PORDENONE FIERE S.P.A. - Viale Treviso, 1 – 33170 Pordenone – Italy - Tax Code and VAT No.: 00076940931 - Tel. +39.0434.232111 - Fax +39.0434.570415 – 232322 - info@fierapordenone.it - pec@pec.fierapordenone.it

c/o Pordenone Fiere SpA - Viale Treviso, 1 – 33170 Pordenone – Italy - dpo@fierapordenone.it

The optional, explicit, and voluntary sending of messages to the contact addresses of Pordenone Fiere SpA entails the acquisition of the sender's contact details necessary to respond to requests, as well as any personal data included in the communications.

The IT systems and software procedures responsible for the operation of a website or an app acquire, during their normal operation, some personal data whose transmission is implicit in the use of communication protocols.
This category of data includes the following:

• IP addresses of devices used by users;
• date and time the request was received;
• addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources;
• numerical code indicating the status of the server response (success, error, etc.);
• the size in bytes of the response;
• URI/URL address of the referring page (referrer);
• browser identification string (user agent).

These data are not retained for more than 15 days, after which they are automatically deleted (except for any requirements related to investigations by judicial authorities).
Additionally, anonymized data necessary for the use of web services are processed to monitor the proper functioning of the services offered.

The data provided in the context of App usage and/or related to communication with the device are processed lawfully, based on a specific legal basis and solely for the purposes indicated in the table below.
These data will be stored in the CRM system of Pordenone Fiere.

Data will be processed both on paper and electronically, manually and/or using electronic or automated tools.
Providing the data is mandatory for all that is required to comply with legal and contractual obligations.
Some purposes are based on consent as the legal basis. Failure to consent to data storage on the user's device will prevent the installation or operation of the app itself.

For institutional pages, Facebook and Instagram offer a series of analytical tools to extract aggregated data that help understand how people interact. Meta Platforms Ireland Limited, the company providing Facebook and Instagram services, receives data from individuals who visit the social pages managed by Pordenone Fiere, even if they do not otherwise interact with the social platforms.
Regarding the processing of statistical data for Facebook and Instagram pages, Pordenone Fiere is a joint controller with Meta Platforms Ireland Limited (hereinafter also referred to as "Meta").
Similarly, concerning the possible inclusion of the Facebook "Like" button on website pages, which allows users to share their preferences on the social network, Pordenone Fiere and Meta Platforms Ireland Limited should be considered "Joint Controllers" for data collection operations but not for subsequent processing carried out by Meta.
The appendix on the data controller, which indicates the division of responsibilities between Meta and Pordenone Fiere, can be consulted at the link https://www.facebook.com/legal/terms/page_controller_addendum.
Meta's privacy policy, which includes the following information, can be consulted at the link https://www.facebook.com/about/privacy/update:

• What types of information Meta collects;
• How it uses such information;
• How this information is shared;
• The legal bases for data processing;
• How to exercise GDPR rights;
• Contact information for Meta Platforms Ireland Limited regarding personal data protection;
• Contact information for Meta Platforms Ireland Limited's Data Protection Officer;
• The GDPR rights of Facebook and Instagram visitors;
• The data retention period.

Meta's cookie policy can be consulted at this page (https://www.facebook.com/policies/cookies/).

The TikTok Business Profile of Pordenone Fiere allows the social platform to process data related to users who visit, follow, or connect, enabling complementary but interrelated purposes. Therefore, TikTok Technology Limited and Pordenone Fiere are Joint Controllers.
The joint controller agreement that establishes the division of protection obligations between the two parties can be found at the link https://www.tiktok.com/legal/page/global/tiktok-analytics-joint-controller-addendum/en.
TikTok's cookie policy can be consulted at the link https://ads.tiktok.com/i18n/official/policy/privacy, and its privacy policy, which includes the following information, is available at the link https://www.tiktok.com/legal/page/eea/privacy-policy/it:

• What types of information it collects;
• How it uses such information;
• How this information is shared;
• The legal bases for data processing;
• How to exercise GDPR rights;
• Contact information for TikTok regarding personal data protection;
• Contact information for TikTok Technology Limited's Data Protection Officer;
• Rights recognized for data subjects;
• The data retention period.

Pordenone Fiere has a corporate LinkedIn profile through which it showcases its structure and initiatives. The data processed relates to LinkedIn users who visit, follow, or connect with Pordenone Fiere's corporate profile, which then receives Insights for its social page. Specifically, LinkedIn processes data provided by the user in their profile, such as job function, country, industry, seniority, company size, and employment status. Additionally, LinkedIn processes information on how a user interacts with the corporate page, such as whether a user is a follower.
The Page Insights provided by LinkedIn to the Data Controller are aggregated data, and despite the joint controller status, LinkedIn will not provide personal data of users in relation to Page Insights nor will it allow the connection of Page Insights to individual users.
LinkedIn provides Pordenone Fiere with anonymized statistics and insights for its profile, allowing the latter to evaluate the type of actions people take on its profile. These data are created based on specific information about the users who visited it.
Regarding these data, Pordenone Fiere and LinkedIn are joint controllers.
A joint controller agreement has been established with LinkedIn, setting out the division of protection obligations between Pordenone Fiere and LinkedIn.
Details on personal data processing and the agreement established with LinkedIn are available at: https://legal.linkedin.com/pages-joint-controller-addendum

LinkedIn also offers additional marketing services for which it is the data controller. These services involve personal data, including curriculum information, names, and contact details of employees, candidates, or potential clients or business partners.
The agreement can be consulted at the following address: https://www.linkedin.com/legal/l/dpa
For more information on LinkedIn marketing services:
https://www.linkedin.com/help/lms/answer/a1444756/soluzioni-marketing-di-linkedin-e-regolamento-generale-sulla-protezione-dei-dati-gdpr-?lang=it

Regarding personal data processing, unless otherwise specified in this privacy notice, the data controller is LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”), Ireland/EU.
Further information on LinkedIn's data processing can be found in its privacy policy: https://www.linkedin.com/legal/privacy-policy.

