Skip to main content

PRIVACY POLICY

Privacy Policy

  1. What is the purpose of the disclosure?

In compliance with the provisions of the current legislation on the protection of personal data, i.e. EU Regulation 2016/679 (also known as “GDPR“) and, to the extent applicable, the complementary national legislation, we would like to inform you about the processing of your personal data by the Data Controller’s organization, which will be based on the principles of fairness, lawfulness and transparency, as well as the protection of your privacy and the protection of your rights. This notice is given for personal data provided by you, i.e. the data subject reading the notice.

  1. When do we collect your personal data?

This notice is given for personal data you provide by using the website.

  1. Who is the data controller? How to contact him/her?

The following are the details of the Owner and contact information: TRIUNE PROJECT S.r.l., located at Via Moriggia 8/B 20900 Monza MB, C.F: 11452660969 (the “Owner“), who can be contacted at the following email address: triuneprojectsrl@gmail.com.

  1. What categories of personal data do we process?

In order to offer you the services provided by the website we have to process some of your personal data mainly referring to the following categories:

  • common identifying data that you may provide us with such as: first name last name, address, e-mail phone etc, when filling out forms, for example;

  • Acquisition data: products and services purchased, contract data;

  • technical web identification data such as: IP address, MAC address, identification code of the device used to access the site etc.

  • data aimed at building a profile of your preferences, interests, habits, use of the site such as: browsing history, specific interests, purchases, geolocation etc , which you provide to us only with your consent.

  1. For what purposes are data processed? On what legal basis? And for how long are they kept

Below we tell you the purpose of the processing, the legal basis that legitimizes the processing, and the retention time of your personal data:

Purpose

Legal Basis

Conservation

  1. Contract management, the data you provide will be processed by the Controller to conclude a contract and fulfill contractual and pre-contractual obligations. Activities that fall under this purpose include all those necessary to provide you with the requested services and products, to make you use the website, to fulfill specific requests prior to the conclusion of the contract, to manage the contract, and to provide support and assistance.

Performance of pre-contractual or contractual obligations

Data will be retained for no longer than the period of the contractual relationship and the subsequent period of prescription of rights (10 years) in case of purchase of products or services

  1. Sending newsletters, only based on your specific request to subscribe, with the option to unsubscribe at any time.

Performance of contractual obligations

The data will be kept until you request to unsubscribe from the newsletter.

  1. Fulfillment of legal obligations, to meet any legal obligations that the Holder is required to comply with including the keeping of company accounts for both civil and tax purposes, as well as compliance with obligations directed at the preparation of financial statements and provisions issued by authorities empowered to do so by law.

Fulfilling a legal obligation

Data will be kept for the retention period required by tax and/or accounting regulations.

  1. Direct marketing, to carry out promotional activities, sending advertising material using traditional means (mail, telephone,etc.) and/or electronic tools (mail, social, sms, push notifications, online advertising, etc.). This processing will be carried out only with your specific and explicit consent, which will be requested at when the data is collected for this specific purpose. In the absence of your explicit consent, the processing for this purpose will not be carried out

Consent always revocable

Consent will be valid for two years after the last interaction (information request, purchase).

  1. Profiling, of your habits, of your behaviors in order to carry out profiled marketing activities, to provide you with products services responding to your needs and your real interests using traditional means (mail, telephone,etc.) and/or electronic tools (mail, social, sms, push notifications, online advertising, etc.) also through third parties such as social networks and platforms (remarketing and retargeting activities through which we will show on banners and posts our targeted advertisements). This processing will be carried out only with your specific and explicit consent, which will be requested at the time of data collection for this specific purpose. In the absence of your explicit consent, the processing for this purpose will not be carried out.

Consent always revocable

Consent will be valid for two years after the last interaction (information request, purchase).

  1. Is it mandatory to provide the data? What happens if you do not provide it?

The provision of your personal data for the purposes of (1) Contract Management and (2) Sending Newsletters is a requirement for the conclusion of the contract and the provision of the requested services. The provision for the purpose of (3) Compliance with legal obligations is mandatory to comply with the legislation. Failure to provide it for these purposes will result in the impossibility of concluding the contract or providing you with the services you requested; for the purposes of (4) Direct Marketing and (5) Profiling, the provision is optional and in case of failure to provide your personal data and your lack of consent will result in the impossibility of providing you with generalized promotional communications or information – for Marketing – or profiled and adapted to your real interests – for Profiling.

  1. Who can know your data? To whom do we communicate them?

Personal data related to these processing operations, for the above purposes, may be disclosed or made known:

  • to those within the Holder’s organization who need it because of their duties or hierarchical position. Such individuals are the persons authorized to process under the direct authority of the Controller;

  • to those persons to whom the provisions of the law give the right of access, or to whom the transfer of data is necessary for the fulfillments required by laws or regulations, by contract, such as, for example, banks, carriers, lawyers, auditors;

  • to third parties who carry out processing on behalf of the Data Controller, related to the processing and purposes described above. These subjects result authorized to process them as Data Processors according to the provisions of Article 28 of the GDPR.

  1. Is personal data transferred outside the European Union (EU)?

Some data collected may be transferred abroad to locations outside the European Union. However, such transfer will be carried out in compliance with the guarantees prescribed by the GDPR for this type of activity (Articles 45 to 49). Including: transfer to companies located in countries for which it is recognized that there are data protection guarantees comparable to those of the GDPR (White List countries); or to companies with which specific contractual data protection clauses approved by the Data Protection Authority or binding business rules approved by the Data Protection Authority have been signed, or the transfer is made under specific exemptions. For more information you can contact the Data Controller as indicated in the point below titled “What are your rights as a data subject“.

  1. What are your rights as a data subject?

The GDPR grants you the following rights in relation to your personal data, which you may exercise to the extent and in accordance with the provisions of the legislation:

    • Right of access to your personal data (Art. 15);

    • Right of rectification (Art. 16);

    • Right to erasure (right to be forgotten) (Article 17);

    • Right to limitation of processing (Art. 18);

    • Right to data portability (Art. 20);

    • Right to object (Art. 21); the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her based on legitimate interest, including profiling on the basis thereof. The Data Controller shall refrain from processing unless it can demonstrate the existence of compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of a legal claim;

    • Right to object to a decision based solely on automated processing (Art. 22);

    • Right to revoke, at any time, the consent given, without affecting the lawfulness of the processing based on the consent given before revocation.

You may exercise your rights by sending a written request addressed to the Data Controller at the postal address or by e-mail as indicated above. In addition, you have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it), if you believe that the processing of your data is contrary to the regulations in force (art 77) or to take legal action (art 79)

  1. How is personal data protected

Personal data will be processed both by electronic and non-electronic means, using technical and organizational security measures appropriate to the nature of the data to ensure their integrity and confidentiality and protect them against the risks of unlawful intrusion, loss, alteration, or disclosure to third parties not authorized to process them.

Edition of 10.01.2025