PRIVACY POLICY
Privacy Policy
-
What is the purpose of the disclosure?
In compliance with the provisions of the current legislation on the protection of personal data, i.e. EU Regulation 2016/679 (also known as “GDPR“) and, to the extent applicable, the complementary national legislation, we would like to inform you about the processing of your personal data by the Data Controller’s organization, which will be based on the principles of fairness, lawfulness and transparency, as well as the protection of your privacy and the protection of your rights. This notice is given for personal data provided by you, i.e. the data subject reading the notice.
-
When do we collect your personal data?
This notice is given for personal data you provide by using the website.
The following are the details of the Owner and contact information: TRIUNE PROJECT S.r.l., located at Via Moriggia 8/B 20900 Monza MB, C.F: 11452660969 (the “Owner“), who can be contacted at the following email address: triuneprojectsrl@gmail.com.
-
What categories of personal data do we process?
In order to offer you the services provided by the website we have to process some of your personal data mainly referring to the following categories:
-
common identifying data that you may provide us with such as: first name last name, address, e-mail phone etc, when filling out forms, for example;
-
Acquisition data: products and services purchased, contract data;
-
technical web identification data such as: IP address, MAC address, identification code of the device used to access the site etc.
-
data aimed at building a profile of your preferences, interests, habits, use of the site such as: browsing history, specific interests, purchases, geolocation etc , which you provide to us only with your consent.
-
For what purposes are data processed? On what legal basis? And for how long are they kept
Below we tell you the purpose of the processing, the legal basis that legitimizes the processing, and the retention time of your personal data:
Purpose |
Legal Basis |
Conservation |
|
Performance of pre-contractual or contractual obligations |
Data will be retained for no longer than the period of the contractual relationship and the subsequent period of prescription of rights (10 years) in case of purchase of products or services |
|
Performance of contractual obligations |
The data will be kept until you request to unsubscribe from the newsletter. |
|
Fulfilling a legal obligation |
Data will be kept for the retention period required by tax and/or accounting regulations. |
|
Consent always revocable |
Consent will be valid for two years after the last interaction (information request, purchase). |
|
Consent always revocable |
Consent will be valid for two years after the last interaction (information request, purchase). |
-
Is it mandatory to provide the data? What happens if you do not provide it?
The provision of your personal data for the purposes of (1) Contract Management and (2) Sending Newsletters is a requirement for the conclusion of the contract and the provision of the requested services. The provision for the purpose of (3) Compliance with legal obligations is mandatory to comply with the legislation. Failure to provide it for these purposes will result in the impossibility of concluding the contract or providing you with the services you requested; for the purposes of (4) Direct Marketing and (5) Profiling, the provision is optional and in case of failure to provide your personal data and your lack of consent will result in the impossibility of providing you with generalized promotional communications or information – for Marketing – or profiled and adapted to your real interests – for Profiling.
-
Who can know your data? To whom do we communicate them?
Personal data related to these processing operations, for the above purposes, may be disclosed or made known:
-
to those within the Holder’s organization who need it because of their duties or hierarchical position. Such individuals are the persons authorized to process under the direct authority of the Controller;
-
to those persons to whom the provisions of the law give the right of access, or to whom the transfer of data is necessary for the fulfillments required by laws or regulations, by contract, such as, for example, banks, carriers, lawyers, auditors;
-
to third parties who carry out processing on behalf of the Data Controller, related to the processing and purposes described above. These subjects result authorized to process them as Data Processors according to the provisions of Article 28 of the GDPR.
-
Is personal data transferred outside the European Union (EU)?
Some data collected may be transferred abroad to locations outside the European Union. However, such transfer will be carried out in compliance with the guarantees prescribed by the GDPR for this type of activity (Articles 45 to 49). Including: transfer to companies located in countries for which it is recognized that there are data protection guarantees comparable to those of the GDPR (White List countries); or to companies with which specific contractual data protection clauses approved by the Data Protection Authority or binding business rules approved by the Data Protection Authority have been signed, or the transfer is made under specific exemptions. For more information you can contact the Data Controller as indicated in the point below titled “What are your rights as a data subject“.
-
What are your rights as a data subject?
The GDPR grants you the following rights in relation to your personal data, which you may exercise to the extent and in accordance with the provisions of the legislation:
-
-
Right of access to your personal data (Art. 15);
-
Right of rectification (Art. 16);
-
Right to erasure (right to be forgotten) (Article 17);
-
Right to limitation of processing (Art. 18);
-
Right to data portability (Art. 20);
-
Right to object (Art. 21); the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her based on legitimate interest, including profiling on the basis thereof. The Data Controller shall refrain from processing unless it can demonstrate the existence of compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of a legal claim;
-
Right to object to a decision based solely on automated processing (Art. 22);
-
Right to revoke, at any time, the consent given, without affecting the lawfulness of the processing based on the consent given before revocation.
-
You may exercise your rights by sending a written request addressed to the Data Controller at the postal address or by e-mail as indicated above. In addition, you have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it), if you believe that the processing of your data is contrary to the regulations in force (art 77) or to take legal action (art 79)
-
How is personal data protected
Personal data will be processed both by electronic and non-electronic means, using technical and organizational security measures appropriate to the nature of the data to ensure their integrity and confidentiality and protect them against the risks of unlawful intrusion, loss, alteration, or disclosure to third parties not authorized to process them.
Edition of 10.01.2025