16 October 2023 - 17 October 2023
Hotel CARASCO, Lipari (ME), Italy
Dear User, the MIRABILIA NETWORK Association (hereinafter, also simply "Data Controller") and CAMERA DI COMMERCIO DI GENOVA (hereinafter, also simply "Joint Controller") through this document intend to give you all the information provided for in Article 13 of Regulation (EU) 2016/679 (also known as GDPR or General Data Protection Regulation), with reference to the processing of your personal data within the scope of the purposes listed below in relation to the B2B Mirabilia FOOD&DRINK and TOURISM 2023 event.
The event will be held entirely in-person, expecting the participation and B2B meeting between Italian food&wine and tourism companies and foreign buyers from the same sector who are interested in developing mutual business connections.
For more transparency, referring to the information reported, we detail definitions regarding to the roles of the individuals reported in the notice:
● Mirabilia Network Association: event organizer, promoter and data controllers;
● CCIAA di GENOVA: Joint Controller of the data processing, owner and controller of the matching web platform between Italian food&wine and tourism companies and foreign buyers and related services like contact point for data subjects;
● Italian CCIAA: member entities of Mirabilia Network Association and data processing co-owners;
● Data Subject: natural individual being part of the foreign buyer organization invited to participate in the event;
● Invited/participating company: Italian organization operating in the food&wine and tourism sectors invited by the promoting authority of the event to register and take part in it in order to get in touch with foreign buyers
Partner collaborating authorities of the event:
● CCIE: Italian Chamber of Commerce Abroad, associated with Assocamerestero, interested in carrying out activities to promote Made in Italy in the country where it is located and in favor of its members, selecting and inviting buyers food&drink to register and participate in the event and to whom information is provided concerning the events held;
● TTG: Italian Exhibition Group, selecting and inviting buyers tourism to register and participate in the event and to whom information is provided regarding the events held;
● Buyers and seller: foreign and italian organizations operating in the food&drink and tourism sectors interested in participating in the promoted event in order to get in touch with Italian companies which in turn are interested in promoting their products and brands abroad;
● Suppliers: entities operating as data processors who provide support services of a technical, IT, logistical nature for the organization and management of the event.
- Subject of this notice
Pursuant to and for the purposes of the provisions of Article 13 of the GDPR, the Data Controller and the Joint Controller inform you about the methods of processing of your personal data collected and processed for the management of the following event/initiative: B2B Mirabilia FOOD&DRINk and TOURISM year 2023.
The processing also covers, as indicated below, audio and/or video recording, i.e. photos and videos made during said event/initiative, as well as communications for subsequent initiatives of the Data Controller.
- Data Controller
In accordance with Article 4 paragraph 7 of the GDPR:
● the data controller is Mirabilia Network Association, which can be reached at the email address email@example.com. Data Protection Officer (DPO) can be reached through email address firstname.lastname@example.org
● the joint controller is CCIAA di Genova, which can be reached at the email address email@example.com. Data Protection Officer (DPO) can be reached through email address firstname.lastname@example.org
● Data processing co-owners are the Chambers of Commerce, Mirabilia members, that are: Bari, Basilicata, Caserta, Catanzaro Crotone Vibo Valentia, Chieti-Pescara, Foggia, Irpinia Sannio, Marche, Messina, Molise, Pavia, Padova, Pordenone-Udine, Riviere di Liguria, Sassari, Sud Est Sicilia, Treviso-Belluno, Umbria, Venezia Giulia e Verona.
- Goals and legal basis of the processing
Personal data are processed for the pursuit of the tasks and functions of the Data Controllers and co-owners of the chamber system, as stipulated in Article 2, Paragraph 2 of Law n. 580/1993 and, in particular:
3.1 for the realization of the event/initiative indicated in the previous point 1, i.e. to manage registrations to the event made independently by interested parties who, on their own or as representatives of invited/participating buyers, intend to take part. Contextually use the data communicated to plan and manage the participation in the bilateral "one to one" meetings with Italian companies in the food&wine and tourism sector including the survey of attendance;
3.2 to permit to be on the named list of participating buyers and sellers in order to make it available for consultation also by Italian companies and other foreign buyers participating in the event (some of them based in non-EEA geographic areas, such as the United States and Canada).
