Privacy and Cookie Policy

Privacy Policy for the processing of personal data according to Article 13 of Regulation (EU) 2016/679 (GDPR)

In compliance with the provisions of Regulation (EU) 2016/679 (European Regulation on the protection of personal data), the Data Controller provides the necessary information regarding the processing of personal data requested and/or provided by the Data Subject. This Privacy Policy is valid for the website and should not be considered valid for other websites that may be accessed through links present on the domain websites of the Data Controller, who is in no way responsible for third-party websites.

Personal data processed

“personal data”: any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific elements of that person’s physical, physiological, genetic, mental, economic, cultural, or social identity; (C26, C27, C30).

Specific information

Specific information will be displayed on the website pages in relation to particular services or processing of the data provided.

Data controller

In accordance with Articles 4 and 24 of Regulation (EU) 2016/679, the Data Controller is FIERE DI PARMA S.P.A., with registered office at Via delle Esposizioni 393 – 43126 Parma (PR), Italy. VAT number: 00162790349. E-mail:

Data protection officer

In accordance with Articles 37-39 of Regulation  (EU) 2016/679 the Data Controller has appointed a Data Protection Officer (DPO) who can be contacted for any information or requests at the following e-mail address:

Data processing purposes

The personal data provided, including voluntarily, by the Data Subject through the forms on the website and/or with the consent/authorization of the latter, are collected to fulfil the purposes set out in the Cookie Policy and in the specific information provided on the Data Controller’s website.

Navigation data

The information systems and software procedures required for the proper functioning of this site acquire, during normal operation, some personal data the transmission of which is implicit in the use of internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by the users, the addresses in URI/URL notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment.


The legal basis for the processing is stated in the Cookie Policy and in the specific information provided by the Data Controller.


The data retention periods for navigation data are expressly set out in the Cookie Policy and in the specific information provided in the Data Controller’s website.

Completion of data collection contact forms

The explicit, optional, and voluntary sending of messages to the contact addresses, as well as the completion and submission of the forms on the website of the Data Controller, involve the acquisition by the latter of the Data Subject’s contact data and of all personal data that may be included in the communications and/or entered in the aforementioned forms. The data acquired through the aforementioned method will be used by the Data Controller to reply to the Data Subject’s request.

LEGAL BASIS: execution of pre-contractual measures taken upon the Data Subject’s request

DATA STORAGE PERIOD: 2 years from the last contact or active correspondence

NATURE OF DATA PROVISION: the provision of data is optional or necessary depending on the specific request made by the Data Subject in relation to the purpose for which the data is processed. Failure to provide the data marked with the symbol* or the wording (required) will make it impossible to obtain what has been requested or to use the Data Controller’s services.

Direct marketing

The Data Controller may use the Data Subject’s contact data, with their prior consent, for the following purposes:

– direct marketing;

– carrying out market research, direct sales, satisfaction surveys;

– sending newsletters and promotional, commercial, advertising material or material related to events and initiatives, including through automated means of electronic mail, SMS, or other messaging channels, as well as through automated or operator-assisted phone calls, or by postal mail and other information material.

The Data Controller will use systems and/or solutions and/or software for sending newsletters/promotional communications and for preparing specific reports. Through the aforementioned reports, the Data Controller  will be able to know, for example: the number of readers, openings, users who have selected the content and the overall number of “clicks”; the devices and operating systems used to read the communication; details about the activity of individual users; details of sent e-mails, delivered and undelivered e-mails, and forwarded ones. All this data is used for the purpose of comparing, and possibly improving, the results of the communications.

LEGAL BASIS: Consent pursuant to Article 6(1)(a): the Data Subject has given consent to the processing of their personal data.

DATA STORAGE PERIOD: Until opposition (opt-out/withdrawal of consent)

NATURE OF THE PROVISION: The provision of data is optional. The Data Subject may revoke their consent at any time without prejudice to the processing carried out by the Data Controller until the time of revocation.

To whom will the personal data be disclosed?

Personal data provided will be shared with recipients, who will process the data as processors (Article 28 of Regulation (EU) 2016/679) and/or as individuals acting under the authority of the Owner and of the Data Processor (Art. 29 of the EU Regulation  2016/679) for the aforementioned purposes.

By way of example but not exhaustive, the data will be shared with:

– recipients who provide services for the management of the information system used by the Data Controller and of the telecommunications networks, including e-mails, newsletters and website management, communication and marketing management, platform assistance, freelance professionals, assistance and consulting firms and companies;

– competent authorities in order to comply with statutory obligation and/or provisions issued by public bodies, upon request.

The list of Data Processors is constantly updated and available by writing to the following e-mail addresses: and

Data transfer outside the EEA

Personal data provided will not be transferred to countries outside the EEA.

Is there an automated process?

We do not use decision-making processes based on automated processing, including profiling without your consent.

What are your rights? How can you exercise them?

The data subject may exercise their rights as expressed in Articles 15, 16, 17, 18, 19, 20, and 21 of Regulation (EU) 2016/679 by contacting the Data Protection Officer (DPO) under Article 38(4) or the Data Controller by writing to the following respective addresses: and

Under Articles 15 and following of the Regulation, the Data Subject has the right to request at any time access to, rectification, erasure of their personal data and, in cases provided for by Regulation (EU) 2016/679, restriction of processing and the right to data portability.

At any time, the Data Subject can revoke their consent pursuant to Article 7 of Regulation (EU) 2016/679 by writing to the following addresses: and The Data Subject can also revoke their consent through the “unsubscribe” button at the bottom of e-mails containing newsletters from the Data Controller. The Data Subject can lodge a complaint with the competent supervisory authority under Article 77 of the Regulation (Data Protection Authority pursuant to Article 77 of the Regulation, if they believe that the processing of their data is in breach of applicable law. The Data Subject can object to the processing of their data by sending a request with reasons in accordance with Article 21 of Regulation (EU) 2016/679. The Data Controller reserves the right to evaluate the request, specifying that it may not be accepted if there are compelling and prevailing legitimate interests that override the Data Subject’s reasons and interests stated in the aforementioned request. For the exercise of one’s rights, the addresses to be used are those of the Data Controller and of the Data Protection Officer (DPO), as shown above.

Additional information

The Data Controller reserves the right to modify, update, add, or remove parts of this privacy policy at its discretion and at any time. To facilitate verification, the private policy will include the date it was updated.


Update date: 9 June 2023