Privacy Trevi
Contact     +39 0541.756420 | 0541.756430 Fax
/

Privacy Trevi

Trevi Spa Privacy Policy

Your privacy and the security of your personal data are very important to us, which is why we collect and manage your personal data with the utmost care and take specific measures to keep them safe.

This Privacy Policy describes how Trevi Spa manages the personal information collected through the sites on www.trevi.it and www.emgmobility.it, which refer to this Privacy Policy (hereinafter referred to as "the Websites").

Data Controller

TREVI S.p.a. 
Strada Consolare Rimini-San Marino 62
47924 Rimini (RN) Italy

Owner’s email address: privacy@trevi.it

Trevi has appointed a Data Protection Officer (DPO) based on Art. 37,38 and 39 of the GDPR whose contact references are:

Name and Surname of the Data Protection Officer (DPO):Marco Gentilini

Email address of the Data Protection Officer (DPO): dpo@marcogentilini.com

 

Types of Data collected and Purposes

The Personal Data collected by these Websites, directly provided by the User, either independently or through third parties, are:

1)     Data collected through the SECTIONS: "CONTACT US" - "RESERVED AREA for REGISTERED Users" "TECHNICAL SUPPORT" and "ASSISTANCE" - the NEWSLETTER REGISTRATION FORM and

through all the EMAIL BOXES indicated in the contact section:

 

Purposes and Legal Bases on the basis of which we process this data:   

 

-      To fulfill a contractual and / or pre-contractual obligation (e.g. offers, orders, after-sales assistance);

-       Legitimate Interest of the Owner;

-       The user has given consent for a specific sub-purpose;

-       Fulfill legal obligations (eg regarding administrative / accounting and tax provisions);

-       Defense in Judgment.

 Sub-purpose:

  1. a.       Satisfy the User's requests for products and services (pre-contractual obligation)
  2. b.       Make Orders and Purchases online (contractual and pre-contractual obligation);
  3. c.       Purposes connected and / or instrumental to the fulfillment of obligations deriving from administrative, accounting, civil and tax laws, as well as Community regulations and legislation (Legal Obligations);
  4. d.      Provide direct or indirect assistance through authorized centers and partners (contractual obligation);
  5. e.      is. Send newsletters, advertising and information material (Consent);
  6. f.       To send via email, on the basis of Recital 47 of the GDPR Regulation, regarding marketing communications on services or products similar to those covered by the contract concluded with the Data Controller, without prejudice to the possibility of opposing such processing at any time; (Legitimate Interest)
  7. g.       Contact the user directly via e-mail, text message, chat-online (e.g: Whatsapp / Telegram etc), telephone with operator, or through a direct visit of our sales representatives (Contractual / pre-contractual obligation);
  8. h.       Data analysis and statistics to evaluate the degree of satisfaction and interest in products, direct commercial, technical and marketing communications based on specific interests or geographical location (Legitimate Interest);
  9. i.       We also process personal data to prevent and detect fraud and abuse in order to protect the safety of our customers, the companies of the TREVI group and others. We may also use creditworthiness indices, provided by specialized external companies, to assess and manage credit risks and possible defense in judgment (Legitimate Interest).

Types of data that we can process by way of example:

 

Name, Surname, E-Mail, Company Name and Legal Form, City, REA, Bank Data, Shipping Data, VAT number, Tax Code, Country, City, Address, Postal Code, State / Region, Province, Telephone, Mobile, Promotional Codes, Authentication Data for accessing the reserved area as registered users, and other types of data.

Registered Users can always access their Reserved Area, modify and / or update the data they have entered, as well as unsubscribe at any time.

2)     DATA contained in the user's SOCIAL profiles

 

Purposes and Legal Bases

The legal basis for this purpose is the Consent expressed by clicking on the icons on these websites, relating to the specific Social service with which the user wishes to interact and for which he has already activated an account or wishes to activate it by adhering to the privacy policy of the social same.

This consent can also be collected directly from the User or through third parties.

Sub-purpose:

  1. a.      Collect the reviews and comments of registered users, fans who follow our social pages;
  2. b.      Advertising paid Social Advertising to promote products, initiatives, events and fairs;
  3. c.      Publish images and videos of events, parties and initiatives promoted by the company in which customers, guests, employees, collaborators and the company's sales network may be present;
  4. Send to fans / subscribers / followers of the social pages invitations to events or messages through the messaging tools made available by the social platform itself (e.g IMessage of Facebook) for which it has already given its consent in its social profile.

Types of data that we can process by way of example:

 

Data contained in the user's Social Profile and interaction data collected by the platform (eg Facebook / instagram pixel) based on the privacy settings of the user account on the social network itself.

