We carry out the processing of ordinary personal data of legitimate interest within the sphere of the fair and as organizers of the event and use technical cookies that do not require specific consent, we also process data through cookies and profiling instruments for which we ask for your consent in application of the national guidelines for the use of cookies approved by the privacy commissioner with decision no. 231 dated 10.6.2021.
Very few ordinary data do not require express consent and these are limited to personal details, company names, email addresses or telephone numbers, i.e. basically the data necessary in order to fulfill contractual obligations and any related legal obligations incumbent on our company, or that we handle based on our legitimate interest in carrying out entrepreneurial activities according to the procedures adopted by the sector of activity in which we operate and in a proportionate manner to what is normally expected in the professional sphere.
The use of cookies that require specific consent is detailed in the Cookie Policy. Consent is requested at the time of application for accreditation or the qualification required for accessing the fair.
In this regard we should draw your attention to the importance of the data processing and cookies service. The fair is a service of general interest, expressly aimed at permitting contact between economic operators; the circulation of information is essential for this. The Pitti Connect platform provides exactly this service.
Knowledge of the purpose of the fair is implicit in the application to take part in the same; however, since the non-technical cookies are not directly identifiable, the protection of personal data requires them to be expressly indicated and to allow the persons concerned to give specific consent. For this purpose, we would ask you to consider our Cookie policy and give your express consent using the methods indicated therein.
Where necessary within the sphere of the holding of the Event or of the initiatives connected to the same, additional information may be provided in relation to any further processing carried out, to be understood as an integration or even just a specification of this policy statement.
We would ask you to carefully read the following policy statement and remain at your disposal in the event of any doubts or the need for clarification about how we process or protect your personal data.
Personal data protection policy statement pursuant to art. 12 and fol. of EU regulation 679/2016
With regard to the data we collect and process using non-technical cookies, please refer to what has been indicated above in the introduction to this policy statement and to the Cookie Policy.
Information notice concerning the protection of personal data pursuant to article 12 et seq. of EU regulation 679/2016
PITTI IMMAGINE S.r.l., with offices in Via Faenza, 111 – Florence, Italy, in the person of the legal representative pro-tempore, is the Controller in terms of processing personal data pursuant to and for the effects of EU Regulation 2016/679.
For any communication regarding privacy or to exercise a right due to a Data Subject under current legislation, the Controller has made this email address available: [email protected]
The personal data we process is that data requested on the paper form and/or by the computer registration system on the institutional site.
Generally speaking, we ask for personal details, company names, email addresses or telephone numbers.
The personal data provided on the registration form is also stored in a badge that we deliver to you in order to allow you to access the trade show.
By maintaining relationships with various companies, we will be able to collect information - personal and otherwise - relating to the company’s internal representatives (e.g. employees), such as contact details (email, telephone number, etc.), personal and tax details, company position, as well as other common personal data which is needed in order to fulfil contractual or professional dealings with the company. It should be noted that - in this regard - the company has the responsibility of divulging the contents of this information notice to company representatives whose data, for various reasons, is sent as part of the relationship with our company.
Data is processed by means of IT tools and/or manually on paper, by persons expressly authorised by the Controller or, in any case, by persons bound by confidentiality agreements, using logic appropriate to the purposes for which the data was collected and, in any case, in order to guarantee the security and confidentiality of the data.
Your data will not be disclosed or disseminated outside the environment of the fair
operators accredited on the platform.
The personal data collected will be used for purposes related to contacts and verification of participation of fair operators and to the pre-contractual, contractual, legal, tax and accounting requirements, for service communications, to manage complaints and to provide information on our future trade show initiatives and events.
The personal data processed does not require your consent.
Indeed, processing the personal data collected is connected to pre-contractual and/or contractual issues, or is done to fulfil a specific legal obligation incumbent on the Controller, or is done to send information about services which are identical or similar to those you purchased when attending an event. In this latter case, the information activity is done on the basis of our legitimate interests in making you aware of our business and in promoting it amongst operators in the sector; within the limits of this purpose, and bearing in mind the professional relationship already established with you, we use the personal data, which you have provided us as part of the registration process in our system, to also send you our periodic Newsletter, without prejudice to your right to object to receiving the same, either from the outset or at any moment thereafter and without formality.
If data is transferred to a third country, the Controller will comply with the provisions of Chapter V of EU Regulation no. 679/2016. Every necessary precaution will be taken in order to ensure that the personal data is protected by basing this transfer on: a) adequacy decisions regarding third countries adopted by the European Commission; b) adequate guarantees given by the third party recipient pursuant to article 46 of the EU Regulation; c) adopting binding corporate rules.
The Controller will also transfer personal data, even in the absence of the aforementioned conditions, if one of the derogation situations exist as provided for by article 49 of the EU Regulation.
You may contact the Controller for more specific information on transfers made to a third country.
The data collected may be sent to third parties exclusively for the purposes specified above or to fulfil a connected, instrumental or supporting activity.
These third parties will process the data as independent Controllers or, depending on the case, as External Processors expressly appointed by the Controller. In this latter case, Processors will follow the Controller’s instructions and will be under the Controller’s supervision.
This essentially involves the following categories:
- the Controller's employees, suppliers and collaborators;
- external companies and other organizations or professionals who perform services on our behalf or organize their own events as part of the fair;
- a service provider, to send the newsletter, which has been appointed as an external processor;
- bodies and Public Administrations for compliance with legal requirements;
The access badge which we deliver contains personal data that you provided us with in the registration form. Exhibitors are able to read this badge through an optical reader or PittiSmart mobile app, and this allows them access to the personal data contained in this form, in compliance with the purposes and the processing methods each one employs.
