Bea World Festival

Privacy Policy

Notice pursuant to Article 13 of Regulation (EU) 2016/679, with regard to the processing of personal data (GDPR) and request for consent for the processing of personal data collected from the interested party

This information is provided to inform you of the processing of your personal data.


Identity and contact details of the Controller

The Data Controller is ADC GROUP s.r.l., with its registered office in Via Freguglia 2, Milan, Italy.

Contact details for the exercise of rights:

Email: privacy@adcgroup.it
Post: ADC Group – Via Copernico 38, 20125 Milan, Italy


Purpose and legal basis for the processing of data

The user’s personal data will be processed for the following purposes:

a) Performance of services requested by the user;
b) Direct and indirect marketing and market research;
c) Profiling related to the communication sector.

The processing referred to in letter a) is necessary for the provision of the service(s) requested by the user, whereas the processing referred to in subparagraphs b) and c) is consent (optional and which may be withdrawn at any time), provided by subjects above 16 years of age.

Specifically, a direct marketing activity aims to collect and use pertinent and limited data to what is necessary with respect to the purpose for which they are processed, to develop research studies, market statistics, submit advertising and information material, perform direct sales activities or placement of products or services, send commercial information, make interactive commercial communications.

The profiling activity consists, instead, in the collection of information regarding commercial behaviour and habits in the communication sector in order to improve services offered according to the needs of customers who have expressed specific consent.

With reference to marketing and profiling activities, it should be noted that, in the case of non-specific consent to the processing by the user, it shall not be possible to perform the aforementioned activities.


Recipients of the personal data

Within the outlined purposes, user data may be disclosed to the following companies:

a) companies and professionals providing electronic data processing and software and IT consultancy services as well as the management of information services relating to the abovementioned;
b) companies and professional bodies employed for statistical surveys and/or market research and/or customer satisfaction surveys;
c) professional advertising agencies, marketing and mailing agencies in Italy, always in relation to the commercial initiatives linked to both marketing communication and events or financial sectors, as referred to above.

For subjects identified from a) to c), only the category of recipients is indicated, as this undergoes frequent updates and revisions. Therefore, interested parties may request an updated list of recipients by contacting the Data Controller through the channels indicated in art. 1 of this notice.


Period for which personal data will be stored

Personal data will be stored for the period of time strictly necessary to pursue the specific purposes of the processing for which the user has expressed his consent and, specifically:

  • For the purposes indicated in letter a) of article 3, for the time necessary to fulfil contractual obligations and, in any case, no longer than 10 years from the time of collection of the user’s data to fulfil regulatory obligations and, in any case, no longer than deadlines set by law for the lapse of rights;
  • For the purposes indicated in letter b) of art. 3 (i.e., for direct and indirect marketing purposes and market research) for 24 (twenty-four) months from the time of consent to processing;
  • For the purposes indicated in letter c) of art. 3 (i.e., for profiling purposes) for 12 (twelve) months from the time of consent to processing.

Rights of the interested party

The user may, at any time, exercise the following rights:

  1. Access to personal data: obtain confirmation whether or not data concerning the user is being processed and, in this case, access the following information: purposes, data categories, recipients, period of storage, right to lodge a complaint with a supervisory authority, right to request rectification or erasure or restriction of processing or object to the processing itself and the existence of an automated decision-making process;
  2. Request rectification or erasure of personal data or restriction of the processing concerning the data subject: “restriction” means the marking of data stored with the aim of limiting its processing in the future;
  3. Object to processing: objection for reasons connected with one’s particular situation to the processing of data for the performance of a task of public interest or for the pursuit of a legitimate interest of the Controller;
  4. Data portability: in the case of automated processing carried out on the basis of consent or in execution of a contract, to receive the data concerning the subject in a structured format, commonly used and readable by automatic device; in particular, the data will be provided by the Data Controller in .xml format, or similar;
  5. Withdrawal of consent to processing for marketing purposes, whether direct or indirect, market research and profiling; the exercise of such right does not effect in any way the lawfulness of the processing carried out before the revocation;
  6. Lodge a complaint pursuant to article 77 of the GDPR with the competent supervisory authority on the basis of the subject’s habitual residence, place of employment or place of violation of the user’s rights; for Italy, this is within the jurisdiction of the Data Protection Supervisor (Garante per la protezione dei dati personali), which can be contacted as per details shown on the website garanteprivacy.it.

The aforementioned rights may be exercised by sending a specific request to the Data Controller through the contact channels indicated in art. 1 of this notice.

Requests relating to the exercise of user rights will be processed without undue delay and, in any case, within one month of the request; only in cases of particular complexity or for the exceptional number of requests can this term be extended by a further 2 (two) months.


Communication and conferral of data

Conferral of data by the user is mandatory as necessary to provide the service(s) requested. Therefore, any refusal by the user to provide the data may result in the non-provision of service(s), in so far as such data is necessary for these purposes.