This Privacy Policy is provided pursuant to art. 13 of European Regulation no. 679/2016 and applies exclusively to all data collected through the www.trigano.it website.

This Privacy Policy is subject to updates which will be published on the website.

Data Controller

The controller of the data collected from this website is Trigano S.p.A. with registered office in Cusona s.n.c. – San Gimignano (SI), Italy Tax Number IT01010530523, email: privacy@trigano.it

The Data Processing Officer is Giovanni Bicci, who can be contacted by writing to dpo@trigano.it

Personal data processing methods

The personal data supplied or acquired will be processed in accordance with the principles of correctness, lawfulness, transparency and protection of confidentiality pursuant to current law. The Data Controller shall process your personal data taking appropriate security measures to prevent unauthorised access, disclosure, modification or destruction.

Your personal data will be processed using electronic and/or computerised instruments, according to organisational procedures and logics that are strictly tied to the indicated purposes. The personal data collected by this website, either independently or through third parties, include: cookies, usage data, email and name, contact form. Further collected personal data may be indicated in other sections of this Privacy Policy or by means of information texts displayed when the data is collected. Your personal data may be entered voluntarily by yourself or collected automatically during your use of the website.

1) Communication and disclosure of data

In addition to the Data Controller, the following parties may have access to your data:

a) categories of specially trained people involved in the organisation of the website (administrative, commercial, marketing, legal, system administrators);

b) external parties (such as third-party technical service providers, hosting providers, IT companies, communication agencies) appointed as data processors by the Data Controller pursuant to Art. 28 GDPR. The updated list of data processors, if appointed, may be requested from the Data Controller;

c) public or private entities that may access your data in accordance with legal requirements;

d) people who perform ancillary and instrumental tasks with respect to the activities of the Data Controller;

e) external subjects, such as partners for organising activities and events promoted and/or sponsored by the Data Controller to whom the communication of the data is necessary for organisational reasons;

f) with your prior consent, the subjects indicated in paragraph 6(g) of this Privacy Policy.

2) Data provided voluntarily by you

The optional, explicit and voluntary submission of email using the contact form or by means of the addresses indicated on this website results in the subsequent acquisition of the sender’s address, required to respond to requests, as well as any other personal data contained in the communication. The consent to provide your data is necessary to be added into the Data Controller's database and for the purpose of establishing and properly performing the service offered to you, as well as to third parties for performing the single required activities. Failure to provide your consent will prevent registration in the Data Controller's database, completion of any contracts, execution of said contracts and any other activities. Therefore, your failure to provide certain personal data may prevent this website from providing its services. You are liable for the personal data of third parties published or shared through this website and you guarantee to have the right to communicate or disseminate them, whereby exonerating the Data Controller from any liability towards third parties. Specific summary statements will progressively be indicated or displayed on the specific pages of the website for particular services on request.

3) Site of processing

The data are processed at the operational headquarters of the Data Controller. For further information, you may contact the Data Controller

4) Data recipients and data transfer abroad

Your data may be processed by natural persons and/or legal entities operating on behalf of the Data Controller and by virtue of specific contractual obligations and having their registered office in EU or non-EU countries. Your data may be disclosed to third parties to comply with legal obligations, to comply with orders from public authorities or to exercise the Data Controller's right before the judicial authorities. Within the framework of contractual relations, the Data Controller may transfer your data to countries located outside the territory of the European Economic Area (EEA), also storing them in databases managed by parties operating on behalf of the Data Controller. Database management and data processing are related to the processing purposes and are performed in accordance with applicable data protection law. If your data are transferred outside the EEA, the Data Controller shall take all appropriate contractual measures to ensure adequate data protection, including, inter alia, agreements based on the standard contractual clauses adopted by the EU Commission to regulate the transfer of personal data outside the EEA.

5) Time of processing

As expressly provided for in Article 5(1)(e) of the GDPR, your data will be retained for the time necessary for processing in relation to the performance of the service required by the

you or required by the purposes described in this document.

More specifically:

- The data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied.

- The data collected on the basis of your consent may be retained until such consent is revoked.

- The data collected for fiscal/administrative obligations or for contractual obligations shall be kept for the time necessary to carry out the above purposes and in accordance with the law, and in any case for a period not exceeding that dictated by law;

The data may be retained by the Data Controller for a longer period in accordance with legal obligations or by order of an authority.

You can always ask for processing to be interrupted or for erasure of your data.

6) Purpose of the processing of the collected data

Your data are collected to enable the website to provide its services, as well as for the following purposes: To contact you, to manage addresses and to send emails, to interact with external platforms and for statistics. More specifically:

a) to comply with any type of obligation specified and expected by laws, regulations, norms in force and commercial practices, in particular on tax/fiscal subjects;

b) to respond your specific requests addressed to the Data Controller through the website and its communication tools (contact forms, information request forms and the like);

c) for communications of an informative nature relating to the services of the Data Controller, following the request for information via email or filling out the contact form and other communication tools;

d) for other purposes, ancillary or connected to those indicated above, and in any case falling within the scope of the activities of the website;

e) for sending promotional and commercial information and offers;

f) for profiling for marketing purposes;

g) to communicate the data to companies controlled directly or indirectly by the Data Controller and/or connected to the Data Controller who will process them to send commercial communications and advertising on their products and services or to carry out market research;

h) to analyse your behaviour, habits and propensity to consume in order to improve the products and services provided by the Data Controller and to meet your expectations;

The types of personal data used for each purpose are indicated in the specific sections of this document.

