INFORMATION ON THE PROCESSING OF PERSONAL DATA

Privacy Notice “Visitors” Pursuant to Art. 13 of the Reg. (EU) 2016/679 (“GDPR”) - Visitors

Veronafiere S.p.A. and Commerciale S.r.l. provide you with the information requested by GDPR concerning the processing of personal data you provided for the participation in the event (hereinafter referred to as "Event").

1. Data Controllers

Independent Data Controllers are Veronafiere S.p.A., VAT n. 00233750231, Viale del Lavoro, 8, 37135 - Verona VR, hereinafter referred to as “Veronafiere”; and Commerciale S.r.l., VAT n.

2. Data protection officer (DPO)

Refers to Veronafiere; you can contact the DPO at the email address [email protected]

3. Data processing purposes, legal basis and data retention

Why is your personal data being processed?

  1. To allow registration and participation in the Event.
  2. To carry out administrative-accounting, tax, and other legal compliance requirements, in accordance with current legislation, in case of paid services.
  3. For the creation and maintenance of a reserved area on the Event's ticketing portal.
  4. To send commercial/advertising communications about subsequent editions of the Event, as well as on similar initiatives organized by the Data Controllers, including physical ones, related to the sector of the Event.
  5. To carry out so-called "customer satisfaction" initiatives aimed at acquiring information from customers about the quality of the services offered.
  6. For generic marketing activities: conducting market research and sending communications, information, newsletters, and advertising material, generally concerning the trade fairs organized by the Data Controllers and companies belonging to the same group or concerning services or products of third parties linked or connected to the Event, using both automated contact methods (email, app, messaging, social networks) and traditional methods (paper mail, calls via operator).
  7. To communicate your data to third parties operating in the sector of the Event for their marketing purposes (commercial / advertising communications will be sent by third parties).

Who is the Data Controller involved?

  1. Veronafiere and Commerciale (valid for points 1 to 7)

What are the conditions that make the processing lawful?

  1. The performance of a contract to which the data subject is a party.
  2. Compliance with a legal obligation to which the Data Controller is subject.
  3. The legitimate interest of the Data Controllers to offer continuous visitors an easier registration process for the Event.
  4. The legitimate interest of the Data Controllers and "soft spam" pursuant to art. 130, co. 4, of Legislative Decree 196/03, the so-called Privacy Code, given the visitor's interest in being informed about subsequent editions of the Event and initiatives related to the same sector.
  5. The legitimate interest of the Data Controllers to improve their services by adapting them based on customer feedback.
  6. The consent of the data subject.
  7. The consent of the data subject.

How long do we store personal data?

  1. For the duration of the contractual relationship and, after its termination, for 10 years.
  2. For the duration of the contractual relationship and, after its termination, for 10 years.
  3. Until the data subject exercises their right to object (also through specific functions in the reserved area).
  4. Until the data subject exercises their right to object.
  5. Until the results (anonymized) of the survey are processed.
  6. Until consent is withdrawn.
  7. Until the data is communicated to third parties, without prejudice to the right to object that can be exercised against the third parties.

Once the above data retention terms have expired, data will be destroyed or anonymized, compatibly with technical timing required for erasure and backup.

5. Transfer of personal data to countries outside the European Union

Your Data may be transferred outside the European Union (e.g., within the Controllers' collaboration with selected IT partners). If Data are transferred to countries outside the European Union (EU) or the European Economic Area (EEA) and which have not been deemed adequate by the European Commission, and whenever the transfer is not necessary for the performance of the contract, the "transfer tools" referred to in Article 46 of the GDPR will be adopted, with the possible provision of "additional measures" which ensure a level of protection substantially equivalent to that required by European Union law.

6. Data subjects’ rights

Data subjects shall have the following rights:

  • To access data concerning them in accordance with Article 15 GDPR,
  • To obtain the rectification of inaccurate data;
  • To have incomplete data completed;
  • To obtain the erasure of data in the cases provided for by Article 17 GDPR,
  • To obtain restriction of processing in the cases provided for by Article 18 GDPR,
  • To object at any time, on grounds relating to his/her own particular situation, to the processing carried out in the legitimate interest of the Controllers and, in particular, where data are processed for direct marketing purposes;
  • Where the processing is based on consent or contract and is carried out by automated means, to receive data in a structured, commonly used, and machine-readable format and to transmit those data to another controllers without hindrance from the controllers to which the personal data have been provided (the right to data portability);
  • To withdraw the consent at any time, without prejudice for the processing lawfully carried out before such withdrawal (e.g., for marketing purposes).

In order to exercise your rights, you can contact the Controllers by sending a written communication to the provided address or an e-mail to [email protected], [email protected]

Data subjects shall have the right to lodge a complaint with the competent supervisory authority in the Member State of his or her habitual residence, place of work or place of the alleged infringement. Last update: September 2025.

... view more ... view less