Privacy Policy

1. Data Controller

The Data Controller is Lib.Co S.r.l., which operates the website sestoeventi.it under the brand SESTO — Event Project Management.

2. Personal data collected

In connection with the purposes described in this notice, the Controller processes the following categories of personal data:

Data provided voluntarily by the user

Through the contact and brief request form on the website, users may provide:

• Name and/or company name
• Email address
• Phone number (optional)
• Professional role
• Event type, indicative date, number of participants, indicative budget
• Free notes in the "brief" field

Browsing data

The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified subjects, but by its nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server's response, and other parameters relating to the user's operating system and IT environment.

Cookies

For information on the use of cookies, please refer to our Cookie Policy.

3. Purposes and legal basis for processing

a) Managing contact requests and briefs

Data provided through the contact form is processed to respond to user requests, prepare estimates and proposals, and manage pre-contractual communication. The legal basis is the performance of pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR).

b) Legal and fiscal obligations

Should a contract be concluded, data may be processed to fulfil obligations under law, regulations and EU legislation, as well as provisions issued by legally authorised authorities. The legal basis is compliance with a legal obligation (Art. 6(1)(c) GDPR).

c) Legitimate interest

Browsing data is processed for IT security and technical operation of the website on the basis of the Controller's legitimate interest (Art. 6(1)(f) GDPR), which outweighs the interests of users given the technical and anonymised nature of the processing.

4. Recipients of data

Personal data may be disclosed to the following categories of recipients:

• Employees and collaborators of the Controller, within the scope of their duties
• IT and hosting service providers (processing data as Data Processors under Art. 28 GDPR)
• Professional advisers of the Controller (e.g. accountants, lawyers) for legal compliance
• Public authorities, where required by law

Data is not sold to third parties for commercial purposes, nor transferred to non-EU countries without appropriate safeguards.

5. Retention period

Data provided through the contact form is retained for as long as necessary to handle the request and, where a contractual relationship is established, for the duration of the contract and the subsequent period required by applicable fiscal and civil law (generally 10 years from the conclusion of the contract).

Requests that do not lead to a contract are retained for no more than 24 months from receipt.

Browsing data is retained for the time strictly necessary for technical purposes, generally no longer than 30 days.

6. Rights of the data subject

As a data subject, you have the right to:

• Access (Art. 15 GDPR): obtain confirmation of whether personal data concerning you is being processed and, if so, obtain a copy of such data
• Rectification (Art. 16 GDPR): obtain correction of inaccurate data or completion of incomplete data
• Erasure (Art. 17 GDPR): obtain erasure of data in cases provided for by law ("right to be forgotten")
• Restriction (Art. 18 GDPR): obtain restriction of processing in cases provided for by law
• Portability (Art. 20 GDPR): receive data in a structured, commonly used and machine-readable format, where processing is based on consent or a contract
• Objection (Art. 21 GDPR): object to processing based on legitimate interest
• Withdrawal of consent: withdraw consent at any time without prejudice to the lawfulness of processing based on consent before its withdrawal
• Lodge a complaint: with the Italian Data Protection Authority (www.garanteprivacy.it) or the supervisory authority of your EU country of residence

To exercise your rights, please write to: info@sestoeventi.it. The Controller will respond within 30 days of receipt of the request.

7. Security measures

The Controller implements appropriate technical and organisational measures to ensure a level of security proportionate to the risk, in accordance with Art. 32 GDPR. The website uses HTTPS protocol for encrypted data transmission.

8. Changes to this policy

The Controller reserves the right to amend this privacy policy at any time, including in light of regulatory changes. Amendments will be published on this page with an updated date. Users are encouraged to consult this page periodically.