MIRABILIA Food&Drink2023

Privacy policy pursuant to the REGULATION (EU) n. 679/2016 and to current regulations regarding the processing of personal data related to the B2B Mirabilia FOOD&DRINK and TOURISM events of the year 2024.

Dear User, the MIRABILIA NETWORK Association (hereinafter, also simply "Data Controller") and CAMERA DI COMMERCIO DI GENOVA (hereinafter, also simply "Joint Controller") through this document intend to give you all the information provided for in Article 13 of Regulation (EU) 2016/679 (also known as GDPR or General Data Protection Regulation), with reference to the processing of your personal data within the scope of the purposes listed below in relation to the B2B Mirabilia FOOD&DRINK and TOURISM 2024 event.

The event will be held entirely in-person, expecting  the participation and B2B meeting between Italian food&wine and tourism companies and foreign buyers from the same sector who are interested in developing mutual business connections.

For more transparency, referring to the information reported, we detail definitions regarding to the roles of the individuals reported in the notice:

●   Mirabilia Network Association: event organizer, promoter and data controllers;
●   CCIAA di GENOVA: Joint Controller of the data processing, owner and controller of the matching web platform between Italian food&wine and tourism companies and foreign buyers and related services like contact point for data subjects;
●   Italian CCIAA: member entities of Mirabilia Network Association and data processing co-owners;
●   Data Subject: natural individual being part of the foreign buyer organization invited to participate in the event;
●   Invited/participating company: Italian organization operating in the food&wine and tourism sectors invited by the promoting authority of the event to register and take part in it in order to get in touch with foreign buyers.

Partner collaborating authorities of the event:
●   CCIE: Italian Chamber of Commerce Abroad, associated with Assocamerestero, interested in carrying out activities to promote Made in Italy in the country where it is located and in favor of its members, selecting and inviting buyers food&drink to register and participate in the event and to whom information is provided concerning the events held;
●   TTG: Italian Exhibition Group, selecting and inviting buyers tourism to register and participate in the event and to whom information is provided regarding the events held;
●   Buyers and seller: foreign and italian organizations operating in the food&drink and tourism sectors interested in participating in the promoted event in order to get in touch with Italian companies which in turn are interested in promoting their products and brands abroad;
●  Suppliers: entities operating as data processors who provide support services of a technical, IT, logistical nature for the organization and management of the event. 

1. Subject of this notice

Pursuant to and for the purposes of the provisions of Article 13 of the GDPR, the Data Controller and the Joint Controller inform you about the methods of processing of your personal data collected and processed for the management of the following event/initiative: B2B Mirabilia FOOD&DRINk and TOURISM year 2024.

The processing also covers, as indicated below, audio and/or video recording, i.e. photos and videos made during said event/initiative, as well as communications for subsequent initiatives of the Data Controller.

1. Data Controller

In accordance with Article 4 paragraph 7 of the GDPR:

●   the data controller is Mirabilia Network Association, which can be reached at the email address info@mirabilianetwork.eu. Data Protection Officer (DPO) can be reached through email address dpo@cerpes.it
●   the joint controller is CCIAA di Genova, which can be reached at the email address cciaa.genova@ge.legalmail.camcom.it. Data Protection Officer (DPO) can be reached through email address responsabileprotezionedati@ge.legalmail.camcom.it
●   Data processing co-owners are the Chambers of Commerce, Mirabilia members, that are: Bari, Basilicata, Caserta, Catanzaro Crotone Vibo Valentia, Chieti-Pescara, Foggia, Irpinia Sannio, Marche, Messina, Molise, Pavia, Padova, Pordenone-Udine, Riviere di Liguria, Sassari, Sud Est Sicilia, Treviso-Belluno, Umbria, Venezia Giulia e Verona. 

3. Goals and legal basis of the processing

Personal data are processed for the pursuit of the tasks and functions of the Data Controllers and co-owners of the chamber system, as stipulated in Article 2, Paragraph 2 of Law n. 580/1993 and, in particular:

3.1 for the realization of the event/initiative indicated in the previous point 1, i.e. to manage registrations to the event made independently by interested parties who, on their own or as representatives of invited/participating buyers, intend to take part. Contextually use the data communicated to plan and manage the participation in the bilateral "one to one" meetings with Italian companies in the food&wine and tourism sector including the survey of attendance;

3.2 to permit to be on the named list of participating buyers and sellers in order to make it available for consultation also by Italian companies and other foreign buyers participating in the event (some of them based in non-EEA geographic areas, such as the United States and Canada);

3.3 to inform users and businesses about the activities of the Data Controller and co-owners;

The informational purpose may be accomplished through:
a)   the making of videos, photos and/or other multimedia materials;
b)   the creation of audio and/or video interviews;
c)    the use of photos and images for, as an example, books, magazines, brochures, catalogs and/or other printed promotional material;
d)   the dissemination, of one or more of the results of what is indicated in the previous points a) to c), on the website, or on the institutional social network pages of the Data Controller and co-owners.

3.4 for communications related to events, conferences and other institutional initiatives [in the subjects of this event/initiative], through a special email mailing list of the Data Controller and co-owners;

The legal basis, for the purposes referred to in the preceding points is Article 6, paragraph 1, letter (a) of the GDPR, i.e., the consensus expressed by the data subject at the time of registration of participation.

