Edi.Cer. Spa, with registered offices in Sassuolo (MO), Viale Monte Santo n. 40, in its capacity as Data Controller (hereinafter, “EDICER” or the “Company”), declares pursuant to arts. 13-14 of EU General Data Protection Regulation 2016/679 (GDPR) that it will process data acquired through the “I-Business Card” app (hereinafter “App”) with the methods and for the purposes described below.
The terms of this Privacy Notice apply solely and exclusively to the App and not to websites owned by the Company or by third parties that the User may access through links contained in the App.
Type of data collected by EDICER via the App
By means of the App, EDICER collects personal data of visitors to the exhibition Cersaie on behalf of exhibitor companies. The data are supplied by visitors who enter the exhibition space of individual exhibitor companies and consist of the data present on the I-Business Card, specifically first name, last name, address, email address, telephone number, company and activity.
Purposes of data processing
The personal data are processed exclusively to enable exhibitor companies to collect the data present on the visitors’ I-Business Cards. The exhibitor companies will process these data as independent Data Controllers. EDICER will not have access to the data. Data submission is optional, but users who do not submit their data will be unable to use the App.
Data processing and storage methods
Data are processed using computerised equipment in accordance with the methods indicated in arts. 6 and 32 of the GDPR and adopting the adequate security measures indicated.
Communication of data
The data will not be processed by EDICER personnel but will be transmitted to exhibition companies, and they may be viewed by the external company that manages the app.
Your personal data will not be publicly disclosed.
The data will be retained only for the time strictly necessary to fulfil the purpose for which they were collected.
Data subjects have the right to obtain from the Data Controller the erasure (“right to be forgotten”), restriction, information, rectification, portability and objection to processing of personal data, and in general may exercise all the rights established by arts. 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR.