Skip

Search

Search
EN

Privacy Policy

1. Who are we and why are we providing you with this document?

Messe Frankfurt Italia S.r.l. is a company, part of the international trade fair group Messe Frankfurt GmbH, which has been organising and promoting trade fair events in Italy and abroad for over twenty years, paying close attention to the protection of personal data provided by its customers, visitors and users, ensuring that the processing of such data always takes place in compliance with the safeguards and rights recognised by Regulation (EU) No 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “Regulation”) and by the Privacy Code (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018).

The purpose of this Privacy Policy is to inform you about how your data collected whilst browsing this website is processed.

This policy applies exclusively to the website https://www.spsitalia.it/.

2. Who is the data controller and how can you contact the DPO?

The data controller (hereinafter the “Controller”) is Messe Frankfurt Italia S.r.l., Tax Code and VAT No. 12632140153, with registered office at Corso Sempione 68, 20154 Milan (MI), Italy, in the person of its current legal representative Donald Joachim Wich, whose address for service is at the registered office.

You may contact the Controller at any time regarding matters relating to the processing of your personal data:

• by sending an email to: privacy@italy.messefrankfurt.com;

• by sending a letter to the address: Corso Sempione 68, 20154 Milan (MI), for the kind attention of the Privacy Office;

• by calling the number +39028807781.

The Data Controller has appointed a Data Protection Officer (“DPO”), who can be contacted at the following email address: privacy@italy.messefrankfurt.com

3. What categories of data do we process? For what purposes?

3.1. Browsing data

When a user visits the Website, Messe Frankfurt Italia collects the following browsing data:

• technical information, including IP address, information on the devices used by website visitors, browsers and operating systems, etc.;

• information on website navigation, including the URLs of pages visited and activities carried out on the page, dates and times of navigation, time spent on the website, clickstream.

This information is collected for the proper functioning, management, maintenance and improvement of the website, as well as to ensure that data subjects’ navigation is secure and to establish liability in the event of cyber-security breaches.

Legal basis: The processing of browsing data for the purposes of the website’s operation, management, maintenance, improvement and security is based on the Data Controller’s legitimate interest pursuant to Article 6(1)(f) of the Regulation, consisting in ensuring the proper functioning and security of its IT infrastructure.

They are also used to enable Messe Frankfurt Italia to obtain statistical analyses of website usage, with the possibility of analysing the data in aggregated form.

Legal basis for statistical analyses in aggregated form: Processing for the purposes of statistical analysis in aggregated form is based on the Data Controller’s legitimate interest pursuant to Article 6(1)(f) of the Regulation.

3.1.1. Profiling for promotional purposes based on browsing data

Subject to the user’s specific consent, browsing data may be used to enable Messe Frankfurt Italia to carry out profiling activities, i.e. to analyse the user’s preferences and interests based on their browsing behaviour on the website, in order to send personalised promotional communications in line with their interests. In particular, the Data Controller may analyse the pages visited, the content viewed, the frequency of access and the user’s interactions with the website, in order to define a profile of interests and send targeted communications.

Legal basis: The data subject’s consent pursuant to Article 6(1)(a) of the Regulation. Consent is optional and may be withdrawn at any time.

Logic of the processing and consequences. Profiling consists of the automated analysis of the user’s browsing data in order to identify areas of interest and send relevant promotional communications. The consequence for the data subject is that they will receive personalised, rather than generic, commercial communications relating to trade fairs and events organised by Messe Frankfurt Italia. Failure to consent to profiling does not entail any negative consequences for the user, who may still browse the website and register for events.

Website users are always free to decide whether to provide their browsing data, for example by choosing to disable cookies, for which consent is required, via their browser settings. However, refusing to provide information necessary for browsing may make it impossible to carry out activities strictly related to browsing itself and, therefore, also to view and interact with our website.

Browsing data is collected through the use of cookies. To find out more about how cookies work, how to enable and disable them, their retention periods and their purposes, please consult our cookie policy at https://www.messefrankfurt.it/it/cookie-policy.

3.2. Data provided voluntarily by the user

Users who decide to contact the Data Controller at one of the addresses indicated on the website or by completing the contact forms available thereon voluntarily provide Messe Frankfurt Italia with certain data (e.g. first name, surname, contact details, name of the company for which they work, etc.), which will be used by the Data Controller primarily to respond to the requests received.

In particular, we invite website users to read the privacy notices at the bottom of each data collection form, in order to obtain more detailed information regarding the methods and purposes of processing, as well as the legal bases used and the retention periods for such data.

Legal basis: Depending on the circumstances, the processing of data provided voluntarily is based on the implementation of pre-contractual measures taken at the data subject’s request or on the performance of a contract to which the data subject is a party, pursuant to Article 6(1)(b) of the Regulation, or on the data subject’s consent pursuant to Article 6(1)(

(a) of the Regulation, as specified in the privacy notices provided in the individual data collection forms.