Through our online platform (MyPitti), we share with exhibitors some information about
who visit their dedicated pages on Pitti Connect. in particular:
- the type of visitors (e.g. journalist, buying office, distributor, etc.);
- the name of the visitors and their company/newspaper;
- the country and city the visitors come from;
- the company's telephone number of the visitors;
- the date of the last online visit to the brand page.
Exhibitors will be able to contact visitors through the internal Pitti Connect tool which
allows them to send a message.
A Data Subject's personal data will be kept for the time necessary to fulfil the existing relationships between the parties and to fulfil the relative obligations, without prejudice to storing data for a longer period as may be required by law. Once such a period ends, the data will be erased.
In accordance with the law in force, the Data Subject may assert his/her rights vis-à-vis the Controller, as stated by Regulation 679/2016, i.e.:
- Right of access (art. 15);
- Right to rectification (art. 16);
- Right to erasure (art. 17);
- Right to restriction of processing (art. 18);
- Right to data portability (art. 20);
- Right to object (21);
- Right to withdraw consent;
- Right to lodge a complaint with a Supervisory Authority in the cases provided for by the Regulation. For more details, consult the Italian Data Protection Authority’s site www.garanteprivacy.it.
To exercise any of the aforementioned rights, the Controller should be contacted at the address indicated above, specifying the subject of the request.
Upon receiving a specific request from a Data Subject, pursuant to articles 15-22 of the Regulation, the Controller will provide as a response the information relating to the action taken without unjustified delay and, in any case, at the latest within one month from the date on which the request was received.
This deadline may be extended to two months, if necessary, after taking into account the complexity and number of requests received. The Controller will inform the Data Subject of any extension and the reasons for the delay within one month from the date on which the request was received.
In the event that the request is not deemed to be admissible, the Data Subject will be informed, without delay, and, at the latest, within one month from the date on which the request was received, of the reasons for which the request cannot be fulfilled and of the option to lodge a complaint with a Supervisory Authority as well as the option of appealing to a judicial authority.
The Data Subject’s individual rights are detailed below:
The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him/her is being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing;
f) the right to lodge a complaint with a Supervisory Authority;
g) where the personal data is not collected from the Data Subject, any available information as to its source;
h) the existence of automated decision-making processes, including profiling, referred to in article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.
1. Where personal data is transferred to a third country or to an international organisation, the Data Subject shall have the right to be informed of the appropriate safeguards pursuant to article 46 relating to the transfer.
2. The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. Where the Data Subject makes the request by electronic means, and unless otherwise requested by the Data Subject, the information shall be provided in a commonly used electronic form.
The right to obtain a copy shall not adversely affect the rights and freedoms of others.
The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him/her is being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing;
f) the right to lodge a complaint with a Supervisory Authority;
g) where the personal data is not collected from the Data Subject, any available information as to its source;
h) the existence of automated decision-making processes, including profiling, referred to in article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.
1. Where personal data is transferred to a third country or to an international organisation, the Data Subject shall have the right to be informed of the appropriate safeguards pursuant to article 46 relating to the transfer.
2. The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. Where the Data Subject makes the request by electronic means, and unless otherwise requested by the Data Subject, the information shall be provided in a commonly used electronic form.
The right to obtain a copy shall not adversely affect the rights and freedoms of others.
1. The Data Subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data;
b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the Controller no longer needs the personal data for the purposes of the processing, but the data is required by the Data Subject to establish, exercise or defend a right in a court of law;
d) the Data Subject has objected to processing pursuant to article 21(1) pending the verification of whether the legitimate grounds of the Controller override those of the Data Subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the Data Subject's consent or to establish, exercise or defend a right in a court of law or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A Data Subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the Controller before the restriction of processing is lifted.
1. The Data Subject shall have the right to receive the personal data concerning him/her, which he/she has provided to a Controller, in a structured, commonly used and machine-readable format and shall have the right to transmit that data to another controller without hindrance from the Controller to which the personal data has been provided, where:
a) the processing is based on consent pursuant to point (a) of article 6(1) or point (a) of article 9(2) or on a contract pursuant to point (b) of article 6(1); and
b) the processing is carried out by automated means.
2. In exercising his/her right to data portability pursuant to paragraph 1, the Data Subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
3. The exercise of the right referred to in paragraph 1 of this article shall be without prejudice to article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
1. The Data Subject shall have the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her which is based on point (e) or (f) of article 6(1), including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or to establish, exercise or defend a right in a court of law.
2. Where personal data is processed for direct marketing purposes, the Data Subject shall have the right to object at any time to the processing of the personal data concerning him/her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
3. Where the Data Subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
4. At the latest at the time of the first communication with the Data Subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the Data Subject and shall be presented clearly and separately from any other information.
5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the Data Subject may exercise his/her right to object by automated means using technical specifications.
6. Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to article 89(1), the Data Subject, on grounds relating to his/her particular situation, shall have the right to object to the processing of the personal data concerning him/her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
If you do not wish to receive our newsletter, you may unsubscribe at any moment by clicking the "Unsubscribe" link found in any of the emails received from us.
In the event of a technical problem, you may notify us by email at the address given above.
