Trevi Spa Privacy Policy

For us, your privacy and the security of your personal data are very important, so we collect and manage your personal data with strict confidence and take specific measures to keep them safe.

Below you will find the main information on the treatment of your personal data in relation to your browsing on the site and the use of the services offered. For detailed information on how we handle your personal data, please read our entire Privacy Policy.

Data Controller

TREVI S.p.a. 
Strada Consolare Rimini-San Marino 62
47924 Rimini (RN) Italy

Email address of the owner: privacy@trevi.it

Email address of the Data Protection Officer (DPO): dpo@marcogentilini.com

Types of Data collected and Purpose

The Personal Data collected by this Website, directly or via the User, independently or through third parties, are:

Purposes and legal bases for processingthe data:   -       To fulfill a contractual and pre-contractual or post-contractual obligation (e.g. Guarantees) -       Legitimate Interest of the Owner (Customers) -       The user has given consent for one or more purposes -       Comply with legal obligations regarding administrative / accounting and tax provisions -       Defend yourself in Judgment   Other purposes: -       Meet the User's requests on products and services, -       Make orders and purchases online, -       Provide direct assistance or through authorized centers -       Send advertising, informative and newsletter material -       Contact the user directly by email, text message, telephone or by direct visit of our sales representatives. -       Analysis and statistics of data to better direct commercial communications, techniques and marketing based on specific interests or geographical location. -       We also process personal data to prevent and ascertain fraud and abuse in order to protect the safety of our customers, companies of the TREVI group and others. We could also use credit ratings to assess and manage credit risks. -       Interaction with data collection platforms and other third parties	Examples of data types that we can deal with:   Name, Surname, Mail, Company Name and Legal Form, City, REA, Bank Data, Shipping Data, VAT, Tax Code, Country, City, Address, ZIP Code, State / Region, Province, Phone, Mobile, Codes Promotional, Access Authentication Data, and other types of data
LOCALIZATION DATA Purposes and legal bases -       To fulfill a contractual and pre-contractual obligation -       Legitimate Interest of the Owner Other purposes: -       Request direct assistance or through authorized centers -       Address the user to Point of Sale or direct and indirect Commercial staff -       Invitations to events in the user's area -       Marketing and direct contact	The data relating to geolocation are used for the identification of the sales points and / or of the Commercial and / or Authorized Assistance Centers close to the user's location and also for the display and invitations to events related to the location of the site. 'user.
OBLIGATORY OF DATA PROVIDING	Some personal data are strictly necessary for the management of the order, others are used only for the purpose of obtaining anonymous statistical information on use and to check its correct functioning and are deleted immediately after processing. Others are necessary to fulfill the contractual obligations to provide the requested service.

 

 

 

Mode and place of processing of collected data

Method of treatment and communication

The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.

The processing can be carried out both by computer and / or telematic and analogical tools, with organizational methods and with logic strictly related to the purposes indicated.

In addition to the Data Controller, in certain cases, other subjects involved in the Data Controller's organization may have access to Data (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third parties technical service providers, mail carriers, hosting providers, IT companies, communication agencies, Authorized Technical Assistance Centers, Sales and Brokerage Agencies, Credit Insurance Companies, Insurance Companies, Financial Institutions, affiliated company of TREVIDEA Holder) also appointed, if necessary, Data Processors Holder.

In no case will the data held by the Data Controller be disseminated and / or disclosed to third parties not specified in this list for purposes of direct marketing, except with the explicit consent of the Data Subject.

The updated list of Data Managers can always be requested directly from the Data Controller.

 

 

Place

The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For more information, contact the owner.

The User's Personal Data may be transferred to a country different than that in which the User is located such as our Foreign Dealers. To obtain further information on the processing site, the User can refer to the section concerning the processing of Personal Data.

In the case of superior protection, the User is entitled to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization of public international law or consisting of two or more countries, such as the ONU, as well as about the security measures taken by the owner to protect the data.

If one of the transfers described above takes place, the User can refer to the respective sections of this document or request information from the Data Controller by contacting him at the opening dates.

Data retention

The Data are processed and stored for the time required by the purposes for which they were collected.

Therefore:

• Personal Data collected for purposes related to the execution of a contract or pre-contract between the Owner and the User / Customer / Supplier will be retained until the execution of the contract is completed, to comply with administrative and accounting practices and tax and for the terms established by law.

• Personal Data collected for purposes related to the legitimate Interest of the Data Controller will be retained until such interest is met. The User can obtain further information regarding the legitimate interest pursued by the Owner in the relevant sections of this document or by contacting the Data Controller.
• When the treatment is based on the consent of the User, the Data Controller may retain the Personal Data until such consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a period other than the revocation date in compliance with a legal obligation or by order of an authority.

At the end of the retention period the Personal Data will be deleted. Therefore, at the end of this term the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

Data transfer outside the EU

The Data Controller may transfer Personal Data collected within the EU to third countries (ie, all countries not belonging to the EU) only in accordance with a specific legal basis. Therefore, such data transfers are performed according to one of the legal bases described below. The User can request information from the Owner regarding the applicable legal basis applicable to each individual service.

