Skip

Search

Search
EN

Privacy Policy

1.     Who are we and why are we providing you with this document?

Messe Frankfurt Italia S.r.l. is a company belonging to the international trade fair group Messe Frankfurt GmbH, which has been organising and promoting trade fairs in Italy and abroad for over twenty years, paying close attention to the protection of personal data provided by its customers, visitors and users, ensuring that such data is always processed in compliance with the protections and rights recognised by Regulation (EU) No. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the "Regulation") and the Privacy Code (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018).

This Privacy Policy is intended to inform you about how your data collected while browsing this website is processed.

The policy refers exclusively to the website https://www.spsitalia.it/.

2.     Who is the data controller?

The data controller (hereinafter, the "Controller") is Messe Frankfurt Italia S.r.l., Tax Code and VAT No. 12632140153, with registered office at Corso Sempione No. 68, 20154 Milan (MI), Italy, in the person of its pro tempore legal representative Donald Joachim Wich, domiciled for this purpose at the registered office.

You may contact the Data Controller at any time regarding matters relating to the processing of your personal data:

·       by sending an email to: privacy@italy.messefrankfurt.com ;

·       by sending a letter to: Corso Sempione 68, 20154 Milan (MI), for the attention of the Privacy Office;

·       by calling +39028807781.

The Data Controller has appointed a Data Protection Officer ("DPO"), who can be contacted at the following e-mail address: privacy@italy.messefrankfurt.com

3.     What categories of data do we process? For what purpose?

3.1.  Browsing data

When a user visits the Website, Messe Frankfurt Italia collects the following browsing data:

·       technical information, including IP address, information about the devices used by visitors to the website, browser and operating systems, etc.;

·       information on navigation on the website, including the URLs of the pages visited and activities carried out on the page, dates and times of navigation, time spent on the website, click streams.

This information is collected for the proper functioning, management, maintenance and improvement of the site, as well as to ensure that the navigation of the data subjects takes place safely and to be able to ascertain responsibility in the event of cyber-security violations.

Legal basis: The processing of browsing data for the purposes of the functioning, management, maintenance, improvement and security of the website is based on the legitimate interest of the Data Controller pursuant to Article 6(1)(f) of the Regulation, consisting in ensuring the proper functioning and security of its IT infrastructure.

They are also used to enable Messe Frankfurt Italia to obtain statistical analyses on the use of the website, with the possibility of analysing the data in aggregate form.

Legal basis for statistical analysis in aggregate form: Processing for statistical analysis in aggregate form is based on the legitimate interest of the Data Controller pursuant to Article 6(1)(f) of the Regulation.

3.1.1.     Profiling for promotional purposes based on browsing data

Subject to the user's specific consent, browsing data may be used to allow Messe Frankfurt Italia to carry out profiling activities, i.e. to analyse the user's preferences and interests based on their browsing behaviour on the website, in order to send personalised promotional communications in line with their interests. In particular, the Data Controller may analyse the pages visited, the content consulted, the frequency of access and the user's interactions with the website in order to define a profile of interests and send targeted communications.

Legal basis: The consent of the data subject pursuant to Article 6, paragraph 1, letter a) of the Regulation. Consent is optional and may be revoked at any time.

Logic of processing and consequences. Profiling consists of the automated analysis of the user's browsing data in order to identify areas of interest and send relevant promotional communications. The consequence for the data subject is that they will receive personalised, rather than generic, commercial communications relating to Messe Frankfurt Italia trade fairs and events. Failure to consent to profiling will not have any negative consequences for the user, who will still be able to browse the website and register for events.

Users of the website are always free to decide whether to provide their browsing data, for example by choosing to disable cookies, for which consent is required, through their browser settings. However, refusal to provide information necessary for browsing may make it impossible to carry out activities strictly related to browsing itself and, therefore, also to consult and interact with our website.

Browsing data is collected through the use of cookies. To learn more about how cookies work and how to enable and disable them, please see our cookie policy at https://www.messefrankfurt.it/it/cookie-policy.

3.2.  Data provided voluntarily by the user

Users who decide to contact the Data Controller at one of the addresses indicated on the website or by filling in the contact forms available there voluntarily transmit certain data to Messe Frankfurt Italia (e.g. name, surname, contact details, name of the company for which they work, etc.), which will be used by the latter mainly to respond to requests received.

In particular, we invite users of the website to read the privacy policies at the bottom of each data collection form in order to obtain more precise information about the methods and purposes of the processing, as well as the legal bases used and the retention periods for such data.