We carry out the processing of ordinary personal data of legitimate interest within the sphere of the fair and as organizers of the event and use technical cookies that do not require specific consent, we also process data through cookies and profiling instruments for which we ask for your consent in application of the national guidelines for the use of cookies approved by the privacy commissioner with decision no. 231 dated 10.6.2021.
Very few ordinary data do not require express consent and these are limited to personal details, company names, email addresses or telephone numbers, i.e. basically the data necessary in order to fulfill contractual obligations and any related legal obligations incumbent on our company, or that we handle based on our legitimate interest in carrying out entrepreneurial activities according to the procedures adopted by the sector of activity in which we operate and in a proportionate manner to what is normally expected in the professional sphere.
The use of cookies that require specific consent is detailed in the Cookie Policy. Consent is requested at the time of application for accreditation or the qualification required for accessing the fair.
In this regard we should draw your attention to the importance of the data processing and cookies service. The fair is a service of general interest, expressly aimed at permitting contact between economic operators; the circulation of information is essential for this. The Pitti Connect platform provides exactly this service.
Knowledge of the purpose of the fair is implicit in the application to take part in the same; however, since the non-technical cookies are not directly identifiable, the protection of personal data requires them to be expressly indicated and to allow the persons concerned to give specific consent. For this purpose, we would ask you to consider our Cookie policy and give your express consent using the methods indicated therein.
Where necessary within the sphere of the holding of the Event or of the initiatives connected to the same, additional information may be provided in relation to any further processing carried out, to be understood as an integration or even just a specification of this policy statement.
We would ask you to carefully read the following policy statement and remain at your disposal in the event of any doubts or the need for clarification about how we process or protect your personal data.
Personal data protection policy statement pursuant to art. 12 and fol. of EU regulation 679/2016
With regard to the data we collect and process using non-technical cookies, please refer to what has been indicated above in the introduction to this policy statement and to the Cookie Policy.
PITTI IMMAGINE S.r.l., with offices in Via Faenza, 111 – Florence, Italy, in the person of the legal representative pro-tempore, is the Controller in terms of processing personal data pursuant to and for the effects of EU Regulation 2016/679.
For any communication regarding privacy or to exercise a right due to a Data Subject under current legislation, the Controller has made this email address available: [email protected]
The personal data we process is that data requested on the paper form and/or by the “My Pitti” computer registration system on the institutional site.
Generally speaking, we ask for personal details, company names, email addresses or telephone numbers.
By maintaining relationships with various companies, we will be able to collect information - personal and otherwise - relating to the company’s internal representatives (e.g. employees) or its suppliers, such as contact details (email, telephone number, etc.), personal and tax details, company position, as well as other common personal data which is needed in order to fulfil contractual or professional dealings with the company. It should be noted that - in this regard - the company has the responsibility of divulging the contents of this information notice to company representatives and other parties whose data, for various reasons, is sent as part of the relationship with our company.
Data is processed by means of IT tools and/or manually on paper, by persons expressly authorised by the Controller or, in any case, by persons bound by confidentiality agreements, using logic appropriate to the purposes for which the data was collected and, in any case, in order to guarantee the security and confidentiality of the data.
Your data will not be disclosed or disseminated outside the environment of the fair
operators accredited on the platform.
The personal data collected will be used for purposes connected with pre-contractual, contractual, legal, tax and accounting requirements, for service communications, to manage complaints and to provide information on our future trade show initiatives and events.
The personal data processed does not require your consent.
Indeed, processing the personal data collected is connected to pre-contractual and/or contractual issues, or is done to fulfil a specific legal obligation incumbent on the Controller, or is done to send information about services which are identical or similar to those you purchased when attending an event. In this latter case, the information activity is done on the basis of our legitimate interests in making you aware of our business and in promoting it amongst operators in the sector; within the limits of this purpose, and bearing in mind the professional relationship already established with you, we use the personal data, which you have provided us as part of the registration process in our system, to also send you our periodic Newsletter, without prejudice to your right to object to receiving the same, either from the outset or at any moment thereafter and without formality.
The data considered mandatory is that data needed to conclude a contract or to provide the requested services, or that data relating to the fulfilment of a specific legal obligation incumbent on the Controller (for example, the obligations related to keeping accounting and tax records). Failure to communicate this data will prevent a contract from being concluded or a service from being provided.
This data also meets one of the Controller’s legitimate interests which is to share this information with other companies in the "Centro di Firenze per la Moda Italiana" Group (of which Pitti Immagine S.r.l. is a part), due to organisational or coordination needs or to support the Controller’s activities, within the limits of necessity and proportionality regarding the purpose for which the data is sent, also taking into account the nature of the data processed and the relationship with the Data Subject.
If data is transferred to a third country, the Controller will comply with the provisions of Chapter V of EU Regulation no. 679/2016. Every necessary precaution will be taken in order to ensure that the personal data is protected by basing this transfer on: a) adequacy decisions regarding third countries adopted by the European Commission; b) adequate guarantees given by the third party recipient pursuant to article 46 of the EU Regulation; c) adopting binding corporate rules.
The Controller will also transfer personal data, even in the absence of the aforementioned conditions, if one of the derogation situations exist as provided for by article 49 of the EU Regulation.
You may contact the Controller for more specific information on transfers made to a third country.
The data collected may be sent to third parties exclusively for the purposes specified above or to fulfil a connected, instrumental or supporting activity.
These third parties will process the data as independent Controllers or, depending on the case, as External Processors expressly appointed by the Controller. In this latter case, Processors will follow the Controller’s instructions and will be under the Controller’s supervision.
