Pursuant to Articles 13 and 14 of the EU Regulation 679/2016 ("GDPR") we inform you that the personal data provided by the data subject and/or acquired by IA Spiegata Semplice S.r.l. ("IA") hereinafter also referred to as the Data Holders or "we", in relation to the same, in connection with the Event "AI WEEK" (the "Event"), organised by IA also in collaboration with third party partners, are processed in compliance with the principles of lawfulness, fairness, proportionality, necessity, accuracy, completeness and security and other applicable legal obligations. 

Categories of data subjects. Processing operations and collection methods 

The data processed concerns customers (i.e. exhibitors, visitors/buyers/professional operators, convention/congress participants, speakers at the Event, company leaders, stakeholders, opinion leaders, participants in championships/races and/or workshops, concessionaires of exhibition and/or advertising space, third-party organisers and sponsors who have played the respective role over the past 10 years) and prospects (individuals who have expressed interest in the Event over the past 10 years - e.g. by handing over their own business card or requesting information or quotes - journalists), understood as natural persons over 14 years of age acting in their own right and/or as internal contacts of legal persons, entities or other organisations. The individual categories of data collected are indicated in our collection forms, which supplement this information sheet. The processing is carried out using electronic and paper-based instruments and logically in connection with the individual purposes stated below. 

We collect data i) via online forms or paper or app pre-registration or participation forms filled in by you and/or acquired by third party operators authorised by us or ii) via mobile devices such as tablets, smartphones present at the Event venue or iii) via business card given to us by you. 

In the case of Events organised or hosted by third party partners, data may also be collected through third party partners. 

The data collected may be processed by staff expressly authorised by the Joint Owners, within the limits strictly necessary for the performance of the respective activities assigned to them (e.g. legal, commercial, marketing, administrative, logistics, IT, management control, etc.). 

Purpose of processing 

The processing has the following purposes: 