Legal basis: Depending on the case, the processing of data provided voluntarily is based on the implementation of pre-contractual measures taken at the request of the data subject or on the performance of a contract to which the data subject is party, pursuant to Article 6(1)(b) of the Regulation, or on the consent of the data subject pursuant to Article 6(1)( a) of the Regulation, as specified in the information notices in the individual collection forms.

3.3.  Marketing activities

Some of the personal data provided by the user when interacting with the company through the website, such as name, surname and e-mail address, may be processed by Messe Frankfurt Italia for marketing activities, which may take the form of sending promotional newsletters, conducting market surveys, including those aimed at assessing user satisfaction, and sending promotional material relating to Messe Frankfurt Italia events and trade fairs, using automated systems such as e-mail (marketing purposes) .

Legal basis: The consent of the data subject pursuant to Article 6(1)(a) of the Regulation and Article 130 of the Privacy Code (Legislative Decree 196/2003).

The promotional messages and communications in question refer to events and trade fairs directly organised or promoted by Messe Frankfurt Italia.

Subject to further and separate consent from the data subject, promotional communications sent by Messe Frankfurt Italia may also refer to products, services, events and trade fairs of companies belonging to the Messe Frankfurt Group. In such cases, Messe Frankfurt Italia, as Data Controller, will itself send communications relating to these products, services, events and/or trade fairs, without communicating the data subject's data to the aforementioned Group companies.

Such marketing activities will only take place if the data subject has given prior and specific consent to them. This consent may be revoked at any time by contacting the Data Controller at the contact details indicated above.

Data processed for marketing purposes will be stored for 24 months from the date of consent, unless revoked before that time. Before the expiry of this period, unless consent has been revoked, the Data Controller may send a communication to renew consent for a further period of 24 months.

3.4.  Plug-ins and interaction with social media

The website allows interaction with third-party websites and social networks (Facebook, Twitter and YouTube) through hyperlinks, share buttons, social plug-ins and other similar tools.

By accessing one of the areas of the website equipped with this type of tool, the Internet browser will connect the data subjects directly to the servers of the third-party websites in question, thus transferring their personal data to the operators of those websites. Before this transfer takes place, the user will be informed by means of a banner or notice and will be able to give their free, specific and informed consent, in accordance with Article 6(1)(a) of the Regulation.

Legal basis: The consent of the data subject pursuant to Article 6(1)(a) of the Regulation.

Depending on the specific agreements in place with the operators of such third-party websites, Messe Frankfurt Italia may act as an independent data controller or joint data controller with regard to such data transfers. In cases where Messe Frankfurt Italia acts as a joint data controller pursuant to Article 26 of the Regulation, the essential content of the joint controller agreement will be made available to the user by updating the text of this policy.

With regard to the methods of privacy protection and the processing of personal data collected by the operators of third-party sites with which the interactions described take place, please refer to the relevant sites.

3.5.  Communication of data to the event organiser partner

If the user registers, via the Data Controller's platform, for an event organised by a third party partner of the Data Controller (hereinafter, the "Partner"), the following personal data of the user:

·       first name;

·       surname;

·       name of the company/business to which they belong.

The above data will be communicated to the Partner organising the event to which the user has registered. The identity of the Partner will be indicated in the event information sheet available on the Data Controller's platform prior to registration.

The data is communicated to the Partner for the following purposes: (i) to allow the Partner to verify that the participants actually present at the event correspond to those who have registered; (ii) to allow the Partner to manage the organisation of the event, including checking the availability of places.

Legal basis: The legal basis for the processing is the need to implement pre-contractual measures taken at the request of the data subject and/or the performance of the contract to which the data subject is party, pursuant to Article 6(1)(b) of the Regulation. The user's registration for the event implies, in fact, the need to communicate to the Partner the data necessary for the management of participation.

Once the data has been received, the Partner will act as an independent data controller pursuant to Article 4(7) of the Regulation, independently determining the purposes and methods of processing the data received, within the limits of the purposes indicated above. The user may exercise their rights vis-à-vis the Partner by contacting them directly at the contact details indicated in the privacy policy provided by the Partner.

The data communicated to the Partner for the purposes of managing the event will be stored by the Data Controller for the period strictly necessary for the organisation and running of the event and, subsequently, for a period not exceeding 8 years from the date of the event, except for any legal obligations or the need to protect a right in court. With regard to the retention period by the Partner, please refer to the privacy policy provided by the Partner itself.

3.6.  Communication of data to the Partner for marketing purposes

Subject to the user's specific and optional consent, the following personal data:

·       name;

·       surname;

·       name of the company/business to which the user belongs;

·       e-mail address.

The above data may be disclosed to the Partner organising the event to which the user has registered, so that the Partner can send the user commercial and promotional communications relating to its products and/or services via email.