This essentially involves the following categories:
- the Controller's employees, suppliers and collaborators;
- external companies and other professionals who carry out specific services on our behalf;
- a service provider, to send the newsletter, which has been appointed as an external processor;
- Newspapers and the press in general, PRs, Bloggers and Photographers to manage;
- communications and initiatives related to trade shows and other organised events;
- bodies and Public Administrations for compliance with legal requirements.
The access badge which we deliver contains personal data that you provided us with in
the registration form. Exhibitors are able to read this badge through an optical reader or Pitti Smart mobile app, and this allows them access to the personal data contained in this form, in compliance with the purposes and the processing methods each one employs.
Through our online platform (MyPitti), we share with exhibitors some information about
who visit their dedicated pages on Pitti Connect. in particular:
- the type of visitors (e.g. journalist, buying office, distributor, etc.);
- the name of the visitors and their company/newspaper;
- the country and city the visitors come from;
- the company's telephone number of the visitors;
- the date of the last online visit to the brand page.
Exhibitors will be able to contact visitors through the internal Pitti Connect tool which
allows them to send a message without revealing visitors'; email address.
In accordance with the law in force, the Data Subject may assert his/her rights vis-à-vis the Controller, as stated by Regulation 679/2016, i.e.:
- Right of access (art. 15);
- Right to rectification (art. 16);
- Right to erasure (art. 17);
- Right to restriction of processing (art. 18);
- Right to data portability (art. 20);
- Right to object (21);
- Right to withdraw consent;
- Right to lodge a complaint with a Supervisory Authority in the cases provided for by the Regulation. For more details, consult the Italian Data Protection Authority’s site www.garanteprivacy.it.
To exercise any of the aforementioned rights, the Controller should be contacted at the address indicated above, specifying the subject of the request.
Upon receiving a specific request from a Data Subject, pursuant toarticles 15-22 of the Regulation, the Controller will provide as a response the information relating to the action taken without unjustified delay and, in any case, at the latest within one month from the date on which the request was received.
This deadline may be extended to two months, if necessary, after taking into account the complexity and number of requests received. The Controller will inform the Data Subject of any extension and the reasons for the delay within one month from the date on which the request was received.
In the event that the request is not deemed to be admissible, the Data Subject will be informed, without delay, and, at the latest, within one month from the date on which the request was received, of the reasons for which the request cannot be fulfilled and of the option to lodge a complaint with a Supervisory Authority as well as the option of appealing to a judicial authority.
The Data Subject’s individual rights are detailed below:
The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him/her is being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing;
f) the right to lodge a complaint with a Supervisory Authority;
g) where the personal data is not collected from the Data Subject, any available information as to its source;
h) the existence of automated decision-making processes, including profiling, referred to in article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.
1. Where personal data is transferred to a third country or to an international organisation, the Data Subject shall have the right to be informed of the appropriate safeguards pursuant to article 46 relating to the transfer.
2. The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. Where the Data Subject makes the request by electronic means, and unless otherwise requested by the Data Subject, the information shall be provided in a commonly used electronic form.
The right to obtain a copy shall not adversely affect the rights and freedoms of others.
1. The Data Subject shall have the right to obtain from the Controller the erasure of personal data concerning him/her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
b) the Data Subject withdraws consent on which the processing is based according to point (a) of article 6(1), or point (a) of article 9(2), and where there is no other legal ground for the processing;
c) the Data Subject objects to the processing pursuant to article 21(1) and there are no overriding legitimate grounds for the processing, or the Data Subject objects to the processing pursuant to article 21(2);
d) the personal data has been unlawfully processed;
e) the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
f) the personal data has been collected in relation to the offer of information society services referred to in article 8(1).
2. Where the Controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the Data Subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of article 9(2) as well as article 9(3);
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) to establish, exercise or defend a right in a court of law.
1. The Data Subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data;
b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the Controller no longer needs the personal data for the purposes of the processing, but the data is required by the Data Subject to establish, exercise or defend a right in a court of law;
d) the Data Subject has objected to processing pursuant to article 21(1) pending the verification of whether the legitimate grounds of the Controller override those of the Data Subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the Data Subject's consent or to establish, exercise or defend a right in a court of law or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A Data Subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the Controller before the restriction of processing is lifted.
1. The Data Subject shall have the right to receive the personal data concerning him/her, which he/she has provided to a Controller, in a structured, commonly used and machine-readable format and shall have the right to transmit that data to another controller without hindrance from the Controller to which the personal data has been provided, where:
a) the processing is based on consent pursuant to point (a) of article 6(1) or point (a) of article 9(2) or on a contract pursuant to point (b) of article 6(1); and
b) the processing is carried out by automated means.
2. In exercising his/her right to data portability pursuant to paragraph 1, the Data Subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
3. The exercise of the right referred to in paragraph 1 of this article shall be without prejudice to article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
1. The Data Subject shall have the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her which is based on point (e) or (f) of article 6(1), including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or to establish, exercise or defend a right in a court of law.
2. Where personal data is processed for direct marketing purposes, the Data Subject shall have the right to object at any time to the processing of the personal data concerning him/her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
3. Where the Data Subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
4. At the latest at the time of the first communication with the Data Subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the Data Subject and shall be presented clearly and separately from any other information.
5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the Data Subject may exercise his/her right to object by automated means using technical specifications.
6. Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to article 89(1), the Data Subject, on grounds relating to his/her particular situation, shall have the right to object to the processing of the personal data concerning him/her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
If you do not wish to receive our newsletter, you may unsubscribe at any moment by clicking the "Unsubscribe" link found in any of the emails received from us.
