Triboo Digitale S.r.l. with registered office in Viale Sarca 336, Edificio 16, 20126 Milan, VAT no./Tax Code and listing number with the Milan Companies Register IT02387250307 (hereinafter also “Triboo”) and GGR Srl single-member private limited liability company, with registered office in Via dell’Indipendenza n. 15, 47030 San Mauro Pascoli (FC) VAT no. and listings number with the Companies Register of Forlì-Cesena IT03591680404 (hereinafter also the “Partner” and jointly with Triboo, the “Data Controllers”), as co-data controllers of the personal data of users (hereinafter the “Users”) who browse and use the services available on the website www.gianvitorossi.com (hereinafter the “Website” and the “Services”) provide below the privacy policy pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, “GDPR”, “Regulations”, or also the “Applicable Regulations”).
The Partner is the sole data controller of your personal data in order to process them to provide the after care service and, upon your consent, for marketing purposes, even in profiled mode, as described below.
This Website and the Services are reserved for individuals who are at least eighteen years of age. The Data Controllers therefore do not collect personal data relating to persons under 18 years of age. Upon requests by Users, the Data Controllers will promptly delete all personal data involuntarily collected and related to subjects under 18 years of age.
The Data Controllers strictly adhere to the right to privacy and protection of the personal data of their Users. For any information relating to this privacy statement, Users may contact the Data Controllers at any time, using the following methods:
For Triboo:
For the Partner:
Users can also contact
1. Purpose of the treatment
Users' personal data will be processed lawfully by Triboo pursuant to art. 6 of the Regulations for the following processing purposes:
a) contractual obligations and provision of the Services, to allow navigation of the Website or to implement the Terms of Use of the Website, which are accepted by the User during registration on the Site and/or during use of the Services and to fulfil specific User requests. The User's data collected by Triboo for the afore-mentioned purposes include: the name, surname, province of residence/domicile, telephone number, email address, and any personal information of the User that may be voluntarily published. Unless the User provides Triboo with specific and optional consent to the processing of their data for further purposes, the User's personal data will be used by Triboo for the sole purpose of ascertaining the identity of the User (also through validation of the e-mail address), thus avoiding possible scams or abuses, and contacting the User only for reasons of service (e.g. to send notifications relating to the Services). Notwithstanding the provisions elsewhere in this privacy statement, under no circumstances will Triboo make the personal data of the Users accessible to other Users and/or to third parties.
b) administrative-accounting purposes, that is to perform activities of an organizational, administrative, financial and accounting nature, such as internal organizational activities and functional activities for the fulfilment of contractual and pre-contractual obligations;
c) legal obligations, that is to fulfil obligations imposed by law, by an authority, by a regulation or by European legislation.
The provision of personal data for the purposes of processing indicated above is optional but necessary, as failure to provide the same will make it impossible for the user to browse the Website, to register with Website or to use the Services.
The personal data that are necessary for the pursuit of the processing purposes described in this paragraph 1 are indicated with an asterisk in the Website registration form.
2. Further processing purposes: marketing (sending of advertising material, direct sales and commercial communication)
With the free and optional consent of the User, some personal data of the User (i.e. name, surname, email address, telephone number) may be processed by the Partner for marketing purposes by sending newsletter and other advertising material concerning invitations to direct sales and special events, promotions, presentation of new collections and other commercial communication, via post, e-mail, telephone, chat, social network and/or SMS and/or MMS, pursuant to art.6.1(a) of GDPR.
User consent is optional and he/she may at any time withdraw it, by submitting a request to the Partner, to its contacts indicated in paragraph 7 or by clicking on the unsubscribe link in the promotional communication for the withdrawal of consent, but this shall not affect the lawfulness of processing carried out by the Partner based on consent before its withdrawal.
3. Further processing purposes: profiling
With the free and optional consent of the User, his/her personal data (i.e. the name, surname, email address, telephone number) as well as the information related to the services to which the User has expressed his/her interest, his purchasing habits, footwear size and, if indicated, his country of origin, may be processed by the Partner also for profiled marketing purposes, by sending tailored communications concerning invitations to direct sales and special events, promotions, presentation of new collections and other commercial communication, via post, e-mail, telephone, chat, social network and/or SMS and/or MMS, pursuant to art.6.1(a) of GDPR.
User’s consent is optional and he/she may at any time withdrawn it, by submitting a request to the Partner, to its contacts indicated in paragraph 7 or by clicking on the unsubscribe link in the promotional communication for the withdrawal of consent, but this shall not affect the lawfulness of processing carried out by the Partner based on consent before its withdrawal.
4. After care service
The Partner will process the personal data entered by the User in the form available in the after care service web page, such as name, surname, e-mail, telephone, footwear and country, in order to provide such service to the User, pursuant to art.6.1(b) of GDPR.
