POLICY FOR THE PROCESSING OF CUSTOMER PERSONAL DATA WITH CONSENT
BF Servizi Srl, with registered office in Bologna, Via Alfieri Maserati no. 18, enrolled in the Register of Companies of the Province of Bologna under no. 318328, Tax Code and VAT no. 03821790379, in the person of its Managing Director, Engineer Giovanni Giuliani e-mail firstname.lastname@example.org (hereinafter, “Data Controller”), in its capacity as Data Controller. Informs you that the data you provide will be processed in compliance with current legislation.
1. Purpose of the Processing.
The Data Controller processes only personal identification data (for example: name, surname, company name, tax code, VAT number, address, telephone, e-mail, bank and payment details – subsequently, “Personal Data”) provided by you for the purposes and by the persons referred to in the following articles 2), 4) and 7).
2. Purposes of processing.
2.1 Your personal data will be processed for the following purposes:
- fulfilling of pre-contractual (sending estimates) and contractual obligations deriving from the existing relationship with the undersigned (fulfilment of the contract, access to the fair, issuing and signing of the delivery report, issuing of the invoice);
- compliance with the provisions of law and regulations (for example, tax returns to judicial authorities if requested, notices to be provided to public bodies for any authorization requests, correspondence with the fair organisers);
- exercise the rights of the Data Controller, for example the right to legal defence;
The provision of data for the aforementioned purposes is mandatory. The lack of data and / or any express refusal to process data will make it impossible for the Data Controller to fulfil the contract, without prejudice to the provisions of article 8 below.
2.2. Subject to your express consent, your Personal Data will also be processed by the Data Controller for the following purposes:
- for the purposes of promotional and marketing activities carried out by the Data Controller through automated and non-automated systems (sent directly by the Company or through the “Mailchimps” and “Magnews” platforms and IT tools) with the purpose of sending newsletters, market, statistical and customer satisfaction research, advertising material, commercial communications and invitations to take part in events organised by the Data Controller;
- promotional and marketing activities carried out by these companies through automated and non-automated systems (sent directly by the companies or through the platforms and the “Mailchimps” and “Magnews” IT tools) for the purpose of sending newsletters, market research, advertising material, commercial communications, and invitations to participate in events organised by said companies;
- with automated processing, including profiling (“the collection and processing of data concerning the users of a service in order to divide them into groups according to their behaviour”), for promotional and marketing purposes, with the express exclusion of making decisions that may have legal effects on the data subject based solely on automated processing;
- for the purposes of automated processing by the Data Controller, including profiling (“the collection and processing of data relating to the users of a service, in order to divide them into groups according to their behaviour”) for promotional and marketing purposes, with the express exclusion of decisions, which may have legal effects for the data subject, based solely on automated;
- for the purpose of transferring your Personal Data by the Data Controller to the companies of the BF Servizi Srl group, Bologna Fiere and Giplanet (meaning all subsidiaries or associates of BF Servizi Srl, BolognaFiere SpA and GiPlanet SpA), so that they may also interact with social networks by displaying sponsored pages, it being understood that the interactions and information acquired will in any case be subject to the User’s privacy and cookie settings for each social network;
- So that the Data Controller can interact with the social networks by viewing sponsored pages; the interactions and information acquired will in any case be subject to the User’s privacy and cookies settings relative to each social network.
The expression of consent in the cases specified above shall not be a condition for the provision of the Data Controller’s services.
3. Processing methods.
Your personal data is processed using the methods indicated in Article 4 of the Privacy Code and Article 4, No. 2) of the GDPR, and more precisely: collection, recording, storage, consultation, processing, extraction, use, blocking, communication, erasure and destruction of data.
The personal data is processed both on paper and electronically. In any case, the logical and physical security of the data and, in general, the confidentiality of the Personal Data processed will be guaranteed, by implementing all the necessary technical and organizational measures adequate to guarantee their security.