In the event of a technical problem, you may notify us by email at the address given above.
We carry out the processing of ordinary personal data of legitimate interest within the sphere of the fair and as organizers of the event and use technical cookies that do not require specific consent, we also process data through cookies and profiling instruments for which we ask for your consent in application of the national guidelines for the use of cookies approved by the privacy commissioner with decision no. 231 dated 10.6.2021.
Very few ordinary data do not require express consent and these are limited to personal details, company names, email addresses or telephone numbers, i.e. basically the data necessary in order to fulfill contractual obligations and any related legal obligations incumbent on our company, or that we handle based on our legitimate interest in carrying out entrepreneurial activities according to the procedures adopted by the sector of activity in which we operate and in a proportionate manner to what is normally expected in the professional sphere.
The use of cookies that require specific consent is detailed in the Cookie Policy. Consent is requested at the time of application for accreditation or the qualification required for accessing the fair.
In this regard we should draw your attention to the importance of the data processing and cookies service. The fair is a service of general interest, expressly aimed at permitting contact between economic operators; the circulation of information is essential for this. The Pitti Connect platform provides exactly this service.
Knowledge of the purpose of the fair is implicit in the application to take part in the same; however, since the non-technical cookies are not directly identifiable, the protection of personal data requires them to be expressly indicated and to allow the persons concerned to give specific consent. For this purpose, we would ask you to consider our Cookie policy and give your express consent using the methods indicated therein.
Where necessary within the sphere of the holding of the Event or of the initiatives connected to the same, additional information may be provided in relation to any further processing carried out, to be understood as an integration or even just a specification of this policy statement.
We would ask you to carefully read the following policy statement and remain at your disposal in the event of any doubts or the need for clarification about how we process or protect your personal data.
Personal data protection policy statement pursuant to art. 12 and fol. of EU regulation 679/2016
With regard to the data we collect and process using non-technical cookies, please refer to what has been indicated above in the introduction to this policy statement and to the Cookie Policy.
PITTI IMMAGINE S.r.l., with offices in Via Faenza, 111 – Florence, Italy, in the person of the legal representative pro-tempore, is the Controller in terms of processing personal data pursuant to and for the effects of EU Regulation 2016/679.
For any communication regarding privacy or to exercise a right due to a Data Subject under current legislation, the Controller has made this email address available: [email protected].
The personal data we process is that data requested on the “My Pitti” computer registration system on the institutional site.
Generally speaking, we ask for personal details,company names, email addresses or telephone numbers.
he personal data provided on the registration form is also stored in a badge that we deliver to you in order to allow you to access the trade show.
We may also receive from you - and consequently process - certain personal data relative to parties who, for various reasons, collaborate with you, such as personal details, contact details, (email, telephone number, etc.), as well as other common personal data which is needed in order to fulfil the professional relationship with our company. It should be noted that - in this regard - it is your responsibility to divulge the contents of this information notice to those parties whose data, for various reasons, is sent as part of the relationship with our company.
Data is processed by means of IT tools and/or manually on paper, by persons expressly authorised by the Controller or, in any case, by persons bound by confidentiality agreements, using logic appropriate to the purposes for which the data was collected and, in any case, in order to guarantee the security and confidentiality of the data.
Your data will not be disclosed or disseminated outside the environment of the fair
operators accredited on the platform.
Personal data collected will be used for the purposes connected to your profession of Journalist, PR, Blogger, Photographer, Guest, in order to notify you of our events, trade shows, exhibitions and any other of our initiatives in general.
The personal data processed does not require your consent.
In fact, processing your data is necessary in order to pursue our legitimate interests in notifying you about our initiatives, taking account of your profession.
Within the limits of this purpose, we use the personal data which you have provided us as part of the registration process in our system as well as to send you our periodic Newsletter, without prejudice to your right to object to receiving the same, either from the outset or at any moment thereafter and without formality.
If data is transferred to a third country, the Controller will comply with the provisions of Chapter V of EU Regulation no. 679/2016. Every necessary precaution will be taken in order to ensure that the personal data is protected by basing this transfer on: a) adequacy decisions regarding third countries adopted by the European Commission; b) adequate guarantees given by the third party recipient pursuant to article 46 of the EU Regulation; c) adopting binding corporate rules.
The Controller will also transfer personal data, even in the absence of the aforementioned conditions, if one of the derogation situations exist as provided for by article 49 of the EU Regulation.
You may contact the Controller for more specific information on transfers made to a third country.
The data collected may be sent to third parties exclusively for the purposes specified above or to fulfil a connected, instrumental or supporting activity.
These third parties will process the data as independent Controllers or, depending on the case, as External Processors expressly appointed by the Controller. In this latter case, Processors will follow the Controller’s instructions and will be under the Controller’s supervision.
This essentially involves the following categories:
the Controller's employees, suppliers and collaborators;
external companies and other professionals who carry out specific services on our behalf;
a service provider, to send the newsletter, which has been appointed as an external processor;
bodies and Public Administrations for compliance with legal requirements.
The access badge which we deliver contains personal data that you provided us with in the registration form. Exhibitors are able to read this badge through an optical reader or PittiSmart mobile app, and this allows them access to the personal data contained in this form, in compliance with the purposes and the processing methods each one employs.
