Information request
PRIVACY NOTICE FOR EXHIBITORS AND VISITORS
(according to art.13 of Regulation (EU) 2016/679)
Dear Exhibitor / Visitor,
Pursuant to the Regulation (EU) 2016/679 (General regulation on the protection of personal data - GDPR) we inform you about the processing of your personal data and your relevant rights.
Data controller
Koelnmesse srl a socio unico (“Koelnmesse”)
Viale Sarca 336/F
20126 Milano
e-mail: privacy@koelnmesse.it
Personal data
Koelnmesse will process the following personal information provided by the Data Subject: name, date of birth, address and city, e-mail address, company, and other personal data (“the Data”). The Data is collected through dedicated forms during events such as exhibitions, conferences, congresses, workshops, surveys and award ceremonies (“Events”), organized by Koelnmesse (sometimes in collaboration with third partners). The Data may also be collected to allow the Data Subject to take part in the Events. The Data are processed in compliance with the principles of lawfulness, fairness, proportionality, necessity, accuracy, completeness and safety, and other legal obligations in force.
The Data is collected from online and/or paper forms including but not limited to pre-registration and participation forms filled in by the Data Subject and/or acquired by third parties authorized by Koelnmesse or collected via tablets or other mobile devices during the Events.
If the Data Subject takes part in an Event that requires – for security reasons – the creation of a badge displaying the image of the Data Subject, the Data Subject’s photograph may be taken by the Event staff authorized by Koelnmesse at the entrance of the Event venue.
The Data Controller may also require the following optional Data: academic qualifications, other educational qualifications, professional position, telephone and fax numbers, web address.
The Data may be shared with: employees and freelance workers authorized by Koelnmesse, Koelnmesse subsidiaries, and commercial agents. The third parties that process the Data have been appointed “Data Processor”.
To enable the Data Subject to take part in an Event following filling out the relevant form, Koelnmesse may also transfer the Data to third parties who shall process the Data as Data Controllers.
Purposes of Data processing
We inform you that your Data will be processed with digital and paper instruments for the following purposes:
1. To fulfil contractual and legal obligations deriving from the participation of the Data Subject in Events organized by Koelnmesse (or in cooperation with other partners). To send pre-contractual information (i.e.: programs, proposals, etc.) related to the Events if the Data Subject requests them.
2. To organize and manage the Events. For example: ticket management, payment management (included the control of the payment success by third-party operators), entry pass management, creation and verification of personal identification tags for security purposes, management of services requested by the Data Subject (i.e., translations, hosting staff), management of contracts signed with providers of goods and services provided during the Event; to generate anonymized statistical data.
3. Provided the consent of the Data Subject, to send commercial communications concerning Events and products by Koelnmesse, other companies of the Koelnmesse Group, third parties (organizers, exhibitors, operators involved in the events or also operating in other sectors); to engage in direct selling; to carry out market research.
Legal basis for the Data processing
The processing for the purpose 1 has the following legal basis: the processing is necessary for the performance of a contract to which the Data Subject is a party or in order to take steps at the request of the Data Subject prior to entering into a contract, and the data processing is necessary for compliance with a legal obligation to which the controller is subject. For this processing, the Data Subject’s consent is not required. However, if the Data Subject refuses to provide these Data, Koelnmesse will not be able to provide the services requested by the Data Subject.
The processing for purpose 2 has the following legal basis: legitimate interest of the Data Controller. The legitimate interest of Koelnmesse covers all organizational activities necessary to create Events; to allow the Data Subject to take part in the Events to participate efficiently and effectively in the Events and to manage relations with third party suppliers of functional goods and services and/or connected to the Events. For these purposes, therefore, Koelnmesse does not need to receive prior consent from the Data Subject. Should any Data Subjects choose not to provide these data, they will not be able to participate in the Event.
If and only if the Data Subject participates in an Event that requires creating and carrying an identification tag due to security measures adopted by the Event venue, a relevant photograph is collected and processed by Koelnmesse only after obtaining the dedicated written consent of the interested party, which constitutes the legal basis of the data processing and to which the Data Subject may always object. However, without the Data Subject’s consent to process the required photograph, Koelnmesse S.r.l. shall not allow the Data Subject to participate in the Event in question.
During the Events organized by Koelnmesse or its partners, video recordings and/or photographs may be taken on site by Koelnmesse and/or photographers and/or video-makers authorized by the company, and published on websites and social media channels (e.g. Twitter, Facebook, WhatsApp, Youtube, Vimeo, etc.) indicated by Koelnmesse, as well as printed on brochures, catalogs, and other promotional materials.
