Privacy Policy

Last updated: November 29, 2022

In compliance with the current regulations:

Law 196/2003, integrated with the modifications introduced by LEGISLATIVE DECREE August 10, 2018, n. 101, containing “Provisions for the adaptation of national legislation to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)” (in Official Gazette September 4, 2018, n. 205)
European Regulation n. 679/2016 (also known as “GDPR”) on the protection of personal data, in force since May 25, 2018. BBV Gastaldi Events Srl, as Data Controller, informs its customers and all individuals who intend to provide or have freely provided their personal data to the undersigned company, that the privacy policies we have adopted are in compliance with the above-mentioned regulations.

Through this Privacy Policy, the user is informed about their rights. By accepting to provide their data, the user grants their free, specific, and unambiguous consent for their personal data, provided on the website www.bbvgastaldi.it or on our social media or via email or other means of communication including verbal communication, to be processed by BBV Gastaldi Events Srl.

The user is required to carefully read this Privacy Policy, written in an extensive, clear, and simple manner to improve understanding, in order to freely and voluntarily decide whether to provide their personal data to BBV Gastaldi Events Srl.

Main rights of individuals regarding their personal data (GDPR Chapter III - Rights of the data subject Articles 12 and following)

Right of access - Everyone has the right to obtain confirmation as to whether or not personal data concerning them is being processed and the right to receive free and timely information about the same processing.
Right to rectification - Everyone has the right to obtain the rectification of their personal data if it is incomplete or inaccurate.
Right to erasure (the “right to be forgotten”) - subject to legal obligations, everyone has the right to obtain the erasure of their data from our records, aware that such erasure may prejudice the continuation of agreed services or lead to penalties in the event of contract breaches.
Right to restriction of processing - In certain conditions, the user has the right to obtain restriction of processing, provided that this is not relevant to the continuation of the contractual relationship and subject to legal obligations.
Right to data portability - Everyone has the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance, where technically feasible.
Right to object - Everyone has the right to object, at any time, to processing of personal data concerning them, on grounds relating to their particular situation, aware that the end of processing may prejudice the continuation of agreed services or lead to penalties in the event of contract breaches.
Right to withdraw consent - Everyone has the right to withdraw consent to the processing of their personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If consent to the processing occurs before the conclusion of contractual obligations, the person revoking consent may incur penalties or sanctions.
Right to lodge a complaint with a supervisory authority - Everyone has the right to lodge a complaint with the supervisory authority (www.garanteprivacy.it) at any time for the exercise of their rights. The above rights can be exercised by contacting us at the addresses indicated in the following paragraph 1. The exercise of these rights as a data subject is always free (except in specific cases and demonstrable costs on the part of the Data Controller) pursuant to Article 12 of the GDPR.

BBV Gastaldi Events Srl, with registered office in Piazza Luigi di Savoia, 22 – 20124 Milano, VAT number 05178360961, represented by its legal representative, is the Data Controller. To exercise their rights, as set out in this policy, the Data Controller can be contacted by sending an email to the dedicated email address privacy@gastaldi.it or by writing to: Data Controller - c/o BBV Gastaldi Events Srl – Piazza della Vittoria, 12/2, 16121 Genova.

BBV Gastaldi Events Srl also informs that it has drawn up the Register of Processing Activities (GDPR - Article 30), which is specifically prepared and constantly updated. This Register is available to the competent Authority for the necessary controls.

Finally, BBV Gastaldi Events Srl informs that the Gastaldi Group has established a Privacy Committee, consisting of: Group Privacy Manager, Privacy Consultant, and the legal representative of the company responsible for ensuring that the GDPR rules have been correctly interpreted and adequately implemented. The BBV Gastaldi Events Srl Privacy Manager can be reached at the dedicated email address privacy@gastaldi.it.