This data also meets one of the Controller’s legitimate interests which is to share this information with other companies in the "Centro di Firenze per la Moda Italiana" Group (of which Pitti Immagine S.r.l. is a part), due to organisational or coordination needs or to support the Controller’s activities, within the limits of necessity and proportionality regarding the purpose for which the data is sent, also taking into account the nature of the data processed and the relationship with the Data Subject.
Through our online platform (MyPitti), we share with exhibitors some information about
who visit their dedicated pages on Pitti Connect. in particular:
- the type of visitors (e.g. journalist, buying office, distributor, etc.);
- the name of the visitors and their company/newspaper;
- the country and city the visitors come from;
- the company's telephone number of the visitors;
- the date of the last online visit to the brand page.
Exhibitors will be able to contact visitors through the internal Pitti Connect tool which
allows them to send a message without revealing visitors' email address.
A Data Subject's personal data will be kept for the time necessary to fulfil the existing relationships between the parties and to fulfil the relative obligations, without prejudice to storing data for a longer period as may be required by law. Once such a period ends, the data will be erased.
If a request is made to unsubscribe from our mailing list, we will erase your personal data immediately.
In accordance with the law in force, the Data Subject may assert his/her rights vis-à-vis the Controller, as stated by Regulation 679/2016, i.e.:
- Right of access (art. 15);
- Right to rectification (art. 16);
- Right to erasure (art. 17);
- Right to restriction of processing (art. 18);
- Right to data portability (art. 20);
- Right to object (21);
- Right to withdraw consent;
- Right to lodge a complaint with a Supervisory Authority in the cases provided for by the Regulation. For more details, consult the Italian Data Protection Authority’s site www.garanteprivacy.it.
To exercise any of the aforementioned rights, the Controller should be contacted at the address indicated above, specifying the subject of the request.
Upon receiving a specific request from a Data Subject, pursuant to articles 15-22 of the Regulation, the Controller will provide as a response the information relating to the action taken without unjustified delay and, in any case, at the latest within one month from the date on which the request was received.
This deadline may be extended to two months, if necessary, after taking into account the complexity and number of requests received. The Controller will inform the Data Subject of any extension and the reasons for the delay within one month from the date on which the request was received.
In the event that the request is not deemed to be admissible, the Data Subject will be informed, without delay, and, at the latest, within one month from the date on which the request was received, of the reasons for which the request cannot be fulfilled and of the option to lodge a complaint with a Supervisory Authority as well as the option of appealing to a judicial authority.
The Data Subject’s individual rights are detailed below:
The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him/her is being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing;
f) the right to lodge a complaint with a Supervisory Authority;
g) where the personal data is not collected from the Data Subject, any available information as to its source;
h) the existence of automated decision-making processes, including profiling, referred to in article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.
1. Where personal data is transferred to a third country or to an international organisation, the Data Subject shall have the right to be informed of the appropriate safeguards pursuant to article 46 relating to the transfer.
2. The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. Where the Data Subject makes the request by electronic means, and unless otherwise requested by the Data Subject, the information shall be provided in a commonly used electronic form.
The right to obtain a copy shall not adversely affect the rights and freedoms of others.
1. The Data Subject shall have the right to obtain from the Controller the erasure of personal data concerning him/her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
b) the Data Subject withdraws consent on which the processing is based according to point (a) of article 6(1), or point (a) of article 9(2), and where there is no other legal ground for the processing;
c) the Data Subject objects to the processing pursuant to article 21(1) and there are no overriding legitimate grounds for the processing, or the Data Subject objects to the processing pursuant to article 21(2);
d) the personal data has been unlawfully processed;
e) the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
f) the personal data has been collected in relation to the offer of information society services referred to in article 8(1).
2. Where the Controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the Data Subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of article 9(2) as well as article 9(3);
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) to establish, exercise or defend a right in a court of law.
1. The Data Subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data;
b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the Controller no longer needs the personal data for the purposes of the processing, but the data is required by the Data Subject to establish, exercise or defend a right in a court of law;
d) the Data Subject has objected to processing pursuant to article 21(1) pending the verification of whether the legitimate grounds of the Controller override those of the Data Subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the Data Subject's consent or to establish, exercise or defend a right in a court of law or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A Data Subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the Controller before the restriction of processing is lifted.
1. The Data Subject shall have the right to receive the personal data concerning him/her, which he/she has provided to a Controller, in a structured, commonly used and machine-readable format and shall have the right to transmit that data to another controller without hindrance from the Controller to which the personal data has been provided, where:
a) the processing is based on consent pursuant to point (a) of article 6(1) or point (a) of article 9(2) or on a contract pursuant to point (b) of article 6(1); and
b) the processing is carried out by automated means.
2. In exercising his/her right to data portability pursuant to paragraph 1, the Data Subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
3. The exercise of the right referred to in paragraph 1 of this article shall be without prejudice to article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
1. The Data Subject shall have the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her which is based on point (e) or (f) of article 6(1), including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or to establish, exercise or defend a right in a court of law.
2. Where personal data is processed for direct marketing purposes, the Data Subject shall have the right to object at any time to the processing of the personal data concerning him/her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
3. Where the Data Subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
4. At the latest at the time of the first communication with the Data Subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the Data Subject and shall be presented clearly and separately from any other information.
5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the Data Subject may exercise his/her right to object by automated means using technical specifications.
6. Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to article 89(1), the Data Subject, on grounds relating to his/her particular situation, shall have the right to object to the processing of the personal data concerning him/her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
If you do not wish to receive our newsletter, you may unsubscribe at any moment by clicking the "Unsubscribe" link found in any of the emails received from us.