Cookies are text strings created by a server and stored on the hard disk of a computer or any device used by the user to access the Internet (smartphone, tablet, etc.) to be retrieved during subsequent Internet accesses from the same device. Cookies allow the collection of information about the user's browsing activity on a website, such as remembering their language preferences or the currency used for a purchase, and presenting them again during the next visit to facilitate site use and improve the user experience. Cookies can be permanently stored on the user's computer and have a variable duration (so-called persistent cookies) or can disappear when the browser is closed or have a limited duration (so-called session cookies). Cookies can be installed by the site the user is visiting (so-called first-party cookies) or by other websites (so-called third-party cookies).
The App only uses first-party technical cookies, third-party cookies, and other similar technologies, as better described below.
Technical browsing and functionality cookies (legal basis for processing: contract): These are first-party cookies, both session and persistent, aimed at enabling secure and efficient navigation and use of site pages, as well as improving the services provided. These cookies, for example, allow the recognition of the selected language and the country from which the connection is made. These cookies recognize you on a new visit, avoiding the need to enter your details every time and improving the browsing experience.
Technical browsing and functionality cookies and analytical cookies are retained for the duration of the browsing session on the site and, if persistent, even afterward.

When visiting a website, cookies may be received from websites managed by other organizations (“third parties”). As for the sites, third-party cookies are requested by widgets for the use of services offered by third-party sites: Google Calendars, Google Maps, embedding videos uploaded on the YouTube platform.
The management of personal data collected by third parties is governed by their respective privacy policies available on their websites:

• https://policies.google.com/privacy?hl=en
• https://support.google.com/youtube/answer/2801895?hl=en

Without prejudice to communications and disclosures made in execution of contractual obligations, those ordered by authorities, or required by law, it is specified that data may be communicated to:

• Banks, Postal Offices, and Credit/Debit Card Issuing Companies;
• Insurance Companies, Insurance Brokers, Appraisers;
• Authorities, Control Bodies (including internal ones) and Auditors;
• Companies, sole traders, and professionals with whom there are supply relationships for goods and services, commissions, subcontracting, etc.;

Data may also be processed by subjects qualified as Data Processors under Article 4.8 and Article 28 of the GDPR (professionals, legal entities, consulting and service companies, hardware and software assistance companies, etc.) or by authorized persons under Article 29, who operate under the direct authority of the Data Controller, having been instructed in this regard (employees and collaborators of various kinds).

The Data Controller uses services provided by some suppliers, adequately qualified as Data Processors. This may result in data being transferred outside the EU, in cases related to activities that enable the achievement of the corporate purpose or legal obligations, but only:

• To countries subject to an adequacy decision by the European Commission or the Data Protection Authority (Article 45 of the GDPR);
• To countries outside the EEA, subject to the signing of Standard Contractual Clauses adopted/approved by the European Commission pursuant to Article 46(2)(c) and (d). In case this happens, a copy of the guarantees referred to in Article 46, paragraph 2, letters (c) and (d), adopted by the Data Controller can be obtained by emailing the DPO;
• To subjects with an international structure that have signed Binding Corporate Rules at the group level, pursuant to Article 47 of the GDPR;
• If the data subject has given explicit consent, in execution of a contract or pre-contractual measures, to establish or defend a legal claim, or to protect the vital interests of the data subject or others, where the data subject is unable to provide consent (Article 49 of the GDPR).

Our App uses push notifications to keep you informed about updates and relevant information. You can manage your notification preferences through your device settings.

Our App is not intended for children under the age of 13 (or the applicable age of consent in your region). We do not knowingly collect personal information from children. If you believe we have collected such data, please contact us to have it removed.

The data subject has the right to obtain confirmation from the Data Controller whether or not personal data concerning them is being processed, and if so, to request access to the personal data (Article 15 of the GDPR), rectification (Article 16 of the GDPR), deletion (Article 17 of the GDPR), or restriction of processing (Article 18 of the GDPR), as well as the right to data portability (Article 20 of the GDPR).
The data subject has the right to object to processing based on Article 6(1)(e) (performance of a task carried out in the public interest or in the exercise of official authority) and (f) (legitimate interest), on grounds relating to their particular situation (Article 21 of the GDPR).
The data subject also has the right not to be subject to a decision based solely on automated processing, including profiling, if it produces legal effects concerning them or significantly affects them (Article 22 of the GDPR). At any time, the data subject has the right to withdraw consent, without prejudice to the lawfulness of processing based on consent before the withdrawal. Simply contact the DPO.
Among the rights of the data subject is the right to lodge a complaint with a supervisory authority.
Data subjects can also object to the recording of cookies on their hard drive by configuring their browser to disable them.
Below are links to information on how to manage cookies in the most common browsers:

• Internet Explorer: http://windows.microsoft.com/en-us/windows7/how-to-manage-cookies-in-internet-explorer-9;
• Microsoft Edge: https://support.microsoft.com/en-us/help/4027947/windows-delete-cookies;
• Chrome: https://support.google.com/chrome/answer/95647?hl=en;
• Firefox: https://support.mozilla.org/en-US/kb/manage-cookies;
• Safari: http://support.apple.com/kb/HT1677?viewlocale=en_US;

After this operation, however, some functions of the website may not work correctly.
For information on cookies stored on your device and how to disable them individually, it is recommended to visit the following page: http://www.youronlinechoices.com/en-your-choices.
It is possible to delete any cookies already stored on your hard drive at any time.
However, after this operation, some website functions may not work correctly.