1. Fulfilment of contractual and legal obligations arising out of or in connection with the participation or potential participation of the person concerned in the Event.
2. Organisational planning and management of the Event, e.g. Issuance and payment of tickets, accreditations and entrance passes (including control of the successful completion of the payment made through third party services), management of personal identification tags (with passport photo) for security purposes, planning and management of specific services requested by you (e.g. translation services, hostesses, catering, escorting), management of the contracts we enter into with third party suppliers of goods and/or services used by you during or at the Event publication of your name and surname or name and company name, telephone number, fax, email, website, in the public online and printed catalogue of the Event in which you participate; communication, at your request, of pre-contractual information (e.g. programmes, proposals, etc.) related to the Event; drafting of invitation letters for consular visa applications. Within the scope of the above-mentioned purposes IA may also offer the visitor/buyer the possibility of using QR code technology, with which the visitor/buyer may transmit his/her data directly to the exhibitor of interest at his/her stand, or scan the QR code present at the stand of the chosen exhibitor. In both cases, the data will be processed by the exhibitor as Autonomous Controller.
3. Sending (by email, ordinary mail, sms, mms, push-up messages, instant messaging functions such as whatsapp, telefax, telephone calls with operator, social networks and other automated tools) of commercial communications, advertising and offers for the sale of products/services similar to those of your interest or relating to trade fair/congress products/services and/or related to them (e.g. sector publishing, championships/races, etc.) - on the whole activities defined as "soft spam" (carried out exclusively by IA).
   3.1 Sending, in accordance with the regulations in force, (by email provided during registration, ordinary mail, sms, mms, push-up messages, instant messaging functions such as whatsapp, telefax, telephone calls with operator, social networks and other automated tools) of commercial, promotional, informative communications and offers for the sale of products/services similar to those of your interest or related to innovation, new technology, Artificial Intelligence and/or related to them (e.g. sector publishing, other events, etc.) - on the whole activities defined as "soft spam" (carried out exclusively by AI). However, if you do not wish to receive such communications, you may notify IA at any time, using the references in the Contact section at the end of this policy. IA will, in this case, discontinue such activity without delay.
4. Profiling (carried out exclusively by IA). Profiling is only relevant for privacy purposes if it concerns natural persons, i.e. sole proprietorships or partnerships and their partners/directors, or internal contact persons of corporations, entities or organisations.
   Profiling uses certain data provided by you and sometimes associates them with company data taken from public databases (e.g. CCIAA Company Register). For example, IA processes the following data:
   i) in the case of exhibitors: name and surname, company name of the organisation they belong to, contact details, residence or registered office, country of origin, website, sector of activity, type of product or service offered, annual promotional/advertising budget, type of distribution - shop, department store, concept store, markets of interest, brand;
   ii) in the case of buyers/professional operators/visitors: name and surname, company name of the organisation to which they belong, contact details, job position and level of responsibility of the contact person, residence or registered office, country of origin, website, year the company was founded, turnover, nr. employees, sector of activity, percentage of business related to Italy and abroad, Italian and foreign regions of interest, main categories of products or services of interest to the buyer/professional and/or marketed by the same (also in terms of percentage of sales by geographic area), categories of clients of the company, purpose of the visit;
   iii) in the case of journalists: name and surname, contact details, sector and publication to which they belong, country of origin, language, iv) in the case of speakers at events/congresses/conferences: name and surname, contact details, sector to which they belong, professionalism/topics covered. In some cases, if you are a customer or a prospect, we will associate the data you provide us with additional personal data collected during your navigation on our websites or during the use of the services provided by these websites (e.g. cookies relating to the pages of our website you visited, the country from which you are connecting) or through other communication channels (e.g. social media) or through services for sending information to you. social media) or through mass commercial emailing services (e.g. which messages you have received, which emails you have opened, which proposals you have accepted through specific actions such as opening an attachment or adhering to a request from us to link to landing pages or email attachments, etc.).
   Profiling enables IA, in particular, to limit the sending to you of promotional communications that are not relevant to your likely expectations and needs or through channels that you do not like.
   The limited nature of profiling does not exclude you from specific benefits or the possibility of freely exercising your privacy rights, nor does it have any particular legal effects; in particular, it does not in any way affect your ability to participate in the Event and/or to use our services (e.g. online pre-registration, purchase of services).
5. Profiling (carried out exclusively by AI).
   The profiling carried out by IA concerns natural persons, including sole proprietorships or partnerships and their partners/directors, or internal contact persons of corporations, entities or organisations. The profiling activities make use of some of the data you provide us with and sometimes associate them with company data taken from public databases (e.g. CCIAA Companies Register).

For example, IA processes the following data:
i) in the case of AI WEEK participants: name and surname, company name of the organisation to which they belong, contact details, job position and level of responsibility, residence or location, country of origin, website, sector of activity, type of product or service offered, markets of interest, company contact details, residence or location, country of origin and website;
(ii) in the case of journalists: name and surname, contact details, sector and title, country of origin, language;
iii) in the case of speakers at the AI WEEK event: name and surname, contact details, sector they belong to, professionalism/topics covered.
In some cases, if you are a customer or prospect, we may combine the data you provide us with additional personal data collected from you while you are visiting our websites or using the services provided by our websites (e.g. cookies related to the pages of our website you visited, the country you are connecting from) or through other communication channels (e.g. social media) or through bulk commercial email services (e.g. what messages you received, what emails you opened, what offers you accepted through specific actions such as opening attachments or adhering to our request). social media) or through mass commercial emailing services (e.g. which messages you have received, which emails you have opened, which proposals you have accepted through specific actions such as opening an attachment or adhering to a request from us to link to landing pages or email attachments, etc.). Profiling allows IA, in particular, to limit the sending to you of promotional communications that are not relevant to your likely expectations and needs or through channels you do not like.
The limited nature of profiling does not exclude you from specific advantages or from the possibility of freely exercising your privacy rights, nor does it have any particular legal effects; in particular, it does not prejudice in any way your possibility to participate in the Event and/or to use the services offered by IA (e.g. online pre-registration, purchase of services).

