Privacy Policy

This privacy policy contains important information about the processing and protection of personal data of Users of this Site.

Data collected through the site are processed in accordance with the principles of fairness, lawfulness, transparency, purpose and storage limitation, minimization and accuracy, integrity, and confidentiality, as required by EU Regulation 679/2016 (GDPR).

Joint Data Controllers

Co-processors of the data are Exibito s.r.l., based in Turin, Via Carlo Boucheron, 3, P.IVA 11897500010, mail exibitosrl@pec.it and the Organizer of the virtual event, as identifiable from the information on the Site.

Website

Exibito s.r.l. is the owner of this Site, hosted on hosting managed by Amazon AWS – https://aws.amazon.com/it/compliance/eu-data-protection/ whose servers are located within the European Union. Here you can read the Owner/Processor Agreement(Data Processing Agreement): https://d1.awsstatic.com/legal/aws-customer-agreement/AWS_Customer_Agreement_Italian_2022-12-13.pdf for data protection involved in the hosting service.

What personal data are collected and why (type of data, purpose, and legal basis)

By browsing this Site, personal data may be collected, as further detailed below.

Cookies are also installed, as you can read in the cookie policy.

Navigation Data

The site’s computer systems implicitly collect, in the course of their operation, some personal data (provided by Internet communication protocols). These are not associated with specific subjects, except through a complex and complicated system of processing and association with other data, held by third parties. This category of personal data includes IP addresses or domain names of computers used by users connecting to the site, browsers and parameters of the computer system used to connect to the site, browsing data, including time of the request and response obtained from the server.

Data processed: IP addresses or domain names of computers used by users connecting to the site, browsers and parameters of the computer system used to connect to the site, browsing data, including time of the request and response obtained from the server.

Purpose: Site usage, any anonymous statistics on Site usage.

Legal basis: legitimate interest of the Owner.

Extra-EU data transfer: no.

Contact form and creation of restricted area on the site – Professional users

It is possible for the user to create a restricted area on the Site, with username and password, at the same time as requesting access to the site of a particular event.

Data processed: first name, last name, address, e-mail, tax/VAT number, company data, e-mail, telephone, username, password.

Purpose: creation of user account, contact with the event organizer, access to the virtual event, virtual booth management

Legal basis: consent.

Extra-EU data transfer: no.

Contact form and creation of restricted area on the site – Visiting users

It is possible for the user to create a restricted area on the Site, with username and password, at the same time as requesting access to the site of a particular event.

Data processed: first name, last name, address, e-mail, tax/VAT number, company data, e-mail, telephone, username, password.

Purpose: creation of user account, contact with event organizer, access to virtual event, marketing

Legal basis: consent.

Extra-EU data transfer: no.

Reviews

It is possible for the user to write reviews, related to the event visited.

Data covered: first name, last name, address, e-mail, review.

Purpose: managing reviews

Legal basis: consent.

Extra-EU data transfer: no.

Newsletter

Tosubscribe to the newsletter, you must provide your name and e-mail address, which you enter in the form.

Providing this data is voluntary, but necessary in order to get the newsletter sent to you.

The personal information provided is processed for the sole purpose of sending the newsletter to which the User has requested to subscribe, through the Site.

The processing of data related to the sending of the newsletter takes place through and on the servers used by Voxmail, whose servers are located within the European Union and which holds the role of data controller under Art. 28 GDPR. You can read Voxmail’s privacy policy at this link: https://www.voxmail.it/privacy-email-marketing.

Data processed: name, email address.

Purpose: to send the newsletter.

Legal basis: consent provided by the user.

Extra-EU data transfer: no.

Facebook Pixel

Facebook’s Pixel is a tool for tracking the behavior of Users of a site, which enables the collection of aggregated and anonymous browsing data to place users into groups consistent with their expressed interests (targeting of users). When users access Facebook, advertisements consistent with their interests will then be shown.

Data processed: online identifiers, including cookie identifiers and IP address, data related to browsing the Site

Purpose: targeting users, advertising

Legal basis: consent

Extra-EU data transfer: yes.

Google Analytics (anonymized IP)

Analyze traffic data on the site. Here is the relevant policy:

https://support.google.com/analytics/answer/6004245?hl=it&utm_id=ad

Data processed: site usage data.

Purpose: Analysis of traffic data on the Site.

Legal basis: consent.

Extra-EU data transfer: yes.

Processing and storage methods

Data processing is carried out in automated form in accordance with Art. 32 of GDPR 2016/679 regarding security measures; that is, the data are processed and managed in such a way as to avoid or otherwise limit as much as possible the risks of loss, destruction, and misappropriation and in such a way as to enable their restoration, should any of the described cases occur.

Based on the provisions of Art. 4 of GDPR 2016/679, the data provided may be: collected, recorded, organized, stored, accessed, processed, modified, selected, extracted, compared, used, interconnected, blocked, communicated, deleted, and destroyed. Suitable data protection systems have been adopted.

Period of data retention

Data are kept for the technical time required for the indicated uses.

In any case, the User has the right to request the destruction or deletion of the data provided.

Data may also be kept for a longer period of time to fulfill tax obligations or the order of an Authority.

At the end of the period required for storage, the data will be deleted and no longer recoverable.

Communication and dissemination of data

Personal data will never be disseminated and will not be disclosed without the explicit consent of the User.

Data access

Data may be made accessible due to a legal obligation, which may involve the transfer of data to public bodies, judicial authorities, insurance institutions.

The data may be visible to a consultant/computer technician who needs to work to repair/maintain the computer systems and to the company that works to manage and update the Site. Any information can be emailed to info@exibito.eu.

Transfer of personal data

Data could be transferred to third countries outside the European Union, according to what is better specified above, with reference to each function.

Special categories of personal data

The Site does not collect, nor does it process, any data that qualifies as “special categories of personal data” under Articles 9 and 10 of GDPR 2016/679.

Rights of the data subject

At any time, you may exercise, pursuant to Articles 15 to 22 of GDPR 2016/679, the right to:

(a) request confirmation of the existence or non-existence of personal data concerning him/her;

(b) obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, and, when possible, the retention period;

(c) obtain rectification and deletion of data;

(d) obtain restriction of processing;

(e) obtain portability of data, i.e., receive them from a data controller, in a structured, commonly used, machine-readable format, and transmit them to another data controller without hindrance;

f) object to the processing at any time and also in the case of processing for direct marketing purposes;

(g) object to automated decision-making related to fixed individuals, including profiling;

(h) to request from the data controller access to and rectification or erasure of personal data or restriction of processing concerning him or her or to object to its processing, as well as the right to data portability;

(i) revoke consent at any time without affecting the lawfulness of the processing based on the consent given before revocation;

(j) file a complaint with a supervisory authority.

Ways of exercising rights

To exercise the above rights or to receive clarification or other information regarding the processing of personal data, you can write to the e-mail address info@exibito.eu. A response will be given within 30 days.

If you intend to file a complaint with the Supervisory Authority, you can visit https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali, for any information.

Policy revised in February 2023.