Privacy policy

Data Protection Information Notice to Users 

Triboo Digitale S.r.l. with registered office in Viale Sarca 336, Edificio 10, 25124 Milan, VAT no. / Tax Code and Milan Business Register Enrolment No. IT02387250307 (hereinafter also “Triboo”) and Fenice S.r.l., with registered office in Via Turati 27 – 20121 Milano, VAT no./Tax Code 08042190960 and Milan Business Register Enrolment No. 08042190960 (hereinafter also the Partner and, together with Triboo the “Data Controllers”), in their capacity as autonomous Data Controllers of the processing of the personal data of users (hereinafter the “Users”) who browse and exploit the services available on the chiaraferragnibrand.com website (hereinafter the “Website” and the “Services”) hereby provide the Information Notice under art. 13 of Regulation (EU) 679/2016 of  27 April 2016 (hereinafter, “Regulation”, or also the Data Protection Law”).

This Website and Services are reserved to individuals who are eighteen years of age and over. The Data Controllers do not collect personal data relating to persons under 18 years of age. At the request of the Users, the Data Controllers shall promptly erase all personal data involuntarily collected and related to persons under 18 years of age.

The Data Controllers are committed to ensuring the right to privacy and protection of personal data of its Users. For any further information related to this privacy notice, Users may contact each Data Controller at any time, using the following methods:

For Triboo:

  • By sending a registered letter with advice of receipt to the registered office of the Data Controller (viale Sarca 336, Edificio 16, 20126 Milan);
  • By sending an e-mail to the address: triboospa@legalmail.it .

For the Partner:

  • By sending a registered letter with advice of receipt to the registered office of the Data Controller: Piazza Cavour, 3, 20121, Milano
  • By sending an email to the address below: privacy@tbscrew.com .

Users can also contact the Data Protection Officer (DPO) designated by Triboo, at the address provided below: lapo.curinigalletti@triboo.it.

 

The Partner has not identified the Data Protection Officer (DPO), as it is not subject to the designation obligation provided for by art. 37 of the Regulation.

  1. Purpose of the processing

1.1 The personal data of Users shall be processed lawfully by Triboo pursuant to art. 6 of the Regulation for the following processing purpose:

  1. contractual obligations and provision of the Services:

–           To allow the purchase of the digital content sold on the Site: the data processed are the name, surname, email address, as well as any personal information of the User possibly and voluntarily communicated;

The User’s personal data will be processed by Triboo for the exclusive purpose of ascertaining the User’s identity (also by validating the e-mail address), thus avoiding possible scams or abuses, and contacting the User for service reasons only (e.g. send notifications relating to the Services) and / or manage orders and requests as indicated above. Without prejudice to the provisions elsewhere in this privacy statement, in no case will Triboo make the personal data of Users accessible to other Users and / or third parties.

The legal basis on which the processing is based is the need to execute pre-contractual and contractual obligations to which the User is a party. The provision of personal data for the processing purposes indicated above is optional, but necessary, since failure to provide them will make it impossible for the User to use the Services and purchase the Products on the Website or receive after-sales assistance.

  1. administrative-accounting purposes, or to carry out organizational, administrative, financial and accounting activities, such as internal organizational activities and activities functional to the fulfilment of contractual and pre-contractual obligations, by way of example, issuing purchase receipts and / or invoices;

 

The legal basis on which the processing is based is the need to execute pre-contractual and contractual obligations to which the User is a party, in addition to the need to fulfil legal obligations. The provision of personal data for the processing purposes indicated above is mandatory to finalize orders and to follow up on legal obligations.

 

  1. legal purposes, or to fulfil obligations established by law, by an authority, by a regulation or by European legislation.

The legal basis on which the processing is based is the need to fulfil legal obligations. The provision of personal data for the processing purposes indicated above is mandatory.

1.2       Users’ personal data will be lawfully processed by the Partner pursuant to art. 6 of the Regulation for the following processing purposes:

 

  1. contractual obligations and provision of the Services:

 

  • to allow browse of the Website: the data processed are the IP address and log data;
  • to allow the user to register an account on the Website and to implement the Terms and Condition of the Website, which are accepted by the User during registration: the data processed are: name, surname and the province of residence / domicile, the email address.
  • To manage any requests received through customer service and / or the Website: the data processed are name, surname, e-mail address, and other data voluntary provided by the user or that may be necessary depending on the circumstance.

 

The legal basis on which the processing is based is the need to execute pre-contractual and contractual obligations to which the User is a party. The provision of personal data for the processing purposes indicated above is optional, but necessary, since failure to provide them will make it impossible for the User to browse the Website, register on the Website and use the Services.

 

  1. b) legal purposes, or to fulfil obligations established by law, by an authority, by a regulation or by European legislation.

 

The legal basis on which the processing is based is the need to fulfil legal obligations. The provision of personal data for the processing purposes indicated above is mandatory.

