PRIVACY NOTICE FOR USERS
Triboo Digitale S.r.l., with registered office at Viale Sarca 336, Building 16, 20126 Milan, VAT/Tax Code and registration number with the Milan Companies Register IT02387250307 (hereinafter “Triboo”), and Bburago Italia S.r.l., with registered office at Via Giovanni Battista Mauri 9, Monza, VAT/Tax Code and registration number with the Milan Monza Brianza Companies Register 13149880968 (hereinafter the “Partner”, and together with Triboo, the “Joint Controllers”), as joint controllers of the processing of personal data of users (hereinafter the “Users”) who browse and use the services available on the website www.burago.com (hereinafter the “Website” and the “Services”), provide the following privacy notice pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter the “Regulation” or the “Applicable Legislation”).
The Website and Services are reserved for individuals aged eighteen (18) years or over. The Controllers therefore do not knowingly collect data relating to persons under 18 years of age. Should any data concerning minors be inadvertently collected, the Controllers will promptly delete such data.
The Controllers place the highest importance on the right to privacy and the protection of Users’ personal data.
For any information regarding this privacy notice, Users may contact the Controllers at any time using the following details:
For Triboo:
By registered mail with return receipt to the registered office (Viale Sarca 336, Building 16, 20126 Milan)
By email to: privacy@triboo.it
For the Partner:
By registered mail with return receipt to the registered office (Via Giovanni Battista Mauri 9, Monza)
Users may also contact the Data Protection Officer (DPO) of Triboo at the following email address: lapo.curinigalletti@triboo.it.
The Partner has not appointed a Data Protection Officer (DPO), as it is not subject to the obligation under Article 37 of the Regulation.
1. PURPOSES OF PROCESSING
Users’ personal data will be lawfully processed by the Controllers pursuant to Article 6 of the Regulation for the following purposes:
a) Contractual obligations and provision of Services
To enable navigation on the Website and to perform the Terms of Use accepted by the User at registration and/or when using the Services, as well as to fulfil specific requests made by the User.
The data collected include: name, surname, email address, telephone number, and any personal information voluntarily provided by the User.
Unless the User gives the Controllers specific consent for additional purposes, the data will be used solely to verify the User’s identity (including email validation), prevent fraud or misuse, and contact the User for service-related reasons only (e.g. notifications about the Services). Under no circumstances will Triboo make Users’ personal data accessible to other Users or third parties.
b) Administrative and accounting purposes
To perform organisational, administrative, financial, and accounting activities, including those necessary to meet contractual and pre-contractual obligations.
c) Legal obligations
To comply with legal, regulatory, or European requirements and obligations.
Providing personal data for the above purposes is optional but necessary; failure to do so will make it impossible for the User to browse the Website or use the Services.
Data required for these purposes are marked with an asterisk (*) in the Website registration form.
2. ADDITIONAL PURPOSES: MARKETING
With the User’s free and explicit consent, certain personal data (such as name, surname, and email address) may also be processed by the Controllers for marketing purposes (sending advertising material, direct sales, and commercial communications).
The Partner may contact the User by post, email, telephone (landline or mobile, using automated or manual systems) and/or SMS/MMS to promote products or services offered by the Partner and/or third-party companies and to present offers, promotions, or commercial opportunities.
Failure to provide consent will not affect the User’s ability to register on the Website.
The User may withdraw consent at any time by contacting the Partner using the methods described in paragraph 7.
The User may also easily opt out of further promotional emails by clicking on the unsubscribe link included in each communication. After withdrawal, the Controllers will send a confirmation email.
If the User wishes to stop receiving promotional communications by telephone but continue receiving them by email (or vice versa), a specific request must be sent to the Controller using the contact details indicated in paragraph 7.
The Controllers inform Users that, for technical or operational reasons (e.g. contact lists already prepared prior to receipt of the objection), it is possible that the User may continue to receive a few promotional messages after exercising the right of objection. If promotional messages continue after 24 hours, Users should notify the Controllers.
3. ADDITIONAL PURPOSES: NEWSLETTER
With the User’s free and explicit consent, certain personal data (name, surname, address, email address) may also be processed by the Controllers for the purpose of sending a newsletter.
The User will therefore receive periodic newsletters containing information on news, promotions, and initiatives of the Partner available on the Website.
Failure to provide consent will not in any way prevent registration on the Website.
