NOTICE PURSUANT TO ARTICLES 13 AND 14 OF THE EUROPEAN REGULATION 2016/679 ("GDPR")
The data controller is Biesse S.p.A., with registered office in Via della Meccanica, 16, Pesaro (PU), telephone number +39 0721 439100, Tax Code and VAT no. IT 00113220412, email email@example.com (hereinafter "Biesse" or "the company").
The DPO can be contacted at firstname.lastname@example.org.
In order to be able to register for individual events, it is necessary to register on the Platform, providing the required data (including personal information, contact details, and information regarding the company and country).
When registering for an individual event, further personal data may be collected, including - in the case of a physical event - information for booking hotels, where relevant, as well as any information regarding additional participants.
All data, including that regarding additional participants in a given event, are provided to the company by the registered user.
Once the above periods have come to an end, your data will be destroyed or made anonymous in accordance with the technical procedures of erasure and back-up.
The provision of data marked with an asterisk in the forms on the Platform is necessary in order to be able to process the request for registration on the latter, and/or to enable registration for individual events.
The provision of other data, not marked with an asterisk on the form, is optional.
The data are processed by employees of the company - from the departments responsible for pursuing the aforementioned purposes - who have been expressly authorised to process this information, and who have received adequate operating instructions.
The data are processed on behalf of Biesse by third parties who provide the company with services that are instrumental to the fulfilment of the above-mentioned purposes; these third parties are designated as data processors pursuant to Article 28 of the GDPR (e.g. the company that manages the Platform, the CRM software provider - currently Salesforce.com EMEA Limited, with registered office in the United Kingdom).
In the case of a digital event, the participant's first and last name will be visible to other participants via the chat function on the Platform.
Furthermore, subject to your consent, the data will be communicated to Biesse distributors who are assigned the country of origin listed in the form as their exclusive area, for their own marketing purposes.
The data may be communicated to autonomous data controllers, including public authorities legitimately entitled to receive this data.
The data may be transferred to third countries, i.e. outside the European Union (EU) or the European Economic Area (EEA), such as the United Kingdom, where Salesforce.com is based, as mentioned above (the UK is a third country deemed "adequate" by the European Commission pursuant to Article 45 of the GDPR, according to the decision of 28 June 2021). The data may also be transferred to sub-contractors outside the EU/EEA.
In cases where the data is transferred to third countries that have not been deemed "adequate" by the European Commission, the transfer mechanisms established under Article 46 of the GDPR (such as the standard contractual clauses, "SCCs", or the binding corporate rules, "BCR") will be used, evaluating whether any "additional measures" need to be adopted in order to ensure a level of protection that is essentially equivalent to that required under EU law.
With regard to Salesforce.com, the latter has adopted the Binding Corporate Rules ("BCR") for Processors to legitimise the transfer of personal data outside the European Union to companies within its group that process such data on behalf of Data Controllers established in a member state, in their capacity as Data Processors and/or Sub-Data Processors.
Salesforce’s Processor Binding Corporate Rules are available at the following link
Data subjects may exercise the rights set out in Articles 15-22 of the GDPR against the company, and more specifically, may:
- request access to the data that regards them and to the information referred to in Article 15 (purpose of data processing, categories of personal data, etc.);
- request erasure of the data in the cases provided for under Article 17, in cases where the company no longer has the right to process this data1;
- in order to obtain the rectification of inaccurate data or the completion of data that is incomplete;
- in order to obtain the restriction of processing (i.e. temporarily ensuring that the data is only stored), in the cases provided for under Article 18 of the GDPR 2;
- Where the processing is based on consent or on a contract and is performed using automated means, the data subject is entitled to receive the data in a structured, commonly used and machine-readable format, and if technically feasible, to freely send this data to another data controller;
- withdraw any consent given at any time.
To exercise these rights, data subjects may contact the company at any time by sending their request using one of the contact methods indicated in Section 1; data subjects may also object to receiving promotional communications by clicking on the unsubscribe link at the bottom of each email.
Data subjects shall have the right to lodge a complaint with the Italian Data Protection Authority or the competent supervisory authority in the Member State where they habitually reside or work or in the Member State where the alleged infringement has occurred.
Registered users of the Platform can also log in with the same credentials to the Digital Arena, and view the related webinars.
1The data subject has the right to obtain the erasure of their data in the following cases in particular:
a) where the personal data are no longer required for the purposes for which they were collected or otherwise processed;
b) where the data subject withdraws the consent upon which the processing is based, in accordance with Article 6.1(a) or Article 9.2 (a), and where no other legal basis exists for the processing;
c) where the data subject objects to the processing of their data pursuant to Article 21.1 and where there are no prevailing legitimate grounds for processing, or where the data subject objects to the processing pursuant to Article 21.2;
d) where the personal data have been unlawfully processed;
e) where the personal data must be erased in order to comply with a legal obligation as stipulated by the law of the European Union or Member State to which the data controller is subject;
f) where the personal data have been collected in relation to the provision of IT company services, as referred to in Article 8.1.
2The conditions under which the restriction of data processing may be obtained are as follows:
a) the accuracy of the personal data is challenged by the data subject, for a period enabling the controller to verify the accuracy of said data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21.1 of the GDPR, pending verification of whether the legitimate grounds of the controller override those of the data subject.