3.3. Marketing activities

Some of the personal data provided by the user when interacting with the company via the website, such as: name, surname and email address, may be processed by Messe Frankfurt Italia for the purpose of carrying out marketing activities, which may take the form of sending promotional newsletters, conducting market surveys (including those aimed at assessing user satisfaction), and sending promotional material relating to events and trade fairs organised by Messe Frankfurt Italia, via automated systems such as email (marketing purposes).

Legal basis: The data subject’s consent pursuant to Article 6(1)(a) of the Regulation and Article 130 of the Privacy Code (Legislative Decree 196/2003).

The promotional messages and communications in question relate to events and trade fairs directly organised or promoted by Messe Frankfurt Italia.

Subject to further and separate consent from the data subject, promotional communications sent by Messe Frankfurt Italia may also relate to products, services, events and trade fairs of companies belonging to the Messe Frankfurt Group. In such cases, Messe Frankfurt Italia will itself, in its capacity as Data Controller, send communications relating to such products, services, events and/or trade fairs, without disclosing the data subject’s details to the aforementioned Group companies.

Such marketing activities will only take place if the data subject has given prior and specific consent to their performance. This consent may be withdrawn at any time by contacting the Data Controller at the contact details provided above.

Data processed for marketing purposes will be retained for 24 months from the date consent is obtained, unless consent is withdrawn prior to that expiry date. Before the expiry of this period, unless consent has been withdrawn, the Data Controller may send a communication to renew consent for a further period of 24 months.

3.4. Plug-ins and interaction with social media

The website allows interaction with third-party websites and social networks (Facebook, Twitter and YouTube) via hyperlinks, share buttons, social plug-ins and other similar tools.

By accessing any area of the website equipped with such tools, the web browser will connect users directly to the servers of the third-party websites in question, thereby transferring their personal data to the operators of those websites. Before such a transfer takes place, the user will be informed via a specific banner or notice and may give their consent freely, specifically and in an informed manner, in accordance with Article 6(1)(a) of the Regulation.

Legal basis: The data subject’s consent in accordance with Article 6(1)(a) of the Regulation.

Depending on the specific agreements in place with the operators of such third-party websites, Messe Frankfurt Italia may act as an independent data controller or as a joint controller with regard to such data transfers. In cases where Messe Frankfurt Italia acts as a joint controller pursuant to Article 26 of the Regulation, the essential content of the joint controller agreement will be made available to the user by updating the text of this policy.

With regard to privacy protection methods and the processing of personal data collected by the operators of third-party websites with which the interactions described take place, please refer to the relevant websites.

3.5. Disclosure of data to the event organising partner

Should the user register, via the Controller’s platform, for an event organised by a third-party partner of the Controller (hereinafter, the “Partner”), the following personal data of the user:

• first name;

• surname;

• name of the company/organisation to which they belong;

• email address.

will be disclosed to the Partner organising the event to which the user has registered. The identity of the Partner will be indicated in the event information sheet available on the Data Controller’s platform prior to registration. 

The disclosure of data to the Partner is carried out for the following purposes: (i) to enable the Partner to verify that the participants actually present at the event correspond to those duly registered, including by verifying the email address provided during registration; (ii) to enable the Partner to manage the organisation of the event, including checking the availability of places; (iii) to enable the Partner to send service communications strictly related to the running of the event (such as, for example, registration confirmations, reminders, and logistical and organisational changes). In particular, the email address is necessary to enable the Partner to carry out checks relating to registration and attendance at the event, as well as to ensure the correct and timely transmission of service communications necessary for the organisation of the event itself.

Legal basis: The legal basis for the processing is the need to implement pre-contractual measures taken at the data subject’s request and/or the performance of the contract to which the data subject is a party, pursuant to Article 6(1)(b) of the Regulation. The user’s registration for the event implies, in fact, the need to provide the Partner with the data essential for managing participation, including the email address, which is necessary for verifying registration and sending service communications relating to the event.

Once the Partner has received the data, it will act as an independent data controller pursuant to Article 4(7) of the Regulation, independently determining the purposes and methods of processing the data received, within the limits of the purposes indicated above. The user may exercise their rights vis-à-vis the Partner by contacting the Partner directly at the contact details provided in the privacy notice issued by the Partner.

The data communicated to the Partner for the purposes of managing the event will be retained by the Data Controller for the period strictly necessary for the organisation and conduct of the event and, subsequently, for a period not exceeding 8 years from the date of the event, subject to any legal obligations or the need to protect a right in court.

With regard to the Partner’s retention period, please refer to the privacy policy provided by the Partner.

3.6. Disclosure of data to the Partner for marketing purposes

Subject to the user’s specific and optional consent, the following personal data:

• first name;

• surname;

• name of the company/organisation to which the user belongs;

• email address.