Legal basis: The legal basis for processing is the consent of the data subject, pursuant to Article 6, paragraph 1, letter a) of the Regulation and Article 130 of the Privacy Code (Legislative Decree 196/2003), as well as in accordance with the Guidelines of the Data Protection Authority of 4 July 2013 on promotional activities and combating spam. Consent is free, specific, informed and revocable at any time.

Once the data has been received, the Partner will act as an independent data controller pursuant to Article 4(7) of the Regulation, independently determining the purposes and methods of processing the data received for the marketing purposes described above. The user may exercise their rights, including the right to object to direct marketing pursuant to Article 21 of the Regulation, also vis-à-vis the Partner, by contacting them at the addresses indicated in the privacy policy provided by the Partner.

Without prejudice to the foregoing, the user may withdraw their consent to the communication of their data to the Partner for marketing purposes at any time, without this affecting the lawfulness of the processing carried out prior to the withdrawal. The withdrawal may be exercised by contacting the Data Controller at the addresses indicated in section 2 of this document.

It should be noted that the withdrawal of consent from the Data Controller will result in the cessation of data communication to the Partner for marketing purposes. To withdraw consent from the Partner in relation to the processing carried out by the latter as an independent data controller, the user must contact the Partner directly.

The data communicated to the Partner for marketing purposes will be stored by the Data Controller for a period not exceeding 24 months from collection, unless consent is revoked earlier. With regard to the retention period by the Partner, please refer to the privacy policy provided by the Partner.

Failure to give consent to the communication of data for marketing purposes does not in any way affect the possibility of registering and participating in the event.

4.     What happens if you do not provide the requested data?

We inform you that, in order to fill in the forms and access the services offered by our website, you must provide the data identified on the website as mandatory; however, you are not obliged to do so, but failure to provide all the necessary data will prevent us from processing your request. It is not necessary for you to provide the data considered optional; if you do not fill them in, you will still be able to use the services requested.

The provision of data for marketing purposes, as well as consent to the processing of such data, is optional and failure to provide it will not affect the user's ability to browse the website and interact with the Company.

Consent to the communication of data to the Partner for marketing purposes as referred to in paragraph 3.6 above is also optional: failure to give consent will not affect your ability to register and participate in events.

5.     How is your data processed?

Your personal data will be processed mainly with the aid of electronic or automated means, in accordance with the methods and tools necessary to ensure the security and confidentiality of the data in accordance with the Regulation. In particular, all necessary technical, IT, organisational, logistical and procedural security measures will be taken to ensure a level of data protection appropriate to the risk, in accordance with Article 32 of the Regulation, allowing access only to persons in charge of processing by Messe Frankfurt Italia or to data processors designated by it.

The information acquired and the methods of processing will be relevant and not excessive in relation to the type of services provided. The data will also be managed and protected in environments where access is under constant control.

6.     Where is your data processed?

Your data is processed within the European Union.

Where it is necessary to transfer personal data outside the European Economic Area in order to achieve one or more purposes, Messe Frankfurt Italia will transfer the data to third countries that are recipients of adequacy decisions, or by stipulating standard contractual clauses and carrying out the required assessments in order to verify the level of protection guaranteed to the data by the data importer . In this case, the Data Controller will supplement this document in accordance with Article 13, paragraph 1, letter f) of the Regulation.

7.     How long will your data be processed?

The data you provide will be processed for the following periods:

·       browsing data: for the period indicated in the cookie policy and, for the purposes of website security, for a period not exceeding 7 days from collection, unless it is necessary to ascertain violations;

·       data for profiling purposes: for the period indicated in the cookie policy and, in any case, no longer than 12 months from collection, unless consent is renewed;

·       data provided voluntarily in response to requests: for the time necessary to follow up on the request and, subsequently, for a period not exceeding 12 months from the closure of the file, unless required by law;

·       data for marketing purposes: until consent is revoked and, in any case, for a period not exceeding 24 months from the last interaction with the Data Controller;

·       data communicated to the Partner for event management (paragraph 3.5): for the period strictly necessary for the event to take place and, subsequently, for no more than 8 years from the date of the event;

·       data communicated to the Partner for marketing purposes (paragraph 3.6): until consent is revoked and, in any case, for no longer than 24 months from the last interaction with the Data Controller.

The data may be stored for the additional time required by applicable tax and civil law or necessary for the exercise of Messe Frankfurt Italia's rights before a judicial, administrative, regulatory or other authority.

