The provision of personal data for the purposes of processing indicated above is optional but necessary, as failure to provide them will make it impossible for the User to browse the Website, register with the Website and use its Services.
The personal data that are necessary to pursue the processing purposes described in paragraph 1 herein are indicated with an asterisk on the Website registration form.
2. Other purposes of processing: newsletter
With the free and optional consent of the User, certain personal data of the User (i.e. name, surname, address, email address, date and month of birth) may be processed by the Partner for the purpose of sending newsletters. Therefore, the User will receive a periodic newsletter from the Partner that will contain information in relation to news and promotions on the Website and / or initiatives organised by the Partner.
Failure to grant consent shall not in any way comprise the possibility to register with the Website.
In case of consent, the User may at any time withdraw the same, submitting a request to the Partner as indicated in paragraph 5 below.
The User can also easily object to receiving further promotional material by clicking on the withdrawal of consent link, which is provided in each email containing the newsletter. After withdrawing consent, the User shall receive an email from the Partner confirming the withdrawal of consent.
3. Data processing procedures and retention times
The Data Controllers shall process the personal data of Users using manual and electronic instruments, with logics which are strictly related to the aforementioned purposes, in a way which guarantees the security and confidentiality of such data.
The personal data of the Users shall be retained for the time strictly necessary to carry out the primary purposes described in paragraph 1 above, or however as necessary for the protection in civil law of the interests of both the Users and Triboo.
In the cases referred to in paragraph 2 above, the personal data of Users shall be retained for the time strictly necessary to carry out the purposes described therein and, in any case, for no more than twenty-four (24) months.
4. Disclosure and dissemination of data
The personal data of the Users may be disclosed to the employees and / or collaborators of the Data Controllers in charge of managing the Website and all aspects of the delivery of Services. Such subjects, who have been duly informed by the Data Controllers under art. 29 of the Regulation, will process the User's data exclusively for the purposes indicated in this privacy notice and in compliance with the provisions of the Data Protection Law.
The personal data of Users may also be disclosed to third parties who may process personal data on behalf of the Data Controllers as "External Data Processors", such as, for example, IT and logistic service providers functional to the operations of the Website and/or the Services, outsourcing or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any data processors appointed respectively by each Data Controller, submitting a request to the relative Data Controller as indicated in paragraph 5 below.
Furthermore, the personal data of the Users may be disclosed by Triboo, to the extent where the same is necessary and essential in order to execute the contractual obligations, to third parties who are independent data controllers, such as providers of payment services and logistics services necessary for delivery of the goods sold through the Website. These autonomous Data Controllers shall process the User's data exclusively for the purpose of fulfilling the processing of the orders relating to the Services in a correct manner.
5. Rights of Data Subjects
Users may exercise their rights granted by the Applicable Regulations by contacting the Data Controllers in the following ways:
By sending a registered letter with advice of receipt to the registered office of the Data Controllers
By sending an email to the address below
By sending a fax to no.
Triboo shall proceed to comply with the requests of Users relating to the processing referred to in paragraph 1, while the Partner shall proceed to comply with the requests of Users relating to the processing referred to in paragraph 2.
In accordance with the Data Protection Law, the Data Controller hereby declares that Users are entitled to obtain information (i) on the origin of the personal data; (ii) the purpose and processing methods; (iii) the logic used in the case where the data is processed using electronic equipment; (iv) the personal data of the Data Controller and data processors; (v) the persons in charge and the subjects or categories of subjects to whom the personal data may be disclosed or who may become aware of such data.
Users are always entitled to request:
a) access, updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
Furthermore, Users have:
a) the right to withdraw consent at any time, if the processing is based on their consent;
b) (where applicable) the right to data portability (right to receive all personal data concerning them in a structured format, commonly used and readable by automatic devices), the right to request restriction of processing of personal data and the right to be forgotten);
c) the right to object:
d) if they believe that the processing that concerns them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Supervisor, with headquarters in Piazza di Monte Citorio no.121, 00186 - Rome (http:www.garanteprivacy.it/).
The Data Controllers are not responsible for updating all the links that can be viewed in this Information Notice, therefore whenever a link is not functional and/or updated, Users hereby acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link.