New visitor? Register now
Attention! The fields marked with an asterisk (*) are compulsory.
The interested party confirms that he has read, understood and accepted all the clauses of these General Visitor Regulations.
Pursuant to the articles 13 and 14 of the EU Privacy Regulation 679/2016 ("GDPR") we inform you that the personal data provided by the interested party ("you"), for yourself or for the organization to which you belong, to Italian Exhibition Group S.p.A. ("IEG") and to TAKING OFF SRL (“Taking Off”), hereafter also the Joint Controllers or "We", on the occasion or in connection with the " Expo Be Active " Event (hereinafter "Event"), organized by the Joint Controllers, also in collaboration with third party partners, are treated in compliance with the principles of lawfulness, fairness, correctness, proportionality, necessity, accuracy, completeness and safety and other legal obligations in force.
The "Event" can also be held on online platforms (eg SWAPCARD, ect…), both in virtual and on-site form, or in full digital form, which allows for online meetings between exhibitors and visitors, with the creation of an agenda of meetings that will put interested parties in direct contact. The aforementioned platforms can also be used by the visitor to request contacts with the exhibitors present on it, through the following actions: saving one or more exhibitors on the list of "favorites", chat, networking.
Categories of interested parties. Processing operations and collection methods
The processed data concerns customers (ie exhibitors, visitors, buyers, conference / congress participants, speakers of the "Event”, leading companies, industry associations, participants in championships / competitions and / or workshop, concessionaires of exhibition and / or advertising spaces, third party organizers and sponsors who have played their respective roles over the last 10 years) and prospects (subjects who have expressed interest in the "Event”, over the last 10 years - for example also through the delivery of their own business card or request for information or quotes – journalists), intended as natural persons over the age of 14 who act on their own and/or as internal contacts of legal entities, institutions or other organizations. The individual categories of data collected are indicated in our collection forms which supplements this information.
The processing takes place with electronic and paper instruments and with logics connected to the single purposes stated below.
We collect data i) through online forms or paper forms or via pre-registration or participation app you filled in and / or acquired by third parties authorized by us or ii) via mobile devices such as tablets, smartphones present in the place of the Event.
The data collected may be processed by the staff expressly authorized by Joint Controllers, within the limits strictly necessary for the performance of the respective activities assigned to it (eg legal, commercial, marketing, administrative, logistic, IT, management control, etc.).
Purpose of the processing
The processing has the following purposes:
1. Fulfillment of contractual and legal obligations deriving from participation or connected to the already contractual or potential participation of the interested party in the “Event”.
2 Planning and organizational management of the Event, eg issue and payment of securities, credits and entry passes (including check of payment termination by third-party services), management of personal identification tags (with photo ID) for security, planning and management of specific services requested by you (for example translation services, hostesses, catering, accompaniment), communication, management of the contracts we stipulate with third-party suppliers of goods and / or services used by you during or on the occasion of the “Event”; publication of name and surname or company name and name, telephone number, fax, e-mail, website, in the public online and paper catalog of the Event in which you participate; communication, upon your request for pre-contractual information (eg programs, proposals, etc.) connected to the Event, drafting of invitation letters for consular visa applications.
As part of the aforementioned purpose, IEG will also be able to offer the visitor / buyer the possibility of using the QR code technology, with which the visitor / buyer can transmit their data directly to the exhibitor of interest at his stand, or scan the QR code. present at the booth of the chosen exhibitor; in both cases, the data will be processed by the exhibitor as an Autonomous Owner.
3. Sending, exclusively by IEG (via email, ordinary mail, sms, mms, push-up messages, instant messaging functions such as whatsapp, telefax, telephone calls with operator, social networks and other automated tools) of commercial communications, advertising and sales offers products / services related to those of your interest or relating to exhibition / congress and / or related products / services (eg sector publishing, championships / competitions, etc.) overall activities defined as "soft spam".
3.1 Sending by TAKING OFF (through transactional e-mails, social networks and other automated tools and/or cloud platforms) of communications, e-mail marketing, offers for sale/promotion of products/services similar to those of your interest or relating to trade fair products/services, events and/or related to them as a whole activities defined as "soft spam”.
4. Profiling. (exclusively by IEG). The profiling detects for privacy purposes only if it concerns natural persons, that is individual companies or partnerships and relative partners / directors, or internal referents of corporations, institutions or organizations.