For this purpose, the provision of data is necessary to fulfil the User’s request.
5. Processing methods and data retention times
The Data Controllers will process the personal data of the Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.
Users' personal data will be kept for the time strictly necessary to perform the primary purposes described in paragraph 1 above, or in any case as necessary for the protection in civil law of the interests of both Users and of Triboo.
In the cases referred to in paragraphs 2 and 3, Users’ personal data will be retained by the Partner for 7 (seven) years from the date on which such data have been collected and Users have given their consent.
With respect to the purpose indicated in paragraph 4, the retention period of User’s personal data is equal to the time necessary to process their request.
6. Scope of communication and dissemination of data
The personal data of Users may be disclosed to the employees and/or collaborators of the Data Controllers in charge of managing the Website and all the services related to the provision of the Services. These subjects, who have been instructed to do so by the Data Controllers pursuant to Article 29 of the Regulations, will process the Users' data exclusively for the purposes indicated in this statement and in compliance with the provisions of the Applicable Law.
Personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Data Controllers as "External Processors", such as, by way of example, suppliers of IT and logistics services functional to the operation of the Website. and/or Services, service providers of outsourcing or cloud computing, professionals and consultants
Users have the right to obtain a list of any data controllers appointed by each Data Controller respectively, making a request to the Data Controller to the contacts indicated in paragraph 7 below.
Furthermore, the personal data of Users may be disclosed by Triboo, to the extent that this is necessary and essential for the implementation of contractual obligations, to third parties who are independent data controllers, such as providers of the services payment and of logistics services necessary for delivery of goods sold through the Website. These autonomous controllers will process the User's data exclusively for the purpose of correct fulfilment of the orders relating to the Services.
7. Rights of Interested Parties
Users may exercise their rights granted by the Applicable Regulations by contacting the Data Controllers in the following ways:
By sending a registered letter with return receipt to the registered office of the owners
By sending an e-mail to the address
By sending a fax to number
By contacting DPO
Triboo will comply with the requests of Users relating to the processing referred to in paragraph 1, while the Partner will comply with the requests of Users relating to the processing referred to in paragraphs 2, 3 and 4.
Pursuant to the Applicable Regulations, the Data Controllers inform Users that they have the right to obtain an indication (i) of the origin of personal data; (ii) of the purposes and methods of the processing; (iii) of the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the Data Controllers and Data Processors; (v) of the subjects or categories of subjects to whom the personal data may be communicated or who may learn of it as data processors or officers.
Furthermore, Users have the right to obtain:
a) access to, updating, correction or, when relevant integration of the data;
b) the erasure, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data was collected or subsequently processed;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to its content, of those persons to whom the data has been communicated or disseminated, except in the case where such fulfilment proves impossible or involves the use of means manifestly disproportionate to the protected right.
Furthermore, Users have:
a) the right to withdraw consent at any time, if the processing is based on their consent;
b) (where applicable) the right to the portability of data (the right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device), the right to limit the processing of personal data and the right to its erasure ("right to be forgotten");
c) the right to oppose:
i) in whole or in part, to the processing of personal data concerning them, even if pertinent to the purpose of the collection;
ii) in whole or in part, to the processing of personal data concerning them for marketing purpose;
iii) if personal data is processed for profiled marketing purposes, at any time, to the processing of their data for these purpose.
d) if they believe that the processing that concerns them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred ). The Italian Supervisory Authority is the Italian data protection Authority, located in Piazza Venezia n. 11, 00187 - Rome (http://www.garanteprivacy.it/).
Version updated to 18/06/2020
PERSONAL DATA PROCESSING NOTICE
ART. 13 OF REGULATION (EU) 2016/679
Data subjects: Customers of points of sales
In compliance with Regulation (EU) 2016/679, hereinafter referred to as 'GDPR', 'GGR SRL UNIPERSONALE', as controller of your personal data, informs you herewith that such Regulation provides for protection of data subjects as to the processing of their personal data and that the relevant processing shall be carried out according to the principles of lawfulness, fairness, transparency and protection of your rights and confidentiality.
To achieve their purposes, the controller needs to collect some personal data, such as name and surname, fixed or mobile telephone number, and email address.
Your personal data shall be processed in compliance with the provisions of the above-mentioned Regulation and the confidentiality obligations provided for therein.
Optional purposes: subject to your freely given consent, the controller shall be allowed to process your personal data for purposes connected with market researches, statistics and promotional activities, including the shipment of advertising and promotional materials, by email, post and/or sms and/or phone, other than those necessary to ensure the execution of the contract. The legal basis for the above purposes shall be your consent.
Your personal data shall be processed in compliance with the provisions of the above-mentioned Regulation and the confidentiality obligations provided for therein as well as in compliance with the regulation "Guidelines on Marketing and against Spam - 4 July 2013" issued by the Italian Data Protection Supervisor (published on the Italian Official Gazette no. 174 of 26 July 2013).
