Personal Data Processing Policy

ROMEXPO S.A., headquartered in Romania, 65-67 Mărăști Blvd, District 1, Bucharest and EUROEXPO FAIRS SRL, 7 Expoziției Blvd., District 1, Bucharest, is the controllers of personal data processed through the ROMEXPO Lead Management Platform, hereinafter referred to as the "Platform".

Personal data is collected and processed for the following purposes:

• Registration and management of potential visitors and customers interested in trade fairs and exhibitions organized by ROMEXPO S.A. and EUROEXPO FAIRS SRL
• Providing relevant information about events, exhibitions and related services
• Sending commercial communications, newsletters and event invitations
• Contacting users by phone and/or SMS for information and marketing purposes
• Analyzing the effectiveness of marketing campaigns and promotional channels
• Creating statistical reports and internal analyses
• Profiling users to adapt content and offers to declared or inferred interests
• Ensuring compliance with applicable legal obligations

The Platform may process the following categories of data:

Data processing is carried out based on the following legal grounds:

The Platform uses profiling mechanisms, consisting of analyzing the interests declared by the user (trade fairs, areas of interest, types of events), as well as their interactions with forms and transmitted communications.

The purpose of profiling is:

• Sending relevant offers, invitations and information
• Avoiding irrelevant communications
• Optimizing content and marketing campaigns

Data may be accessed by:

• Authorized ROMEXPO S.A. and EUROEXPO FAIRS SRL personnel
• Service providers involved in Platform operation (IT, hosting, maintenance)
• Contractual partners involved in organizing trade fairs, exclusively for declared purposes
• Public authorities, when there is a legal obligation

When using marketing or analysis tools that involve transfers outside the European Union, ROMEXPO S.A. and EUROEXPO FAIRS SRL ensures that appropriate safeguards are applied, in accordance with GDPR legislation.

Data is stored for the period necessary to fulfill the purposes for which it was collected or until the user withdraws consent, but not longer than necessary according to legal obligations and internal policies.

We delete or anonymize your personal data as soon as it is no longer necessary for the purposes mentioned in this policy.

Users have the following rights:

• Right of access – you can request information about the personal data we hold about you
• Right to rectification – you can request correction of inaccurate data
• Right to erasure – you can request deletion of data ("right to be forgotten")
• Right to restriction – you can request limitation of data processing
• Right to object – you can object to data processing in certain circumstances
• Right to portability – you can request transfer of data to another controller
• Right to withdraw consent – you can withdraw your consent at any time
• Right to lodge a complaint – you can file a complaint with the National Authority for the Supervision of Personal Data Processing

ROMEXPO S.A. and EUROEXPO FAIRS SRL applies appropriate technical and organizational measures to protect data, including:

• Access control to data
• Secure storage
• Monitoring of Platform activities
• SSL encryption for data transmission

This policy may be updated periodically. The updated version will be published on the Platform and will take effect from the date of posting.