4. Access to and processing of the data.
4a) For the purposes referred to in article 2.1) above, your data will be processed or simply may be accessible for the purposes mentioned above: by the staff (employees and collaborators) of BFS, who will act based on their appointment as person in charge of the processing and under the Data Controller’s liability, by the companies of the Bologna Fiere SpA Group and/or consultants and/or subcontractors, external companies that also provide IT services, to which BFS requests the execution of some services for the pursuit of the purposes referred to in Article 2 above, which will be applied, if necessary, through external Data Processors.
4b) For the purposes referred to in article 2.2. apart from the persons referred to article 4a) the following persons may have access to your data or may process your data: third party companies (Webees Srl single-member company, Bologna Fiere SpA, Diennea Srl – MagNews platform), based on contracts for provision of services and, where appropriate, by virtue of external data processors.
5. Retention of Personal Data.
The Personal Data is stored on servers located in the Data Controller’s offices and on the cloud and will not be transferred, except as provided in Article 7 below.
6. Personal Data retention period.
The Data Controller will process the Personal Data for the purposes referred to in Article 2.1 above. for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the purposes of protection under the statute of limitation.
For data processing subjected to consent referred to in Article 2.2 above and taking into account the Data Controller’s business as well as that of the Third-Party recipients of the Data, as indicated in Article 2.2 above, as well as the potentially recurring interest by the Data Subject in purchasing again, the Personal Data will be processed for a maximum period of three years, unless the consent is revoked, which must be done in writing by e-mail to: email@example.com.
7. Recipients and recipients categories.
In addition to the recipients referred to in Article 4 and to the subcontracting service providers and suppliers of goods, in the event that data transfer is necessary and essential for fulfilment of the contract. The Data Controller may communicate some of your personal data to companies of the Bologna Fiere Spa group and / or consultants appointed by BFS for provision of services for the pursuit of the purposes referred to in art.2.1. above.
In the event of appointment concerning the supply of exhibition stands in territories other than Italian ones, the Data Controller may communicate some of your data to subjects residing abroad, exclusively for the purposes and if essential to the fulfilment of contractual obligations.
The transfer of data is regulated, as required by law, by appointment of the third parties as Data Processor.
The list of Data Processors is updated by the Data Controller and is available for consultation at the Data Controller’s registered office.
8. Rights of the Data Subject.
In your capacity as a data subject you have the rights referred to in Article 7 of the Privacy Code and Articles from 15 to 21 GDPR including:
- Right of access – To obtain confirmation of whether or not your personal data is being processed and, if so, to receive information regarding, among others: the purpose of the processing, the categories of personal data processed and the retention period, recipients to whom it may be communicated (Article 15 of the GDPR);
- Right of rectification – To obtain, without undue delay, the correction of inaccurate personal data concerning you, as well as the integration of incomplete personal data (Article 16 of the GDPR);
- Right to erasure – To obtain, without undue delay, the erasure of personal data concerning you, in the cases provided for by the GDPR (Article 17 of the GDPR);
- Right to the restriction of processing – To obtain the restriction of processing, in the cases provided for by the GDPR (Article 18 of the GDPR);
- Right to data portability – To receive the personal data concerning you in a structured format, in common use and readable by an automatic device, and to have the data transferred to another Data Controller without hindrance, in the cases provided for by the GDPR (Article 20 of the GDPR);
- Right to object – To object to the processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue with the processing (Article 21 of the GDPR);
- Right to withdraw consent – to revoke, at any time, one or more consents expressed for the processing of Data, subject to the manifestation of consent (Article 7 of the GDPR).
- Right to file a complaint to the competent supervisory authority – To file a complaint to the Data Protection Authority Piazza di Montecitorio, 121, 00186, Rome (RM).
9. How to exercise your rights.
The rights referred to in Article 8) above may be exercised at any time by sending a written notice to: firstname.lastname@example.org.
It should be noted that, the data controller will respond to the request within 30 days and, in the event of acceptance of the request, the Data Controller ensure that third parties responsible for processing employee data are duly notified.
If the request is accepted, the Data Controller undertakes to delete it also from any archives, allowing remote verification by the user.
If you intend to lodge a complaint regarding the methods of processing your data or regarding the response to your requests, you have the right to submit a request directly to the Supervisory Authority. We inform you that the Data Protection Officer of BF Servizi can be contacted at the e-mail address: email@example.com