Triboo Digitale S.r.l. with registered office in Viale Sarca 336, Edificio 16, 20126 Milan, VAT no./Tax Code and listing number with the Milan Companies Register IT02387250307 (hereinafter also “Triboo”) and GGR Srl single-member private limited liability company, with registered office in Via dell’Indipendenza n. 15, 47030 San Mauro Pascoli (FC) VAT no. and listings number with the Companies Register of Forlì-Cesena IT03591680404 (hereinafter also the “Partner” and jointly with Triboo, the “Data Controllers”), as co-data controllers of the personal data of users (hereinafter the “Users”) who browse and use the services available on the website www.gianvitorossi.com (hereinafter the “Website” and the “Services”) provide below the privacy policy pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, “GDPR”, “Regulations”, or also the “Applicable Regulations”).
The Partner is the sole data controller of your personal data in order to process them to provide the after care service and, upon your consent, for marketing purposes, even in profiled mode, as described below.
This Website and the Services are reserved for individuals who are at least eighteen years of age. The Data Controllers therefore do not collect personal data relating to persons under 18 years of age. Upon requests by Users, the Data Controllers will promptly delete all personal data involuntarily collected and related to subjects under 18 years of age.
The Data Controllers strictly adhere to the right to privacy and protection of the personal data of their Users. For any information relating to this privacy statement, Users may contact the Data Controllers at any time, using the following methods:
For Triboo:
For the Partner:
Users can also contact
1. Purpose of the treatment
Users' personal data will be processed lawfully by Triboo pursuant to art. 6 of the Regulations for the following processing purposes:
a) contractual obligations and provision of the Services, to allow navigation of the Website or to implement the Terms of Use of the Website, which are accepted by the User during registration on the Site and/or during use of the Services and to fulfil specific User requests. The User's data collected by Triboo for the afore-mentioned purposes include: the name, surname, province of residence/domicile, telephone number, email address, and any personal information of the User that may be voluntarily published. Unless the User provides Triboo with specific and optional consent to the processing of their data for further purposes, the User's personal data will be used by Triboo for the sole purpose of ascertaining the identity of the User (also through validation of the e-mail address), thus avoiding possible scams or abuses, and contacting the User only for reasons of service (e.g. to send notifications relating to the Services). Notwithstanding the provisions elsewhere in this privacy statement, under no circumstances will Triboo make the personal data of the Users accessible to other Users and/or to third parties.
b) administrative-accounting purposes, that is to perform activities of an organizational, administrative, financial and accounting nature, such as internal organizational activities and functional activities for the fulfilment of contractual and pre-contractual obligations;
c) legal obligations, that is to fulfil obligations imposed by law, by an authority, by a regulation or by European legislation.
The provision of personal data for the purposes of processing indicated above is optional but necessary, as failure to provide the same will make it impossible for the user to browse the Website, to register with Website or to use the Services.
The personal data that are necessary for the pursuit of the processing purposes described in this paragraph 1 are indicated with an asterisk in the Website registration form.
2. Further processing purposes: marketing (sending of advertising material, direct sales and commercial communication)
With the free and optional consent of the User, some personal data of the User (i.e. name, surname, email address, telephone number) may be processed by the Partner for marketing purposes by sending newsletter and other advertising material concerning invitations to direct sales and special events, promotions, presentation of new collections and other commercial communication, via post, e-mail, telephone, chat, social network and/or SMS and/or MMS, pursuant to art.6.1(a) of GDPR.
User consent is optional and he/she may at any time withdraw it, by submitting a request to the Partner, to its contacts indicated in paragraph 7 or by clicking on the unsubscribe link in the promotional communication for the withdrawal of consent, but this shall not affect the lawfulness of processing carried out by the Partner based on consent before its withdrawal.
3. Further processing purposes: profiling
With the free and optional consent of the User, his/her personal data (i.e. the name, surname, email address, telephone number) as well as the information related to the services to which the User has expressed his/her interest, his purchasing habits, footwear size and, if indicated, his country of origin, may be processed by the Partner also for profiled marketing purposes, by sending tailored communications concerning invitations to direct sales and special events, promotions, presentation of new collections and other commercial communication, via post, e-mail, telephone, chat, social network and/or SMS and/or MMS, pursuant to art.6.1(a) of GDPR.
