Biesse S.p.A. (hereinafter, the "Company") provides you with the information required pursuant to art. 13 of EU Regulation No. 2016/679, "General Data Protection Regulation" (hereinafter "GDPR") in relation to your personal data provided for registration at the event / fair and/or to your likeness/voice.
Via della Meccanica n. 16,
61122 Pesaro PU) - Italy
Data protection Officer (DPO)
Definition of "data"
"Data" means, by way of example and without limitation, the information requested during registration, as well as your likeness and / or your voice as may have been incorporated in any photo / audio / video filming made during the event.
|PURPOSE OF PROCESSING||
LEGAL BASIS OF THE PROCESSING
|PERIOD OF DATA RETENTION|
|For personal data collected through the registration form: enable registration for the event.||Performing a contract to which you are a party fulfilling a request of the data subject to participate in the event.||
In case of judicial litigation, for the entire length of the proceedings, until the deadline for bringing all available appeal actions has expired.
|If necessary, fulfill the obligations established by regulations and applicable national and supranational legislation.||Need to fulfill legal obligations.|
|If necessary, ascertain, exercise or defend the rights of the Data Controller in court.||Legitimate interest|
|For likeness: purposes specified in the release.||Authorization (optional and revocable) provided by you to use your likeness / voice through the signing of the release form||
For the period specified in the release, subject to your right to withdraw the authorization
|Generic marketing: by way of example, sending - using automated contact methods (e.g. SMS, MMS and e-mail) and traditional methods (e.g. phone calls by operator and traditional mail) - promotional and commercial communications on the latest Biesse news and products - including customized according to the sector or interests stated in the form - or informing you of corporate events, as well as performing market studies and statistical analysis||Consent (optional and revocable at any time)||
Until revocation of consent
Once the above-mentioned retention period has expired, the Data will be destroyed, deleted or anonymised, consistent with technical deletion and backup procedures.
When providing the data is compulsory
The provision of data marked with an asterisk is mandatory for registration at the event and, if you give your authorization, to demonstrate in all situations that we have obtained all the rights referred to in the release.
Recipients of the data
The Data may be disclosed to third parties acting as independent Data Controllers (such as authorities or public bodies, where this is required by law) or processed, on behalf of the Company, by third parties designated as Data Processors, to whom adequate operating instructions have been provided, including for example: business information companies; couriers, shippers, depositories; consultants; photographers; suppliers, agents, other group companies.
Parties authorised to process the data
The data may be processed by employees of the company departments responsible for pursuing the aforementioned purposes, who have been expressly authorised to process it and who have received adequate operating instructions.
Transfer of personal data to countries outside the European Union
The data may be transferred abroad to non-European countries, and in particular to non-EU countries where the Biesse companies are located: Australia, New Zealand, Canada, Switzerland, countries that are considered adequate by the European Commission (https://www.garanteprivacy.it/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-intenazionale/trasferimento-dei-dati- towards third countries).
When group companies are based in countries that are not considered adequate by the Commission, the standard contractual clauses ("Standard Contractual Clauses") adopted by the European Commission pursuant to art. 46.2 (c) of the GDPR have been signed.
Rights of the data subject - complaint to the supervisory authority
By contacting the Privacy Office by e-mail at email@example.com, the data subjects may ask the Company for access to their personal data; deletion of the data; correction of any inaccurate data; integration of incomplete data; deletion of data; restriction of the processing in the cases envisaged by art. 18 GDPR, as well as oppose, for reasons connected with their specific situation, the processing carried out by the controller on legitimate grounds.
When the processing is based on consent or a contract and is performed using automated means, the data subjects are entitled to receive their data in a structured, commonly used and machine-readable format, and if technically feasible, to freely send it to another Data Controller.
The data subjects have the right to revoke the consent given at any time for marketing purposes, and to object to the processing of data for marketing purposes. Nonetheless, if, with respect to the aforementioned purposes, the data subject wishes to be contacted through traditional methods only, they can limit their opposition to the receipt of communications through automated procedures only.
Data subjects shall have the right to lodge a complaint with the competent supervisory authority in the Member State where they habitually reside or work or in the Member State where the alleged infringement has occurred.
What is the right to restriction of processing?
Restriction of processing means that the only processing of data temporarily permitted is retention; this applies in the following cases pursuant to art. 18 of the GDPR:
- the accuracy of the personal data is challenged by the data subject, for a period enabling the controller to verify the accuracy of said data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to Article 21(1) of the GDPR, pending the verification whether the legitimate grounds of the controller override those of the data subject.