Only with your separate consent: communication of the data to third party partners of the Joint Holders (e.g. Event organisers, exhibitors or other operators active in the Event), for autonomous direct marketing actions relating to goods/services concerning such third party partners. 

Legal basis of the processing. Obligatory or optional nature of providing data and consequences of failure to do so. 

Processing for the purposes set out in point 1 has its legal basis in our need to fulfil the obligations undertaken through the contract entered into or to be entered into with you (and to carry out all the actions necessary for the correct and complete performance of the commitments undertaken therein) and/or the legal obligations connected therewith. Therefore, such processing does not require your prior consent and you are also free not to provide your data, however, in this case, we will not be able to enter into the requested contract and/or regularly provide the service requested by you or by the organisation to which you belong (e.g. to allow you to participate in the Event of interest and provide you with the related services) and/or we will not be able to fulfil the legal obligations related to the contract. 

The processing for the purposes sub 2 has its legal basis in our legitimate interest to organise plan and manage the Event adequately, coordinating and verifying all the activities reasonably useful to allow the interested party to participate efficiently and effectively to the "AI WEEK" allowing the Contractors to verify some requirements and professional skills absolutely necessary to the evaluation of the candidate to participate to the contest/event of reference. In particular, the request for personal data and documents, especially for foreign guests, will make the correct understanding of the data itself more reliable, but above all more secure in ascertaining the reliability of the company requesting an entry visa. 

Therefore, such processing does not require your prior consent. You are free not to give your data, but in that case you will not be able to participate in the Event. 

During the Event, video footage (including voice) and/or photographs are taken by us and/or photographers and/or videomakers authorised by us. These generic images concern Events that qualify as public events and are therefore processed, without the need for your consent, for publication on our websites/landing pages and social profiles (e.g. Twitter, Facebook, Whatsapp, Youtube, Vimeo, etc.) and on brochures, catalogues, flyers and other printed material of the Contractors and promoting the Event. 

In the event, however, that the aforementioned images portray you in a recognisable manner, the co-owners may publish them for the same promotional purposes, on the aforementioned printed materials or electronic/digital channels intended for the public (e.g. catalogues, brochures, flyers, websites/landing pages, blogs, social networks), only with your specific consent (which is the legal basis for the processing), given on the spot to our official photographer and/or video maker. 

In the latter case, you may withhold your consent, thereby preventing us from processing your image; however, by providing us with your consent, you expressly waive any financial consideration for the use of your image. You may at any time thereafter request the obscuring of the face portrayed in the images published online, without prejudice to the lawfulness of the processing carried out up to the date of the obscuring. The co-owners do not guarantee the obscuration on online channels of third party autonomous owners of the processing. 

Processing for purposes sub 3 (soft spam) has its legal basis in IA's legitimate interest in freely re-contacting its customers and prospects in order to be able to offer them, via electronic/telephone/paper channels, new opportunities relating to services or products similar to those previously purchased/contracted (in the case of customers) or to those in which interest has been shown (in the case of prospects), or relating to trade fair/congress products/services and/or related to them (e.g. sector publishing, championships/races, etc.). Therefore, the so-called soft spam, just described, may lawfully take place even without your prior consent, which is therefore not necessary. 

Processing for the purposes sub 3.1 (soft spam) has its legal basis in IA's legitimate interest in freely contacting its customers and prospects in order to be able to offer them, via electronic/telephone/card/email channels, new opportunities relating to services or products similar to those previously purchased/contracted (in the case of customers) or to those in which interest has been shown (in the case of prospects), or relating to products/services and/or related to them (e.g. sector publications, other events, etc.). Therefore, the so-called soft spam, just described, may lawfully take place even without your prior consent, which is therefore not necessary.

The processing for the purposes sub 4 (profiling) has its legal basis in the legitimate interest of IA to keep and analyse a limited set of information about you, in order to be able to contact you more effectively in case you are a customer or prospect. Due to the limited scope of the data used in the profiling, it also takes place without your prior consent, which is therefore not necessary. 

