PRIVACY NOTICE PURSUANT TO ARTICLE 13 OF GDPR 2016/679 (General Data Protection Regulation)
Management of Contacts from Events and Trade Fairs

Dear Data Subject,

Pursuant to Article 13 of GDPR 2016/679 (General Data Protection Regulation), this privacy notice is provided regarding the processing of personal data within the processing activity “Management of Contacts from Events and Trade Fairs.”

1) IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

The Data Controller is Sipol S.p.A., with registered office at Via Leonardo Da Vinci, 5 – 27036 Mortara (PV), Italy – VAT No. 01842120188 | Tax Code 01669490037 – Tel. +39 0384 295237 – privacy@sipol.com.

2) DATA PROCESSED

Identification and contact data:

First and last name
Company name and address
Professional title/role
Business email address
Telephone number

Professional profiling data:

Functional area of interest (e.g., Sales, R&D, Supply Chain, QHSE, Marketing, Production)
Relevant industry sector (e.g., Footwear, Automotive & Transportation, Industrial, Consumer Goods, E&E, Masterbatch/Compound)

The above data are collectively referred to as “Personal Data.”

3) PURPOSES AND LEGAL BASIS OF PROCESSING

We process Personal Data in accordance with Regulation (EU) 2016/679 for the following purposes:

a) Legitimate Interest (Article 6(1)(f) GDPR)
For post-event commercial follow-up activities, including:

Contacting participants after the event
Sending quotations
Sending technical documentation
General business communications
Targeted follow-up based on functional area and industry sector
CRM management and contact qualification

Following a Legitimate Interest Assessment (LIA), it has been determined that the processing is necessary to develop business relationships with individuals who voluntarily attended the event or trade fair and provided their data in that context.

b) Consent (Article 6(1)(a) GDPR)
For the sending of commercial newsletters. For this processing activity, please refer to the specific newsletter privacy notice available in the relevant section. For practical reasons related to the trade fair environment, consent to newsletter subscription may also be given verbally by the data subject during their visit to the stand.

4) RECIPIENTS OF PERSONAL DATA

Personal data may be processed by:

Data Processors acting on behalf of the Data Controller;
Authorized personnel operating under the authority of the Data Controller and/or the Data Processor.

These may include, by way of example:

Companies providing database and software management and maintenance services;
Service providers supporting the purposes described in this notice, including consultants and law firms;
Entities authorized to access the data pursuant to laws, regulations, or other legal provisions.
5) METHODS OF PROCESSING

Personal data will be processed using both paper-based and electronic means. We ensure that all organizational, physical, and logical security measures deemed necessary and appropriate have been implemented to guarantee the integrity, confidentiality, and availability of the data.

6) DATA TRANSFERS

Personal data are managed and stored on servers located within the European Union.

7) DATA RETENTION

Personal data collected will be retained for the period strictly necessary to achieve the purposes for which they were collected and, in any case, for the following periods:

24 months from the date of collection for post-event commercial follow-up and professional profiling purposes;
For the duration of the business relationship and for 10 years thereafter, in compliance with applicable legal obligations (e.g., retention of tax and accounting records);
Until consent is withdrawn for data processed for newsletter distribution through MailUp.

After these retention periods, the data will be permanently deleted or irreversibly anonymized. The Data Controller periodically reviews the relevance and accuracy of retained data in relation to the purposes of processing and regularly verifies whether stored data have become obsolete.

8) PROVISION OF DATA

The provision of personal data is voluntary and occurs through the delivery of a business card and/or the completion of a contact form during the event.

At this stage, there is no legal or contractual obligation to provide personal data. Failure to provide such data will not result in any adverse consequences for the data subject; however, it will prevent the Data Controller from following up on the business contact initiated during the event and from recording the contact in its customer relationship management systems.

Subscription to the newsletter is optional and independent. Refusal to provide consent for newsletter communications will not affect post-event commercial follow-up activities.

9) RIGHTS OF THE DATA SUBJECT

Pursuant to Articles 15 et seq. of Regulation (EU) 2016/679, the data subject may exercise their rights by contacting the Data Controller at the address provided above or by email at privacy@sipol.com.

The data subject has the right to request, at any time:

Access to their personal data;
Rectification of inaccurate data;
Erasure of data;
Restriction of processing;
Data portability, where applicable.

In the event of a portability request, the Data Controller will provide the personal data concerned in a structured, commonly used, and machine-readable format.

10) RIGHT TO LODGE A COMPLAINT

The data subject has the right to lodge a complaint with the competent supervisory authority in their country of residence.

11) AUTOMATED DECISION-MAKING

The Data Controller does not carry out processing activities involving automated decision-making based on the personal data processed.