4.  Authorized, Data Processors and Databases of Personal Data

The personal data necessarily processed are those identifying (name/surname) and contact data (Telephone, Email) of the data subject. Other personal data, freely indicated by the subject at the time of the self-subscription on the matching web platform, may be processed, such as: qualification, membership body/association, etc.

Personal data are processed by the Joint Controller and/or by internal subjects, previously trained and instructed, duly designated/authorized operating on its own in compliance with GDPR. The processing is carried out in electronic and/or paper form, as well as by means of digitized communication, transmission and storage procedures, employing appropriate methods that guarantee security and confidentiality in accordance with the GDPR.

Moreover, personal data may be processed by external subjects formally nominated by the Joint Controller, according to the art. 28 of GDPR as External Data Processors and belonging to the following categories:

●   ASSET, Special Company of the Chamber of Commerce of Basilicata
●   suppliers and partners who perform services for the pursuit of the purposes referred to this notice (merely for example, companies or professionals - journalists, photographers and/or video/graphic makers, etc., IEG spa, Assocamerestero, EEN, also possibly commissioned to make audio and/or video footage and/or photographs, promote the events on websites and/or social profiles, radio, TV, newspapers, books, magazines, brochures, catalogs and/or other promotional printed material, select buyers participating in the event
●   companies that provide computer/telematics systems management and maintenance services such as B2Match GmbH (https://www.b2match.com/privacy-policy)..)

The current list of any external processor can always be requested from the Data Controller or Joint Controller.

 5. Communication and diffusion of personal data

Personal data will be communicated to the extent strictly relevant to the purposes indicated above.

a)  to the appropriate staff of the controllers and co-owners;
b)  to any individuals designated as External Managers of processors as indicated in the previous point 5 of this notice;
c)   to the foreign offices of the project partners based in the following countries: European Union, Great Britain, United States, Canada, Japan, Arab Emirate;
d)   to the judicial, administrative or other public authorities entitled to request them in the cases provided for by law.

Personal data, within the limits of the above-mentioned processing purposes, may be published on the Data controller website (www.mirabilianetwork.eu) and on the following social channels of the owner:

a) Facebook;
b) Youtube;
c) Twitter;
d) Instagram

Personal data, including images and/or audio-video shooting, will form the object of processing operations in respect of the regulations in force and the principles of correctness, legitimacy, transparency and confidentiality that inspire the owner's activity and in compliance with the security measures provided for by the GDPR.

6. Consequences of not providing personal data

The provision of personal data required for registration is facultative. However, the refusal to provide their data means that the person concerned will not be able to register and consequently participate in the event/initiative.

In this case, in addition to the processing of personal data necessary for participation in the event/initiative, the controllers require the data subjects to consent to the processing for purposes other than mere participation in the event/initiative, such consent is always optional, does not prevent participation in the event/initiative, entails no other consequences for those who deny it, and can be revoked at any time.

7. Transfer of data to countries outside the European Union or international organizations

Data Controller, Joint Controller and Co-Processor assure from now on that the transfer of personal data and the performance of the processing outside the European Union will take place, pursuant to article 44 of the GDPR, exclusively in accordance with the purposes listed in points 2 and 4 of this notice and exclusively in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission with data processors appointed in countries outside the European Union or performing the processing of personal data, or parts thereof, in facilities outside the European Union.

Data communication and publication through matching web platforms in third countries out of European Commission adequacy decisions, like USA, Australia and United Arab Emirates will be provided only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.

8. Non-existence of an automated decision-making process

The Controllers do not adopt any automated process, including profiling as referred to in Article 22(1) and (4) of the GDPR.

9. Duration of the processing data

The personal data provided will not be processed for commercial or marketing purposes or transferred to third parties and will be kept for the period of time strictly necessary for the pursuit of the purposes mentioned above, in accordance with the provisions of article 5 of the GDPR, and in any case for no longer than 10 years.

10. Rights of data subjects and how to exercise them

Data subjects can exercise, towards the Data Controller, the rights provided for in articles 15 et seq. of the GDPR and further relevant legislation.

The data subject has the right to access his or her personal data, to ask for their correction or supplementation if incomplete or inaccurate, their restriction, deletion, as well as to object to their processing.

For processing based on consent, the data subject has the right to revoke the consent provided without invalidating the lawfulness of the processing carried out prior to such revocation.

In order to exercise his or her rights, the data subject may contact, either the Data Controller, or the Data Protection Officer, at the respective contact details indicated above at the point 2 of this notice.

Feedback with respect to the data subject's request shall be provided, as a rule, in writing or by other means within the time limits and in the manner stipulated in article 12 of the GDPR. If requested by the data subject, information may also be provided orally, or by electronic means if the request was made by such means.

The interested parties have, in addition, the right to propose a complaint, according to art. 77 of the GDPR, to the guarantor for the protection of personal data, in the manner provided by the Authority itself (www.garanteprivacy.it), or, according to art. 79 of the GDPR, to appeal to the judicial authority in the manner and terms provided by law.

This notice was updated on 10-07-2024