Information notice related to the personal data processing
Pursuant to art. 13 of EU Regulation 2016/679 (hereinafter “GDPR” or the “Regulation”) Veronafiere S.p.A. would like to inform You about the processing of Your personal data provided for the use of the smartphone application related to Fieragricola exhibition (hereinafter the “App”).
The data controller is Veronafiere S.p.A., with its registered office at Viale Del Lavoro 8, 37135 Verona (VR), Tel. 045 8298111 – Fax 045 8298288, e-mail info@veronafiere.it (hereinafter the “Company” or “Controller”). The DPO is available at the following email address: dpo@veronafiere.eu.
Processed Data
App usage data The informatic systems and the software procedures installed for the functioning of this App acquire, during normal operations, some personal data whose transmission is implicit in the use of Internet communication protocols. These are information that are not collected for creating an association to identified data subjects but, for their own nature, they might identify the users through elaborations and associations with data detained by third parties. In this category of data the following are included: operative system, device model and device brand and data related to the network connectivity. These data are used with the sole purpose to acquire anonymous statistics about the App usage and for controlling its correct functioning and are immediately erased after elaboration, this is without prejudice to any potential criminal liability ascertainment in case of informatic crimes.
Geolocalization data In case of activation of the geolocalization services, at the time of App installation or later on as well, based on Your previous and express consent, this App, when active, will acquire data related to Your geographical position. The collection of these data is functional to provide You with information about the positioning of the exhibitors and of their stands. The same functionality can be accomplished through the Bluetooth services within Veronafiere pavilions. Geolocalization data are not stored within the App. Geolocalization services can be de-activated at any time by accessing to the specific section of the localization permits present on Your device (Android or IOS) operative system. From that moment onwards, the App will not be able to collect geolocalization data. At the same time, by de-activiating the Bluetooth services by accessing the specific section of the permits of Your device operative system, the App will no longer be able to collect data on your position through bluetooth. If you have not activated the geolocalization or Bluetooth services, if you have subsequently de-activated or if you have not consented to the geolocalization processing You will not be able to use the exibitors geolocalization service but you may use all the other App functions that do not foresee the collection or the processing of geolocalization data. Veronafiere will access the geolocalization data only when the users are using the App for that specific purpose. The consent for the geolocalization data processing is purely optional, it being understood that, in case of failure of providing such consent, You will not able to use such App service.
Data voluntarily provided by the user In order to access the functionalities of the Area MyVisit within the App, You will be asked to provide the following personal data: address, e-mail and password. Such provision of data for the registration is compulsory for accessing the MyVisit area. In case of failure to provide these data, Your registration cannot be performed and therefore the related App functionalities cannot be activated. User photos and recorded videos are memorized exclusively on the user device and Veronafiere cannot access them. On Your device there will be present an activation code which links the account data to the smartphone/ to the client’s App. Among the MyVisit area functionalities the “digital Business Card” service is present which allows the interaction between exhibitors present at the exhibition. For the use of this service, the following data will be required: name, surname, role and company name.
Processing Purposes and Legal Bases During the App installation phase, Veronafiere memorizes information or accesses information present on Your device and, therefore, it processes personal data. The legal basis for the personal data processing performed during App installation phase is the consent of data subjects. In the following phase, during App usage, Your data will be processed:
For the App technical management;
For the management of Your registration;
For allowing You to use the App functions.
In relation to these purposes, the legal basis is the execution of a contract to which the data subject is a party. Your data may be processed for the ascertainment of criminal liabilities to the detriment of the App. In such case the legal basis is the legitimate interest of the Controller. For visitors: The so-called "virtual Business Card" service allows interaction with the exhibitors present at the exhibition. If you wish to be contacted by one (or more) of the exhibitors present at the exhibition and have downloaded the App, you can exchange contacts directly through the Service, bringing your device closer to that of the exhibitor. Once the "match" has taken place, Veronafiere will be authorised to provide your data to the exhibitor or exhibitors in which you have expressed an interest. In relation to this purpose, the legal basis is the consent. We have already asked your consent for this processing at the time you purchased your entrance ticket to the exhibition. If you wish to update/withdraw your consent, you can do so by logging on to the veronafiere.vivaticket.com website and updating your flags in the "information and consent" section.
Retention Period Your data related to the App usage will be processed for the entire usage duration or the contract duration. The uninstallation of the App causes the erasure of all data present on Your device. In case of access to MyVisit area, Veronafiere retains on external processors servers, the abovementioned data related to the account. After 24 months of inactivity, from any of the app of Veronafiere exhibitions that uses the same registration system and to which an access has been performed, the account will be considered as expired. During this time, the user may at any time recover his/her personal data. Afterwards, Your personal data will be anonymized or irreversibly erased. Geolocalization data will be processed for the period strictly necessary to provide You with the geolocalization service and the exhibitors mapping and, as said hereabove, automatically and immediately erased on the device. Geolocalization data acquired through Bluetooth are anonymous, collected in aggregated modality and, in any case, after a 180-days retention period, data will be destroyed or erased compatibly with technical and back-up procedures.
Processing Modalities Data processing is laid down on the correctness, lawfulness, transparency and minimization principles (privacy by design); it may be performed both manually and automatically in such a way to memorize, elaborate and transmit them and it will happen through adequate technical and organization measures, in so far as reasonably and technically possible, in order to guarantee, moreover, the security, confidentiality, integrity, availability and resilience of systems and services, avoiding the risk of loss, destruction, un-authorized access or disclosure or the illicit use as well as, through reasonable measures in order to erase or rectify promptly the inexact data in relation to the processing purposes.
Data Recipients Your data will be processed by employees and collaborators of Veronafiere who perform the activities linked to the pursue of the above described purposes and have been adequately instructed and authorized for the same. Your data may be communicated to autonomous controllers such as regulatory and supervisory authority, or other subjects, public or private, legitimized to request data. Your Data may be disclosed to external companies, appointed as external data processors, that perform, on behalf of the Controller, technical tasks such as management and technical maintenance of the servers where data are stored, as well as the App developers (e.g.: Interevent srl). For visitors: If you use the "Virtual Business Card" service, your data may be communicated, with your consent, to exhibitors present at the exhibition in respect of whom you have expressed an interest in being contacted. The complete list of data recipients is constantly updated and it is easily and freely obtainable by sending a written communication to the data controller at the address reported hereabove or via email at the following email address: privacy@veronafiere.it.
Data Transfer outside the Territory of the European Union Data may be transferred outside the territory of the European Union and in particular in the United States at companies that adhere to the mechanism s.c. “Privacy Shield” (e.g. Mandrill).
Data Subjects Rights – complaint to the Supervisory Authority Data subjects may request the Controller to access their data, the erasure of data, the correction of inaccurate data, the integration of incomplete data, the limitation of processing in the cases provided for by Article 18 GDPR, as well as to object, on grounds relating to Your particular situation, to the processing carried out in the legitimate interest of the controller. In the event that the processing is based on consent or contract and is carried out by automated means, data subjects have the right to receive their data in a structured format, in common use and readable by an automatic device, as well as, if technically feasible, to transmit them to another data controller without hindrance. Data subjects may revoke Your consent, as well as to object to the processing for marketing reasons, including the profiling connected to the direct marketing. Data subjects may lodge a complaint with the competent supervisory authority as well as to use other protection mechanism as foreseen by applicable law. To exercise Your rights, You may contact the Controller by sending a written communication to the address reported hereabove or via email at privacy@veronafiere.it.