The profiling uses some data supplied by you and sometimes associates them with company data taken from public databases (eg the Business Register of the Chamber of Commerce). For example, IEG treats the following data:
i) in the case of exhibitors: name and surname, business name of the organization to which they belong, contact details, residence or location, country of origin, website, sector of activity, types of product or service offered, annual promotional / advertising budget, type of distribution - store, department store, concept store, markets of interest, brand;
ii) in the case of professional operators/visitors/sponsors: name and surname, business name of the organization to which they belong, job attachment, level of professional responsability, contact details, residence or location, country of origin, website, year of foundation of the company, turnover, employees number, sector of activity, percentage of business connected to Italy and to the foreign, Italian and foreign regions of interest, main categories of products or services of interest to the buyer and / or marketed by the same also as a percentage of sales by geographical area, categories of customers of the company, purpose of the visit;
iii) in the case of journalists: name and surname, contact details, sector and title, country of origin, language,
iv) in the case of Event speakers/conference attendees/conventioneers: name and surname, contact details, sector to which they belong, professionalism / topics covered.
In some cases, if you are a customer or a prospect, we associate the data you provide to us with your personal data acquired during your browsing on our websites or during the use of the services provided by these sites (eg cookies relating to pages of our website that you have visited, to the country from which you connect) or through other communication channels (eg social media) or through mass mailing of commercial e-mail (eg which messages have arrived, such as e-mails you has opened, what proposals you have accepted through specific actions such as opening an attachment or adhering to our request to link to landing pages or attachments to the email message, etc.).
The profiling allows IEG, in particular, to limit the sending to you of promotional communications not pertinent to your probable expectations and needs or through unwanted channels.
The limited nature of profiling does not exclude you from specific advantages or from the possibility to freely exercise your privacy rights, nor has any particular legal effects; in particular it does not in any way prejudice your ability to participate in the “Event” and/or take advantage of our services (eg online pre-registration, purchase of services).
4.1 Profiling (carried out by TAKING OFF)
Profiling uses some data you provide us and sometimes associates them with company data taken from public databases (e.g. Chamber of Commerce Register of Companies). For example, TAKING OFF processes the following data:
i) in the case of Exhibitors: name and surname, company name of the organization to which they belong, contact details, residence or headquarters, country of origin, website, sector of activity, types of products or services offered;
ii) in the case of professional operators/visitors/sponsors: name and surname, company name of the organization to which they belong, contact details, residence or headquarters, country of origin, website, sector of activity;
5. Only with your separate consent: communication of data to third-party partners of Joint Controllers (eg Event organizers, Exhibitors or other operators active in the Event), for autonomous direct marketing actions related to goods / services concerning such third-party partners.
Legal basis of the processing. Mandatory or optional nature of providing data and consequences of failure to provide data
The processing for the purposes sub 1 has its legal basis in our need to fulfill the obligations assumed through the contract stipulated or to be stipulated with you (and to carry out all the actions functional to the correct and complete execution of the commitments undertaken therein) and / or to the legal obligations connected to it including facilitating the management of relations between exhibitors and visitors. Therefore, this treatment does not require your prior consent and you are also free not to provide your data, however, in this case, we will not be able to stipulate the requested contract and / or regularly provide the service requested by you or by the organization to which you belong. (e.g. let you participate in the event of interest and provide you with the related services for example for the webinar of interest and/or for the virtual and/or face to face business meeting of interest) and / or we will not be able to fulfill the legal obligations related to the contract.
The processing for the purposes sub 2 has its legal basis in our legitimate interest to organize the “Event”, plan and manage all the organizational activities useful to allow you to participate efficiently and effectively in the EXPO BE ACTIVE Event and to manage contacts with exhibitors of interest. allowing the Joint Controllers to verify certain professional requirements and skills that are absolutely necessary for the evaluation of the candidate to participate in the reference competition/event. In particular, the request for personal data and documents, especially for foreign guests, will make the correct understanding of the data more reliable, but above all, the verification of the reliability of the company that requires an entry visa will be more secure.
In particular, the request for personal data and documents, especially for foreign guests, will make the correct understanding of the data more reliable, but above all, assurance of the reliability of the company that requires an entry visa.
Therefore this treatment does not require your prior consent. You are free not to provide the data, but in this case you will not be able to participate in the Event.