May be disclosed to the Partner organising the event to which the user has registered, so that the Partner may send the user commercial and promotional communications relating to its products and/or services via email.

Legal basis: The legal basis for the processing is the data subject’s consent, pursuant to Article 6(1)( (a) of the Regulation and Article 130 of the Privacy Code (Legislative Decree 196/2003), as well as in accordance with the Guidelines of the Italian Data Protection Authority of 4 July 2013 on promotional activities and combating spam. Consent is freely given, specific, informed and revocable at any time.

Once the data has been received, the Partner shall act as an independent data controller pursuant to Article 4, No. 7 of the Regulation, independently determining the purposes and methods of processing the data received for the marketing purposes described above. The user may exercise their rights, including the right to object to direct marketing pursuant to Article 21 of the Regulation, including in relation to the Partner, by contacting them at the contact details provided in the privacy policy issued by the Partner.

Notwithstanding the foregoing, the user may withdraw consent to the disclosure of their data to the Partner for marketing purposes at any time, without this affecting the lawfulness of the processing carried out prior to the withdrawal. Withdrawal may be exercised by contacting the Data Controller at the details provided in section 2 of this document.

Please note that the withdrawal of consent from the Data Controller will result in the cessation of data disclosure to the Partner for marketing purposes. To withdraw consent from the Partner regarding processing carried out by the latter as an independent data controller, the user must contact the Partner directly.

Data communicated to the Partner for marketing purposes will be retained by the Data Controller for a period not exceeding 24 months from collection, unless consent is withdrawn earlier. Regarding the Partner’s retention period, please refer to the privacy policy provided by the Partner.

Failure to provide consent to the communication of data for marketing purposes does not in any way affect your ability to register for and participate in the event.

4. What happens if you do not provide the requested data?

Please note that, in order to complete the forms and access the services offered by our website, you must provide the data identified on the website itself as mandatory; you are not obliged to do so, however, failure to provide all the necessary data will prevent us from processing your request. You are not, however, required to provide data marked as optional; if you do not provide this information, you will still be able to use the requested services.

The provision of data for marketing purposes, as well as consent to the processing of such data, is optional, and failure to provide it will not affect your ability to browse the website and interact with the Company.

Similarly, consent to the disclosure of data to the Partner for marketing purposes, as referred to in paragraph 3.6 above, is optional: failure to give consent does not affect your ability to register and participate in events.

5. How is your data processed?

Your personal data will be processed primarily using electronic or automated means, in accordance with methods and tools designed to ensure the security and confidentiality of the data in accordance with the Regulation. In particular, all necessary technical, IT, organisational, logistical and procedural security measures will be adopted to ensure a level of data protection appropriate to the risk, in accordance with Article 32 of the Regulation, allowing access only to persons appointed by Messe Frankfurt Italia to process the data or to data processors designated by it.

The information collected and the methods of processing will be relevant and proportionate to the type of services provided. The data will also be managed and protected in environments where access is under constant control.

6. Where is your data processed?

Your data is processed within the European Union.

Where it is necessary to transfer personal data outside the European Economic Area in order to achieve one or more purposes, Messe Frankfurt Italia will transfer the data to third countries that are the subject of adequacy decisions, or by entering into standard contractual clauses and carrying out the required assessments to verify the level of protection guaranteed to the data by the importer. In such cases, the Data Controller will supplement this document in accordance with Article 13(1)(f) of the Regulation.

7. How long will your data be processed?

The data you provide is processed for the following periods:

• browsing data: for the period indicated in the cookie policy and, for website security purposes, for a period not exceeding 7 days from collection, unless necessary to investigate breaches;

• data for profiling purposes: for the period indicated in the cookie policy and, in any case, no longer than 12 months from collection, unless consent is renewed;

• data provided voluntarily in response to requests: for the time necessary to process the request and, subsequently, for a period not exceeding 12 months from the closure of the case, unless required by law;

• data for marketing purposes: until consent is withdrawn and, in any case, for a period not exceeding 24 months from the last interaction with the Data Controller;

• data disclosed to the Partner for event management (para. 3.5): for the period strictly necessary to hold the event and, subsequently, for no longer than 8 years from the date of the event;

• data disclosed to the Partner for marketing (para. 3.6): until consent is withdrawn and, in any case, for no longer than 24 months from the last interaction with the Data Controller.

Data may be retained for any additional period required by applicable tax and civil law regulations or necessary for Messe Frankfurt Italia to exercise its rights before a judicial, administrative, regulatory or other authority.