User’s consent is optional and he/she may at any time withdrawn it, by submitting a request to the Partner, to its contacts indicated in paragraph 7 or by clicking on the unsubscribe link in the promotional communication for the withdrawal of consent, but this shall not affect the lawfulness of processing carried out by the Partner based on consent before its withdrawal.
4. After care service
The Partner will process the personal data entered by the User in the form available in the after care service web page, such as name, surname, e-mail, telephone, footwear and country, in order to provide such service to the User, pursuant to art.6.1(b) of GDPR.
For this purpose, the provision of data is necessary to fulfil the User’s request.
5. Processing methods and data retention times
The Data Controllers will process the personal data of the Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.
Users' personal data will be kept for the time strictly necessary to perform the primary purposes described in paragraph 1 above, or in any case as necessary for the protection in civil law of the interests of both Users and of Triboo.
In the cases referred to in paragraphs 2 and 3, Users’ personal data will be retained by the Partner for 7 (seven) years from the date on which such data have been collected and Users have given their consent.
With respect to the purpose indicated in paragraph 4, the retention period of User’s personal data is equal to the time necessary to process their request.
6. Scope of communication and dissemination of data
The personal data of Users may be disclosed to the employees and/or collaborators of the Data Controllers in charge of managing the Website and all the services related to the provision of the Services. These subjects, who have been instructed to do so by the Data Controllers pursuant to Article 29 of the Regulations, will process the Users' data exclusively for the purposes indicated in this statement and in compliance with the provisions of the Applicable Law.
Personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Data Controllers as "External Processors", such as, by way of example, suppliers of IT and logistics services functional to the operation of the Website. and/or Services, service providers of outsourcing or cloud computing, professionals and consultants
Users have the right to obtain a list of any data controllers appointed by each Data Controller respectively, making a request to the Data Controller to the contacts indicated in paragraph 7 below.
Furthermore, the personal data of Users may be disclosed by Triboo, to the extent that this is necessary and essential for the implementation of contractual obligations, to third parties who are independent data controllers, such as providers of the services payment and of logistics services necessary for delivery of goods sold through the Website. These autonomous controllers will process the User's data exclusively for the purpose of correct fulfilment of the orders relating to the Services.
7. Rights of Interested Parties
Users may exercise their rights granted by the Applicable Regulations by contacting the Data Controllers in the following ways:
By sending a registered letter with return receipt to the registered office of the owners
By sending an e-mail to the address
By sending a fax to number
By contacting DPO
Triboo will comply with the requests of Users relating to the processing referred to in paragraph 1, while the Partner will comply with the requests of Users relating to the processing referred to in paragraphs 2, 3 and 4.
Pursuant to the Applicable Regulations, the Data Controllers inform Users that they have the right to obtain an indication (i) of the origin of personal data; (ii) of the purposes and methods of the processing; (iii) of the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the Data Controllers and Data Processors; (v) of the subjects or categories of subjects to whom the personal data may be communicated or who may learn of it as data processors or officers.
Furthermore, Users have the right to obtain:
a) access to, updating, correction or, when relevant integration of the data;
b) the erasure, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data was collected or subsequently processed;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to its content, of those persons to whom the data has been communicated or disseminated, except in the case where such fulfilment proves impossible or involves the use of means manifestly disproportionate to the protected right.
Furthermore, Users have:
a) the right to withdraw consent at any time, if the processing is based on their consent;
b) (where applicable) the right to the portability of data (the right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device), the right to limit the processing of personal data and the right to its erasure ("right to be forgotten");
c) the right to oppose:
i) in whole or in part, to the processing of personal data concerning them, even if pertinent to the purpose of the collection;
ii) in whole or in part, to the processing of personal data concerning them for marketing purpose;
iii) if personal data is processed for profiled marketing purposes, at any time, to the processing of their data for these purpose.
d) if they believe that the processing that concerns them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred ). The Italian Supervisory Authority is the Italian data protection Authority, located in Piazza Venezia n. 11, 00187 - Rome (http://www.garanteprivacy.it/).
