Triboo Digitale S.r.l. . with registered office in Viale Sarca 336, Edificio 10, 25124 Milan, VAT no. / Tax Code and Milan Business Register Enrolment No. IT02387250307 (hereinafter also “Triboo” and “Rodel SpA”) with registered office in Via Aldo Moro no. 10, 25124 Brescia, VWT no, 03084360175 / Tax Code and Brescia Business Register enrolment no. 01243080171 hereinafter also the Partner and, together with Triboo the “Data Controllers”), in their capacity as joint Data Controllers of the processing of the personal data of users, (hereinafter the “Users”) who browse and exploit the services available on the www.cinziarocca.com internet website (hereinafter the “Website” and the “Services”) hereby provide the Information Notice under art. 13 of Regulation (EU) 679/2016 of 27 April 2016 (hereinafter, “Regulation”, or also the Data Protection Law”).
This Website and Services are reserved to individuals who are eighteen years of age and over. The Data Controllers do not collect personal data relating to persons under 18 years of age. At the request of the Users, the Data Controllers shall promptly erase all personal data involuntarily collected and related to persons under 18 years of age.
The Data Controllers are committed to ensuring the right to privacy and protection of personal data of its Users. For any further information related to this privacy notice, Users may contact the Data Controller at any time, using the following methods:
For the Partner:
Users can also contact
1. Purpose of the Processing
The personal data of Users shall be processed lawfully by Triboo pursuant to art. 6 of the Regulation for the following processing purpose:
a) contractual obligations and provision of the Services, to allow browsing of the Website or to implement the Conditions of Use of the Website, which are duly accepted by the User during the Website registration process and/or during the use of the Services and to fulfil specific User requests. The User data collected by Triboo for the aforementioned purposes include: their name, surname, email address, tax code and any personal information of the User that may be voluntarily published. Unless the User grants Triboo specific and optional consent to the processing of his/her data for further purposes, the User's personal data shall be used by Triboo for the sole purpose of ascertaining the identity of the User (also by validation of the email address), hence avoiding possible scams or abusive conduct, and for contacting the User for service reasons only (e.g. sending notifications concerning the Services). Notwithstanding the provisions elsewhere in this privacy notice, under no circumstances shall Triboo allow access to the personal data of the Users by other Users and/or third parties.
b) administrative-accounting purposes, or to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisational activities and functional activities required to fulfil contractual and pre-contractual obligations;
c) legal obligations, i.e. to comply with obligations imposed by a law, authority, regulation or Community legislation;
The provision of personal data for the purposes of processing indicated above is optional but necessary, as failure to provide them will make it impossible for the User to browse the Website, register with the Website and use its Services.
The personal data that are necessary to pursue the processing purposes described in paragraph 1 herein are indicated with an asterisk on the Website registration form.
2. Other purposes of processing: newsletter
With the free and optional consent of the User, certain personal data of the User (i.e. name, surname, address, email address, date and month of birth) may be processed by the Partner for the purpose of sending newsletters. Therefore, the User will receive a periodic newsletter from the Partner that will contain information in relation to news and promotions on the Website and / or initiatives organised by the Partner.
Failure to grant consent shall not in any way comprise the possibility to register with the Website.
In case of consent, the User may at any time withdraw the same, submitting a request to the Partner as indicated in paragraph 5 below.
The User can also easily object to receiving further promotional material by clicking on the withdrawal of consent link, which is provided in each email containing the newsletter. After withdrawing consent, the User shall receive an email from the Partner confirming the withdrawal of consent.
3. Data processing procedures and retention times
The Data Controllers shall process the personal data of Users using manual and electronic instruments, with logics which are strictly related to the aforementioned purposes, in a way which guarantees the security and confidentiality of such data.
The personal data of the Users shall be retained for the time strictly necessary to carry out the primary purposes described in paragraph 1 above, or however as necessary for the protection in civil law of the interests of both the Users and Triboo.
In the cases referred to in paragraph 2 above, the personal data of Users shall be retained for the time strictly necessary to carry out the purposes described therein and, in any case, for no more than twenty-four (24) months.
4. Disclosure and dissemination of data
The personal data of the Users may be disclosed to the employees and / or collaborators of the Data Controllers in charge of managing the Website and all aspects of the delivery of Services. Such subjects, who have been duly informed by the Data Controllers under art. 29 of the Regulation, will process the User's data exclusively for the purposes indicated in this privacy notice and in compliance with the provisions of the Data Protection Law.
The personal data of Users may also be disclosed to third parties who may process personal data on behalf of the Data Controllers as "External Data Processors", such as, for example, IT and logistic service providers functional to the operations of the Website and/or the Services, outsourcing or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any data processors appointed respectively by each Data Controller, submitting a request to the relative Data Controller as indicated in paragraph 5 below.
Furthermore, the personal data of the Users may be disclosed by Triboo, to the extent where the same is necessary and essential in order to execute the contractual obligations, to third parties who are independent data controllers, such as providers of payment services and logistics services necessary for delivery of the goods sold through the Website. These autonomous Data Controllers shall process the User's data exclusively for the purpose of fulfilling the processing of the orders relating to the Services in a correct manner.
5. Rights of Data Subjects
Users may exercise their rights granted by the Applicable Regulations by contacting the Data Controllers in the following ways:
for Triboo: Viale Sarca 336 Edificio sedici 20126 Milan
for the Partner: Via Aldo Moro 10 – 25124 Brescia (BS)
for Triboo: firstname.lastname@example.org
for the Partner: email@example.com
for Triboo: 02647414 14
for the Partner: 0309718078
Triboo shall proceed to comply with the requests of Users relating to the processing referred to in paragraph 1, while the Partner shall proceed to comply with the requests of Users relating to the processing referred to in paragraph 2.
In accordance with the Data Protection Law, the Data Controller hereby declares that Users are entitled to obtain information (i) on the origin of the personal data; (ii) the purpose and processing methods; (iii) the logic used in the case where the data is processed using electronic equipment; (iv) the personal data of the Data Controller and data processors; (v) the persons in charge and the subjects or categories of subjects to whom the personal data may be disclosed or who may become aware of such data.
Users are always entitled to request:
a) access, updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
Furthermore, Users have:
a) the right to withdraw consent at any time, if the processing is based on their consent;
b) (where applicable) the right to data portability (right to receive all personal data concerning them in a structured format, commonly used and readable by automatic devices), the right to request restriction of processing of personal data and the right to be forgotten);
c) the right to object:
i) partially or completely, for legitimate reasons, to the processing of personal data, despite them being relevant to the purpose of the collection;
ii) partially or completely oppose the processing of your personal data for the distribution of advertising materials or direct sales or for market research or business communication;
iii) where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
d) if they believe that the processing that concerns them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Supervisor, with headquarters in Piazza di Monte Citorio no.121, 00186 - Rome (http:www.garanteprivacy.it/).
The Data Controllers are not responsible for updating all the links that can be viewed in this Information Notice, therefore whenever a link is not functional and/or updated, Users hereby acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link.
As required by the General Provisions of the Data Protection Supervisor called the “Fidelity card' and guarantees for consumers. The Data Protection Supervisor’s regulations for the loyalty programmes dated 24 February 2005.