“Personal data” means any information capable of identifying, directly or indirectly, a natural person using the services offered by BBV Gastaldi Events Srl, directly and/or through its commercial brands and/or companies of the Gastaldi Group. In particular, we collect and process personal data necessary for the conclusion of contracts typical of our predominant corporate purpose (Organization of meetings, congresses and incentive trips), such as:

personal and identification data (name, surname, date and place of birth, tax code, gender);
residential address, telephone number, and email address;
credit card information for payments;
bank account details for any debits;
in general, any other data and information necessary for the best conclusion and execution of the contract. In addition, when a user uses our website, in addition to the information present in the “registration forms”, the following may be tracked and processed:
navigation data,
contact data,
IP address,
device domain name used,
URL used,
information on the operating system and IT environment used,
browsing history, as well as data voluntarily provided in this context to take advantage of our services and purchase our products. Within the limits of the law, BBV Gastaldi Events Srl may receive information about the user from third-party sources (typically Congress organizers, Correspondents and Companies): with all third-party sources with whom there are consolidated commercial relationships, BBV Gastaldi Events Srl undertakes to ensure that they also correctly apply the rules provided for in the “GDPR” Regulation (Article 14 - Information not obtained directly from the data subject), in particular, which personal information will be transferred to us, indicating to the data subject to consult these Privacy Policies. Also in compliance with Article 14 of the GDPR, if personal information is provided to us by third parties (such as family members who book for the whole family), the person communicating the data assumes full responsibility for what he/she declares, i.e. he/she must declare that he/she has obtained explicit consent from the persons for whom the data are provided.

In particular cases, and upon the user’s express request, information about any allergies or food intolerances or other health information necessary for the correct execution of the contract may be collected. Such sensitive information will be treated with the utmost confidentiality and solely in the user’s interest. Upon the completion of the strict necessity of the use of such information, it will be deleted.

BBV Gastaldi Events Srl does not intend to process or collect personal information from individuals under the age of 14 (Article 8 GDPR and subsequent regulations, and for the age limit, Article 2 quinquies of Legislative Decree 196/2003 as amended by Legislative Decree 101/2018). If a website user is under the age of 14, they should not use the site or provide their data. In specific cases, for contractual obligations (air travel, hotel reservations, etc.), ONLY personal information relating to minors under the responsibility of a legal guardian may be collected: in this case, after completing the necessary formalities related to the provision of services, the data of minors will be IMMEDIATELY deleted from all our systems.

Finally, data is also collected through cookies on our websites. Generally, we use technical cookies necessary to ensure the best functionality of our website for the user. If the user wishes to disable/reject the use of cookies, they can change the settings of their PC browser at any time. For more details, regarding the additional types of cookies we use, namely third-party cookies and profiling cookies, please refer to our cookie policy published on our website.

The personal data collected by us are strictly necessary to follow up on requests and services subscribed by users. In particular:

Art. 6. 1. b) for the conclusion and execution of the contract relating to our services, i.e. for purposes connected and instrumental to the performance of necessary pre-contractual activities, management of the contractual relationship (administrative and accounting activities, customer assistance, complaint management, debt collection), and the provision of services requested from time to time;
Art. 6. 1. c) to comply with legal obligations and requests from Authorities, as well as to comply with the provisions of regulations for the prevention of fraud, money laundering and terrorism financing, where applicable; Furthermore, in order to continuously improve our “customer experience” and to offer increasingly targeted services, processing, subject to explicit authorization (as required by the law), is carried out for;
commercial promotion and marketing activities for the purpose of direct offers of our products and services similar to those already purchased or for which interest has been expressed (requests for quotes and estimates). To do so, we will act on the basis of our legitimate interest Art. 6. 1. f), providing interested parties with the right to object to receiving informative communications at any time by contacting us at the contact details indicated in the previous point 1.

The data that is provided to us is only communicated and/or transferred to the parties we use to carry out activities necessary for the achievement of the purposes related to the service contracts in the tourism industry. Such information may be transferred within the European Union or outside based on the locations of the corresponding parties that provide or facilitate the provision of services offered and/or purchased by our clients.

Some of our services (informational, booking, contact) may be provided in collaboration with third parties who mainly provide us with cloud-based (SaaS) computing resources and services. Such parties will be specifically appointed by us as data processors: the list of third parties who process data on our behalf can be requested by contacting us at the above contact details.

