PRIVACY NOTICE
EVENT PARTICIPANTS
(Information provided pursuant to Articles 13 and 14 of Regulation (EU) 679/2016, “GDPR”)
We hereby provide you with some information that must be brought to your attention, not only to comply with legal obligations, but also because transparency and fairness towards data subjects are fundamental principles of our business.
This privacy notice is addressed to participants in events organized or managed by Krupps S.r.l. (e.g. trade fairs attended by Krupps, product presentations, etc.).
Who is the Data Controller?
The Data Controller of your personal data is Krupps S.r.l. (VAT no. IT04251180289), with registered office at Via Austria 19, 35127 Padova (PD), Italy.
Krupps S.r.l. is responsible for the lawful and correct use of your personal data and may be contacted for any information or request at the following addresses:
Tel. +39 049 7625156 – Email: privacy@krupps.com – Certified email (PEC): krupps@pec.it
How can you contact the Data Protection Officer (DPO)?
The Data Protection Officer (DPO) can be reached at: dpo@krupps.com
Where are your data collected?
The personal data processed are collected directly from the data subject and/or from third parties legitimately entitled to communicate them, such as event organizers or other participants, as part of the management and participation activities related to the event.
What processing activities are carried out?
Your personal data are collected and processed, both by automated and non-automated means, as detailed below.
Event Organization and Management
| Purpose and Legal Basis | To enable participation in the event, based on the performance of a contract and/or pre-contractual measures (request to participate).To provide ancillary event services (e.g. catering), based on the performance of a contract and/or pre-contractual measures. Any special category data (e.g. dietary preferences) are processed on the basis of the data subject’s explicit consent (Art. 9, para. 2, lett. a GDPR). |
| Categories of Data | Identification data, contact details, address data, identification codes, and other data required for participation, including special category data (e.g. dietary information). |
| Retention Period* | Common data: 10 years from the year of the event.Special data: 10 years from the year of the event, unless no longer necessary or until consent is withdrawn. |
| Data Recipients | Authorized persons under Art. 29 GDPR, processors appointed pursuant to Art. 28 GDPR (see Data Processor Register), and any other entities whose communication of data is necessary to achieve the purposes indicated. |
Marketing and Communication Activities
| Purpose and Legal Basis | To receive invitations for market analyses and surveys, and informational and/or promotional communications, based on the data subject’s consent.**To receive personalized informational and/or promotional communications, based on the data subject’s consent.** |
| Categories of Data | Identification data, contact details, address data, data relating to purchases or use of services, profiling data. |
| Retention Period* | Until withdrawal of consent. After withdrawal, processing will be limited to mere storage for 10 years from the year consent was revoked. |
| Data Recipients | Authorized persons under Art. 29 GDPR, processors appointed pursuant to Art. 28 GDPR, and other entities whose communication of data is necessary for the declared purposes. |
Sales and Pre-Sales Activities
| Purpose and Legal Basis | Promotional activities, based on the performance of a contract and/or pre-contractual measures, and the legitimate interest of the company in promoting its business.Offering goods and services, based on the performance of a contract and/or pre-contractual measures, and the legitimate interest of the company in offering its products and services. |
| Categories of Data | Identification data, contact details, address data, data relating to purchases or use of services. |
| Retention Period* | 10 years from the reference year. |
| Data Recipients | Authorized persons and processors as described above, and other entities for whom communication is necessary to fulfill the stated purposes. |
Creation and Publication of Multimedia Content
| Purpose and Legal Basis | Communication, promotion, and documentation of the Controller’s activities, based on the data subject’s consent.** |
| Categories of Data | Identification data, contact details, and multimedia content (including photos and videos), in whole or in part. |
| Retention Period* | Data will be retained, unless disclosed, until consent is withdrawn or an explicit deletion request is accepted. In any case, once the purpose for which the data were collected ceases, the data will be deleted. |
| Data Recipients | Data may be disclosed to data processors appointed pursuant to Article 28 of Regulation (EU) 2016/679 (see the Register of Data Processors), to persons authorised to process personal data pursuant to Article 29 of the same Regulation, and to other parties whose access to the data is necessary for the fulfilment of the Controller’s declared purposes. |
* In addition to the time required for the expiry of limitation periods concerning reciprocal rights and for the retention of backup copies.
** Providing consent is always optional and may be withdrawn at any time by contacting the Controller using the contact details provided above.
Additional Processing Activities
In addition to the above, as part of the activities required for proper organisational management, your personal data may also be processed by internal or external staff duly authorised for:
- Network and IT system management and maintenance, when processing is carried out by automated or even partially automated means (e.g. when data pass through the IT systems of Krupps S.r.l.), based on the legitimate interest in ensuring their protection and fulfilling information security obligations. Data are retained in accordance with security implementations and with the provisions applicable to the main processing activity described above.
- Compliance management, including the fulfilment of obligations relating to personal data protection as required by law, in accordance with the retention periods established for the main processing activity described above.
- Prevention and detection of misuse and protection of the Controller’s rights and interests, with retention of data until the expiry of the applicable limitation periods, unless legal proceedings are ongoing (in such case, data shall be retained until the dispute is definitively settled), based on the Controller’s legitimate interest in protecting its rights and interests.
Are there any automated decision-making processes?
The processing is not based on automated decision-making
Is it mandatory to provide your data?
Except for purposes based on consent, the provision of your data is a necessary requirement: failure to provide the data identified as mandatory may entail legal and contractual consequences. Consequently, in the absence of such data, you may be unable to obtain the expected result or may obtain it only partially.
Are data transferred outside the European Union?
The processing of personal data (e.g. storage, archiving, and preservation of data on servers or in the cloud) is restricted to the territories of countries belonging to the European Economic Area (EEA).
The transfer of data to non-EU countries that do not guarantee an adequate level of protection—or in the absence of adequate safeguards as provided for by Regulation (EU) 2016/679 (e.g. adequacy decision, binding corporate rules, standard contractual clauses, consent of the data subject, etc.)—is expressly prohibited.
What are your rights?
- You have the right, under Articles 15 and following of Regulation (EU) 2016/679, to request from the Controller access to your personal data, as well as their rectification, erasure, or restriction of processing (“right to be forgotten”).
- You also have the right to request data portability.
- You have the right to object, on grounds relating to your particular situation, to processing based on the legitimate interest pursued by the Controller.
- You have the right to access the essential contents of any joint controller agreements entered into.
- For processing based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), located at Piazza Venezia 11, 00187 Rome – protocollo@pec.gdpd.it
To exercise your rights or to request further information, you may contact the Controller using the contact details provided above.
Can the information in this notice change?
We reserve the right to update this Privacy Notice. Any changes will be communicated in the most appropriate manner, and the “Last Updated” date will be revised accordingly.
We therefore recommend that you review this Privacy Notice periodically or request a copy from the Data Controller.
Last updated: 10 October 2025