If the User decides to share some content through one or more social networks (Facebook, Instagram, YouTube etc), the site may access some information of his account or profile if the User has activated the sharing of data of his account o profile with third-party applications through cookies (read specific informativa).

 
       
For review collection we rely on the service of Trustpilot which operates both as Data Controller for which we refer to the specific information and as Data Processor for which we refer to the specific agreement DPA.

3)     LOCATION DATA

Purposes and Legal Bases

       To fulfill a contractual and pre-contractual obligation;

-       Legitimate Interest of the Owner.

 Sub-purpose:

  1. a.      Provide assistance directly or through authorized centers for interventions under warranty (contractual obligation);
  2. b.      Direct the user to the Point of Sale or direct and indirect commercial personnel (Legitimate Interest);
  3. c.      Invitations to events in the user area (Legitimate Interest);
  4. Direct commercial contact from our sales network (Legitimate Interest)

Types of data that we can process by way of example:

 

These Websites may collect approximate location data (geographical area), if enabled by the user on their device, for the identification of the points of sale and / or of the competent Commercials and / or Authorized Service Centers close to the user's position. and as well as for viewing and invitations to events related to the user's localization area of the site.

4)     DATA COLLECTED FOR THE NAVIGATION OF THE SITES (Cookies)

Purposes and Legal Bases

The condition that makes the processing lawful is the consent expressed by the user by clicking on the cookie banner that appears when the site is accessed for the first time.

Sub-purpose:

  1. a.       Authenticate and access the Reserved Area;
  2. b.       Guarantee the normal navigation and use of the website;
  3. c.       Allow the user to browse according to a series of selected criteria (for example, the language) in order to improve the service provided to the user;
  4.  Collect information on the efficiency of the website's responses to user requests anonymously, for the sole purpose of improving the functionality of the site itself (for example, which pages are most frequently visited by the user, and if there have been errors or slowdowns in the delivery of web pages).

Types of data that we can process by way of example:

The user's browsing data such as IP address, browser data, device etc are collected through cookies for the entire duration of the browsing session on the Site. Once these terms have elapsed, personal data will be destroyed, deleted or made anonymous (where not already collected anonymously).

To see how cookies work go to the specific informativa

5)     STATISTICAL DATA collected by the sites in ANONYMOUS or AGGREGATE FORM

 

Purposes and Legal Bases

The condition that makes the processing lawful is the legitimate interest for statistical and marketing purpose

Sub-purpose:

The services listed in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior to improve the browsing experience and provide content and commercial information more suited to his interests.

Types of data that we can process by way of example:

Service used: Google Analytics is a web analysis service provided by Google Inc. ("Google"). The Data Controller uses, through Google Analytics, the Personal Data in anonymized form (anonymous IP) collected for the purpose of tracing and examining the use of these Websites, compiling reports and sharing them with other services developed by Google (e.g. advertising marketing).
Google may use the data collected to contextualize and personalize the advertisements of its own advertising network.

Personal Data collected: Cookies and browsing data in anonymous or aggregate form.

Place of processing: EU for those who surf within the EU – PRIVACY POLICY – OPT OUT.

6)     DATA CONTAINED in the CURRICULUM VITAE spontaneously sent by candidates through the email boxes indicated on these websites

Purposes and Legal Bases

The condition that makes the processing lawful is Legitimate Interest

Sub-purpose:

The processing of the particular categories of personal data contained in the CVs is carried out only if necessary (Article 9, paragraph 2 of EU Regulation 2016/679) and, for this reason, it is recommended not to enter sensitive data in the CV (e.g. health, ethnicity , religion etc):

a. For the evaluation of possible job positions;

The Data Controller and the Manager supervise to guarantee the interested parties that the data will be processed only for the stated purpose and only for the part strictly necessary for the processing. They also undertake, within the limits of reasonableness, to modify and correct all data that are in the meantime different from the originals, to keep them updated and to delete all data that exceed the declared treatment.

Types of data that we can process by way of example:

Name, Surname, E-Mail, City, Tax Code, Country, City, Address, Postal Code, State / Region, Province, Telephone, Mobile, Age, sex, photo, study path, work experience and other types of data.

7)     Protection from SPAM

Purposes and Legal Bases

The condition that makes the processing lawful is the legitimate interest

Types of data that we can process by way of example:

This type of service analyzes the traffic of these Websites, potentially containing Users' Personal Data, in order to filter it from parts of traffic, messages and contents recognized as SPAM.

COMPULSORY TO PROVIDE DATA 

Some personal data (technical cookies) are strictly necessary for the functioning of the Sites, others are used for the sole purpose of obtaining anonymous statistical information (statistical cookies) on the use of the Site and to check its correct functioning and are deleted immediately after processing.  Any refusal to authorize statistical cookies will not block the use of the site.

Still others are necessary to fulfill contractual or pre-contractual obligations to provide the requested service without which it will not be possible to provide the service itself.