 

  1. Data processing procedures

Data Controllers shall process the personal data of Users using manual and electronic instruments, with logics strictly related to the aforementioned purposes, in a way which guarantees the security and confidentiality of such data.

  1. Data retention

Users’ personal data will be kept for the time strictly necessary to carry out the primary purposes illustrated in paragraph 1 above, or in any case according to the provisions of the law / or necessary for the legal protection of the interests of both Users and Data Controllers.

 

In particular, Triboo undertakes to delete the data provided from its systems:

 

  • for the execution of the sale and management of the Services, after 10 years from the date of the last purchase or from the last interaction with Triboo.

 

The Partner undertakes to delete from its systems:

  • the data provided for registration of an account on the Website after 10 years from the date of cancellation of the relevant registration on the Website;
  • the data provided in relation to requests sent through customer service or the Website after 10 years from the date of provision.

 

In any case, each Data Controller undertakes to inspire the processing of data to the principles of adequacy and minimization, verifying annually the need for storage for a period of time not exceeding what is necessary to achieve the purposes for which the data were collected and then processed.

Each Data Controller may keep the data to fulfil regulatory obligations, or to ascertain, exercise or defend a right in court.

Once the purposes for which the data were collected and processed have been reached, each Data Controller will take the appropriate measures to make them anonymous, so as to prevent your identification, without prejudice to the possibility of continuing to use the data anonymously.

 

  1. Disclosure and dissemination of data

 

The personal data of the Users may be disclosed to the employees and / or collaborators of the Data Controllers in charge of managing the Website and all aspects of the delivery of Services. Such subjects, who have been duly informed by the Data Controllers under art. 29 of the Regulation, will process the User’s data exclusively for the purposes indicated in this privacy notice and in compliance with the provisions of the Data Protection Law.

 

The personal data of Users may also be disclosed to third parties who may process personal data on behalf of the Data Controllers as “Data Processors”, such as, for example, IT and logistic service providers functional to the operations of the Website and/or the Services, outsourcing, hosting or cloud computing service providers, professionals and consultants of each Controller.

 

Users have the right to obtain a list of any data processors appointed respectively by each Data Controller, submitting a request to the relative Data Controller as indicated in paragraph 6 below.

 

Furthermore, the personal data of the Users may be disclosed by Triboo, to the extent where the same is necessary and essential in order to execute the contractual obligations, to third parties who are independent data controllers, such as providers of payment services and services necessary for supply of the products sold through the Website. These autonomous Data Controllers shall process the User’s data exclusively for the purpose of fulfilling the processing of the orders relating to the Services in a correct manner.

 

  1. Transfer of personal data to third countries

    The entire data processing takes place in Italy, in countries in the European Union, in Canada and, in some cases, in the United States.

 

Should there be a need to transfer data to Third Countries, each Data Controller undertakes to:

 

– Make sure that the country to which the data will be sent guarantees an adequate level of protection, as required by Article 45 of the GDPR; or

 

– Use the standard contractual data protection clauses approved by the European Commission for the transfer of personal information outside the EEA pursuant to article 46.2 of the GDPR.

 

  1. Rights of Data Subjects

    Users may exercise their rights granted by the Applicable Regulations by contacting the Data Controllers in the following ways:

  • By sending a registered letter with advice of receipt to the registered offices of the Data Controllers;
  • By sending an e-mail to the address:
    For the Partner: privacy@tbscrew.com

For Triboo: triboospa@legalmail.it

 

 

Triboo and Partner shall proceed to comply with the requests of Users relating to the processing of which each of them is Controller.

 

In accordance with the Data Protection Law, the Data Controller hereby declares that Users are entitled to obtain information (i) on the origin of the personal data; (ii) the purpose and processing methods; (iii) the logic used in the case where the data is processed using electronic equipment; (iv) the personal data of the Data Controller and data processors; (v) the persons in charge and the subjects or categories of subjects to whom the personal data may be disclosed or who may become aware of such data.

 

Users are always entitled to request:

  1. a) access, updating, rectification or, where interested therein, integration of the data;
  2. b) erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
  3. c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.

 

Furthermore, Users have:

  1. a) the right to withdraw consent at any time, if the processing is based on their consent;
  2. b) (where applicable) the right to data portability (right to receive all personal data concerning them in a structured format, commonly used and readable by automatic devices), the right to request restriction of processing of personal data and the right to be forgotten);
  3. c) the right to object:
  1. i) partially or completely, for legitimate reasons, to the processing of personal data, despite them being relevant to the purpose of the collection;
  2. ii) partially or completely oppose the processing of your personal data for the distribution of advertising materials or direct sales or for market research or business communication;

iii) where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

  1. d) if they believe that the processing that concerns them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Supervisor, with headquarters in Piazza di Monte Citorio no.121, 00186 – Rome (http:www.garanteprivacy.it/).

