Informativa ex art. 14 GDPR – Espositori manifestazioni indirette

INFORMATIVA (pursuant to Article 14, EU Regulation no. 679/2016)

Espositori manifestazioni indirette

  1. Introduction

According to the specified legislation, data processing shall be based on principles of correctness, lawfulness, transparency and protection of the individual’s privacy and rights.

Pursuant to EU Regulation no. 679/2016 of 27 April 2016 (the “GDPR”), in light of the fact that personal data were no obtained from the data subject, we hereby inform you as follows.

Fiera Roma S.r.l. (the “Company”) may process the personal data of the Exhibitors and of their employees and/or collaborators (the “Data Subjects”) provided by the companies that organise trade fairs within the equipped areas of Fiera Roma S.r.l. (the “Organisers”). This Privacy Policy describes the processing of all your personal data provided by the Organisers to Fiera Roma S.r.l. (hereinafter the “Data”).

  1. Who is the Data Controller?

The company Fiera Roma S.r.l. (VAT No. 07540411001), with registered office at Via Portuense, 1645/647 Rome (00148), is the Data Controller pursuant to and for the purposes of EU Regulations no. 679/2016.

The Data Processors appointed by the Company include, inter alia, external companies that provide electronic filing and advisory services. A complete list Data Processors appointed by the Company can be requested from the Company via the contact details listed in Section 10 of this Privacy Policy.

  1. What type of data is processed by the Company?

Fiera Roma S.r.l. shall only process data provided by the Organisers and disclosed by you to the latter by filling in the application for participation in/admission to the trade fair and the relevant related and/or associated documents (e.g. data provided for inclusion in the official catalogue). The following personal data obtained and processed by the Company may be considered as Administrative/Accounting Data: data regarding the company and its legal representative (company name, address, telephone number, fax number, email address, product sector, etc.); invoicing data (bank details, etc.), data regarding company contact persons and employees/collaborators (name, surname, email address, telephone number) and similar data.

  1. Where does the data processed by the Company come from?

We hereby inform you that the source from which your personal data originate is private and, specifically, the data have been provided by the company [company name] based on your application for participation in/admission to the event [event name].

  1. For what purposes are data processed?

The Company processes the Data by means of manual and electronic tools:

  1. to enable participation in the trade fair (e.g. to permit access to the trade fair spaces), to execute the application for participation in/admission to the [event name] and, in any case, to provide any services related to participation in the event;
  2. to protect and defend the rights of the Company. Specifically, Fiera Roma S.r.l. may disclose the Data, where necessary, to (i) protect, enforce or defend the rights, privacy, security or property of the Company, its employees, agents and contractors, (ii) protect the Company from fraud or (iii) for risk management purposes;
  3. for compliance with the applicable laws and procedures and to meet the requests of the competent authorities;
  4. for the preparation, with prior consent, of commercial, promotional, advertising and marketing initiatives, as well as the sending of advertising and/or information material regarding products, services and initiatives of the Company, by means of traditional contact methods (such as paper mail, telephone, etc.) and electronic methods (such as SMS, MMS, email, push notifications) and for the performance of analyses and market research by Fiera Roma S.r.l.


  1. On what legal basis are data processed?

The processing of Data for the purposes of which:

  • under Sections 5(a) and 5(b), it is necessary for participation in the trade fair, for executing the application for participation/admission and for the provision of the related services (Article 6, paragraph 1, section b) of the GDPR) and, therefore, any refusal to provide the Data would prevent participation in the trade fair or, in any case, the execution of the related agreement/application;
  • under Section 5(c), is necessary to comply with the applicable laws (Article 6, paragraph 1, section c) of the GDPR) and, therefore, any refusal to provide the Data would again prevent participation in the trade fair or, in any case, the execution of the related agreement/application;
  • under Section 5(d), is carried out on the basis of consent (Article 6, paragraph 1, section a) of the GDPR), the non-conferment of which shall not, in any way, affect participation or, in any case, the execution of the agreement/application for participation in the event, but may, however, prevent the provision of certain services promoted during and after the trade fair.


  1. Who has access to the Data?

The Data can only be accessed, to the extent that this is necessary for the performance of the Company’s activities, by duly authorised employees and/or collaborators of Fiera Roma S.r.l. and to whom the Company has provided specific instructions regarding the confidentiality and protection of personal data.

The Company may disclose the Data to: (a) third-party service providers, responsible for the processing activities and, where required by the applicable laws, appointed as data processors (for example, cloud service providers, providers of services that are instrumental to the Company’s activities, such as, by way of example, but not limited to, companies providing IT services, experts, consultants and lawyers, companies resulting from possible mergers, spin-offs or other transformations) and (b) competent authorities, where permitted by applicable laws.

  1. Are the Data transferred overseas?

Personal data shall not be transferred to Third-Party Countries.

  1. Do the Data Subjects own rights over their personal data?

Data Subjects are entitled to obtain confirmation of the existence or non-existence of personal data concerning them and are entitled to obtain an indication:

  1. of the origin of the personal data;
  2. of the processing purposes and methods;
  3. of the logic applied in the event of processing carried out with the aid of electronic tools;
  4. of the identification details of the data controller, data processors and appointed representative;
  5. of the parties or categories of parties to whom the personal data may be disclosed or who may become aware of said data as appointed representative in the territory of the State, as data processors or officials.

Data Subjects are entitled to obtain:

  1. the updating, rectification or, if interested, the supplementation of the data;
  2. the limitation of processing in cases of dispute regarding the accuracy of the data, objection to processing or the deletion of personal data against the data controller, as well as for the assessment, exercise of defence of a right in court;
  3. the deletion, transformation into anonymous form or blocking of data processed in breach of law, including data that does not need to be kept for the purposes for which the data were collected or subsequently processed;
  4. an attestation that the operations referred to in sections f) and h) have been brought to the attention, as regards their content, of those to whom they have been disclosed or disseminated, except in the event that this obligation proves impossible or entails the use of means that are manifestly disproportionate to the protected right;
  5. the personal data provided in a structured format, commonly used and readable by an automatic device and its transfer, be it directly or by means of the data controller, to another data controller (so-called right to data portability).

Data Subjects are also entitled to object, in full or in part:

  1. for legitimate reasons, to the processing of personal data concerning them, even if relevant to the purpose of the collection;
  2. to the processing of personal data concerning them for the purposes of sending marketing or direct sales material or for conducting market research or for commercial communication.

Should the Data Subjects believe that their rights have been breached by the data controller and/or by a third party, the former are entitled to file a complaint before the Personal Data Protection Authority and/or before another competent supervisory authority of the GDPR.

The above rights may be exercised by contacting the Company at the address specified in Section 10 below.

  1. How can the Data Controller be contacted?

If the Data Subjects have questions regarding this Privacy Policy or wish to exercise the rights provided for by this Privacy Policy, they can contact the Company at the following email address: or on fax number 0665074472.

  1. For how long will the personal data be stored?

The data shall be stored for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed, in accordance with the provisions of the legal obligations.

  1. Consent to processing for the additional purposes referred to in Section 5(d)

For the processing of data for the additional purposes referred to in Section 5(d), the Company requests consent only for the purposes respectively specified, through the signing of the following statement. In the absence of explicit consent to the processing of the aforementioned data, as mentioned, participation in the event or the stipulation and/or execution of the related agreement/application for participation shall not be affected but, however, the provision of certain services promoted during and after the trade fair may be prevented. The right to withdraw consent at any time is acknowledged, without prejudice to the lawfulness of the processing carried out prior to and up until said withdrawal.

For any clarification and explanation the text of Regulation 679/2016 can be consulted via the following link: