INFORMATION ON THE PROCESSING OF PERSONAL DATA
Pursuant to and for the purposes of Regulation (EU) 2016/679 and of the national privacy legislation
When you browse our website or use our services, we collect your information and personal data.
This information is provided pursuant to and for the purposes of the national and European legislation regarding the protection of personal data (i.e., the Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016, concerning the protection of physical persons with regard to the processing of personal data, as well as the free circulation of such data, in addition to the legislation on the protection of personal data applicable in Italy pursuant to the Italian Legislative Decree 193/03 and subsequent amendments, as well as the provisions of the Guarantor).
The applicable legislation on personal data protection was drafted in compliance with the Recommendation No. 2/2001, adopted on 17 May 2001 by the Working Group for the Protection of Personal Data - Article 29 (now EDPB) in relation to the minimum requirements for online data collection in the European Union.
2. Data Controller
Trevi-Finanziaria Industriale S.p.A. with registered office in Cesena, Via Larga, 201 ("Company") – as Data Controller - collects and processes your personal data in compliance with the provisions set out by the current privacy legislation.
The Company is required to make some information available to you about the processing of the aforementioned data you voluntarily provided by filling in the forms on the website. The Controller is not responsible for untruthful data and information or data provided by third parties even unlawfully.
The Controller informs you that your data will be processed both with computerized and non-automated tools, as well as with the adoption of technical and organizational measures aimed at guaranteeing a level of security appropriate to the level of risk.
3. Data Protection Officer
Trevi Group has appointed lawyer Floriana Francesconi as Data Protection Officer (DPO), whose email address is: firstname.lastname@example.org
4. Purpose of the processing
Your personal data will be processed in full compliance with the obligations and principles established by the aforementioned legislation in order to:
For the purpose referred to in point 4. a):
This category of data includes the IP address and the domain name of your computer, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the file size obtained in response, the numeric code indicating the response status given by the server and other parameters related to its operating system.
For the purpose referred to in point 4. b):
Identification data: name, surname, country, city and e-mail address. These fields must be filled out to complete the form and be able to download the catalogues.
For the purpose referred to in point 4. c):
Identification data: name, surname, country and e-mail address: data required - with prior consent - to receive the newsletters.
For the purpose referred to in point 4. d):
Identification data: name, surname, phone number and e-mail address: data required - with prior consent - to send your request for listing of products.
For the purpose referred to in point 4. e):
Identification data: e-mail address: data required - with prior consent - to send your request for general information or assistance.
For the purposes referred to in points 4. f), g), h):
Identification data: name, surname, address and e-mail address.
Data voluntarily disclosed by you: in this regard, please do not disclose any particular data, as they are not necessary.
5. Legal basis of the processing
The provision of data for the purposes referred to in point 4. a), b), d), e) and f) is always optional, but failure to provide it results in the impossibility of being able to browse our websites. This is because the computer systems used to operate the Services acquire, during their normal operation, some of your personal data whose transmission is implicit in the use of Internet communication protocols. The legal basis of the processing for this purpose is Art. 6 paragraph 1, letters b) and c) of the Regulation, since the processing is necessary for the provision of services or the verification of the requests from the interested party, being the processing also required in order to fulfil a legal obligation by the Data Controller.
The provision of data for the purposes referred to in point 4. c) is optional and the legal basis is the consent alone. Without your express consent, the Controller and the companies of the Group will not be able to send you the newsletter of the Trevi Group Company.
The consent is always revocable.
The legal basis of the processing for the purposes referred to in point 4. d) is the legitimate interest of the Data Controller, such as, for example, protection against fraud or other behaviour in violation of the conditions of use of the service subscribed by the user, as well as to assert and defend a right in court.
6. Recipients and/or any categories of recipients of personal data
Personal data will be made available to individuals and/or persons expressly authorized by the Data Controller, even belonging to the Trevi Group - and designated for that purpose, respectively, the Data Processors and Data Processing Officers, who carry out all essential processing activities to accomplish the purposes indicated above; the categories of the persons in charge regard those who are responsible for the administration, communication, accounting, legal advice, technical maintenance of information systems and marketing, according to the specific request sent by the user through the Website.
An updated list of Data Processors is available at request, by sending an email to the Data Controller. Furthermore, data may also be accessible to the other Trevi Group companies for administrative and accounting purposes, pursuant to Art. 6.1.f) and in Recitals 47 and 48 of the Regulation.
Data can also be transmitted to public bodies or authorities in compliance with laws, regulation and community legislation.
The designated System Administrators process the user’s personal data pursuant to the Provision of the Guarantor for the Protection of Personal Data dated 27 November 2008 and subsequent amendments.
The Data Controller and the Trevi Group Companies will not disclose your personal data.
6.1 Period of retention of personal dataThe contact data for the purposes referred to in point 4. b) will be kept until receiving your explicit request for cancellation or revocation of the consent.
Your personal data will be stored by the Controller or by the companies of the Trevi Group or by the third parties designated as external data processors pursuant to Art. 28 of the Regulation 2016/679 (whose list is available at the company), in full compliance with the principles of necessity, minimization and conservation limitation, through the adoption of technical and organizational measures suitable for the risk level of the processing, for a period of time not exceeding 24 months and, in any case, for the time strictly necessary to fulfil legal obligations and for defensive purposes in the event of disputes.
6.2 Rights of the interested parties
You can exercise the following rights at any time:
- the right to obtain confirmation that personal data is being processed or not;
- the right to access personal data and the following relevant information (purpose of the processing of personal data, data categories and recipients, storage period, etc.…);
- the right to request the correction or limitation of the processing of one’s personal data;
- the right to obtain the cancellation of one’s personal data, if applicable;
- the right to lodge a complaint with a supervisory authority;
- the right to revoke consent.
To comply with legal obligations, we may be required to keep some personal data even after you have requested their cancellation.
For further information, please contact: email@example.com