Video surveillance information notice

Information on the processing of personal data relating to the video surveillance systems and installations of Pordenone Fiere S.p.A.

This information is provided pursuant to art. 13 of EU Regulation 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data (so-called “General Regulation on the processing of personal data” or “GDPR”), of Legislative Decree 30.06.2003, n. 196, as amended and integrated by Legislative Decree 10.08.2018, n. 101 (“Personal Data Code” or “Privacy Code”), as well as the Provision on video surveillance of 08.04.2010 of the Guarantor for the protection of personal data by:

► Pordenone Fiere S.p.A., with registered office in 33170 – Pordenone (PN), via Viale Treviso, 1, tax code and VAT number 00076940931, in the person of its legal representative pro-tempore, in the capacity of Data Controller (hereinafter “Data Controller”).

The Data Controller, aware of the importance of ensuring the security of private information, in compliance with applicable European and Italian legislation, in compliance with the principle of transparency pursuant to art. 12, GDPR, informs you that it is necessary to process your personal data through the systems and facilities designated for the processing of some external and internal areas owned or, in any case, under the jurisdiction of the Data Controller, in compliance with current legislation and as reported below.

The Data Controller has appointed, pursuant to art. 37 et seq. of the GDPR, the Data Protection Officer (so-called Data Protection Officer or “DPO”) who can be reached at the following email address: dpo@fierapordenone.it.

1. Object of the processing of personal data
The Data Controller may process your personal data (videos, images, frames, date and time of recording) collected by means of video surveillance systems installed in some external and internal areas owned or, in any case, under the jurisdiction of the Data Controller. The video surveillance system is designed to display and record filmed images.

2. Purpose and legal basis of the processing of personal data
Your personal data will be processed without your express consent for the purposes of security and protection of the Data Controller’s corporate assets; as well as for the detection, prevention and control of break-ins. The legitimate interest of the Data Controller constitutes the legal basis of the processing (see art. 6, letter f, GDPR; point 6.2.2,

3. Nature of the provision of personal data
The provision of personal data is necessary because the installation and operation of video surveillance systems permits the pursuit of the purposes indicated above.

4. Method of processing personal data
The processing of your personal data is carried out by means of the operations indicated in art. 4, paragraph 1, no. 2), GDPR, or any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction. The processing of your personal data will be based on the principles of correctness, lawfulness and transparency and may also be carried out through automated methods designed to store, manage and transmit them and will be carried out using suitable tools, as far as is reasonable and in the state of the art, to guarantee security and confidentiality through the use of suitable procedures that avoid the risk of loss, unauthorised access, illicit use and dissemination. Your personal data may be stored both on computer media and on paper media, as well as on any other type of media deemed most suitable for processing.

5. Characteristics of the system
The video surveillance systems consist of a network of video cameras located outside and inside the premises owned or, in any case, under the responsibility of the Data Controller, adequately indicated with the appropriate signs. The images filmed and recorded are transmitted via intranet to a central control station. The video cameras are both fixed and pan/tilt. The video cameras allow video recording even in poor night lighting. The images will be visible only and exclusively on the monitors at the central control station.

6. Period of retention of personal data
Your personal data may be retained for a period of time not exceeding 72 hours following their collection, after which the same personal data are automatically deleted by overwriting new images, except for particular needs for further retention in relation to holidays or closure of the premises, or in the event that the Data Controller does not deem it necessary to inform the Police or the judicial authority or the case in which the request comes from the latter. The aforementioned retention period was established by trying to reconcile the purposes of protection and safeguarding of personal data with those pursued through the video surveillance system.

7. Communication of personal data
Your personal data may be made accessible to workers and/or collaborators who work for and under the Data Controller and/or to some external parties who provide sufficient guarantees that they have adopted adequate legal, organizational and technical measures so that the processing meets the requirements of the GDPR and guarantees the protection of the rights of the data subject. In particular, your personal data may be made accessible to: i. employees and/or collaborators of the Data Controller in their capacity as persons authorized to process personal data; ii. third-party companies or other parties who carry out outsourcing activities on behalf of the Data Controller, in their capacity as data controllers pursuant to art. 28, GDPR. Furthermore, the Data Controller may communicate your personal data to parties entitled to access them by virtue of provisions of law, regulations, community regulations, to the judicial authority, as well as to all other parties to whom communication is mandatory by law.

8. Transfer of personal data
The management and storage of your personal data will take place on servers and/or locations of the Data Controller and/or third-party companies or other entities that carry out outsourcing activities on behalf of the Data Controller, in their capacity as data controllers pursuant to art. 28, GDPR, located in the European Union and the European Economic Area (EEA) or, in any case, in countries outside the European Union and the European Economic Area (EEA), recognized by the European Commission as countries that guarantee an adequate level of protection of personal data pursuant to art. 45, GDPR, or in compliance with the provisions of arts. 46 and 47, GDPR.

9. Rights of the interested party
Pursuant to arts. from 15 to 22, GDPR, in the cases provided for, you have the right to:

(i) obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and other information relating to it, including receiving a copy thereof (so-called right of access);
(ii) obtain the rectification of inaccurate personal data and/or the integration of incomplete personal data concerning you (so-called right of rectification);
(iii) obtain the erasure of personal data if one of the reasons provided for by the GDPR exists (so-called right to erasure);
(iv) obtain the restriction of processing only to certain personal data if one of the reasons provided for by the GDPR exists (so-called right to restriction of processing);
(v) request and receive, in a structured, commonly used and machine-readable format, the personal data concerning you, or request and obtain the transmission to another Data Controller without impediments (so-called right to portability);
(vi) revoke, at any time, any consent given regarding the processing of personal data (so-called right to revoke consent);
(vii) object, in whole or in part, to the processing of personal data (so-called right to object);
(viii) not be subjected to a decision based solely on automated processing in the cases provided for by the GDPR.

If the User believes that the data processing is in violation of the provisions of the GDPR, he/she has the right to lodge a complaint with the competent Supervisory Authority (art. 77, GDPR), or to take appropriate legal action (art. 79, GDPR).

10. How to exercise your rights
You may at any time exercise your rights and/or request information regarding the processing of your personal data by contacting the Data Controller, Pordenone Fiere S.p.A., 33170 – Pordenone (PN), via Viale Treviso, 1, e-mail: privacy@fierapordenone.it, or the Data Protection Officer (so-called Data Protection Officer or “DPO”) e-mail: dpo@fierapordenone.it.

This information may be subject to changes. It is therefore advisable to regularly check this information and refer to the most updated version.

Pordenone, 19 January 2024

The Data Controller

Pordenone Fiere S.p.A.