and informative initiatives (scientific events, conferences, seminars and presentations) (hereinafter referred to as “Programme”)

  1. d) reservation and use of technical and logistical services (hereinafter referred to as “Services”).

 

 

2 HOLDER OF DATA PROCESSING

Data holder is CremonaFiere SpA (hereinafter referred to as “Society”) with headquarters in Piazza Zelioli Lanzini 1, 26100 Cremona. As part of its activity and for the purposes mentioned here below, the Society could avail itself of services carried out by third parties operating on behalf of the Society and following its instructions as holder of data processing.

These parties will provide the Society with computing or instrumental services (i.e. database management and technical maintenance of CRM, IT services and website maintenance, etc.). Data processing will ensure security and confidentiality of data through the adoption of measures set forth by art. 32 of the Regulation in order to ensure integrity of processed data and prevent access by unauthorized parties.

 

3 PROCESSED DATA

The Society will process following personal data: Biographical data (such as: first name, family name, email address, product type and area of interest).

 

4 PURPOSE OF DATA PROCESSING

Data are collected for following purposes: registration on the website, registration for the event or for the scientific and informative programme, subscription to the newsletter, update request on topics of events organized by the Society, information requests on the programme, update on offers and services provided by the Society, use of services of the Society, statistical evaluations and market studies and, if necessary, to defend the rights of the society in civil, administrative and criminal disputes. Consent can be revoked at any time.

Data will be kept for 10 years. After the expiry of time limits, data will be destroyed, erased or made anonymous in accordance with technical procedures for cancellation and backup.

 

 

5 METHODS OF PROCESSING

Data processing is based on  the principles of necessity, correctness, lawfulness, transparency and  data minimisation (privacy by design). Data shall be processed manually and/or using automated means following appropriate technical and organizational procedures and shall depend on the state of technical means and implementation costs  to ensure, among others, safety, confidentiality, integrity, availability and resilience of systems and services against destruction, loss, unauthorized disclosure or access. Reasonable step must be taken to ensure that data are promptly erased or rectified whenever they are found to be inaccurate with regards to the purposes for which they were collected.

 

  1. DATA SUBJECTS’ RIGHTS (ARTT. 15-22 of the GDPR)

6.1 Data subjects are holders of the rights as set forth by art. 15 to 22 of the GDPR, where applicable.

6.2 In particular, data subjects may request access to Data, rectification of incorrect Data, integration of incomplete Data, erasure of recorded Data and limitation of data processing in the cases provided for in art. 18 of the GDPR.

6.3 Data subjects shall have the right to object, at any time, the processing of personal data for the purposes of the legitimate interest pursued by the Holder.

6.4. Data subjects shall have the right, in the cases provided for in art. 20 of the GDPR on the right to data portability, to obtain from the Holder those data in a structured and commonly used electronic format and, if technically feasible, to transmit them to another holder without obstructions.

6.5 Data subjects shall revoke at any time the consent given for marketing and or profiling purposes and to object data processing for marketing purposes, profiling for direct marketing included. Notwithstanding, the possibility remains valid for data subjects preferring contact by traditional means, to object only communications sent through automated systems.

6.6 Data subjects shall lodge a complaint to the competent supervisory authority (in particular in the Member States where they normally reside or work or in the State in which the alleged violation occurred).

6.7 Those rights may be exercised by sending by registered post to CremonaFiere SPA. Piazza Zelioli Lanzini 1, 26100 Cremona to the kind attention of the DPO or by email at: privacy@cremonafiere.it.

 

  1. PRIVACY MANAGEMENT MODEL

7.1 The Society, as Holder of data processing, has developed a model for personal data protection by indicating roles and responsibility and by defining, in particular,  heads of corporate organizational units,  who will be responsible, within their scope, for the implementation of the model in accordance with applicable provisions (“ Privacy Referents”).

 

7.2 Data shall be processed by employees responsible for corporate functions dedicated to the pursuit of above mentioned scopes (hereinafter referred to as Authorized Employees). Authorized Employees have been designated as persons in charge of processing and have received adequate operational instructions.

 

  1. CATEGORIES OF THIRD PARTIES TO WHICH DATA MAY BE DISCLOSED IN THEIR ROLES AS DATA HOLDER OR WHO MAY COME TO ACQUIRE KNOWLEDGE THEREOF IN THE CAPACITY OF PERSONS IN CHARGE OF PROCESSING.

 

8.1 Data may be disclosed to third parties operating as holder of data processing , such as, authorities and control bodies and other private or public entities who have the right to request access to data.

8.2 Data may be processed on behalf of the Society by third parties who are given adequate instructions. These parties are included in following categories:

  1. companies providing e-mailing or business contact
  2. companies providing website maintenance services;
  3. companies providing support to carry out market research