Data Protection Information Notice to Users



Triboo Digitale S.r.l., with registered office in Viale Sarca 336, Edificio 10, 25124 Milan, VAT no. / Tax Code and Milan Business Register Enrolment No. IT02387250307 (hereinafter also “Triboo”) and Vieffe S.r.l. with registered office in Milano, Via Fatebenefratelli, 15, tax code, VAT no. and Business Register enrolment no.10802410968 (hereinafter also the Partner and, together with Triboo the  “Data Controllers”), in their capacity as joint data controllers of the processing of the personal data of users, (hereinafter the “Users”) who browse and exploit the services available on the www.valentinaferragnistudio.com internet website (hereinafter the “Website” and the “Services”) hereby provide the Information Notice under art. 13 of Regulation (EU) 679/2016 of  27 April 2016 (hereinafter, “Regulation”, or also the Data Protection Law”).                                                  

This Website and Services are reserved to individuals who are eighteen years of age and over. The Data Controllers do not collect personal data relating to persons under 18 years of age. At the request of the Users, the Data Controllers shall promptly erase all personal data involuntarily collected and related to persons under 18 years of age. 

The Data Controllers are committed to ensuring the right to privacy and protection of personal data of its Users. For any further information related to this privacy notice, Users may contact the Data Controller at any time, using the following methods:

For Triboo:

  • By sending a registered letter with advice of receipt to the registered office of the Data Controller (viale Sarca 336, Edificio 16, 20126 Milan);
  • By sending an e-mail to the address triboospa@legalmail.it  
  • By sending a fax to no. 02/64741491

For the Partner:

  • By sending a registered letter with advice of receipt to the registered office of the Data Controller: Via Fatebenefratelli, 15 – 20121 - Milano
  • By sending an email to the address below:   privacy@vieffe.srl  

Users can also contact  

The Partner has not identified the Data Protection Officer (DPO), as it is not subject to the designation obligation provided for by art. 37 of the Regulation.

 

  1. PURPOSE OF THE PROCESSING 

The personal data of Users shall be processed lawfully by Triboo pursuant to art. 6 of the Regulation for the following processing purpose:


1. contractual obligations and provision of the Services: User’ data processed are:

  1. to allow browsing of the Website: IP address and log data.
  2. to allow registration to the Website and to implement the Conditions of Use of the Website: name, surname, email address, chosen nickname, age, gender, email address, domicile and residence/domicile county.
  3. to manage any requests received through customer service and/or the Website: name, surname, e-mail address, and other data that may be necessary depending on the circumstance (for example the no. order; address etc.).
  4. to allow the use of the Services, including by way of example the purchase of products, the shipment of the purchased products, manage any returns of the purchased products: name, surname, shipping address, email address, as well as any personal information of the User possibly and voluntarily communicated, for example in the case of a return.

Unless the User grants Triboo specific and optional consent to the processing of his/her data for further purposes, the User's personal data shall be used by Triboo for the sole purpose of ascertaining the identity of the User (also by validation of the email address), hence avoiding possible scams or abusive conduct, and for contacting the User for service reasons only (e.g. sending notifications concerning the Services). Notwithstanding the provisions elsewhere in this privacy notice, under no circumstances shall Triboo allow access to the personal data of the Users by other Users and/or third parties.

The legal basis on which the processing is based is the need to execute pre-contractual and contractual obligations to which the User is a party. The provision of personal data for the processing purposes indicated above is optional, but necessary, since failure to provide them will make it impossible for the User to use the Services and purchase the Products on the Website or receive after-sales assistance.

  • administrative-accounting purposes, or to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisational activities and functional activities required to fulfil contractual and pre-contractual obligations.

The legal basis on which the processing is based is the need to execute pre-contractual and contractual obligations to which the User is a party, in addition to the need to fulfil legal obligations. The provision of personal data for the processing purposes indicated above is mandatory to finalize orders and to follow up on legal obligations.

  • legal obligations, i.e. to comply with obligations imposed by a law, authority, regulation or Community legislation.

The legal basis on which the processing is based is the need to fulfil legal obligations. The provision of personal data for the processing purposes indicated above is mandatory.

The provision of personal data for the purposes of processing indicated above is optional but the failure to provide them will make it impossible for the User to browse the Website, register with the Website and use its Services.

 

  1. OTHER PURPOSES OF PROCESSING: NEWSLETTER

The User can subscribe to the Partner’s newsletter using the appropriate "Newsletter" form available on the Website by providing an e-mail address, to receive communications of a commercial nature from the Partner, including, by way of example, information on products, events, promotions and / or for participation in customer satisfaction surveys / market research.

The legal basis for the processing is the explicit consent of the User to the processing of data for this purpose (sending newsletters). This consent is free and optional.

Failure to grant consent shall not in any way comprise the possibility to browse or to register with the Website.

In case of consent, the User may at any time withdraw the same, submitting a request to the Data Controller as indicated in paragraph 6 below.

 

The User can also easily object to receiving further newsletters by clicking on the appropriate “Unsubscribe” link for the withdrawal of consent, which is provided in each newsletter email. Once the consent has been revoked, the User will receive an e-mail message to confirm that the consent has been revoked.