The User may withdraw consent at any time by contacting the Controllers as indicated in paragraph 7.
The User may also easily opt out of future communications by clicking on the unsubscribe link included in each newsletter. Upon withdrawal, the Controllers will send a confirmation email.
4. ADDITIONAL PURPOSES: PROFILING
With the User’s free and explicit consent, personal data (such as identification and contact data, and information relating to Services of interest) may be processed by the Controllers for profiling purposes, namely to analyse the User’s preferences, interests, and purchasing habits, to define a consumer profile, and to send commercial offers consistent with that profile.
Failure to provide consent will not affect the ability to register on the Website.
The User may withdraw consent at any time by contacting the Partner using the methods indicated in paragraph 7.
5. METHODS OF PROCESSING AND DATA RETENTION PERIOD
The Controllers will process Users’ personal data using manual and electronic means, applying logics strictly related to the stated purposes and ensuring the security and confidentiality of the data at all times.
Personal data will be stored for the time strictly necessary to fulfil the purposes described in paragraph 1, or, in any case, for the period necessary to protect the legitimate interests of Users and of Triboo.
For the purposes described in paragraphs 2, 3, and 4, Users’ personal data will be stored only for the time strictly necessary to achieve those purposes and, in any event, for no more than twenty-four (24) and twelve (12) months respectively.
6. COMMUNICATION AND DISCLOSURE OF DATA
Employees and/or collaborators of the Controllers authorised to manage the Website and Services may have access to Users’ personal data. These individuals, duly instructed pursuant to Article 29 of the Regulation, will process data solely for the purposes specified in this notice and in compliance with the Applicable Legislation.
Personal data may also be accessed by third parties processing data on behalf of the Controllers as external data processors, such as IT and logistics providers, outsourcing or cloud-computing service providers, consultants, and professionals.
Users have the right to obtain a list of the data processors appointed by each Controller by sending a request using the methods described in paragraph 7.
In addition, Triboo may disclose personal data, to the extent necessary for the performance of contractual obligations, to independent data controllers, such as payment service providers or logistics operators, solely for the proper execution of orders relating to the Services.
7. RIGHTS OF THE DATA SUBJECTS
Users may exercise their rights under the Applicable Legislation by contacting the Controllers as follows:
By registered mail with return receipt to the registered office of the Controllers:
For Triboo: Viale Sarca 336, Building 16, 20126 Milan, Italy
By email:
For Triboo: privacy@triboo.it
Pursuant to the Applicable Legislation, the Controllers inform Users that they have the right to obtain:
(i) the origin of the personal data;
(ii) the purposes and methods of processing;
(iii) the logic applied in case of automated processing;
(iv) the identification details of the Controllers and processors;
(v) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as processors or authorised persons.
Users also have the right to obtain:
a) access to, updating, rectification, or, where interested, integration of data;
b) erasure, anonymisation, or blocking of data processed unlawfully;
c) confirmation that the operations referred to in points a) and b) have been notified to those to whom the data were communicated, except where such compliance is impossible or involves a disproportionate effort.
Furthermore, Users have the right to:
withdraw consent at any time where processing is based on consent;
(where applicable) exercise the right to data portability, the right to restriction of processing, and the right to erasure (“right to be forgotten”);
object, in whole or in part:
i) on legitimate grounds, to the processing of personal data concerning them, even if relevant to the purpose of collection;
ii) to the processing of personal data for the purpose of sending advertising or direct sales material or for market research or commercial communication;
iii) at any time, to processing for direct marketing purposes, including profiling insofar as it relates to such marketing.
Should a User believe that the processing of their personal data infringes the Regulation, they have the right to lodge a complaint with a supervisory authority (in the Member State of their habitual residence, place of work, or place of the alleged infringement).
The competent supervisory authority in Italy is the Garante per la Protezione dei Dati Personali, Piazza Venezia 11 – 00187 Rome (www.garanteprivacy.it).
The Controllers are not responsible for updating the links contained in this notice. Whenever a link is inactive or outdated, Users acknowledge and accept that they must refer directly to the relevant document or section of the referenced websites.
Se ti iscrivi alla Newsletter, ricevi uno sconto del 10%. E se ti iscrivi al sito, hai un ulteriore sconto del 20%.* Approfittane subito!
*I due sconti non sono cumulabili, ma sono da utilizzare, tramite codice sconto, durante due acquisti separati
