Triboo S.p.A, with registered office in Viale Sarca 336 - Building 16, 20126 Milan (MI), Italy. VAT No., Tax Code and Milan Business Registry Number: IT02387250307 REA MI-1906661 (hereinafter, "Controller"), owner of this website (hereinafter, the "Website"), in its capacity as the Data Controller of the personal data of the users browsing the Website (hereinafter, "Users") provides below its privacy policy pursuant to Article 13 of the EU Regulation 2016/679 of 27 April 2016 (hereinafter, "Regulation", or "Applicable Legislation").

 

The Data Controller takes the right of its Users to privacy and the protection of their personal data into the utmost consideration.

For any information in relation to this privacy policy, Users may contact the Data Controller at any time, using the following methods:

You may also contact the Company's Data Protection Officer (DPO), whose contact details are given below: lapo.curinigalletti@triboo.it

 

 

The User may contact the Data Controller by using the relevant form, by browsing the Website, or by email.  In connection with these activities, the Data Controller collects Users’ personal data.

This Website and any services offered through the Website are reserved for persons aged 18 years or over. The Data Controller therefore does not collect any personal data on persons under the age of 18. At the request of Users, the Data Controller shall promptly delete all personal data involuntarily collected related to persons under the age of 18. 

In particular, Users' personal data shall be lawfully processed for the following purposes:

 

a. processing the User's request: user personal data are collected and processed by the Data Controller for the sole purpose of processing their request. The User data collected by the Data Controller for this purpose include the User's first name, surname, company, email address, telephone number and any further data that the User may have voluntarily communicated via the open fields of the form (“Message”) or via email. No other processing will be carried out by the Data Controller in relation to the Users' personal data. Notwithstanding any provisions elsewhere in this privacy policy, under no circumstances shall the Data Controller make the personal data of Users accessible to other Users and/or third parties.

 

b. administrative-accounting purposes, i.e. to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;

 

c. statutory obligations, i.e. to fulfil obligations laid down by law, an authority, a regulation or European legislation.

The provision of personal data for the above-mentioned processing purposes is optional but necessary, as failure to provide such data shall make it impossible for the User to make their request to the Data Controller.

 

Personal data that are necessary for the pursuit of the processing purposes described in this paragraph 3 are marked with an asterisk in the request form.

 

Processing of the User's request (as described in par. 3, lett. a)): the legal grounds are provided by Article 6, paragraph 1, lett. b) of the Regulation, as the processing is necessary for the performance of a contract and/or of pre-contractual measures taken at the User's request.

 

Administrative and accounting purposes (as described in par. 3 lett. b)): the legal grounds are provided by Article 6, paragraph 1, lett. b) of the Regulation, as the processing is necessary for the performance of a contract and/or of pre-contractual measures taken at the User's request.

 

Statutory obligations (as described in par. 3 lett. c)): the legal grounds are provided by Article 6, paragraph 1, lett. c) of the Regulation, as the processing is necessary to comply with a legal obligation to which the Data Controller is subject.

 

5. PROCESSING METHODS AND DATA RETENTION PERIODS  

The Data Controller shall process the Users' personal data by means of manual and computerised tools, by applying reasoning that is strictly related to said purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data.

The User personal data shall be kept for the time strictly necessary to fulfil the primary purposes (as described in paragraph 3 above), or in any case as necessary for the protection in civil law of the interests of both the Data Controller and Users.

 

6. SCOPE OF DATA DISCLOSURE AND DISSEMINATION 

User personal data may be transferred outside the European Union and, in this case, the Data Controller shall ensure that the transfer takes place in compliance with the applicable law and, in particular, with Articles 45 (Transfers on the basis of an adequacy decision) and 46 (Transfers subject to appropriate safeguards) of the Regulation.

 

 

User personal data may be disclosed to the employees and/or collaborators of the Data Controller tasked with managing the Website and User requests. These individuals, who have been instructed to do so by the Data Controller pursuant to Article 29 of the Regulation, shall process User data exclusively for the purposes indicated in this privacy policy and in compliance with the provisions of the applicable regulations. 

 

 

User personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller in their capacity as Data Processors pursuant to Article 28 of the Regulation, such as, by way of example, suppliers of IT and logistical services that are functional to the operation of the Data Controller's Website, suppliers of outsourced or cloud computing services, professionals and advisers. 

 

 

The User has the right to obtain a list of any data processors appointed by the Data Controller by submitting a request to the Data Controller in the manner detailed in paragraph 7 below. 

 

7. RIGHTS OF THE DATA SUBJECTS 

The User may exercise the rights guaranteed by the applicable regulation at any time by contacting the Data Controller in the following ways: 

 

You may also contact the Company's Data Protection Officer (DPO), whose contact details are given below: lapo.curinigalletti@triboo.it

 

 

Pursuant to the applicable regulation, the User has the right to obtain information concerning (i) the origin of their personal data; (ii) the purposes and methods of processing; (iii) the logic applied in the event of processing carried out with the aid of electronic means; (iv) the identification details of the Data Controller and the Data Processors; (v) the persons or categories of persons to whom their personal data may be disclosed or who may become aware of them in their capacity as Data Processors or persons in charge of processing. 

 

Furthermore, the User has the right to obtain:  

a) access, update, amendment or, where interested, integration of the data; 

 

b) deletion, transformation into anonymous form or restriction of the data processed in breach of the law, including data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed; 

 

c) proof that the operations listed under letters a) and b) were communicated, also with regards to the content thereof, to the subjects to which the data was communicated or disseminated, except where this would result impossible or implies a clearly excessive effort as compared to the protected right. 

 

 

As well as: 

 

a) the right to withdraw their consent at any time, if the processing is based on their consent; 

 

b) (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format); 

 

c) the right to object: 

 

i) in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if relevant to the purpose of collection; 

ii) in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communications; 

iii) if personal data are processed for direct marketing purposes, at any time, the processing of the data for that purpose, including profiling insofar as it is related to such direct marketing. 

 

d) if they consider that processing concerning them is in breach of the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State where they normally reside, in the Member State where they work or in the Member State where the alleged breach occurred). The Italian supervisory authority is the Garante per la protezione dei dati personali, with its head office at Piazza Venezia, 11, 00187 - Rome (RM), Italy (http://www.garanteprivacy.it/). 

 

 

_____________ 

 

 

The Data Controller is not responsible for the updating of all links displayed in this Privacy Policy, therefore whenever a link is not working and/or updated, the User acknowledges and agrees that they must always refer to the document and/or section of the websites referred to by that link.