1. The Buyer declares that he or she is aware that the provisions of Regulation (EU) 2016/679 (the General Data Protection Regulation [GDPR]) apply to the processing of the data of private individuals (personal data) but not to the processing of the data of legal persons (companies), institutions and associations, nor to the processing of the data (information) relating to them, and is further aware that the laws on the sending of commercial electronic communications therefore remain unaffected. (The Buyer can release the necessary consent form to receive electronic communications for direct marketing purposes).

2. The personal data of the Buyer that is entered in the booking or sale form or else subsequently disclosed will be collected and processed by MICO DMC Srl. For the purposes of this policy, “Buyer” may refer to a single-person enterprise, a freelance professional, or a representative, spokesperson, employee, contractor or partner of a Buyer. In the following paragraphs, MICO DMC Srl shall also be referred to as the “data controller” or “Company”.

3. The personal data is used for the following purposes: to discharge the obligations and fees for the booking and the sale of hotel rooms, transportation tickets, flights, transfers, tours, restaurant meals and similar hospitality services, as well as for the provision of the related services; to comply with regulatory obligations; to execute the related administrative, accounting and tax operations. The processing of the Buyer's personal data is therefore necessary for the acceptance and execution of a contract for the supply of the aforementioned services, for legal compliance purposes, and for the pursuit and fulfilment of the legitimate interests of our Company and Group (Gruppo Fiera Milano), which need the data to perform the administrative, organizational, technical and safety-related activities connected with the services. Failure to disclose even some of the requested personal data could lead to a refusal of service.

4. The personal data acquired by our Company will also be processed electronically, prevalently through the use of computers, in a manner conducive to its proper management for the purposes of providing the services. The data may also be stored after use for administrative, accounting and tax purposes for a length of time determined by law (typically ten years).

5. For the foregoing purposes, the data may also be shared both with Company employees and with external parties who have been authorized by the Company to discharge the administrative, technical and safety-related obligations relating to the services provided. The data may also be shared with other companies of Gruppo Fiera Milano (see updated list of Group companies on the website www.fieramilano.it), as well as with trusted companies that provide our Company with organizational and technical services, such as hotels, airlines, restaurants, public and private passenger transport operators, repair and maintenance companies, printers, data processing companies, management consultancies, and companies that evaluate business performance. The companies that manage and analyse personal data on behalf of MICO DMC Srl are “data processors” and, as such, must comply with the specific obligations set out in the relevant service contracts. The data may be transferred to companies located outside the EU, provided that the European Commission recognizes the relevant country as having adequate safeguards for data protection (e.g. Switzerland, Australia, Israel and the USA – though only for American companies that are party to the “Privacy Shield” agreement with the EU), or provided that the recipient company can offer sufficient guarantees (such as standard contractual clauses or binding group-wide corporate rules). In the absence of such guarantees, the data may still be transferred if authorized by the Buyer or if necessary for the execution of the contract with the same.

6. Under the provisions of the GDPR (articles 15-22) natural persons have the right to examine at any time the data concerning them, obtain a copy of the same, rectify errors or add to data where it is incomplete, delete the data or, where sufficient grounds exist, restrict the scope of its processing, object to its processing altogether on grounds relating to their particular situation, object to its processing for direct marketing purposes, exercise their right to acquire the data in a portable format where the data has been machine processed for the execution of contract or else processed by the express permission of the natural person in question, and, finally, may apply to the Data Protection Authority to assert their personal data rights where they believe these have been violated.

7. Natural persons may also submit any questions or requests regarding the processing of their personal data to the following email address of the data controller privacy@micodmc.it or by written notice to the following postal address: MICO DMC srl, p.le Carlo Magno 1 – 20149 Milano. In addition to exercising the foregoing rights, individuals may also contact the data controller to receive an updated list of the designated parties with whom the data is shared, or by whom it is processed (the list is also available on the web site www.micodmc.it/it/privacy-policy).

8. The information contained in this policy and consent form has been made available by the data controller pursuant to article 13 of the GDPR. The Buyer agrees to make the personal data he or she released in exchange for the services to be rendered also available to natural persons acting on his or her behalf (representatives, spokespersons, employees and contractors). The Buyer also undertakes to ensure that the personal data thus provided may be lawfully used by the data controller to provide services, and agrees to indemnify the data controller against liability for any loss or damage resulting from the Buyer's violation of the obligations to the data controller as set forth in this section.