Processing for the purposes under 4.1 (profiling) has a legal basis in the legitimate interests of IA. 

These processing activities will be carried out by IA on the basis of its legitimate interest in optimising its purchasing procedures, by offering products and services that are more functional and useful to the specific needs of customers and prospects, also by contacting the persons concerned after the event. The legitimate interest has been appropriately balanced with your interests and expectations during the data protection impact assessment, in which certain technical and legal measures have been foreseen in order to minimise the impact of profiling carried out by IA on your legal sphere. In view of this, profiling activities are carried out without your prior consent, which is therefore not necessary.

Processing for the purposes of sub-section 5 (transfer of data to third parties) only takes place with your express consent (thus constituting the legal basis for the lawfulness of the processing). 

The consent requested may be freely withheld by you, without prejudice to your right to participate in the Event and/or to obtain the services requested by you. 

Communication and dissemination of data 

For the purposes sub 1 and 2, the data are communicated by the Owners to: suppliers of the service of management and maintenance of our computer systems, websites and databases, photographers and/or videomakers who produce the video-audio materials or their post-production, journalists and newspapers, companies entrusted with services necessary for the organisation and management of the Event (e.g. installation of set-ups and equipment, publishers of printed and on-line catalogues, logistics, security, private security, first aid, hostesses, etc.), diplomatic representatives, consultants, banks (for the execution or receipt of payments related to the Events), to hotels, suppliers, Public Authorities to obtain entry visas, to personnel of the Contractors authorised to process data (Communication, Travel, Sales, Marketing, etc.). 

For purposes sub 3 and 4, data are communicated to: companies in charge of marketing analysis, advertising, communication and/or public relations agencies, digital and paper publishing companies that produce our advertising or promotional materials, website or blog production companies, web marketing companies, entities in charge of designing and/or maintaining promotional materials, companies in charge of managing and maintaining computer systems, websites and databases used to organise and manage the Event, image agencies. 

These third parties will process the data as external processors in accordance with our written guidelines and under our supervision. 

For all the aforementioned purposes, we also communicate data to third party business partners participating in the implementation and/or promotion of the Event, who will process the data as autonomous or joint owners or managers. You can ask us for a list of the joint data controllers, autonomous data controllers and data processors (see the "data subject's rights" section of this information sheet). 

Data Transfer by AI Explained Simple

The data may be processed by IT service providers, in their capacity as Data Processors. Should they operate outside the European Union, the processing will be carried out in accordance with one of the methods permitted by the law in force, such as, for example, the consent of the data subject, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programmes for the free circulation of data or operating in countries considered safe by the European Commission. You can get more information by contacting IA Spiegata Semplice Srl at the contacts listed below. 

Duration of treatment carried out by IA 

The personal data processed by IA for purposes sub 1 and/or 2 will be kept for the time strictly necessary to achieve those purposes. In any case, since the processing is carried out for the provision of services, IA will retain personal data for the period of time envisaged and allowed by Italian law to protect its interests (art. 2946 of the Italian Civil Code et seq.), i.e. 10 years. 

Personal data processed for purposes 3 and 4 will be retained for up to 48 months after the last interaction between the Data Subject and IA. More information about the data retention period and the criteria used to determine this period can be requested by sending a written request to IA. In the case of data processed for the publication of audio-visual editorial products, the processing period is up to 5 years from the publication of the product. 

We also process data necessary for information security purposes (e.g. log-in records, failed logs and log-outs, when accessing restricted areas on IA-managed websites) for 2 years after collection. Logs relating to the reading of IA's on-line privacy notices and on-line actions by which a data subject's consent is communicated to IA are retained for 10 years after collection. 

In the event of a dispute between you and us or our third-party suppliers, we shall process the data for as long as is necessary for the enforcement of our or the third-party suppliers' rights, i.e. until the issuance and full enforcement of a final decision between the parties or a settlement. 