  

 

Method and place of processing of the collected data

Methods of treatment and communication

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.

The treatment can be carried out both by means of IT and / or telematic and analog tools, with organizational methods and with logic strictly related to the purposes indicated.

It is important that the User takes adequate measures to prevent unauthorized access to the password and to his or her computers, devices and applications. Always make sure you are logged out when you finish using a computer shared with other users.

In addition to the Data Controller, in some cases, other parties involved in the organization of the Data Controller (administrative, commercial, marketing, legal, system administrators) authorized to process directly by the Data Controller under Art. 29 of the Gdpr and bound by confidentiality, or external subjects (such as third party technical service providers, couriers and carriers, postal services, hosting providers, IT companies, communication agencies, Authorized Technical Assistance Centers, Sales and Brokerage Agencies, insurance, insurance, financial, subsidiary company of the TREVIDEA Owner) identified and appointed as Data Processors by the Owner on the basis of Art. 28 of the Gdpr.

In no case will the data in the possession of the Data Controller be disseminated and / or communicated to third parties not specified in this information for marketing purposes without the explicit consent of the interested party.

The updated list of Managers can always be requested directly from the Data Controller at the references indicated in this statement.  

 

 

Source of data

The data was acquired by Trevi Spa as provided directly by the user on these websites or provided by the same directly in the past or as legitimately acquired by a third party to whom the user has previously given consent based on the purposes. for which it is required, or as extrapolated from lists, books or sources accessible to the public or from business cards collected by our sales network or at trade fairs and corporate events.

Place of data processing

The Data are mainly processed at the Data Controller's operating offices and in any other place where the parties involved in the processing are located. For more information, you can contact the owner.

Transfer of data outside the EU

Pursuant to the EU General Data Protection Regulation 2016/679 or GDPR, the transfer of the aforementioned data to a third country can, in principle, take place only if the third country in question guarantees such data an adequate level of protection. According to this regulation, the Commission can find that, thanks to its national legislation or international commitments, a third country ensures an adequate level of protection. In the absence of such an adequacy decision, such a transfer can only be made if the exporter of personal data, established in the Union, provides for adequate safeguards, which may result in particular from standard data protection clauses adopted by the EU Commission (Standard Contractual Clauses or SCC), and whether the data subjects have enforceable rights and effective remedies. Furthermore, the GDPR precisely establishes the conditions under which such a transfer can take place in the absence of an adequacy decision or adequate guarantees.

If it is necessary to transfer data to non-EU countries and, in the absence of the above-mentioned adequacy requirements or Standard Contractual Clauses, the only legal basis is consent.

 

Retention period

Data are processed and stored for the time required by the purposes for which they were collected.

Therefore:

  • The Personal Data collected for purposes related to the execution of a contract or pre-contract between the Owner and the User / Customer / Supplier will be retained until the execution of this contract is completed, to fulfill administrative and accounting practices and tax as well as for the terms established by law.
  • The Personal Data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until this interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Owner in the relevant sections of this document or by contacting the Owner.
  • The Personal Data processed on the basis of Legitimate Interest for marketing purposes (referred to in point 1.let f), are kept for a period equal to the duration of the provision of the requested service and a period of 36 months following the last contact to be considered, among others, participation in an event of the Company, the use of a product or service provided by the Company or the opening of a newsletter (jointly defined as the "Last Contact") or until the User requests the cancellation of your data or oppose the processing by contacting the Data Controller at one of the addresses indicated in this information;
  • Furthermore, the Data Controller may be obliged to keep the Personal Data for a longer period in compliance with a legal obligation or by order of an authority, as if the processing is carried out for administrative / accounting obligations (10 years) or for use it for a defense in court.
  • When the processing is based on the User's consent, the Data Controller may keep the Personal Data until such consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a period beyond the revocation date in compliance with a legal obligation or by order of an authority;

At the end of the retention period and once the purpose for which they were collected has been exhausted, the Personal Data will be deleted unless they need to be further stored by order of Public Authorities or for other regulatory obligations. Therefore, at the end of this term the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

 

User rights

Users can exercise certain rights with reference to the Data processed by the Data Controller.

In case of higher protection, the User can exercise all the rights listed below. In any other case, the User can contact the owner to find out which rights are applicable in his case and how to exercise them.