During the “Event” are made, by the Joint Controllers, and / or by photographers and / or videomakers authorized by them, video footage (including voice) and / or photographs. These generic images concern trade fairs that can be qualified as public events and are therefore treated, without your consent, for publication on our websites / landing pages and social profiles (eg Twitter, Facebook, Whatsapp, Youtube, Vimeo, etc.) and on brochures, catalogs, flyers and other printed material that promotes the Event.
In the event that, however, the aforementioned images portray you in a recognizable way, the Joint Controllers may publish them for the same promotional purposes, on the aforementioned our printed materials or electronic / digital channels intended for the public (eg catalogs, brochures, flyers, websites / landing pages, blogs, social networks), only with the necessary prior consent (which is the legal basis of the processing), issued on the spot to our official photographer and / or videomaker.
In the latter case, you can deny consent thus inhibiting the aforementioned treatment; on the other hand, by giving us your consent, you expressly waive any financial compensation for using your image. You can request at any time the obscuring of the face portrayed in the images published online, without prejudice to the lawfulness of the processing operated up to the date of obscuration. The Joint Controllers do not guarantee the obscuration of third-party autonomous data controllers on online channels.
The processing for the purposes sub 3 (soft spam) has its legal basis in the legitimate interest of IEG to freely contact their customers, as well as prospects, in order to be able to propose to them new relative opportunities through electronic/telephone/paper channels to services or products similar to those previously purchased / contracted (in the case of customers) or to those for which interest has been expressed (in the case of prospects), or in the case only of IEG relating to products/services for exhibitions / conferences and / or related to them (eg publishing of sector, championships / races, etc.). Therefore the soft spam, as described above, can lawfully take place even without your prior consent, which is therefore not necessary.
The processing for the purposes sub 3.1 (soft spam) has its legal basis in TAKING OFF's legitimate interest in freely recontacting its customers, as well as prospects, in order to be able to offer them new opportunities relating to services or products similar to those previously purchased/contracted (in the case of customers) or to those in which interest has been expressed (in the case of prospects). Therefore the so-called soft spam, just described, can lawfully take place even without your prior consent, which is therefore not necessary.
The processing for the purposes sub 4 (profiling) has a legal basis in the legitimate interest of IEG to maintain and analyze a limited set of information concerning you, in order to be able to contact you more effectively if you are one of our customers or prospect. Given the limited perimeter of data used in profiling, it also takes place without your prior consent, which is therefore not necessary.
The processing for the purposes sub 4.1 (profiling) has a legal basis in TAKING OFF's legitimate interest in maintaining and analyzing a limited set of information concerning you, in order to be able to contact you more effectively if you are a customer or prospect. Given the limited perimeter of data used in profiling, it also takes place without your prior consent, which is therefore not necessary.
The processing for the purposes sub 5 (transfer of data to third parties) takes place only with your specific express consent (thus constituting the legal basis for the lawfulness of the processing).
The consent requested may be freely denied by you, without prejudice to your right to participate in the Event and / or to obtain the services requested by you.
Communication and dissemination of data
For the purposes sub 1 and 2, the data are communicated by the Joint Controllers to: suppliers of the management and maintenance service of our IT systems, websites and databases, photographers and/or videomakers who create the video-audio materials or the related post- production, journalists and newspapers, companies entrusted with services necessary for the organization and management of the Event (e.g. installation of fittings and equipment, publishers of paper and online catalogues, logistics, security, private surveillance, first aid, hostess, etc.) diplomatic representations consultants, banks (for the execution or receipt of payments related to the Event), to hotels, suppliers, Public Authorities to obtain entry visas, to staff of the Joint Controllers authorized to process the data (Communication, Travel, Sales, Marketing, etc…).
For the purposes sub 3 and 4, the data are communicated to: companies in charge of marketing analysis, advertising, communication and / or public relations agencies, digital and paper publishing companies that produce our advertising or promotional materials, production companies of websites or blogs, web marketing companies, subjects in charge of the design and / or maintenance of promotional materials, IT systems management and maintenance companies, websites and databases used to organize and manage Event, image agencies.
These third parties will process the data as External Managers in accordance with our written directives and under our supervision.
For all the aforementioned purposes, we also communicate the data to third-party commercial partners who participate in the creation and / or promotion of the Event, which will treat the data as Autonomous Owner or Joint Controllers or external managers. You can ask us for a list of Joint Controllers, Autonomous Owner and external manager (see the "rights of the interested party" section of this information).
