By way of this privacy policy published for the intents and purposes of articles 12 and 13 of European Regulation no. 679 of 27th April 2016 (hereinafter also “GDPR”), relative to the protection of natural persons in relation to the processing of their personal data, as well as the free circulation of said data, the Data Controller MI-VIEW S.R.L. wishes to inform its visitors – hereinafter also Data Subjects – (in a concise, transparent, intelligible and easily accessible form, using simple and clear language) of all the information necessary in order to allow them to understand how their personal data will be processed following its provision via the website www.miview.it (hereinafter also “Site”).

1. IDENTIFICATION AND CONTACT DETAILS OF DATA CONTROLLER.

MI-VIEW S.R.L. with registered office in Milan, Viale Achille Papa no. 30, Tel. 02 31 911 911 | VAT No. 10700490963 | email: privacy@miview.it

2. CONTACT DATA OF DATA PROCESSOR

A Data Processor has not yet been nominated.

3. PURPOSE AND LEGAL BASIS OF PROCESSING.

Data provided by the Data Subject by way of operations performed by the visitor/user on the Site or provided by said Data Subject to the Data Controller of the Site, shall be processed as set out by the GDPR for insertion into the database of users/visitors that wish to make a booking and/or receive the informative newsletter connected to the activities of MI-VIEW S.R.L. and its Group (for example, the Exhibition “Artigiano in Fiera” and for the Artimondo Magazine) to verify the requirements of the Data Subject and offer and manage the requested services, for operations of an administrative nature, as well as to satisfy specific obligations or fulfil specific tasks required by law. The information may also be used to extrapolate statistics and for the purposes of commercial and promotional communication, also relative to the Artimondo online shop, without any prejudice to the faculty of the visitor/user of the Site to communicate their desire not to receive such communication, at any time.

4. RECIPIENTS OR CATEGORIES OF RECIPIENTS TO WHOM THE PERSONAL DATA MAY BE DISCLOSED.

Data shall not be the object of dissemination unless required by contract or law, and may be communicated to third parties that operate with and on behalf of the Data Controller, or to companies of the group, commercial partners, for the sole purpose of fulfilling and  managing the relationship and for the above-described activities and purposes, even promotional, for operations of an administrative nature, for legal and contractual consultancy, or to satisfy legal obligations. Administrative, accounting and invoicing staff may become aware of such personal data, as may persons responsible for managing and maintaining the processing systems. Communication to the above-mentioned subjects shall nonetheless occur with a guarantee to protect the rights of the Data Subject, as set out by the GDPR. Your name may be inserted in phone, fax and email lists of the Data Controller and you may receive periodic communication in an electronic or printed form, reserved to visitors/users. The list of any Data Processors is available at the Data Controller’s premises.

5. EVENTUAL TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION WITH AN INDICATION OF ANY PRIVACY GUARANTEES.

The data is not expected to be transferred outside the EU or to any international organisations. In any case, should the need arise, the Data Controller shall check whether or not an adequacy decision by the EU Commission exists, guaranteeing a suitable level of data protection.

6. RETENTION PERIOD FOR PERSONAL DATA OR CRITERIA USED TO DETERMINE SAID PERIOD.

The data shall be stored in a form that allows the identification of Data Subjects for a period of time no longer than the fulfilment of the purpose of processing, consistent with any other legal obligations. The Data Controller has a data retention procedure.

7. RIGHTS OF THE DATA SUBJECT

The Data Controller informs you of the following rights:

1. a) right of access, rectification, cancellation, limitation, opposition:
   the Data Subject may access their data at any time, request its rectification if incorrect, request the cancellation of redundant data, but not that required by law by the Data Controller, limit access to data and by certain figures;
2. b) right to data portability:

the Data Subject has the right to receive, in a format that is structured, of common use and legible by automatic devices, personal data relevant to him/her provided to a Data Controller and has the right to transmit said data to another Data Controller without impediment by the Data Controller to whom he/she provided said data, exclusively in the cases set out by art. 20 of the GDPR;

1. c) right to revoke their consent at any time:

the Data Subject may revoke their consent at any time, assuming the consequences (including the interruption of newsletter sending or the impossibility to make a booking), without prejudice to the obligation of the Data Controller to continue to retain the personal data which is the object of this processing, when this is necessary in order to fulfil the legal obligations of the Data Controller or to fulfil a task of public interest or connected to the exercise of public authority vested in the Data Controller.

1. d) right to claim to a data protection authority.
2. MANDATORY OR OPTIONAL NATURE OF DATA PROVISION.

The transfer of data is mandatory given the nature of the contractual relationship established between the Data Subject and the Data Controller.

9. CONSEQUENCES OF EVENTUAL REFUSAL TO RESPOND.

Should the Data Subject refuse to provide the requested mandatory data, the Data Controller reserves the right to evaluate the consequences to be attributed to said refusal, which may not necessarily entirely preclude the stipulation or fulfilment of the contract with the Data Subject, unless the obligation to provide the requested data is a direct result of the law or is strictly essential for the proper functionality of the contractual relationship. In said cases, if the Data Subject refuses to provide the requested data, it will not be possible to commence or fulfil the contract, while if this occurs during the fulfilment of the contract, the relationship must necessarily end.

10. EXISTENCE OF PROFILING ACTIVITIES OR AUTOMATED DECISIONAL PROCESSES, LOGIC USED AND CONSEQUENCES FOR DATA SUBJECT.

Where profiling activities are performed on the Data Subject, connected to marketing activities, said activities shall be carried out in compliance with the GDPR, and the Data Subject may object at any time.

MI-VIEW S.R.L.