PRIVACY POLICY

Transparency and the security of your data are matters we take seriously.

Pursuant to Art. 13 of EU Regulation 679/2016 (General Data Protection Regulation – GDPR), this notice concerns all users who consult the pages of our website https://vicenzaclassiccarshow.com

It does not apply to any other websites that the user may consult through links that may be present on our site.

INDEX

  1. THE DATA CONTROLLER
  2. CATEGORIES OF DATA SUBJECT TO PROCESSING
  3. ON WHICH LEGAL BASES WILL DATA BE PROCESSED
  4. FOR WHAT PURPOSES WILL WE PROCESS YOUR DATA?
  5. WITH WHOM DO WE SHARE YOUR DATA?
  6. WILL YOUR DATA BE TRANSFERRED TO A THIRD COUNTRY?
  7. HOW LONG WILL YOUR DATA BE STORED?
  8. WHICH DATA PROTECTION RIGHTS CAN YOU ASSERT AS A DATA SUBJECT?
  9. OUR SUPERVISORY AUTHORITY FOR PERSONAL DATA PROTECTION IS:
  10. HOW IS YOUR DATA PROTECTED?

 

 

  1. THE DATA CONTROLLER

DATA CONTROLLER:

EMAC SRL

with registered office at Viale IV November 25 51016 Montecatini Terme (Pistoia),

which organizes the event known as Milano Auto Classica at the Rho exhibition center.

  1. CATEGORIES OF DATA SUBJECT TO PROCESSING

Personal data (hereinafter referred to as “Data”) are information referring to an identified or identifiable natural person.

Through the website, we process only the following categories of data:

  • DATA YOU VOLUNTARILY PROVIDE TO US

These are “ordinary” personal data that you voluntarily enter on our website when you submit an information request through the “Contact” form (e.g., first name, last name, telephone, address, email, and any other information you freely include in the form).

The optional, explicit, and voluntary sending of emails to the addresses indicated on this site results in the subsequent acquisition of your address—necessary to respond to your requests or for direct marketing activities via newsletter— as well as any other personal data included in the email itself.

If you include unsolicited sensitive (“special”) data, they will not be retained but will be immediately deleted by the

Data Controller.

  • Payment Data

Personal data necessary for the execution of the payment (e.g. user identification data,transaction data, and technical data used to authorise the operation) is collected via ourwebsite but is processed, on our behalf, by the company responsible for paymentmanagement, duly appointed as the External Data Processor pursuant to Article 28 of theGDPR [General Data Protection Regulation].

  • BROWSING DATA

The computer systems and software procedures used to operate the website acquire, during their normal functioning, certain data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified individuals, but due to its nature could—through processing and association with data held by third parties—allow users to be identified. This category of data includes:

  • internet protocol (IP) address associated with the device used to connect
  • type of browser and parameters of the device used to access the site
  • name of the internet service provider (ISP)
  • date and time of the visit
  • webpage from which the visitor arrived (referral) and exit page
  • any number of clicks performed on the site and any preferences expressed
  • other parameters relating to the user’s operating system and IT environment
  • Aggregated data: Browsing data may be used to obtain anonymous and aggregated statistical information on site usage and to check its correct functioning.

  • COOKIES

Our website uses technical, profiling, and third-party cookies; we invite you to read our Cookie Policy for more information.

  1. ON WHICH LEGAL BASES WILL THE DATA BE PROCESSED

 

  • CONSENT

The lawfulness of the processing in this case is to be found solely and exclusively in the CONSENT you voluntarily provide to us.

By using or consulting our website, you explicitly approve our privacy notice and consent to the processing of your personal data in relation to the methods and purposes described below, but explicit consent will be requested only through selecting the unticked checkbox that you will find in the “Contacts” form.

Consent, under Art. 4 GDPR, is any freely given, specific, informed, and unambiguous expression of will following our clear and concise request. The consent you provide applies to all processing activities carried out for the same purpose or purposes.

  • EXECUTION OF A CONTRACT

The legal basis for processing payment data for the purchase of tickets is the execution ofa contract or pre-contractual measures requested by the data subject, under Article 6, para.1, letter b) GDPR, as providing payment data is necessary to finalise the purchase of therequested products/services.

The Data Processor manages the data exclusively for purposes related to the processing ofthe payment, adopting technical and organisational measures in accordance with Article 32GDPR. Data is not retained beyond the time strictly necessary to complete the transactionand manage related administrative and anti-fraud activities, unless legal retentionrequirements apply.

  • LEGAL OBLIGATION

Art. 6(1)(c) GDPR: We must process some of your data in order to comply with legal obligations to which we are subject (billing, etc.).

  1. FOR WHAT PURPOSES WILL WE PROCESS YOUR DATA?

We will process your data for the following main reasons:

  • To comply with requirements laid down by national and EU regulations.
  • For the ticket sales and pre-sale service
  • To determine liability in the event of hypothetical computer crimes committed against the site and for investigations in the event of potential disputes.
  • To enter the data into our databases.
  • For marketing activities via newsletter: the newsletter service consists of sending electronic communications following the express request of the recipient; therefore, no additional consent is required beyond that provided by the data subject when completing and submitting the newsletter subscription form.

Providing consent for the newsletter is therefore optional. However, failure to provide it will prevent you from receiving any type of communication.

You may revoke consent to the newsletter through the specific disclaimer contained in the footer of every email you receive from our site.

SECONDARY PURPOSES

Processing of data to comply with legal obligations: We are subject to certain legal obligations in managing the website. This includes, among other things, the obligation to ensure the security of your data when using the site. For this purpose, we may process your data as part of the measures necessary to ensure data security.