In the event of a technical problem, you may notify us by email at the address given above.
We carry out the processing of ordinary personal data of legitimate interest within the sphere of the fair and as organizers of the event and use technical cookies that do not require specific consent, we also process data through cookies and profiling instruments for which we ask for your consent in application of the national guidelines for the use of cookies approved by the privacy commissioner with decision no. 231 dated 10.6.2021.
Very few ordinary data do not require express consent and these are limited to personal details, company names, email addresses or telephone numbers, i.e. basically the data necessary in order to fulfill contractual obligations and any related legal obligations incumbent on our company, or that we handle based on our legitimate interest in carrying out entrepreneurial activities according to the procedures adopted by the sector of activity in which we operate and in a proportionate manner to what is normally expected in the professional sphere.
The use of cookies that require specific consent is detailed in the Cookie Policy. Consent is requested at the time of application for accreditation or the qualification required for accessing the fair.
In this regard we should draw your attention to the importance of the data processing and cookies service. The fair is a service of general interest, expressly aimed at permitting contact between economic operators; the circulation of information is essential for this. The Pitti Connect platform provides exactly this service.
Knowledge of the purpose of the fair is implicit in the application to take part in the same; however, since the non-technical cookies are not directly identifiable, the protection of personal data requires them to be expressly indicated and to allow the persons concerned to give specific consent. For this purpose, we would ask you to consider our Cookie policy and give your express consent using the methods indicated therein.
Where necessary within the sphere of the holding of the Event or of the initiatives connected to the same, additional information may be provided in relation to any further processing carried out, to be understood as an integration or even just a specification of this policy statement.
We would ask you to carefully read the following policy statement and remain at your disposal in the event of any doubts or the need for clarification about how we process or protect your personal data.
Personal data protection policy statement pursuant to art. 12 and fol. of EU regulation 679/2016
With regard to the data we collect and process using non-technical cookies, please refer to what has been indicated above in the introduction to this policy statement and to the Cookie Policy.
PITTI IMMAGINE S.r.l., with offices in Via Faenza, 111 – Florence, Italy, in the person of the legal representative pro-tempore, is the Controller in terms of processing personal data pursuant to and for the effects of EU Regulation 2016/679.
For any communication regarding privacy or to exercise a right due to a Data Subject under current legislation, the Controller has made this email address available: [email protected].
The personal data we process is that data requested on the “My Pitti” computer registration system on the institutional site.
Generally speaking, we ask for personal details,company names, email addresses or telephone numbers.
he personal data provided on the registration form is also stored in a badge that we deliver to you in order to allow you to access the trade show.
We may also receive from you - and consequently process - certain personal data relative to parties who, for various reasons, collaborate with you, such as personal details, contact details, (email, telephone number, etc.), as well as other common personal data which is needed in order to fulfil the professional relationship with our company. It should be noted that - in this regard - it is your responsibility to divulge the contents of this information notice to those parties whose data, for various reasons, is sent as part of the relationship with our company.
Data is processed by means of IT tools and/or manually on paper, by persons expressly authorised by the Controller or, in any case, by persons bound by confidentiality agreements, using logic appropriate to the purposes for which the data was collected and, in any case, in order to guarantee the security and confidentiality of the data.
Your data will not be disclosed or disseminated outside the environment of the fair
operators accredited on the platform.
Personal data collected will be used for the purposes connected to your profession of Journalist, PR, Blogger, Photographer, Guest, in order to notify you of our events, trade shows, exhibitions and any other of our initiatives in general.
The personal data processed does not require your consent.
In fact, processing your data is necessary in order to pursue our legitimate interests in notifying you about our initiatives, taking account of your profession.
Within the limits of this purpose, we use the personal data which you have provided us as part of the registration process in our system as well as to send you our periodic Newsletter, without prejudice to your right to object to receiving the same, either from the outset or at any moment thereafter and without formality.
If data is transferred to a third country, the Controller will comply with the provisions of Chapter V of EU Regulation no. 679/2016. Every necessary precaution will be taken in order to ensure that the personal data is protected by basing this transfer on: a) adequacy decisions regarding third countries adopted by the European Commission; b) adequate guarantees given by the third party recipient pursuant to article 46 of the EU Regulation; c) adopting binding corporate rules.
The Controller will also transfer personal data, even in the absence of the aforementioned conditions, if one of the derogation situations exist as provided for by article 49 of the EU Regulation.
You may contact the Controller for more specific information on transfers made to a third country.
The data collected may be sent to third parties exclusively for the purposes specified above or to fulfil a connected, instrumental or supporting activity.
These third parties will process the data as independent Controllers or, depending on the case, as External Processors expressly appointed by the Controller. In this latter case, Processors will follow the Controller’s instructions and will be under the Controller’s supervision.
This essentially involves the following categories:
the Controller's employees, suppliers and collaborators;
external companies and other professionals who carry out specific services on our behalf;
a service provider, to send the newsletter, which has been appointed as an external processor;
bodies and Public Administrations for compliance with legal requirements.
The access badge which we deliver contains personal data that you provided us with in the registration form. Exhibitors are able to read this badge through an optical reader or PittiSmart mobile app, and this allows them access to the personal data contained in this form, in compliance with the purposes and the processing methods each one employs.
This data also meets one of the Controller’s legitimate interests which is to share this information with other companies in the "Centro di Firenze per la Moda Italiana" Group (of which Pitti Immagine S.r.l. is a part), due to organisational or coordination needs or to support the Controller’s activities, within the limits of necessity and proportionality regarding the purpose for which the data is sent, also taking into account the nature of the data processed and the relationship with the Data Subject.