Version updated to 18/06/2020
PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO ART. 13 OF REGULATION (EU) 679/2016
Regulation (EU) 679/2016 (hereinafter, GDPR”), aims to ensure that the processing of personal data is carried out with respect for fundamental rights and freedoms, particularly with regard to confidentiality, personal identity and the right to personal data protection.
Under arts. 13 et seq. GDPR, and in relation to your personal data processed for marketing purposes, GGR S.r.l. Unipersonale hereby provides the following information.
The Data Controller is GGR. S.r.l. Unipersonale, with registered office in S. Mauro Pascoli (FC), Via dell’Indipendenza 15, Tax Code and VAT no. 03591680404, privacy@ggr-distribution.com (henceforth, for sake of brevity, “GGR" or “Data Controller" ). The Data Controller has also appointed, in accordance with the regulations in force, its own Data Protection Officer ("DPO"), who can be contacted at dpo@studiopaciecsrl.it, or by telephone at +39 0541 1795431.
2. CATEGORIES OF PROCESSED DATA
Personal data that shall be subject to processing include:
a) your identification and contact data, such as your name, surname, email address, telephone number, date of birth, place of origin;
b) The data relating to your preferences and purchasing habits (including the size of the footwear purchased), relative to the products offered by GGR;
(hereinafter, also collectively defined at the "Data").
3. PURPOSE AND LEGAL BASIS OF THE PROCESSING
4. NATURE OF THE PROCESSING
The provision of Data, as described in detail above, is optional and is subject to your explicit consent, that may also be withdraw at any time without affecting the lawfulness of the processing carried out before such withdrawal.
5. DATA PROCESSING PROCEDURES AND COMMUNICATION METHODS
The Data Controller undertakes to carry out the processing of the Data in accordance with the provisions set forth in the GDPR, as well as any national legislation in force regarding privacy, and also process such Data in a lawful and correct manner, collecting and recording the same for specific, explicit and legitimate purposes, taking care to check that the same are pertinent, complete and not excessive in relation to the purposes for which they were collected or subsequently processed.
Processing activities shall be carried out using manual and electronic systems, with logics strictly related to the aforementioned purposes and, in any case, only by subjects duly appointed as data processors or authorized person, appropriately trained and informed of the constraints imposed by law, as well as with the use of security measures to safeguard your confidentiality and to avoid the risks of loss or destruction, unauthorised access, unauthorised processing or processing which does not comply with the purposes referred to above. All security measures are constantly updated pursuant to all technological developments. Data shall not be disclosed, sold or assigned to any third-parties, except where required by the laws in force.
In any case, communication of Data within the limits strictly necessary for the purposes pursued, to employees, collaborators, professionals, companies eventually assigned to provide specific processing services and third party suppliers (who shall process your Data as data processors with which Data Controller has signed data processing agreement according to art. 28 GDPR) and other companies of GGR Group to which the Data Controller belongs to. These subjects, if operating in non-EU countries, provide their services on the basis of standard contractual clauses or on the basis of European Commission adequacy decisions. Your Data may also be disclosed to law enforcement authorities, judicial authorities, and those subjects to whom the law or EU Regulations grant the right to access your Data.
6. RIGHTS OF DATA SUBJECTS
Pursuant to art. 15 et seq. GDPR, each data subject is entitled, at any time and free of charge, to know whether his/her Data is being processed or not and the data retention period, to obtain a copy, the rectification, the integration, or the update and/or the erasureof them. The data subject has the right to obtain restriction of the processing of Data and to receive a copy in a commonly used electronic form.
To exercise these rights, the Data Subject can submit a written request to the DPO, at dpo@studiopaciecsrl.it, or to the Data Controller, using the address privacy@ggr-distribution.com, indicating as object "Privacy - data subject rights”.
If you believe your rights have been violated by the Data Controller and/or other third parties, you are entitled to lodge a complaint with the Italian Data Protection Authority and/or other competent supervisory authorities.
7. DATA RETENTION
The Data retention period for the purposes indicated above is 7 (seven) years from the date on which your Data was collected and you have given your consent. .