Privacy Policy TicketOne of euroflora.genova.it

INFORMATION ON THE PROCESSING OF PERSONAL DATA
Pursuant to EU Regulation 2016/679 (General Data Protection Regulation), Porto Antico di Genova wishes to inform you about the processing of your personal data.

1 – DATA CONTROLLER

1.1 The data controller of the TicketOne platform, exclusively concerning operations and related processing regarding the sale and management of users’ data for the EUROFLORA 2025 event, is Porto Antico di Genova S.p.A., with its registered office at Calata Molo Vecchio 15 – Magazzini del Cotone, Modulo 5, 16128, Genova, represented by its Legal Representative pro tempore.
In accordance with Article 37 of EU Regulation 2016/679, Porto Antico di Genova has appointed a Data Protection Officer (DPO), who can be contacted directly at the email address [email protected].
1.2 In the event of purchasing admission tickets, the Organiser indicated in the event form during the purchase process will also act as a Data Controller.

2 – PURPOSE OF PERSONAL DATA PROCESSING

We wish to inform you about the purposes for which your personal data is collected, stored, and processed by the Data Controller:

2.1 Porto Antico di Genova S.p.A. will process your data for the following purposes:
1. Issuance of admission tickets and participation in the event, based on the purchase contract (Art. 6(1)(b) of Regulation 2016/679), as well as for organizational and security purposes related to the event for which the tickets are purchased.
2. Registration on the TicketOne platform, necessary to access services, including ticketing, customer support, and the handling of complaints; processing is based on the contract (Art. 6(1)(b) of Regulation 2016/679).
3. Application of service fees, if applicable, for the pre-sale of admission tickets, in accordance with the purchase contract (Art. 6(1)(b) of Regulation 2016/679). This includes administrative and accounting purposes, the potential issuance of commercial invoices (including by email), and other related services.
4. Sending of newsletters by Porto Antico di Genova S.p.A. in full compliance with the principles of lawfulness and fairness and in accordance with applicable laws. This is carried out based on the consent provided by the data subjects. The issuance of admission tickets is guaranteed even if consent is not given.
5. Marketing and promotional purposes, involving the sending of direct email marketing (DEM) messages by automated means (such as email and SMS) regarding services and/or products that are similar, related, or connected to the activities of Porto Antico di Genova S.p.A. These activities may also be carried out on behalf of third parties (including other event organizers or business partners). No personal data will be transmitted to the aforementioned third parties. The issuance of admission tickets is guaranteed even if consent is not given.
6. Marketing purposes, including the sending of invitations, offers, and promotions for services, products, and events linked to or connected with previous purchases made by the user. This processing is carried out based on the legitimate interest of the Data Controller (Art. 6(1)(f) of Regulation 2016/679) and may also be conducted on behalf of third-party companies (primarily event organizers or business partners). No personal data will be transmitted to the aforementioned companies. Data subjects have the right to object to this processing by following the instructions provided in the communications.
7. website navigation on euroflora.genova.it through the use of cookies. For more details, please refer to the Cookies Policy. https://euroflora.genova.it/cookie-policy/

3 – DATA PROCESSING FOR COMMERCIAL AND PROFILING PURPOSES

3.1 Data Processing for Analytical Purposes

We may analyse and document how you use our Site. Specifically, we may examine the number of visitors to the Site, your browsing behaviour, the events, and areas of the Site you are interested in, the geographic origin of Site visitors, and order and shopping cart data, if you purchase a ticket from us. For these purposes, we shall process the following personal data:

IP address (abbreviated),
Cookies, and
E-mail address (hashed).

Hashing is a process that pseudonymises your email address in a non-reversible manner, ensuring your privacy.
This data is processed based on your consent as defined in Article 6(1)(a) of the GDPR. If you wish to object to data processing for analytical purposes, you can change your preferences in the Cookie Preference Centre.
To carry out this processing, we use Google Analytics 360 (GA360), a web analysis service provided by Google LLC (“Google”). GA360 uses cookies to analyse how visitors interact with the Site.
The information generated by these cookies about your use of the Site is generally transmitted via a server controlled by CTS Eventim, located in Europe, to Google Analytics 360 in the United States, where it is stored.
The transfer of data to the United States is conducted in compliance with the standard contractual clauses for the European Union, ensuring lawful and secure processing.
For more information, please visit the following link:
https://business.safety.google/adsprocessorterms/sccs/p2p-intra-group/

The IP address is reduced and therefore anonymised by CTS Eventim before being transferred to the Google Analytics 360 server.
On behalf of Porto Antico di Genova S.p.A., Google processes this information to evaluate the use of the Site, compile reports on Site activity, and provide TicketOne with additional services related to Site usage and internet activity.
The IP address transmitted by your browser through Google Analytics 360 is not merged with other Google data. You may refuse the use of cookies by adjusting your browser settings. However, please note that if you do so, some features of the Site may not function as intended.