8.     Who may your data be disclosed to?

Your data may be disclosed to the following categories of subjects:

a)     Data processors, i.e. companies that provide services to the Data Controller that involve the processing of personal data on its behalf (e.g. data storage services, companies that provide web consulting services, companies that provide database services, companies that provide web hosting services). For a detailed and updated list of data processors to whom your data may be disclosed, please contact us atprivacy@italy.messefrankfurt.com ;

b)     Companies belonging to the Messe Frankfurt Group;

c)     Public and private entities that access the data in accordance with the provisions of the law, regulations or EU legislation, court orders, within the limits provided for by current legislation;

d)     Companies/professionals offering exhibition stand construction services, if you decide to use such services or if this is strictly necessary for the performance of the contract entered into with us;

e)     Event organisers with whom the user has registered via the Data Controller's platform, for the purposes of managing the event referred to in paragraph 3.5, as well as, with the consent of the data subject, for the marketing purposes referred to in paragraph 3.6, as independent data controllers;

f)      Other suppliers, if requested by you or strictly necessary for the performance of the contract entered into with us;

g)     Judicial authorities or law enforcement agencies, where requested.

Data relating to data subjects will not be disclosed[PGLex10]  , except in anonymous and aggregate form, for statistical or research purposes.

9.     What are your rights and how can you exercise them?

We inform you that you can exercise the following rights:

right of access: you may obtain confirmation at any time that your personal data is being processed, obtain access to the data processed and the following information: the purposes of the processing; the categories of data processed; the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular you may know whether such recipients are third countries or international organisations; the period for which your data will be stored, or, if this is not possible, the criteria used to determine this period; if the personal data is not collected from you, all available information on its origin; the existence of automated decision-making, including profiling, and, in such cases, you may obtain meaningful information about the logic used, the significance and the consequences that this type of processing may have for you. You can obtain all this information in this Policy, but if you have any further questions, please do not hesitate to contact us at the address provided below.

Right to rectification and/or integration: you may request and obtain the rectification of your personal data that is inaccurate. Furthermore, taking into account the purposes of the processing, you may request and obtain the integration of your data if it is incomplete.

Right to erasure: you may request and obtain the erasure of your personal data without undue delay, and the Data Controller shall erase your personal data if any of the following grounds apply: (i) the personal data are no longer necessary in relation to the purposes for which they were collected and processed; (ii) you have withdrawn your consent on which the processing is based and there is no other legal basis for the processing; (iii) you have objected to the processing and there is no longer any legitimate reason for proceeding with the processing; (iv) your personal data has been unlawfully processed; (v) it is necessary to erase your personal data in order to comply with a legal obligation under EU or domestic law.

Right to restriction of processing: you may request and obtain restriction of processing in the following cases: (i) you have contested the accuracy of your personal data (the restriction will continue for the period necessary for the Data Controller to verify the accuracy of the data); (ii) the processing is unlawful but you have opposed the erasure of your personal data, requesting instead that its use be restricted; (iii) although the Data Controller no longer needs it for processing purposes, your personal data is needed for the establishment, exercise or defence of legal claims; (iv) you have objected to the processing pursuant to Article 21(1) of the Regulation and are awaiting verification of whether the legitimate grounds of the Data Controller override yours. In the event of restriction of processing, your personal data will be processed, except for storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you in any case before such restriction is lifted.

Right to object: you may object at any time to the processing of your personal data (i) if it is processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing (ii) if the legal basis for the processing is the legitimate interest of the Data Controller.

Right to data portability: you may request and obtain all your personal data processed by the Data Controller in a structured, commonly used and readable format, or request its transmission to another data controller without hindrance. In this case, you will be responsible for providing us with all the exact details of the new data controller to whom you intend to transfer your personal data, providing us with specific written authorisation.

Right to withdraw consent: if the legal basis for the processing is your consent, you may withdraw it at any time, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal. In this case, your data will cease to be processed promptly, except for their storage for the period required by current civil and tax regulations.

To exercise these rights, you may contact the Data Controller at any time by writing to privacy@italy.messefrankfurt.com.

We remind you that you also have the right to lodge a complaint with the competent Supervisory Authority, specifically the Data Protection Authority, at any time, or alternatively, you may lodge an appeal with the judicial authority, in accordance with and in the forms provided for in Articles 140-bis et seq. of the Privacy Code (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018).

*****

This Privacy Policy has been in force since 01/03/2026. Messe Frankfurt Italia S.r.l. reserves the right to modify or update its content, in part or in full, including as a result of changes in applicable legislation and/or instructions from the competent authorities, giving appropriate notice to users of the website and ensuring, in any case, adequate and similar protection of personal data. In order to view any changes, we invite you to consult this policy regularly.

Last update: 01/03/2026.

Messe Frankfurt Italia S.r.l.