3.3 to inform users and businesses about the activities of the Data Controller and co-owners.
The informational purpose may be accomplished through:
a) the making of videos, photos and/or other multimedia materials;
b) the creation of audio and/or video interviews;
c) the use of photos and images for, as an example, books, magazines, brochures, catalogs and/or other printed promotional material;
d) the dissemination, of one or more of the results of what is indicated in the previous points a) to c), on the website, or on the institutional social network pages of the Data Controller and co-owners;
3.4 for communications related to events, conferences and other institutional initiatives [in the subjects of this event/initiative], through a special email mailing list of the Data Controller and co-owners.
The legal basis, for the purposes referred to in the preceding points is Article 6, paragraph 1, letter (a) of the GDPR, i.e., the consensus expressed by the data subject at the time of registration of participation.
4. Authorized, Data Processors and Databases of Personal Data
The personal data necessarily processed are those identifying (name/surname) and contact data (Telephone, Email) of the data subject. Other personal data, freely indicated by the subject at the time of the self-subscription on the matching web platform, may be processed, such as: qualification, membership body/association, etc.
Personal data are processed by the Joint Controller and/or by internal subjects, previously trained and instructed, duly designated/authorized operating on its own in compliance with GDPR. The processing is carried out in electronic and/or paper form, as well as by means of digitized communication, transmission and storage procedures, employing appropriate methods that guarantee security and confidentiality in accordance with the GDPR.
Moreover, personal data may be processed by external subjects formally nominated by the Joint Controller, according to the art. 28 of GDPR as External Data Processors and belonging to the following categories:
● ASSET, Special Company of the Chamber of Commerce of Basilicata
● suppliers and partners who perform services for the pursuit of the purposes referred to this notice (merely for example, companies or professionals - journalists, photographers and/or video/graphic makers, etc., IEG spa, Assocamerestero, EEN, also possibly commissioned to make audio and/or video footage and/or photographs, promote the events on websites and/or social profiles, radio, TV, newspapers, books, magazines, brochures, catalogs and/or other promotional printed material, select buyers participating in the event
● companies that provide computer/telematics systems management and maintenance services such as B2Match GmbH (https://www.b2match.com/privacy-policy)..)
The current list of any external processor can always be requested from the Data Controller or Joint Controller.
5. Communication and diffusion of personal data
Personal data will be communicated to the extent strictly relevant to the purposes indicated above.
a) to the appropriate staff of the controllers and co-owners;
b) to any individuals designated as External Managers of processors as indicated in the previous point 5 of this notice;
c) to the foreign offices of the project partners based in the following countries: European Union, Great Britain, United States, Canada, Japan, Arab Emirate;
d) to the judicial, administrative or other public authorities entitled to request them in the cases provided for by law.
Personal data, within the limits of the above-mentioned processing purposes, may be published on the Data controller website (www.mirabilianetwork.eu) and on the following social channels of the owner:
Personal data, including images and/or audio-video shooting, will form the object of processing operations in respect of the regulations in force and the principles of correctness, legitimacy, transparency and confidentiality that inspire the owner's activity and in compliance with the security measures provided for by the GDPR.
6. Consequences of not providing personal data
The provision of personal data required for registration is facultative. However, the refusal to provide their data means that the person concerned will not be able to register and consequently participate in the event/initiative.
In this case, in addition to the processing of personal data necessary for participation in the event/initiative, the controllers require the data subjects to consent to the processing for purposes other than mere participation in the event/initiative, such consent is always optional, does not prevent participation in the event/initiative, entails no other consequences for those who deny it, and can be revoked at any time.
7. Transfer of data to countries outside the European Union or international organizations
Data Controller, Joint Controller and Co-Processor assure from now on that the transfer of personal data and the performance of the processing outside the European Union will take place, pursuant to article 44 of the GDPR, exclusively in accordance with the purposes listed in points 2 and 4 of this notice and exclusively in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission with data processors appointed in countries outside the European Union or performing the processing of personal data, or parts thereof, in facilities outside the European Union.