For more information on terms of use and data protection, please refer to the following links:

You can find an explanation of how Google uses third-party data at the following link: https://policies.google.com/privacy?hl=ita#infosharing
Please note that in connection with the use of Google Analytics 360 (GA360), should your personal data be transferred to the United States, the transfer shall be based on EU Standard Contractual Clauses. These clauses ensure an adequate level of protection for your personal data in compliance with Article 46 of the GDPR.

3.2 Data processing for advertising and re-targeting purposes on third-party websites and social networks

When you visit the Site, we may process your personal data for remarketing and display advertising purposes, including using social media ad plug-ins.
As part of our display advertising activities, we may run marketing campaigns using tags (pixels) and cookies provided by our remarketing partners. These tags and cookies are activated when you visit the Site and are linked to the products you have viewed or purchased. This enables us to show you personalised and targeted product offers based on your preferences.
Additionally, we may display banner ads to users of Facebook, Instagram, Pinterest, Spotify, and TikTok who share similar profiles to our current customers and Site visitors. For this purpose, we may process the following data:

The type of web page accessed.
The product number of the item viewed.
In the case of a ticket purchase: the product number of the item ordered, the sales value, the order number, as well as your preferences and cookie ID.

This processing is conducted based on your consent in accordance with Article 6(1)(a) of the GDPR.
If you do not wish for your data to be used for these re-targeting activities, you may update your preferences in the Cookie Preference Centre.
In connection with the use of tags and cookies from Google, Facebook, Instagram, Pinterest, Spotify, and TikTok, your personal data may be transferred to the United States. This transfer is conducted in compliance with EU Standard Contractual Clauses, ensuring an adequate level of protection for your personal data in accordance with Article 46 of the GDPR.
For further details on how data is processed by re-targeting providers, please refer to their respective data protection policies:

Google’s Privacy Policy:

https://policies.google.com/privacy?hl=ita

Explanation of the use of third-party data by Google

https://policies.google.com/privacy?hl=ita#infosharing

Facebook’s Privacy Policy:

https://www.facebook.com/privacy/policy/

Instagram’s Privacy Policy

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

Pinterest’s Privacy Policy https://policy.pinterest.com/it/privacy-policy
Spotify’s Privacy Policy https://www.spotify.com/it/legal/privacy-policy/
TikTok’s Privacy Policy https://www.tiktok.com/legal/page/eea/privacy-policy/it

If you purchase a ticket via the TicketOne platform, a Google Ads cookie is placed on the Site. After performing one of the aforementioned actions, if you enter relevant search terms on internet search engines, the cookie may enable individual suggestions for products and services related to your purchase to appear in the search results (search engine marketing). If you wish to opt-out of data processing by Google Ads, you can update your preferences in the Cookie Preference Centre.
Please note that, in connection with the use of Google Ads, your personal data may be transferred to the United States. This transfer is conducted in compliance with EU Standard Contractual Clauses, ensuring an adequate level of protection for your personal data in accordance with Article 46 of the GDPR. For more details on how Google Ads processes your data, please refer to their data protection policy:

Google AdWords Privacy Policy:

https://policies.google.com/privacy

Explanation of the use of third-party data by Google:

https://policies.google.com/privacy?hl=ita#infosharing

Additionally, we inform you that we place advertisements (so-called social media ads) on the social networks Facebook, Instagram, Pinterest, Spotify, and TikTok. If you have an account on these platforms and agree through your social network account settings to display advertising, you may see ads corresponding to our products and services. These ads are displayed based on your interests (e.g., “likes” on artist pages) stored in your public social profile on Facebook, Instagram, Pinterest, Spotify, or TikTok. As a result, the advertising shown is personalised to match your interests. To achieve this, we process data from your public social profile. Specifically, to measure the effectiveness of the campaigns carried out, we process the following data based on your consent in accordance with Article 6(1)(a) GDPR:

Your IP address,
Your cookie ID,
Your page and feed activity,
Your internet speed,
Your purchasing activities, and
Your social connections.

To carry out the aforementioned activities, your data is transferred to the United States and processed outside the EU/EEA area. This data transfer is conducted in compliance with EU Standard Contractual Clauses, ensuring an adequate level of protection for your personal data in accordance with Article 46 of the GDPR.
For further details on this type of data processing, please refer to the privacy policies of the respective social networks Facebook, Instagram, Pinterest, Spotify, and TikTok.

Facebook: https://www.facebook.com/privacy/policy/
Instagram: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect
Pinterest https://policy.pinterest.com/it/privacy-policy
Spotify https://www.spotify.com/it/legal/privacy-policy/
TikTok https://www.tiktok.com/legal/page/eea/privacy-policy/it

4 – GEOLOCATION INFORMATION

Depending on your browser settings, the platforms used may be authorised to access data about your geographical location based on an IP check. This information is always approximate and is automatically deleted at the end of the browsing session. The platforms do not store geolocation data; such information is used solely to enhance your browsing experience.

5 – INFORMATION RECEIVED FROM THIRD PARTIES

If you register on our platforms by providing personal data directly through accounts such as Facebook, Google, Instagram, Pinterest, Spotify, or TikTok, Porto Antico di Genova S.p.A. is authorised to collect, store, and use information related to your email address, which will be managed in accordance with this privacy policy.
Additionally, we may receive information from users when they interact with our pages, groups, accounts, or posts on social media platforms.
Users have the option to unsubscribe from these platforms at any time.