Transfer of data abroad
IEG communicates the data to third party recipients based outside the EU (companies controlled by the Data Controller, partners - eg. People's Republic of China, United Arab Emirates, Colombia, Hong-Kong - cloud service providers, or suppliers and customers (hereinafter the "importers ").
This data transfer takes place in the face of adequate guarantees, consisting of the prior stipulation by the third importer of a contractual agreement with us through which he, for the treatments within his competence, undertakes to comply with privacy obligations substantially equivalent to those provided. from EU legislation to ns. load (through the use of standard contractual clauses - or "CCS" - compliant at least with the text adopted by the EU Commission, except for any additions and / or changes more favorable to the interested party).
In some cases of data transfer to cloud suppliers based outside the EU, these suppliers are subject to the regulatory powers of local public authorities and in some situations, based on foreign legislation, (in the USA: the Federal Trade Commission, 'Article 702 of the FISA and the Executive Order EO 12333) the importer may be obliged to communicate the personal data transferred, in response to requests received from public authorities, to meet national security requirements (e.g. anti-terrorism) or application of local law (with consequent possible access to data, of which the importer, based on local legislation, may not have to give notice to the exporter and the interested party, who will therefore not be able to exercise the relative rights normally recognized by the GDPR).
Therefore, in the abstract, the risk cannot be excluded that in certain and exceptional situations related to the aforementioned specific requirements, the foreign public authority may process such data without applying substantially equivalent safeguards to those provided for by the GDPR to the data subject. However, the risk that the American public authority actually has an interest in applying local legislation to the transferred data appears to be reasonably negligible based on the following circumstances:
i) the performance of the exporter (IEG) in favor of the interested parties whose data the importer processes and the consequent data processing, have a limited object (the provision of exhibition services) and a limited purpose (the management of technical processes - organizational functional to the aforementioned services and the fulfillment of legal obligations); the performance does not involve the publication of personal opinions, comments or similar information, nor the making available of services or products that can be used in activities against national security;
ii) the types of personal data transferred are limited (eg personal, contact, contractual, administrative data); no particular categories of data are transferred (e.g. on political and religious opinions, biometrics); the categories of interested parties to which the data refer are limited (exhibitors, visitors, participants in events, buyers, journalists, speakers) and they concern operators belonging to product or economic categories that are not reasonably relevant with regard to national security purposes ( eg tourism, wellness, machine handling, sports activities, and so on).
Therefore, IEG believes that the CCS applied in the relationship with importers (in particular the USA) effectively guarantee protection of the rights of interested parties substantially similar to that provided for by the GDPR, regardless of the application of any additional measures to the processing in question.
The adoption of additional contractual measures by IEG towards importers (e.g. obligations to communicate public access, the right to suspend or terminate the transfer and to terminate the contract with the importer, and the like), may be introduced in at any time by the exporter following any information provided to operators by the EDPB - European Data Protection Board following the judgment of the Court of Justice of the European Communities (ECJ of 17 July 2020 which declared the bilateral agreement called "Privacy Shield").
The transfer of data to the non-EU country takes place in any case also because it is necessary for the execution of i) a contract concluded between the interested party and IEG and / or pre-contractual measures adopted at the request of the interested party, or ii) of a contract stipulated between IEG and another natural or legal person (e.g. our subsidiary, supplier, with headquarters outside the EU, etc.) in favor of the interested party.
TAKING OFF doesn’t transfer data abroad.
Duration of treatment by IEG
In the case of the purposes sub 1 and 2, IEG processes the data for 10 years from the date of signing the contract (in the case of customers) or from the collection of the data of the 'interested party (in the case of prospects).
In the case of the purposes sub 3 and 4, IEG processes the data for 10 years from the collection of the data of the interested party (in the case of customers and prospects).
IEG processes the data for a period of 5 years from the publication of the product in the case of promotion of editorial products.
IEG processes the data for a period of 60 days, after the end of each Event, in the case of data made available at the collection points for assistance requests, communicated to us by visitors and exhibitors (including insurance desk, Info point and First Aid).
We process the data contained in the promotional catalog (paper and/or digital) of the individual Events for a maximum of 2 editions of the catalogue.
IEG processes the certification data of the Shows / Events up to the end of the certification and therefore up to the certification.
IEG processes the data necessary for IT security purposes (e.g. log-in registrations, failed logs and log-outs, when accessing restricted areas on the IEG websites relating to Event) for 1 year from collection. The recordings of the logs relating to the reading of IEG's on-line privacy information and on-line actions (e.g. clicks, flags and the like) through which the data subject's consent is communicated to IEG are kept for 10 years from collection.