 

The Data Controllers are not responsible for updating all the links that can be viewed in this Information, therefore whenever a link is not functional and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link.

 

 

***

COOKIE POLICY

The Website uses cookies to improve your browsing experience. The Website uses a platform for managing user consent to the installation of cookies.

On the first visit to the Website, the user can interact with the Cookie Banner and alternatively:                       (i) accept all cookies by clicking on the “Accept All” button or (ii) not give any consent and continue maintaining the default settings, that exclusively provide for the use of technical cookies necessary for the functioning of the Website, by clicking on the “Deny All” button or (iii) select certain cookies only for some purposes and/or of some third party suppliers, interacting with the cookie banner.

At each subsequent visit to the Site, by clicking on the padlock-shaped button at the bottom of the Website’s homepage, the user can deny or change consent to the installation of unnecessary cookies.

The types of cookies that could be installed on the Website are listed below.

– Technical cookies

Technical (session or persistent cookies) are used, i.e. small text files containing a certain quantity of information exchanged between the Website and the terminal (or, better still, with the employed browser), which allow the correct operation and use thereof or a better Website experience. For example, they help us to locate the Store closest to you, learn and remember your preferences on the language of the Website. When you select a country and language in the splash page or via the IP geolocation, we save this information in the cookies for subsequent sessions. Cookies are also used to show/hide the newsletter subscription banner.

– Analytical Cookies

Certain analytical cookies, which are prepared and delivered by a third party, i.e. Google Analytics, are employed. This occurs for the purposes of a mere internal access statistics, in order to improve the Website and simplify its use, as well as to monitor its correct operation. In any case, the Data Controller adopted the most appropriate tools for reducing as much as possible the identification potential of this kind of cookies. Google Analytics publishes its cookie policy here: https://policies.google.com/technologies/cookies?hl=en-US.

– Profiling cookies

Third-Party profiling cookies are also used on the Website for user profiling. Upon accessing the Website, a banner will appear to inform the user of the use of third-party profiling cookies on the Website. The consent of the user is required for the use of profiling cookies. The user can authorize or deny consent to the installation of cookies through the options provided in the banner.  The consent thus expressed will be recorded by the Website in such a way that the banner does not appear in the event of subsequent visits to the Website by the user.

If the user gives its consent to profiling, profiling cookies will allow to create a user profile, based on the tastes and preferences expressed by the user while browsing the Internet, in order to be able to customize the content of advertisements on the Website, so that the user will view advertisements in line with the its profile while browsing the Website.

The user can uninstall the profiling cookies at any time, without compromising the user’s ability to browse the Website. If the user decides to disable behavioral advertising, it does not mean that the user will no longer display advertising on the Website. However, the advertising banners that the user will display on the Website may not reflect the user’s interests or preferences.

For more information on profiling cookies, the user can visit the privacy policy of our online advertising solution provider at the following link: www.digitalbloom.it/informativa-sui-cookie/.

– Third Party Cookies

Certain third parties may install cookies on your device. We do not have any control on the use of third-party cookies and, therefore, we have no responsibility for their use. Third parties hold their own privacy notices and the data collection procedures. The list of the third-party cookies installed on the Website is provided below:

Facebookhttps://it-it.facebook.com/policies/cookies/

Instagram https://help.instagram.com/1896641480634370?ref=ig

Twitterhttps://help.twitter.com/en/rules-and-policies/twitter-cookies

Pinterest: https://policy.pinterest.com/en/cookies

Youtube: https://policies.google.com/technologies/cookies

Flipboard: https://it-it.about.flipboard.com/privacy/

LiveRamp: https://liveramp.com/privacy/

DigitalBloom: https://www.digitalbloom.it/informativa-sui-cookie/

To withdraw the consent to these cookies, please refer to the following sites:
http://www.youronlinechoices.com/uk/your-ad-choices or
http://www.allaboutcookies.org/manage-cookies/index.html

– Options regarding the use of cookies

To withdraw the consent to these cookies, please refer to the following sites:
http://www.youronlinechoices.com/uk/your-ad-choices or
http://www.allaboutcookies.org/manage-cookies/index.html

The provision of any cookie can be in any case disabled by working on the settings of your browser. Please note, however, that working on these settings may make the Website impossible to use in the case where the cookies which are required for the provision of our services are blocked. In any way, each browser has different settings for disabling cookies. The links to the instructions for the most common browsers are here: Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, Opera.

Explorer: http://windows.microsoft.com/it-it/windows-vista/block-or-allow-cookies

Chrome: https://support.google.com/chrome/answer/95647?hl=it&p=cpn_cookies

Firefox: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie

Safari: https://support.apple.com/it-it/guide/safari/manage-cookies-and-website-data-sfri11471/

Opera: https://help.opera.com/en/latest/web-preferences/

Version of March 2022. The policies above may be updated by the Data Controller at any time.