Data communication and publication through matching web platforms in third countries out of European Commission adequacy decisions, like USA, Australia and United Arab Emirates will be provided only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
8. Non-existence of an automated decision-making process
The Controllers do not adopt any automated process, including profiling as referred to in Article 22(1) and (4) of the GDPR.
9. Duration of the processing data
The personal data provided will not be processed for commercial or marketing purposes or transferred to third parties and will be kept for the period of time strictly necessary for the pursuit of the purposes mentioned above, in accordance with the provisions of article 5 of the GDPR, and in any case for no longer than 10 years.
10. Rights of data subjects and how to exercise them
Data subjects can exercise, towards the Data Controller, the rights provided for in articles 15 et seq. of the GDPR and further relevant legislation.
The data subject has the right to access his or her personal data, to ask for their correction or supplementation if incomplete or inaccurate, their restriction, deletion, as well as to object to their processing.
For processing based on consent, the data subject has the right to revoke the consent provided without invalidating the lawfulness of the processing carried out prior to such revocation.
In order to exercise his or her rights, the data subject may contact, either the Data Controller, or the Data Protection Officer, at the respective contact details indicated above at the point 2 of this notice.
Feedback with respect to the data subject's request shall be provided, as a rule, in writing or by other means within the time limits and in the manner stipulated in article 12 of the GDPR. If requested by the data subject, information may also be provided orally, or by electronic means if the request was made by such means.
The interested parties have, in addition, the right to propose a complaint, according to art. 77 of the GDPR, to the guarantor for the protection of personal data, in the manner provided by the Authority itself (www.garanteprivacy.it), or, according to art. 79 of the GDPR, to appeal to the judicial authority in the manner and terms provided by law.
(this notice was updated on 06-06-2023)
In addition, by registering for MIRABILIA Food&Drink2023 Brokerage Event you also accept the following terms and conditions:
Your profile will only be published once you fulfill all the registration steps and requirements
If an unforeseen circumstance comes up and you cannot attend a meeting you must first cancel your meeting always through the platform, which will update the agenda alerting the involved participants minimising inconveniences to them. You have also to notify the organisers about your inability to attend
Max 2 persons for each organisation are allowed to participate, i.e. 1 accompanying person, whose data have to be communicated to the organisers. A second, separated profile of the same organisation (different registration, different contact person) has to be checked with MIRABILIA Food&Drink2023 staff and it is generally discouraged to maximise the number of participant organisations and thus the matching opportunities for everyone.
Requests of meeting must be EXPRESSLY ACCEPTED or REJECTED in Meeting Section of your profile. Check regularly your meetings during the booking phase to cancel meetings not interesting to you and to get back free time slots for other meetings
Your preliminary meetings agenda will be released few days before the event. Last minutes changes are not uncommon in these kind of events, thus check your online agenda /b2match app regularly, as they always represent the most updated agenda
MIRABILIA Food&Drink2023 Organisers have the right to give your personal contact details to the participants with whom you have booked a meeting, before, during or after the event
After the event, participants have to fill in the online feedback reports regading the meetings evaluation and evolution, communicate resulting cooperation agreements and info about meetings arranged onsite
Videos and pictures of venue and participants will be recorded on behalf of MIRABILIA Food&Drink2023 Organisers (any available format and storage medium is possible) to promote the event and its possible future editions, share knowledge, report organisers activities. Participation to the event entails also the authorisation that your images and sounds may be recorded, reproduced and published in web, tv, newspapers, electronic formats for the purposes cited above
MIRABILIA Food&Drink2023 goal is to create and exploit potential opportunities for business before, during and after the event. Participants data are thus collected and stored through the registration form and during the b2b event to be used for those purposes, in particular for:
o MIRABILIA Food&Drink2023 Organisers will use the data to manage registrations for the event, to inform registered participants of any updates relating to the event
o MIRABILIA Food&Drink2023 Organisers might further promote your public profile within their networks and contact you to verify your interest in exploring possible future collaborations. Regarding this, no contact details are shared without your consent
Data will be retained for collection of feedbacks, agreements and event performances monitoring as long as the MIRABILIA Food&Drink2023 website is kept alive (normally 2 years)