Since fairs are considered “public events”, the explicit consent of the Data Subject for photograph processing in case of fairs is not required. Furthermore, any photographs, video footage or voice recordings (including voice in films ) that feature the Interest Party’s face and/or voice may only be published for promotional purposes on paper materials or Koelnmesse’s digital channels intended for the public (e.g. catalogues, brochures, flyers, websites, landing pages, blogs, social networks) with the explicit written consent of the Data Subject obtained during or prior to the Event as such consent constitutes the legal basis of the data processing. The Data Subject may refuse to provide consent for the processing of his or her image for the purpose in question. By providing consent, the Data Subject renounces to any economic remuneration for the use of his or her image.
As Data Subject you may request (at any time, including after publication) the darkening of your face featured in any images published online by Koelnmesse, without prejudice to the lawfulness of the processing operated by Koelnmesse or by authorized third parties until the date of withdrawal of consent. Such request shall be communicated by email to the email address privacy@koelnmesse.it.
Categories of Recipients
The Data will be processed, insofar as it is necessary, by authorized personnel, adequately trained by the Data Controller, and by third parties who provide services to the Data Controller and process data as Data Processor (according to the instructions of the Data Controller). Besides the communications of personal data carried out in compliance with legal and contractual obligations, all Data collected and processed may be communicated exclusively to the following categories of recipients:
- Banks and credit institutions;
- Consultants;
- Public institutions;
- Accountants;
- IT service providers.
Moreover, the Data may be communicated by Koelnmesse to the suppliers of the IT systems management and maintenance services as well as companies entrusted with delivering any services necessary for the organization and management of the Events, who will process the data as Data Processors.
The Data may also be communicated by Koelnmesse to third-party commercial partners with whom Koelnmesse shares management and/or promotion activities related to the Events, which will process the Data as independent Data Controllers or Data Processors.
The Data Controller may disclose the Data Subject’s data to third parties that perform control, auditing and certification activities for tax and judicial assistance. Moreover, the Data may be disclosed to authorized auditors in case it is necessary for a valuation of the corporate assets. Finally, the Data may be disclosed to public administrations and institutions, Italian and foreign judicial authorities and other public authorities, to fulfil legal obligations, or to fulfil obligations arising from contractual relationships, including the defense in court.
Transfer of data to third countries
In case of Events taking place in non-EU countries (i.e. United States, People’s Republic of China, India), organized entirely or partly by Koelnmesse, the Data can be communicated to third parties operating in those countries.
If Koelnmesse transfers your data to service providers or group companies outside the European Economic Area (EEA), the transfer will only be made if the third country has been certified by the EU Commission as having an adequate level of data protection (Art. 45 (1) GDPR), or given the existence of other adequate data protection guarantees as defined in Art. 47 GDPR.
The transfer of data to third countries is planned if this is necessary for the fulfilment of a contract, or if the Data Subject explicitly requests to forward the data to third parties.
Duration of the storage of your data
We shall erase the Data as soon as these are no longer required for the aforementioned “Purposes of Data Processing”.
If law obligations apply and concern documents with your data, we shall erase the Data upon expiry of the statutory retention obligations.
Rights of the Data Subject
The Data Subject may exercise the rights granted by the GDPR (articles 15-22), including:
1. The right to receive confirmation as to whether the Data Controller is processing the Data Subject’s personal data (access rights);
2. The right to update, modify and / or correct personal data (right of rectification);
3. The right to request the erasure of the Data or the restriction of the processing. This right can be granted if the process is unlawful or the controller no longer needs the personal data for the purposes of the processing (right to be forgotten and right to restriction of processing);
4. The right to oppose to the processing (right of opposition);
5. The right to propose a complaint to the Supervisory Authority in case of violation of the regulations regarding the protection of personal data;
6. The right to receive an electronic copy of the Data Subject’s personal data (in a structured, commonly used and machine-readable format) and right to transmit those Data to another controller without hindrance from the controller to which the personal Data have been provided (right to Data portability).
Contact details of the Personal Data Protection Officer (DPO)
The Data Subject can contact the Data Protection Officer (DPO) using the following contact details:
Company: Argo Business Solutions Srl
Mail: dpo.koelnmesse@argobs.com
Address: Viale Degli Angeli 6, 12100 Cuneo (CN), Italy
Telephone number: +39 011 19115359