Once the aforementioned maximum period has expired, personal data are either permanently destroyed or rendered completely anonymous. IA and its respective data processors apply rules that prevent the storage of data indefinitely and therefore limit the storage time in compliance with the principle of minimisation of data processing by carrying out a periodical check every year on the data processed and on the possibility of their deletion if they are no longer needed for the intended purposes. 

In the event of a dispute between the Joint Holders (or third-party suppliers of the Joint Holders) and the data subject, the data shall be processed for as long as is necessary to exercise the protection of the rights of the Joint Holder or the third-party suppliers, i.e. until the issuance of a measure having the force of res judicata between the parties or of a settlement. After the aforementioned period of time has expired, the personal data shall be deleted, destroyed or rendered anonymous by means of appropriate security measures.

Rights of the data subject 

Please be informed that the Data Subject shall have the right to: 

- request confirmation from each Data Controller as to whether or not personal data relating to him or her are being processed and, if so, to obtain access to the personal data and the following information (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organisations; (d) where possible, the period for which the personal data are to be retained or, if this is not possible, the criteria used to determine that period; (e) the existence of the data subject's right to request from each Data Controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing (f) the right to lodge a complaint with a supervisory authority; (g) where the data are not collected from the data subject, all available information as to their source; (h) the existence of an automated decision-making process, including profiling and, at least in such cases, meaningful information on the logic used, as well as the importance and the envisaged consequences of such processing for the data subject. 

- where personal data are transferred to a third country or international organisation, the data subject has the right to be informed of the existence of appropriate safeguards relating to the transfer; 

- request, and obtain without undue delay, the rectification of inaccurate data; taking into account the purposes of the processing, the integration of incomplete personal data, also by providing a supplementary declaration; 

- request the deletion of the data if a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing; c) the data subject objects to the processing, and there is no overriding legitimate ground for the processing, or objects to the processing being carried out for direct marketing purposes (including profiling for such direct marketing) (d) the personal data have been unlawfully processed; (e) the personal data must be erased in order to comply with a legal obligation laid down by Union or Member State law to which the controller is subject; (f) the personal data have been collected in connection with the provision of information society services. 

- request the restriction of the processing concerning the data subject, when one of the following cases occurs (a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that its use be restricted; c) although the data controller no longer needs the personal data for the purposes of processing, the personal data are necessary for the establishment, exercise or defence of legal claims; d) the data subject has objected to processing for direct marketing purposes, pending verification as to whether the data controller's legitimate reasons prevail over those of the data subject.; 

- obtain from each data controller, upon request, communication of the third party recipients to whom the personal data have been transmitted; 

- revoke at any time the consent to process where previously given for one or more specific purposes of their personal data, it being understood that this will not affect the lawfulness of the processing based on the consent given before revocation. 

- receive in a structured, commonly used and machine-readable format the personal data concerning the data subject that the data subject has provided to the Data Controller and, if technically feasible, to have such data transmitted directly to another data controller without hindrance by the Data Controller to whom the data subject has provided the data, where the following (cumulative) conditions are met (a) the processing is based on the data subject's consent for one or more specific purposes, or on a contract to which the data subject is a party and for the performance of which the processing is necessary; and (b) the processing is carried out by automated means (software) (overall right to c.d "portability"). 

The exercise of the so-called right to portability is without prejudice to the right to cancellation provided for above; 

- the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or significantly affects him/her in a similar way. 

- the data subject may also at any time lodge a complaint with the competent supervisory authority under the GDPR (that of his place of residence or domicile). 

Exclusion of joint and several liability Each of the Joint Data Controllers shall be liable to the data subject exclusively for the processing for which it is responsible, with the express exclusion, therefore, of any joint and several liability between Joint Data Controllers. Joint Data Controllers The data subject may exercise his/her rights and request an updated list of the third parties responsible for the processing by writing to the Joint Data Controllers: 

IA Spiegata Semplice S.r.l., Claustro M. S. Tubito n.15 - Altamura (BA), P.IVA 08717290723 email info@iaspiegatasemplice.it