For the purposes referred to in paragraph (a), processing is necessary for performing of a contract to which the data subject is a party, for performing pre-contractual measures or for performing a legal obligation to which the Data Controller is subject.

Provision of data for the purposes specified in paragraphs b), c) and d) is optional, anyway failing to communicate them shall imply the impossibility to reply to your information request and to use the services offered by the Data Controller.

For the purposes referred to in paragraphs e), f), g), h), processing is based on your freely expressed consent.

7) Cookies

This website uses cookies. Cookies are small text files that can be used by websites to make your experience more efficient. We use cookies to personalise content and advertisements, provide social media features, and analyse traffic. In addition, information on the way in which you use the website is provided to the Data Controller's partners in charge of web data analysis, advertising and social media, who may combine it with other information that you provided to them or that they collected based on your use of their services. Cookie Policy

Details on personal data processing

Data are collected for the following purposes and using the following services:

1) Managing addresses and sending emails (this website)

These services are used to manage a database of email contacts, telephone contacts or any other type of contacts used to communicate with you.

These services may also allow us to collect data relating to the date and time you viewed messages, as well as your interaction with them, such as information on clicks on links placed in messages.

2) Contact form (this website)

By filling in the contact form with your data, you consent to their use to reply to requests for information or any other purpose indicated by the header of the form. Collected personal data: email, first and last name, phone number.

Adopted security measures

This website has an SSL certificate and uses the HTTPS protocol to secure the moment personal data is entered. By using this protocol, transactions and data transmission on the websites take place with the utmost security and the content of the communication cannot be read or manipulated in any way by third parties.

Statistics

Google Analytics (Google Ireland Limited)

Google Analytics is an analysis service provided by Google Ireland Limited. Google utilises the data collected to track and examine the use of this website, to prepare reports on its activities and share them with other Google services. Google may use your Personal Information to contextualise and customise the ads on its advertising network. Google may also send this information to third parties where required by law or in cases where the said third parties process the aforementioned information on behalf of Google. An IP address anonymisation function is active on this website. The IP address transmitted by your browser for the purposes of Google Analytics will not be incorporated into any other data already retained by Google.

You will find the tool made available by Google to deactivate the Google Analytics add-on on your browser at the following link https://tools.google.com/dlpage/gaoptotu?hl=en . Collected personal data: Cookies and usage data. Place of processing: Ireland – Privacy Policy

More information about processing

Defence in court

Your personal data may be used by the Data Controller for legal defence in judgement or in the preparatory phases of the judgement, in order to defence Data Controller’s rights in case of improper use of this website or to solve matters related to an improper use of services provided by the Data Controller. You declare to be aware that the Data Controller may be required to disclose the data at the request of the public authorities.

Specific information

At your request, in addition to the information contained in this Privacy Policy, this website may provide you with additional and contextual information regarding specific services, or the collection and processing of personal data.

System log and maintenance

For operation and maintenance purposes, this website may collect system logs, i.e. files that record interactions and may also contain personal data, such as your IP address.

Information not contained in this Privacy Policy

Further information regarding the processing of personal data may be requested at any time from the Data Controller using the contact information.

Nature of the data processed and consequences of a possible denial

Your provision of navigation-related data for the purposes mentioned above depends on the degree of privacy that you have enabled or disabled on your browser. In some cases, disabling may affect your browsing of this website. For some parts of this website, providing navigation data and/or using technical cookies is mandatory for the proper functioning of the website itself. The provision of some personal data in any case necessary for the structure of the website and its procedures. In particular, by way of example:

- for the sending of messages through the contact form, the minimum data required on the form itself, such as the first name/surname and/or the email address and/or other identification data of the sender, are in any case mandatory.

Otherwise, the procedure itself cannot be completed.

Any request for other optional data will be preceded by a special check for approval. The provision of all other data is optional, in accordance with the type of information that you wish to provide to the website.

How to exercise your rights

You are entitled exercise the rights provided for in Articles 7, 15-22 of European Reg. 679/2016.

In particular, you have the right to revoke your consent at any time and, upon simple request to the Data Controller, you may request access to your personal data, receive the personal data provided to the Data Controller and, where possible, transmit it to another Data Controller without hindrance ("portability"), obtain the updating, limitation of the processing, rectification of data and the erasure of data processed inconsistently with current legislation. You have the right, for legitimate reasons, to object to the processing of your personal data and to the processing for the purpose of sending advertising materials, direct selling and for carrying out market research. You also have the right to lodge a complaint with the Data Protection Authority as the supervisory authority for the protection of personal data. You may exercise your rights by contacting the Data Controller by email at the following address: privacy@trigano.it or dpo@trigano.it

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time informing users on this page. Please consult this page often, taking as reference the date of last modification indicated at the bottom. In the event of non-acceptance of the changes made to this Privacy Policy, you are required to cease using this website and may request the Data Controller to remove your personal data. Unless otherwise specified, the Privacy Policy will continue to apply to personal data collected up to that time.

The Data Controller is responsible for this Privacy Policy.

Privacy Policy updated in november 2022