Data retention periods (GDPR Article 5 - letter “e” and subsequent references)

Personal data will be kept for the time necessary to perform the processing for the aforementioned purposes. In particular, personal data will be kept with specific reference to the different processing purposes: a) Data retention for the entire duration of the contract and until obligations or compliance related to its execution exist. After the termination of the contractual relationship, the data will be kept with the necessary methods and only for the period required to comply with legal obligations;

b) With reference to processing for marketing purposes, carried out on the basis of legitimate interest or consent received, data will be processed for the entire duration of the contract and subsequently until objection or revocation of consent (which can occur at any time);

c) Data processed for profiling purposes (limited practice to establish tendencies to participate in conferences; not transferable to third parties and obtained with specific consent) will be managed until the possible revocation of consent and/or request to obtain cessation of processing.

6. User responsibility

The user (individual or company):

Guarantees to be over fourteen years of age (eighteen years for sensitive data) and that the information provided to BBV Gastaldi Events Srl is true, accurate, complete, up-to-date and authorized. To this end, the user is responsible for the truthfulness of all the data communicated and undertakes to provide the information promptly, so that they always correspond to the real situation. In the case of minors under the age of 18, the intervention of a legal guardian may be required to confirm the data provided.
If a person provides information about other people (typically family bookings), the person concerned is responsible for informing all the people involved in some way that they have provided their personal data to us, the purposes for which they were provided and our Privacy Policy.
Especially in the case of companies (Business to Business information), the user guarantees to have informed the third parties whose data has been provided to us, if applicable, of the topics covered in this document. It also guarantees to have obtained authorization to provide such data to BBV Gastaldi Events Srl for the indicated purposes.
The user (individual or company) will be held responsible for any false or inaccurate information or unintended information provided on our website or through other means and the resulting direct or indirect damages caused to BBV Gastaldi Events Srl and/or third parties.

7. Risk assessment

BBV Gastaldi Events Srl declares to have carried out a careful risk assessment analysis by simulating impact assessments in the event of a “data breach”. The assessments concerned the following areas:

Damage to reputation
Discrimination
Identity theft
Financial losses
Physical or psychological harm
Loss of control of data
Other economic or social disadvantages
Inability to exercise rights, services or opportunities Appropriate measures, compatible with the nature of the data processed, have been adopted (accountability). The results of the risk assessments are collected in a specific document available for consultation (or requested by the authorities or motivated) by contacting the Privacy Officer.

BBV Gastaldi Events Srl, under the supervision of the Privacy Officer, takes user data protection seriously and has adopted adequate technical and physical measures to protect the information collected in relation to the Services provided. All our archives containing personal data are protected in fireproof cabinets with keys. All our computers and remote accesses are protected by passwords with strict policies on updates and backups. BBV Gastaldi Events Srl is organizing “data breach” monitoring services (Article 33 of the Regulation) as specified in the regulation in order to communicate any breaches to the Authority and interested parties within 72 hours. BBV Gastaldi Events Srl will at all times treat customer data in strict confidence and maintain the obligation of secrecy towards them, in compliance with the provisions of the Regulation, adopting reasonable and necessary technical and organizational measures to ensure data security and prevent alteration, loss, processing, or unauthorized access, taking into account the state of the technology, the nature of the stored data, and the possible risks to which they are exposed.

9. Privacy Communication Updates

This Privacy Communication, numbered release 1.3 and drafted on November 29, 2022, replaces the previous release 1.2.

Each release may be periodically updated to reflect changes made to BBV Gastaldi Events Srl’s organizational procedures for personal data in relation to the Services or due to changes in applicable law. BBV Gastaldi Events Srl will publish a communication on its website to inform in case of substantial modifications (main release) to the Privacy Policy.

10.1 This website uses the following cookies

This website uses cookies.

This site uses technical cookies to allow the site to function; it also uses analytical and marketing/profiling cookies, including from third parties, for statistical analysis, to measure site performance, to understand the content that interests you and to send you targeted advertising on your interests. The installation of technical cookies does not require your consent. Regarding the other types of cookies: if you select the “Accept all” button, you consent to the installation of all other cookies; if you select the “Reject” button, only technical cookies will be installed; if you select the “Accept selected” button, only the selected cookie categories will be installed. If you do not select any button and close the banner using the “X” positioned at the top right, only technical cookies will be installed. For more information, please consult our privacy policy.

