This privacy disclosure is intended for users/navigators and provides information on the processing of personal data pursuant to Art. 13 of Regulation (EU) 2016/679 (hereinafter “the Regulation”).

The Data Controller
The Commissioner General’s Office of Section for Italy’s participation in Expo 2020 Dubai (hereinafter the “Commissioner’s Office”), situated in Piazzale della Farnesina, 1, 00135 Rome – Italy, telephone number +39 06-3691.5300, represented by the Commissioner General, Paolo Glisenti, is the Data Controller of the data collected on the website www.italyexpo2020.it.

This privacy disclosure only applies to the websites and activities pertaining directly to the Commissioner’s Office and not to other websites accessible via links from the site itself and related to third parties, for which further information can be obtained by consulting the relative pages. To exercise their rights, the data subjects must submit the relevant request to the Data Controller at the following e-mail address: expodubai.amministrazione@cert.esteri.it.

Types of data processed
Navigation data: the website uses cookies, the use of which is governed by the policy that can be consulted at italyexpo2020.it/en/cookie-policy.

Methods and aims of the data processing
Pursuant to the law, data processing refers to any operation, or group of operations, implemented with or without the aid of automated processes and applied to personal data or to a group of personal data, including the collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication via transmission, disclosure or any other form made available, comparison or interconnection, restriction, erasure or destruction thereof.
The processing applied to data is subject to the data subject’s consent and consists of: recording, analysis, communication to possible subjects involved and storage of the data.
The aim of the data processing is to facilitate the relationship between the parties, in particular for signing the newsletter form and for sending informative communications on Expo 2020 Dubai, where authorised, even through selected messages.
The data will be processed using electronic instruments (PCs or tablets), in a way that guarantees the security and confidentiality of the data itself.
Moreover, your data may be processed in order to fulfil obligations of the law, regulations and European laws, as well as provisions issued by the public authorities and by supervisory and control bodies.
All the material making up the italyexpo2020.it website, the electronic communications before and after their reception and the navigation data are stored on the servers hosting the website. The collected data will be processed on these servers.
The data will be stored strictly for the time necessary and, nonetheless, not beyond the end of the activities related to Expo 2020 Dubai, the date on which the Commissioner’s Office will cease its activities, and will then be destroyed, unless another term applies by way of legal obligations (e.g. if judicial evidence must be produced or if ordered by the authorities).

Personal data of minors
If the data supplied belongs to minors, the consent for processing such data must be given or expressly authorised by the parent or acting parent (biological or adoptive parent, or tutor) and the Commissioner’s Office may request a verification or appropriate waiver in this regard.

Rights of the data subjects
The data subjects are entitled to obtain from the Commissioner’s Office and from third parties, in the cases envisaged in the Regulation, access to their personal data, the rectification or erasure of such data or the restriction of its processing, in accordance to that stated in Articles 15–22 of the Regulation. The relative applications can be submitted to the Data Controller.

Communication of personal data breach
Whenever a possible personal data breach can seriously jeopardise the rights and freedoms of natural persons, the breach shall be notified to the data subject without any undue delay, in accordance with that stated in Article 34 of the Regulation.

Right to lodge complaints
The data subjects who feel that their personal data after consulting the portal has been processed in breach of the Regulation are entitled to lodge a complaint with the (Italian) Data Protection Authority, in its role of national supervisory body, pursuant to Article 77 of the Regulation, or are entitled to judicial remedy pursuant to Article 79 of the Regulation.

Withdrawal of consent
The consent to data processing can be withdrawn at any time via a written communication or an e-mail sent to the Data Controller. The withdrawal of consent does not undermine the processing carried out prior to the withdrawal, which remains valid and legitimate for all intents and purposes. The data subject’s consent to receiving newsletters can be withdrawn at any time: in such case, he/she shall cease to be informed on any communications, initiatives, news and events of the Commissioner’s Office.