8. To whom may your data be disclosed?

Your data may be disclosed to the following categories of recipients:

a) Data processors, i.e. companies that provide services to the Data Controller involving the processing of personal data on its behalf (e.g. data storage services, companies providing web consultancy services, companies providing database services, companies providing web hosting services). For a detailed and up-to-date list of data processors to whom your data may be disclosed, please do not hesitate to contact us at privacy@italy.messefrankfurt.com;

b) Companies belonging to the Messe Frankfurt Group;

c) Public and private entities accessing the data pursuant to provisions of law, regulations or EU legislation, or court orders, within the limits set out by current legislation;

d) Companies/professionals offering stand-fitting services for trade fairs, should you decide to use such a service or where this is strictly necessary for the performance of the contract entered into with us;

e) Event organisers with whom the user has registered via the Data Controller’s platform, for the purposes of event management as referred to in paragraph 3.5, and, subject to the data subject’s consent, for the marketing purposes referred to in paragraph 3.6, in their capacity as independent data controllers;

f) Other suppliers, where requested by you or strictly necessary for the performance of the contract entered into with us;

g) Judicial authorities or law enforcement agencies, where they make a request.

Data relating to data subjects will not be disclosed, except in anonymous and aggregated form, for statistical or research purposes.

9. What are your rights and how can you exercise them?

We inform you that you may exercise the following rights:

right of access: you may at any time obtain confirmation as to whether your personal data is being processed, and access to the data being processed and the following information: the purposes of the processing; the categories of data being processed; the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular you may find out whether such recipients are third countries or international organisations; the period for which your data will be stored, or, if this is not possible, the criteria used to determine that period; where the personal data have not been collected from you, all available information regarding their origin; the existence of automated decision-making, including profiling, and, in such cases, you may obtain meaningful information regarding the logic involved, as well as the significance and the consequences that this type of processing may have for you. You can find all this information in this Policy, but should you have any further questions on the matter, please do not hesitate to contact us at the address provided below.

right to rectification and/or completion: you may request and obtain the rectification of your personal data where it is inaccurate. Furthermore, taking into account the purposes of the processing, you may request and obtain the completion of your data where it is incomplete.

Right to erasure: you may request and obtain the erasure of your personal data without undue delay, and the Data Controller must erase your personal data if any one of the following grounds applies: (i) the personal data are no longer necessary in relation to the purposes for which they were collected and processed; (ii) you have withdrawn the consent on which the processing is based and there is no other legal basis for the processing; (iii) you have objected to the processing and there are no longer any legitimate grounds for continuing the processing; (iv) your personal data have been processed unlawfully;

(v) it is necessary to erase your personal data to comply with a legal obligation under EU or national law.

right to restriction of processing: you may request and obtain the restriction of processing in the following cases: (i) you have contested the accuracy of your personal data (the restriction will remain in place for the period necessary for the Data Controller to verify the accuracy of the data); (ii) the processing is unlawful but you have objected to the erasure of your personal data, requesting instead that its use be restricted; (iii) although the Data Controller no longer needs it for the purposes of the processing, your personal data is required for the establishment, exercise or defence of legal claims; (iv) you have objected to the processing pursuant to Article 21(1) of the Regulation and are awaiting verification as to whether the legitimate grounds of the Data Controller override your own. In the event of a restriction on processing, your personal data will be processed, except for storage, only with your consent or for the establishment, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or for reasons of substantial public interest. We will, in any case, inform you before such a restriction is lifted.

Right to object: you may object, at any time, to the processing of your personal data, (i) where such data is processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, (ii) where the legal basis for the processing is the Data Controller’s legitimate interest.

right to data portability: you may request and obtain all your personal data processed by the Data Controller in a structured, commonly used and machine-readable format, or request that it be transmitted to another data controller without hindrance. In this case, it shall be your responsibility to provide us with the exact details of the new data controller to whom you intend to transfer the personal data, by providing us with specific written authorisation.

Right to withdraw consent: where the legal basis for processing is your consent, you may withdraw it at any time, without this affecting the lawfulness of processing based on consent given prior to withdrawal. In such cases, your data will cease to be processed promptly, except for storage for the period required by applicable civil and tax legislation. 

To exercise these rights, you may contact the Data Controller at any time by writing to the email address privacy@italy.messefrankfurt.com.

Please note that you also have the right to lodge a complaint at any time with the competent supervisory authority, specifically the Italian Data Protection Authority, or alternatively to bring an action before the courts, in accordance with and in the manner provided for in Articles 140-bis et seq. of the Privacy Code (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018).

*****

This Privacy Policy is effective from 1 January 2021.

Messe Frankfurt Italia S.r.l. reserves the right to amend or update the content of this policy, in part or in full, including following changes to applicable legislation and/or guidance from the competent authorities, giving appropriate notice to website users and ensuring, in all cases, adequate and equivalent protection of personal data. To view any changes, please consult this policy regularly.

Last updated: 31 March 2026.

Messe Frankfurt Italia S.r.l.

You can adjust your cookie settings here