Cookies are small text files that can be used by websites to make the user experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages. At any time you can change or withdraw your consent from the Cookie Declaration on our website. Specify your consent ID and the date when you contacted us regarding your consent. For the transfer of data to the US (in cases of consent for processing by the user) the user must follow this policy https://policies.google.com/privacy/frameworks?hl=it. More details here: https://business.safety.google/gdpr/

Your consent applies to the following websites: www.bbvgastaldi.it

10.2 Third-party cookies

This website also acts as an intermediary for third-party cookies, used to provide additional services and features to visitors and to improve the use of the website itself, such as social media buttons or videos. This website has no control over third-party cookies, which are entirely managed by third parties. As a result, information about the use of such cookies and their purposes, as well as the methods for disabling them, are provided directly by the third parties on the pages indicated below. In particular, this website uses cookies from the following third parties:

Google Analytics 4: a Google analysis tool that uses cookies (performance cookies) to collect anonymous navigation data (IP truncated to the last octet) and exclusively aggregated for the purpose of examining the use of the website by users, compiling reports on website activity, and providing other information, including the number of visitors and pages visited. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate the IP address with any other data held by Google. The data transmitted to Google is stored on Google servers in the United States. Under a specific agreement with Google, which is designated as the data controller, it agrees to process the data in accordance with the requests of the data controller (see bottom of this policy), given through the settings of the software. Based on these settings, advertising and data sharing options are disabled.

Further information on Google Analytics cookies can be found on the Google Analytics Cookie Usage on Websites page.

Users can selectively disable the collection of data by Google Analytics by installing the appropriate component provided by Google on their browser (opt-out).

Social Networks: This website also incorporates plug-ins and/or buttons for social networks, in order to allow easy sharing of content on your preferred social networks. Such plug-ins are programmed not to set any cookies when accessing the page, in order to safeguard user privacy. Cookies are only set, if provided for by social networks, when the user actually and voluntarily uses the plug-in. Please note that if the user browses while logged into the social network, they have already consented to the use of cookies carried through this website at the time of registering for the social network. The collection and use of information obtained through the plug-in are governed by the respective privacy policies of the social networks, to which please refer.
Instagram - (see its cookie information link)
LinkedIn - (see its cookie information link)

10.3 Data transfers to non-EU countries

This website may share some of the collected data with services located outside the European Union. In particular, with Google, Facebook, Microsoft, LinkedIn, through social plug-ins and the Google Analytics4 service. The transfer is authorized based on “Standard Contractual Clauses” (link to the attached file).

10.4 Security measures

This website processes user data in a lawful and correct manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of data. The processing is carried out using computer and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes. In addition to the owner, in some cases, categories of authorized personnel involved in the organization of the website (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.

0.5 User rights

In accordance with the European Regulation 679/2016 (GDPR) and national legislation, the User can, according to the methods and limits provided by the current legislation, exercise the following rights:

request confirmation of the existence of personal data concerning him/her (right of access);
know its origin;
receive intelligible communication about it;
have information about the logic, methods, and purposes of the processing;
request its updating, rectification, integration, erasure, anonymization, blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which it has been collected;
in cases of processing based on consent, receive, at only the cost of any support, its data provided to the data controller in a structured and machine-readable format and in a commonly used electronic format;
the right to lodge a complaint with the supervisory authority (Data Protection Authority - link to the Authority’s page);
as well as, more generally, to exercise all the rights recognized by the current provisions of the law. Requests must be addressed to the Data Controller. In the case of data processing based on legitimate interests, the rights of data subjects are still guaranteed (except for the right to data portability, which is not provided for by the regulations), in particular, the right to object to the processing which can be exercised by sending a request to the data controller.

10.6 Data Controller

The Data Controller, in accordance with current laws, is the website administrator, BBV Gastaldi Events Srl, with registered office at Piazza Luigi di Savoia, 22 – 20124 Milano - Administrative Office Piazza della Vittoria, 12/2 – 16121 Genova, tel. +39 010 354556, Tax Code 05178360961 - VAT number 05178360961, can be contacted via email at privacy@gastaldi.it.

10.7 Updates

This privacy policy is updated as of 29/11/2022.

Privacy Policy

1. Data Controller (GDPR - Article 4 - Paragraph 7) and Data Protection Officer (Article 37 et seq.)

2. What data is processed (GDPR - Article 5 et seq.)

3. Purposes of the processing (GDPR - Article 6 - Lawfulness of processing)

4. Data transfer to third parties (GDPR - Chapter V - Articles 44 and following)