In particular, the User has the right to:

  • withdraw consent at any time. The User can withdraw the consent to the processing of their Personal Data previously expressed.
  • oppose the processing of their data. The user can oppose the processing of their data when it occurs on a legal basis other than consent. Further details on the right to object are indicated in the section below.
  • access their data. The user has the right to obtain information on the data processed by the owner, on certain aspects of the processing and to receive a copy of the data processed.
  • verify and ask for rectification. The User can verify the correctness of their Data and request its updating or correction.
  • obtain the limitation of the processing. When certain conditions are met, the User can request the limitation of the processing of their Data. In this case, the Data Controller will not process the Data for any other purpose than their conservation.
  • obtain the cancellation or removal of their Personal Data. When certain conditions are met, the User can request the cancellation of their Data by the Owner.
  • receive their data or have them transferred to another owner. The User has the right to receive his / her Data in a structured format, commonly used and readable by an automatic device and, where technically feasible, to obtain its unhindered transfer to another owner. This provision is applicable when the Data is processed with automated tools and the processing is based on the User's consent, on a contract to which the User is a party or on contractual measures connected to it.
  • propose a complaint. The User can lodge a complaint with the competent personal data protection supervisory authority through the website of the Garante della Privacy or take legal.

                                                       

Details on the right to object

Users are reminded that, if their data are processed for direct marketing purposes, they can oppose the processing without providing any reasons. To find out if the Data Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document.

Third party links

The Websites may connect to third-party sites not directly controlled by the Owner (e.g. the brand sites present on the Home Page or links on the various pages) and which do not operate according to our privacy practices. When connecting to third party sites, Trevi's privacy practices no longer apply. You are encouraged to review the privacy policy of each third-party site before disclosing personally identifiable information.

How to exercise your rights

To exercise the User's rights, Users can direct a request to the contact details of the Owner indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month of notification.

Cookie Policy

This website uses cookies. To learn more and to read the detailed information, the User can consult the specification COOKIE POLICY

Further information on the treatment

Defense in court

The User's Personal Data may be used by the Owner in court or in the preparatory stages for its eventual establishment for the defense against abuse in the use of these Websites or related Services by the User.
The User declares to be aware that the Owner may be obliged to disclose the Data by order of the public authorities.

Information not contained in this policy

Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

Response to requests "Do Not Track”

This Website does not support "Do Not Track" requests or those that require the suspension of data collection to a user browsing the site.
To find out if any third-party services used support them, the User is invited to consult the respective privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page and, if possible, on this Website as well as, if technically and legally feasible, by sending a notification to Users through one of the contact details held by the Data Controller. Therefore, please consult this page regularly, referring to the date of the last modification indicated at the bottom.

If the changes affect treatments whose legal basis is consent, the Data Controller will collect the User's consent again, if necessary.

Definitions and legal references

Personal Data (or Data)

Any information that, directly or indirectly, also in connection with any other information including a personal identification number, makes a natural person identified or identifiable constitutes personal data.

Usage Data

This is the information collected automatically through this Website (including from third-party applications integrated into this Website), including: the IP addresses or domain names of the computers used by the User who connects with this Website, the addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc. .) the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details of the itinerary followed within the Application, with particular reference to the sequence of the pages consulted, to the parameters relating to the operating system and the IT environment of the User.

User

The individual who uses this Website or who otherwise provides data to the Data Controller (e.g. Customer, Supplier or Partner), unless otherwise specified, coincides with the Data Subject.

Data subject

The natural person to whom the Personal Data refers.

Data Processor (or Manager)

The natural person, legal person, public administration and any other body that processes personal data on behalf of the Data Controller, as set out in this privacy policy.

Data Controller (or Owner)

The natural or legal person, public authority, service or other organization which, individually or together with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures relating to the operation and use of this Website. The Data Controller, unless otherwise specified, is the owner of this Website.

These Websites

The hardware and / or software tools through which the Personal Data of Users are collected and processed.

Service

The Service provided through these Websites as defined in the relative terms (if available) on this site / application or directly by Trevi Spa.

European Union (or EU)

Unless otherwise specified, any reference to the European Union contained in this document is intended to be extended to all current member states of the European Union and the European Economic Area.

Cookie

Small portion of data stored in the User's device.

Company of TREVI Spa Group

TREVIDEA Srl- Str. Consolare Rimini San Marino, 62
47924 - Rimini ITALY P.Iva 03800950408 


Legal references

This privacy statement is drawn up on the basis of multiple legislative systems including Regulation (EU) 2016/679, Legislative Decree 196/2003 and Legislative Decree 101/2018, with particular reference to art. 13 and 14 of Regulation (EU) 2016/679.

Unless otherwise specified, this privacy policy applies exclusively to these Websites.

Last modified: December 2022

Partner:

TREVI S.p.a.
Strada Consolare Rimini-San Marino 62
47924 Rimini (RN) Italy

Tel. +39 0541.756420 | Fax 0541.756430

© 2017 Trevi S.p.a. | privacy policy | cookie policy (prefereces)  | terms and conditions
TREVI S.p.a.  p.iva IT01527080400 - Reg. Soc. Trib. Rimini N° 5673 - Soc.cap. 2.500.000 i.v.