Consequences of the objection to optional purposes: the provision of your personal data for the above purposes is optional and your objection, if any, to the processing of your personal data shall not compromise the continuation of the business relation or the correctness of the processing of personal data.
Processing method: data shall be processed using manual and/or IT and telematic means so as to ensure the safety, integrity and confidentiality of data according to the physical and logical organisational measures provided for by the regulations in force in order to minimize the risk of destruction, loss, unauthorised alteration or disclosure of, or access to, personal data, as established under art. 6 and 32 of the GDPR.
Recipients: in order to carry out some activities or support the functioning and organization of the activities, some data may be disclosed to the following categories of recipients:
Third parties: (disclosure to: natural or legal persons, public authorities, agencies or other bodies other than the data subject, the controller, the processor and any persons duly authorized to process data), including:
Processors: (natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller)
Inside the corporate organization, your personal data shall be only processed by personnel expressly authorized by the controller and bound by a confidentiality agreement, and in particular by the following categories of employees:
Dissemination: your personal data shall not be disseminated in any way.
Transfer of personal data to non-EU countries: the controller shall not employ any processors based in non-EU countries.
Storage period: the storage period of the data processed for marketing and profiling activities shall vary according to the purposes pursued by the controller, but under no circumstances shall it be longer than, respectively, 24 months and 12 months from the last contact or reply received.
Controller: pursuant to the relevant Regulation, the controller shall be 'GGR SRL UNIPERSONALE', with registered office and operational headquarters in Via dell’Indipendenza 15, 47030 San Mauro Pascoli (FC), Italy, VAT registration number 03591680404, represented by their legal representative pro tem.
You can request further information about the data supplied by sending an email to the following email address: privacy@ggr-distribution.com. Further information about the privacy policies applied by our company is available on our website www.gianvitorossi.com.
Data protection officer (DPO): pursuant to art. 37 of the GDPR, the controller has appointed as data protection officer the firm Studio Paci &C Srl (contact person: Luca Di Leo), Via Edelweiss Rodriguez Senior 13, 47924 Rimini (RN), Italy, email: dpo@studiopaciecsrl.it, tel. +39 0541 1795431.
Regulation (EU) 2016/679: Art. 15, 16, 17, 18, 19, 20, 21, 22 - Rights of the data subject
1. The data subject shall have the right to obtain the confirmation as to whether or not personal data relating to him or her do exist, even when they have not yet been recorded, as well as to be provided with such data in an intelligible form.
2. The data subject shall have the right to be informed about:
a. the origin of personal data;
b. the purposes and methods of the processing;
c. the logic involved if personal data are processed using electronic means;
d. the identification details of the controller, processors and designated representative pursuant to art. 5, par. 2;
e. the entities or categories of entities to which the personal data may be disclosed or which may acquire such data as designated representative on the territory of the Member State, processors or entities entrusted with personal data processing.
3. The data subject shall have the right to obtain:
a. the update or rectification of personal data as well as, on his or her request, to have any incomplete personal data completed;
b. the erasure, anonymization or blocking of data processed in violation of the law, including data for which storage is not necessary in relation to the purposes for which they have been collected or subsequently processed;
c. the certification that those to whom personal data have been disclosed have been informed of the execution and content of the operations under letters a) and b), except when this proves to be impossible or requires a disproportionate effort with respect to the protected right;
d. the data portability.
4. The data subject shall have the right to object, in total or in part:
a. on legitimate grounds to the processing of personal data concerning him or her, even when such data comply with the purpose for which they have been collected;
b. to the processing of personal data concerning him or her for the purposes of direct marketing, shipment of advertising material, market researches or commercial communications.
Complaint: if the relevant conditions are met, the data subject shall also have the right to lodge a complaint with the Data Protection Supervisor as supervisory authority according to the established procedures. For further information as well as for the exercise of his or her rights under the European Regulation, the data subject shall contact the controller using the above contact details.
Statement for obtaining the consent of the data subject for optional purposes
Acknowledging the receipt of the information provided by the controller pursuant to art. 13 of the GDPR, the undersigned data subject confirms to have read this personal data processing notice.
The consent relating to the optional purposes is given by filling in and signing the relevant items on the card available at the points of sale.
Below are the optional purposes for which the data subject's explicit consent is required:
Newsletters: GGR SRL Unipersonale offers you the opportunity to receive newsletters containing news, promotions, invitations to special events (previews, presentations of new collections, private sales, etc.) by email (Newsletters), phone, fax, chat, social networks or post.
Information according to your preferences: GGR SRL Unipersonale shall carry out profiling according to your preferences, purchasing habits, origin, and, if specified on the card, your shoe size (*), etc. in order to send you personalized offers. If your date of birth (*) is specified on the card, you will receive a special offer for your birthday.