Transfer of Data from the EU and / or Switzerland to the United States based on the Privacy Shield (this Website)

When this is the legal basis, the transfer of Personal Data from the EU or Switzerland to the United States is based on the EU - US or Switzerland - US Privacy Shield Agreement. In particular, Personal Data are transferred to subjects who have self-certified themselves in the framework of the Privacy Shield and therefore guarantee an adequate level of protection for the data transferred. The services involved in the transfer of data are listed in the respective sections of this document. Among them, those who adhere to the Privacy Shield can be identified by consulting the relative privacy policy or by checking the status of their registration on the official Privacy Shield list. The rights of Users under the Privacy Shield are described in an updated form on the website of the United States Department of Commerce. The transfer of Personal Data from the EU or Switzerland to the United States to subjects not (more) registered to the Privacy Shield is admissible only on another valid legal basis. Users can request information from the Owner regarding these legal bases.

Transfer of Data to countries that guarantee European standards (this Website)

When this is the legal basis, the transfer of Personal Data from the EU to third countries takes place according to an adequacy decision adopted by the European Commission. The European Commission adopts adequacy decisions with reference to individual third countries which it believes ensures a level of protection of Personal Data comparable to that provided for by the European legislation on the protection of Personal Data. The User can view the updated list of adequacy decisions on the website of the European Commission.

User Rights (Site User, Customer, Supplier)

Users may exercise certain rights with reference to the Data processed by the Data Controller.

In case of superior protection, the User can exercise all the rights listed below. In any other case, the User can contact the owner to find out what rights are applicable in his case and how to exercise them.

In particular, the User has the right to:

• withdraw consent at any time. The User can withdraw consent to the processing of their Personal Data previously expressed.
• oppose the processing of your data. You may object to the processing of your data when it occurs on a legal basis other than consent. Further details on the right of opposition are indicated in the section below.
• access your data. The User has the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Data processed.
• verify and request correction. The User can verify the correctness of his Data and request its updating or correction.
• obtain treatment limitation. When certain conditions are met, the User may request the limitation of the processing of their Data. In this case, the Data Controller will not process the Data for any other purpose other than their conservation.
• obtain the cancellation or removal of their Personal Data. When certain conditions are met, the User can request the cancellation of their Data by the Owner.
• receive your data or have it transferred to another holder. The User has the right to receive his data in a structured format, commonly used and readable by automatic device and, where technically feasible, to obtain the transfer without hindrance to another holder. This provision is applicable when the Data are processed with automated tools and the processing is based on the User's consent, on a contract of which the User is a party or on contractual measures connected to it.
• propose a complaint. The User can lodge a complaint with the competent personal data protection authority or act in court.

 

Details on the right of opposition

Users are reminded that, if their data are processed for direct marketing purposes, they can oppose the processing without providing any reasons. To find out if the Owner deals with data for direct marketing purposes, Users can refer to the respective sections of this document.

How to exercise the rights

To exercise the rights of the User, Users can direct a request to the contact details of the Owner indicated in this document. Requests are filed for free and processed by the Data Controller as soon as possible, in any case within one month of notification.

More information on treatment

Information not contained in this policy

Further information in relation to the processing of Personal Data may be requested at any time to the Data Controller using the contact details.

 

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users and, if possible, on the website www.trevi.it as well as, if technically and legally feasible, by sending a notification to Users through one of the contact details held by the Holder. Please therefore consult the page regularly

If the modifications concern treatments whose legal basis is consent, the Controller will collect the User's consent again, if necessary.

Definitions and legal references

Personal Data (or Data)

It constitutes personal data any information that, directly or indirectly, also in connection with any other information, including a personal identification number, makes a physical person identified or identifiable.

 

Use of Data

This information is collected automatically through this Website (also from third party applications integrated into this Website), including: IP addresses or domain names of the computers used by the User that connects to this Website, the addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used in forwarding the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (good order, error, etc. .) the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details relating to the itinerary followed within the Application, with particular reference to the sequence of the pages consulted, to the parameters relating to the operating system and the IT environment of the User.

Users

The individual who uses this Website or otherwise provides data to the Data Controller (e.g. Customer, Supplier or Partner), unless otherwise specified, coincides with the Data Subject.

The person concerned

The natural person to whom the Personal Data refers.

Data Processor (or Manager)

The natural person, legal person, public administration and any other entity that processes personal data on behalf of the Owner, as set out in this privacy policy.

Data Controller (or Holder)

The natural or legal person, public authority, service or other organization which, individually or together with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures related to the operation and use of this Website. The Data Controller, unless otherwise specified, is the owner of this Website.

 

This Website (or this Application)

The hardware or software tool through which the Personal Data of Users are collected and processed.

Service

The Service provided by this Website as defined in the relevant terms (if any) on this website / application.

European Union (or EU)

Unless otherwise specified, any reference to the European Union contained in this document shall be extended to all current member states of the European Union and the European Economic Area.

Cookie

Small amount of data stored in the User's device.

TREVI Group company

TREVIDEA - Str. Consolare Rimini San Marino, 62
47924 - Rimini ITALY P.Iva 03800950408 

Legal references

This privacy statement is drawn up on the basis of multiple legislative systems including the Regulation (EU) 2016/679, the Legislative Decree 196/2003 and the Legislative Decree 101/1018, with particular reference to art. 13 and 14 of Regulation (EU) 2016/679.

Unless otherwise specified, this privacy statement applies exclusively to this Website.

Last updated: May 2018