The Data Controllers inform that, following the exercise of the right to object to the sending of newsletters, it is possible that, for technical and operational reasons (e.g., formation of the contact lists already completed shortly before the Data Controllers receive the request for opposition), the User continues to receive newsletter on the same day in which he exercised his right. Should the User continue to receive newsletters after 24 hours have elapsed from the exercise of the right of opposition, please report the problem to the Data Controllers, using the contacts indicated in paragraph 6 below.

 

  1. DATA PROCESSING PROCEDURES AND RETENTION TIMES 

The Joint Data Controllers shall process the personal data of Users using manual and electronic instruments, with logics which are strictly related to the aforementioned purposes, in a way which guarantees the security and confidentiality of such data. 

The personal data of the Users shall be retained for the time strictly necessary to carry out the primary purposes described in paragraph 1 above, or however as necessary for the protection in civil law of the interests of both the Users and the Data Controllers. 

The Data Controllers undertake to delete from their systems the data provided for subscription to the newsletter following the opposition to the processing for this purpose by the User.

In any case, each Data Controller undertakes to inspire the processing of data to the principles of adequacy and minimization, verifying annually the need for storage for a period of time not exceeding what is necessary to achieve the purposes for which the data were collected and treated.

The Data Controller may keep the data to fulfill regulatory obligations, or to ascertain, exercise or defend one's right in court.

Once the purposes for which the data were collected and processed have been reached, the Data Controller will take the appropriate measures to make them anonymous, so as to prevent your identification, remaining in any case the possibility of continuing to use the data anonymously.

 

  1. DISCLOSURE AND DISSEMINATION OF DATA

The personal data of the Users may be disclosed to the employees and / or collaborators of the Data Controllers in charge of managing the Website and all aspects of the delivery of Services. Such subjects, who have been duly informed by the Data Controllers under art. 29 of the Regulation, will process the User's data exclusively for the purposes indicated in this privacy notice and in compliance with the provisions of the Data Protection Law. 

The personal data of Users may also be disclosed to third parties who may process personal data on behalf of the Data Controllers as "External Data Processors", such as, for example, IT and logistic service providers functional to the operations of the Website and/or the Services, outsourcing or cloud computing service providers, professionals and consultants.

Users have the right to obtain a list of any data processors appointed respectively by each Data Controller, submitting a request to the relative Data Controller as indicated in paragraph 6 below.

Furthermore, the personal data of the Users may be disclosed by Triboo, to the extent where the same is necessary and essential in order to execute the contractual obligations, to third parties who are independent data controllers, such as providers of payment services and logistics services necessary for delivery of the goods sold through the Website. These autonomous Data Controllers shall process the User's data exclusively for the purpose of fulfilling the processing of the orders relating to the Services in a correct manner.

 

  1. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

The entire data processing takes place in Italy, in countries in the European Union, in Canada and, in some cases, in the United States.

Should there be a need to transfer data to Third Countries, each Data Controller undertakes to:

- make sure that the country to which the data will be sent guarantees as adequate level of   protection, as required by Article 45 of the GDPR; or

- use the standard contractual data protection clauses approved by the European Commission for   the transfer of personal information outside the EEA pursuant to article 46.2 of the GDPR.

 

  1. RIGHTS OF DATA SUBJECTS

Users may exercise their rights granted by the Applicable Regulations by contacting the Data Controllers in the following ways: 

  • By sending a registered letter with advice of receipt to the registered office of the Data Controllers

for Triboo: Viale Sarca 336 Edificio 16, 20126 Milan

for the Partner: Vieffe S.r.l., Via Fatebenefratelli,15 – 20121 - Milano

  • By sending an email to the address below

for Triboo: triboospa@legalmail.it

for the Partner: privacy@vieffe.srl

  • By sending a fax for Triboo to no.: 02/64741491

Data Controllers shall proceed to comply with the requests of Users relating to the processing of data. In particular, for requests relating to the data processing referred to in paragraph 1 User should contact Triboo, while for requests relating to the processing referred to in paragraph 2, User shall contact either Triboo or the Partner.

In accordance with the Data Protection Law, the Data Controller hereby declare that Users are entitled to obtain information (i) on the origin of the personal data; (ii) the purpose and processing methods; (iii) the logic used in the case where the data is processed using electronic equipment; (iv) the personal data of the Data Controller and data processors; (v) the persons in charge and the subjects or categories of subjects to whom the personal data may be disclosed or who may become aware of such data. 

Users are always entitled to request:


      1. access, updating, rectification or, where interested therein, integration of the data;

      1. erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;

      1. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.

      1. the right to withdraw consent at any time, if the processing is based on their consent;

      1. (where applicable) the right to data portability (right to receive all personal data concerning them in a structured format, commonly used and readable by automatic devices), the right to request restriction of processing of personal data and the right to be forgotten);

    1. the right to object: 
      • partially or completely, for legitimate reasons, to the processing of personal data, despite them being relevant to the purpose of the collection;
      • partially or completely oppose the processing of your personal data for the distribution of advertising materials or direct sales or for market research or business communication;
      • where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
    2. if they believe that the processing that concerns them violates the    Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Supervisor, with headquarters in Piazza di Monte Citorio no.121, 00186 - Rome (http:www.garanteprivacy.it/).

       

The Data Controllers are not responsible for updating all links that can be viewed in this Notice, therefore whenever a link is not functional and / or updated, Users acknowledge and accept that they must always refer to the document and / or section of the websites recalled by this link.



Current version updated: November 8, 2022