Through our online platform (MyPitti), we share with exhibitors some information about
who visit their dedicated pages on Pitti Connect. in particular:
- the type of visitors (e.g. journalist, buying office, distributor, etc.);
- the name of the visitors and their company/newspaper;
- the country and city the visitors come from;
- the company's telephone number of the visitors;
- the date of the last online visit to the brand page.
Exhibitors will be able to contact visitors through the internal Pitti Connect tool which
allows them to send a message without revealing visitors' email address.
A Data Subject's personal data will be kept for the time necessary to fulfil the existing relationships between the parties and to fulfil the relative obligations, without prejudice to storing data for a longer period as may be required by law. Once such a period ends, the data will be erased.
If a request is made to unsubscribe from our mailing list, we will erase your personal data immediately.
In accordance with the law in force, the Data Subject may assert his/her rights vis-à-vis the Controller, as stated by Regulation 679/2016, i.e.:
- Right of access (art. 15);
- Right to rectification (art. 16);
- Right to erasure (art. 17);
- Right to restriction of processing (art. 18);
- Right to data portability (art. 20);
- Right to object (21);
- Right to withdraw consent;
- Right to lodge a complaint with a Supervisory Authority in the cases provided for by the Regulation. For more details, consult the Italian Data Protection Authority’s site www.garanteprivacy.it.
To exercise any of the aforementioned rights, the Controller should be contacted at the address indicated above, specifying the subject of the request.
Upon receiving a specific request from a Data Subject, pursuant to articles 15-22 of the Regulation, the Controller will provide as a response the information relating to the action taken without unjustified delay and, in any case, at the latest within one month from the date on which the request was received.
This deadline may be extended to two months, if necessary, after taking into account the complexity and number of requests received. The Controller will inform the Data Subject of any extension and the reasons for the delay within one month from the date on which the request was received.
In the event that the request is not deemed to be admissible, the Data Subject will be informed, without delay, and, at the latest, within one month from the date on which the request was received, of the reasons for which the request cannot be fulfilled and of the option to lodge a complaint with a Supervisory Authority as well as the option of appealing to a judicial authority.
The Data Subject’s individual rights are detailed below:
The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him/her is being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing;
f) the right to lodge a complaint with a Supervisory Authority;
g) where the personal data is not collected from the Data Subject, any available information as to its source;
h) the existence of automated decision-making processes, including profiling, referred to in article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.
1. Where personal data is transferred to a third country or to an international organisation, the Data Subject shall have the right to be informed of the appropriate safeguards pursuant to article 46 relating to the transfer.
2. The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. Where the Data Subject makes the request by electronic means, and unless otherwise requested by the Data Subject, the information shall be provided in a commonly used electronic form.
The right to obtain a copy shall not adversely affect the rights and freedoms of others.
1. The Data Subject shall have the right to obtain from the Controller the erasure of personal data concerning him/her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
b) the Data Subject withdraws consent on which the processing is based according to point (a) of article 6(1), or point (a) of article 9(2), and where there is no other legal ground for the processing;
c) the Data Subject objects to the processing pursuant to article 21(1) and there are no overriding legitimate grounds for the processing, or the Data Subject objects to the processing pursuant to article 21(2);
d) the personal data has been unlawfully processed;
e) the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
f) the personal data has been collected in relation to the offer of information society services referred to in article 8(1).
2. Where the Controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the Data Subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of article 9(2) as well as article 9(3);
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) to establish, exercise or defend a right in a court of law.
1. The Data Subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data;
b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the Controller no longer needs the personal data for the purposes of the processing, but the data is required by the Data Subject to establish, exercise or defend a right in a court of law;
d) the Data Subject has objected to processing pursuant to article 21(1) pending the verification of whether the legitimate grounds of the Controller override those of the Data Subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the Data Subject's consent or to establish, exercise or defend a right in a court of law or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A Data Subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the Controller before the restriction of processing is lifted.
1. The Data Subject shall have the right to receive the personal data concerning him/her, which he/she has provided to a Controller, in a structured, commonly used and machine-readable format and shall have the right to transmit that data to another controller without hindrance from the Controller to which the personal data has been provided, where:
a) the processing is based on consent pursuant to point (a) of article 6(1) or point (a) of article 9(2) or on a contract pursuant to point (b) of article 6(1); and
b) the processing is carried out by automated means.
2. In exercising his/her right to data portability pursuant to paragraph 1, the Data Subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
3. The exercise of the right referred to in paragraph 1 of this article shall be without prejudice to article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
1. The Data Subject shall have the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her which is based on point (e) or (f) of article 6(1), including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or to establish, exercise or defend a right in a court of law.
2. Where personal data is processed for direct marketing purposes, the Data Subject shall have the right to object at any time to the processing of the personal data concerning him/her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
3. Where the Data Subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
4. At the latest at the time of the first communication with the Data Subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the Data Subject and shall be presented clearly and separately from any other information.
5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the Data Subject may exercise his/her right to object by automated means using technical specifications.
6. Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to article 89(1), the Data Subject, on grounds relating to his/her particular situation, shall have the right to object to the processing of the personal data concerning him/her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
If you do not wish to receive our newsletter, you may unsubscribe at any moment by clicking the "Unsubscribe" link found in any of the emails received from us.
In the event of a technical problem, you may notify us by email at the address given above.