6 – PROCESSING METHODS

Your data will primarily be processed by electronic means, in a manner and to the extent necessary to pursue the purposes outlined above, in compliance with the principles set out in Article 5 of EU Regulation 2016/679. The data will be stored in electronic archives with the assurance of appropriate security measures as required by EU Regulation 2016/679.

7 – DATA STORAGE

Porto Antico di Genova S.p.A. will retain your data for the time necessary to fulfil administrative, accounting, and tax purposes related to the established relationship, as well as to comply with legal obligations. Data retention will be limited to the statutory timeframes governing the rights and obligations underlying the processing.
Data related to registration on the euroflora.genova.it site will be processed until the user requests cancellation.
Data collected for marketing and promotional purposes will remain in our databases until the user exercises their right to object or requests cancellation. Instructions on how to exercise these rights are provided on the euroflora.genova.it site and in this privacy notice.

8 – COMMUNICATION OF DATA

Personal data will, in any case, be communicated by Porto Antico di Genova S.p.A. to the organisation that owns the platform used for purchasing admission tickets to the event, for the purposes outlined in paragraph 2.1.
The data may also be processed by data processors associated with Porto Antico di Genova S.p.A., as well as by professionals and staff members who need to process the data for organisational and functional requirements. Third parties involved in the provision of services, appointed as Data Processors, may also process the data as necessary to guarantee service provision. Processing will be strictly limited to purposes connected with the provision of the offered services. Specifically, data may be communicated to server providers, the sales network of Porto Antico di Genova S.p.A., forwarding agents and carriers tasked with delivering purchased tickets, and contact and call centre companies responsible for managing related services through the platforms used.
An updated list of Data Processors is available upon request from the Data Controller.
All Data Processors are instructed on security and personal data protection and are expressly prohibited from disclosing or communicating personal data to other third parties, except when necessary for service provision.
Furthermore, data may be communicated to judicial authorities, if required, for organisational and security purposes related to the event or for compliance with regulatory checks.

9 – CHILDREN UNDER 16 YEARS OF AGE

The platform does not include information, functions, or services specifically intended for users under the age of 16 years. Porto Antico di Genova S.p.A. strongly advises users under the age of 16 not to provide personal data without the prior authorisation of a parent or legal guardian.
Should Porto Antico di Genova S.p.A. become aware that personal data has been provided by a user under the age of 16 without such consent, the data shall be immediately deleted. Furthermore, Porto Antico di Genova S.p.A. reserves the right to deny access to its services for any user found to have concealed their underage status or submitted personal data without the required parental consent.
In the event of a breach of this policy by a user under the age of 16, Porto Antico di Genova S.p.A. shall not be held liable for any resulting direct and/or indirect claims for damages.

10 – TRANSFER OF DATA TO A THIRD COUNTRY

Personal data collected via the euroflora.genova.it website and the associated platform (TicketOne) is generally not transferred outside the European Union (EU).
However, data processed via Google Ads, GA360, Facebook, Instagram, Pinterest, Spotify, and TikTok may be transferred to the United States and processed outside the EU/EEA. Such transfers are based on EU Standard Contractual Clauses, ensuring an adequate level of protection for your personal data in compliance with Article 46 of the GDPR.

If additional data is transferred outside the EU, the Data Controller commits to ensuring compliance with Articles 44 et seq. of EU Regulation 2016/679.

10 – RIGHTS OF DATA SUBJECTS

As a Data Subject, you have specific rights under Articles 12 et seq. of EU Regulation 2016/679, which are outlined below:

Obtain confirmation as to whether personal data concerning you is being processed.
Access information about the content and origin of the data, as well as the purposes and methods of processing.
Verify the accuracy of your data and request its update or rectification.
Request the integration, erasure, or transformation into anonymous form, or the blocking of data processed in violation of the law, including data that is no longer necessary for the purposes for which it was collected or subsequently processed.

In particular, you have the right to:

Object at any time, for legitimate reasons, to the processing of your personal data, even if it is relevant to the purpose of collection, as well as to the processing of personal data for the purpose of sending advertising materials.
Request data portability.
Revoke your consent at any time, without affecting the lawfulness of processing carried out based on consent prior to its revocation.
Lodge a complaint with a supervisory authority (in Italy, the Garante per la Protezione dei Dati Personali).

To exercise any of the above rights, please send a written request to:
Porto Antico di Genova S.p.A.
Calata Molo Vecchio 15, Magazzini del Cotone, Modulo 5, 16128, Genoa
Email: [email protected]

11 – APPLICABLE LAW

This Privacy Policy is governed by Italian law and by EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).

12 – UPDATES TO THE PRIVACY POLICY

This Privacy Policy was last updated on 02 December 2024 and may be subject to further amendments. Any substantial changes will be published on the euroflora.genova.it website.
The most current version of this Privacy Policy can always be accessed on the euroflora.genova.it website, specifically in the ‘Privacy Policy’ section.