The data related to the drafting of letters of invitation for the request for consular visas (e.g. copy of passport, etc…) are processed for 3 months from the end of the single Event to which they refer.
Once the aforesaid respective maximum duration has ceased, the personal data are definitively destroyed or made totally anonymous.
In the event of a dispute between you and us or our third party suppliers we process the data for the time necessary to exercise the protection of our rights or those of third party suppliers and that is until the issue and full execution of a provision having the force of judgment between the parties or of a transaction.
Duration of treatment by TAKING OFF
Taking Off keeps the personal data of the interested parties, in the case of the purposes sub 1 and/or 2, for 10 years from the date of stipulation of the contract (in the case of customers) or from the collection of the data of the interested party (in the case of prospects).
In the case of the purposes sub 3 and 4 for 10 years from the collection of the data of the interested party (in the case of customers and prospects).
In the event of a dispute between the Joint Controllers (or third party suppliers of the Joint Controllers) and the interested party, the data will be processed for as long as necessary to exercise the protection of the rights of each Joint Controller or of the third party suppliers, i.e. until a provision is issued. having the value of judgment between the parties or of a transaction. Once the aforementioned respective duration has ended, the personal data are deleted, destroyed or made anonymous by means of appropriate security measures.
Rights of Data Subject
You have the right to:
- ask to each Joint Controller to confirm whether or not a processing of personal data concerning you is in progress and, in this case, to obtain access to personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations; d) when possible, the period of storage of personal data provided or, if this is not possible, the criteria used to determine this period; e) the existence of the data subject's right to request to each Joint controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their processing; f) the right to lodge a complaint with a supervisory authority; g) if the data is not collected from the interested party, all available information on their origin; h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the expected importance and consequences of such treatment for the data subject.
- if personal data is transferred to a third country or an international organization, the data subject has the right to be informed of the existence of adequate guarantees relating to the transfer;
- request, and obtain without undue delay, the correction of inaccurate data; taking into account the purposes of the processing, the integration of incomplete personal data, also providing a supplementary declaration;
- request deletion of data if: a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the data subject revokes the consent on which the processing is based and there is no other legal basis for the processing; c) the data subject opposes the processing, and there is no prevailing legitimate reason to proceed with the processing, or he opposes the processing carried out for direct marketing purposes (including the functional profiling of such direct marketing); d) personal data have been unlawfully processed; e) personal data must be deleted in order to fulfill a legal obligation established by Union law or the Member State to which the data controller is subject; f) personal data has been collected regarding the offer of information society services.
- request the limitation of the processing that concerns you, when one of the following hypotheses occurs: a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful and the data subject opposes the deletion of personal data and requests instead that its use be limited; c) although the data controller no longer needs it for the purposes of processing, personal data is necessary for the data subject to ascertain, exercise or defend a right in court; d) the person concerned has opposed the processing carried out for direct marketing purposes, pending verification regarding the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party;
- to obtain from each Joint controller, upon request, the communication of the third-party recipients to whom the personal data have been transmitted;
- revoke at any time the consent to the processing where previously communicated for one or more specific purposes of one's personal data, it being understood that this will not prejudice the lawfulness of the processing based on the consent given before the revocation.
- receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning the interested party provided by them to the Joint Controller and, if technically feasible, to have such data transmitted directly to another data controller without impediments from part of the Joint Controller to whom it has provided them, if the following (cumulative) condition occurs: a) the processing is based on the data subject's consent for one or more specific purposes, or on a contract of which the data subject is a party and to whose execution the treatment is necessary; and b) the processing is carried out by automated means (software) (overall right to the so-called "portability"). The exercise of the so-called right portability is without prejudice to the right to cancellation provided above;
- the interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person in a similar way.
- the interested party can also lodge a complaint with the competent Supervisory Authority based on the GDPR (that of his place of residence or domicile) at any time.
- lodge a complaint with the competent control authority based on the GDPR (that of its place of residence or domicile); in Italy it is the Data Protection Authority.
Joint and several liability exclusion
Each of the Joint Controllers is responsible to the interested party exclusively for the processing of their own competence, with the express exclusion, therefore, of any joint and several liability between Joint Controllers.
Privacy notice– Joint Controllers TAKING OFF/IEG – REV.11.12.22