PROCESSING OF DATA BASED ON LEGITIMATE INTEREST:

Storage of access data in server log files: When you visit our website, we may store access data in server log files, such as the name of the requested file, date and time of access, volume of data transferred, and requesting provider. We use this data exclusively to ensure efficient site operation. For security purposes (anti-spam filters, firewalls, virus detection), the data automatically recorded may also include personal data such as the IP address, which may be used, in compliance with applicable laws, to block attempts to damage the site or harm other users, or to prevent harmful or criminal activities.

PROCESSING OF DATA BASED ON CONSENT FOR MARKETING ACTIVITIES: 

The newsletter service consists of sending electronic communications following the express request of the recipient; therefore, no additional consent is required beyond that provided by the recipient when completing and submitting the newsletter subscription form.

Providing consent for the newsletter is therefore optional. However, failure to provide it will prevent you from receiving any type of communication.

  1. WITH WHOM DO WE SHARE YOUR DATA?

We always adopt appropriate measures to ensure that your data is processed, protected, and transmitted in accordance with applicable legal requirements.

THIRD-PARTY SERVICE PROVIDERS

We make use of other companies and professionals to perform certain activities on our behalf, all of whom are appointed pursuant to Art. 28 of EU Regulation 679/2016.

In addition to us, in some cases, categories of authorized personnel involved in the organization or external subjects (such as third-party technical service providers, IT companies) may have access to the data.

We guarantee that they cannot use the data for any other purposes and are also required to process personal data in compliance with this Privacy Notice and with applicable data protection regulations.

For the processing of transaction data, the Data Controller has appointed an externalcompany as the Data Processor, which manages the data solely for purposes related to theprocessing of payments, adopting technical and organisational measures in compliance with Article 32 GDPR. Data is not retained longer than necessary for the completion of thetransaction and the management of related administrative and anti-fraud activities, unlessretention obligations are provided by law.

  1. WILL YOUR DATA BE TRANSFERRED TO A THIRD COUNTRY?

Our website does not transfer any of your data to non-EU countries, but the voluntary use of links and social plugins may result in your data being shared with services located outside the European Union, according to the Privacy Policies of each service and legal entity.

  1. HOW LONG WILL YOUR DATA BE STORED?

Pursuant to Art. 17 GDPR, your data will be stored for as long as we are legally required to or for as long as your data is needed for the purposes stated in Section 4. Your data will then be deleted in compliance with the principle of data minimization.

  • WITH REFERENCE TO PROCESSING FOR THE PURPOSE OF SENDING A RESPONSE:

Data will be stored no longer than two years from the first contact, without prejudice to the data subject’s objection to

the processing. In any case, deletion may be requested by sending an email.

  • WITH REFERENCE TO PROCESSING FOR NEWSLETTER PURPOSES:

Data will be stored for no longer than the time necessary to achieve the purposes for which it is processed and for a maximum of 12 months for profiling, and 24 months for “general” marketing, in full compliance with the storage limitation principle provided for by the GDPR; or until consent is withdrawn.

  • WITH REFERENCE TO BROWSING DATA:

Only data collected for monitoring purposes will remain on the servers for a period of 12 months.

  • FOR LEGAL OBLIGATIONS:

In any case, data of a civil, accounting, or tax nature will be stored for a period of ten years, as required by law.

  1. WHICH DATA PROTECTION RIGHTS CAN YOU ASSERT AS A DATA SUBJECT?

You may assert various rights that belong to you as a data subject. In particular, these rights are:

RIGHT TO INFORMATION

You may ask us which of your personal data we are actually processing.

RIGHT TO ACCESS

You may access your personal data undergoing processing and request a copy of it.

RIGHT TO RECTIFICATION

You may rectify your personal data at any time by requesting the correction of inaccurate data and the completion of incomplete data.

RIGHT TO  ERASURE

You may request the deletion of your personal data at any time.

However, note that the right to erasure is not absolute; therefore, in certain cases (for example, to fulfil a legal obligation)

the request may legitimately be denied. The email with the subject “Deletion of personal data” must contain:

  • First and last name of the requester
  • Written request for deletion
  • Email address used for registration
  • Password for accessing your personal area (if available)
  • Copy of identity card or passport
  • Contact address and telephone number

 

RIGHT TO DATA PORTABILITY

You may request the portability of your data, i.e., to receive the personal data concerning you in a structured, commonly used, and machine-readable format. You therefore have the right to request that your data be transmitted to another Controller.

RIGHT TO OBJECT

You may object to a particular processing of your personal data without necessarily requesting its deletion. From the moment of objection, the Controller will cease processing your data.

RIGHT TO RESTRICTION

You may request the restriction of the processing of your personal data. In certain cases, for example when exercising the right to object, restriction is a natural consequence. If processing is restricted, any use of the data by the Controller will be possible only with your consent.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY 

We work together with you to achieve a fair solution to any complaint regarding data protection. You have the right to lodge a complaint with the Data Protection Authority if you believe that the processing of your personal data by us violates the applicable data protection law.

  1. METHODS FOR EXERCISING THE DATA SUBJECT’S RIGHTS

– The Controller may be contacted at the email address: segreteria@emacfiere.com and at the certified email address (PEC): emacsrl@arubapec.it, or by sending a registered letter with return receipt to the Controller’s registered office.

– The Data Protection Officer (DPO) / Data Protection Manager (RPD) may be contacted at the email address: dpo@emacfiere.com

  1. HOW ARE YOUR DATA PROTECTED?

We have adopted appropriate technical and organizational security measures to ensure the protection of the data. For this purpose, we have developed a reliable internal security approach.

Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are taken to prevent data loss, unlawful or improper use, and unauthorized access.