Privacy Policy

PRIVACY POLICY FOR USERS

Triboo Digitale S.r.l. with registered office in Viale Sarca 336, Building 16, 20126 Milan, tax code and VAT no. and registration number with the Companies' Register of Milan IT02387250307 (hereinafter, also "Triboo") and DIAMANT S.r.l.,with registered office in viale del lavoro, 8 - CAP 3760 Città Sorgà, tax code and VAT no. 02922140237, and registration number with the Companies' Register of Verona 02922140237 (hereinafter, also the "Partner" and, together with Triboo, the "Data Controllers"), as co-controller of the personal data of users (hereinafter, the "Users") who navigate and use the services available on the website www.dmtcycling.com (hereinafter, the "Site" and the "Services") hereby provide the privacy policy pursuant to Article 13 of the EU Regulation 2016/679 of 27 April 2016 (hereinafter, the "Regulation", or also the "Applicable Legislation").

This Site and the Services are reserved for persons aged 18 years or over. The Data Controllers therefore do not collect any personal data on persons under the age of 18. At the request of Users, the Data Controllers shall promptly delete all personal data that was involuntarily collected and is related to persons under the age of 18.

The Data Controllers take into right of its Users to privacy and the protection of their personal data into the utmost consideration. For any information in relation to this privacy policy, Users may contact the Data Controllers at any time, using the following methods:

Triboo:

  • By sending a registered letter with acknowledgement of receipt to the Data Controller's registered office (Viale Sarca no. 336, Building Sixteen, 20126 Milan);
  • By sending an email to privacy@triboo.it

Partner:

  • By sending a registered letter with acknowledgement of receipt to the Data Controller's registered office (Viale del Lavoro, No. 8, 37060 Sorgà (VR));
  • By sending an email to privacy@com

Users may also contact

  • The Triboo's Data Protection Officer (DPO), whose contact details are given below: email curinigalletti@triboo.it.
  • The Partners's Data Protection Officer (DPO), whose contact details are given below: name Federico, surname Zecchetto of the DPO, address Viale del Lavoro, 8 , telephone number 045/6655044, mail privacy@diamantdmt.com


  1. 1. Purpose of the Processing

Users' personal data will be lawfully processed by Triboo pursuant to Article 6 of the Regulation for the following purposes:

  1. contractual obligations and provision of the Services, to enable the navigation of the Site or to carry out the Terms of Use of the Site, which are accepted by the User when registering on the Site and/or when using the Services, and to fulfil specific requests of the User. The User data collected by Triboo for the purposes listed above include: the User's first name, surname and voluntarily chosen nickname, age, province of residence/domicile, gender, email address, as well as any personal information the User may have voluntarily published. Unless the User gives Triboo a specific and optional consent to the processing of their data for further purposes, the User's personal data will be used by Triboo for the exclusive purpose of ascertaining the User's identity (including through validation of the email address), thus avoiding possible fraud or abuse, and contacting the User for service purposes only (e.g. sending notifications regarding the Services). Notwithstanding any different provisions of this privacy policy, under no circumstances shall Triboo make the personal data of Users accessible to other Users and/or third parties.
  2. administrative-accounting purposes, i.e. to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;
  3. statutory obligations, i.e. to fulfil obligations laid down by law, an authority, a regulation or European legislation.

The provision of personal data for the above-mentioned processing purposes is optional but necessary, as failure to provide such data shall make it impossible for the User to surf within, register to the Site and you to use the services.

Personal data that are necessary for the pursuit of the processing purposes described in this paragraph 1 are marked with an asterisk in the Site registration form. 

 

  1. 2. Further processing purposes: marketing (sending of advertising material, direct sales and commercial communication)

With the User's free and optional consent, some of the User's personal data(i.e. first name last name, gender, date of birth, physical address, email address, telephone/mobile phone number, may also be processed by the Partner for marketing purposes (by sending advertising material, direct sales and commercial communication), or so that the Partner may contact the User by mail, e-mail, telephone (landline and/or mobile, with automated call or call communication systems either with and/or without the intervention of an operator) and/or SMS and/or MMS to propose to the User the purchase of products and/or services offered by the Partner itself and/or by third party companies, to present offers, promotions and commercial opportunities.

If no consent is granted, the possibility of registering on the Site will not be affected in any way.

In the event of consent, the User may revoke it at any time by making a request to the Partner in the manner set out in paragraph 7below.

The User may also easily object to further promotional communications by email by clicking on the appropriate link to withdraw consent, which is present in each promotional email. Once consent has been withdrawn, the Partner shall send the User an e-mail confirming the withdrawal of consent. If the User wishes to withdraw his or her consent to the sending of promotional communications by telephone, while continuing to receive promotional communications by email, or vice versa, please send a request to the Controller in the manner indicated in paragraph 7below.

The Partner informs that, following the exercise of the right to object to the sending of promotional communications by email, it is possible that, for technical and operational reasons (e.g. formation of contact lists already completed shortly before the Partner received the request for objection) the User will continue to receive some further promotional messages. Should the User continue to receive promotional messages after 24 hours have elapsed since you exercised your right to object, please report the problem to the Partner, using the contact details provided in paragraph 7below.

 

  1. 3. Further processing purposes: newsletter

With the User's free and optional consent, certain personal data of the User (i.e. first name last name, gender, date of birth, physical address, email address, telephone/cell phone number may also be processed by the Partner for the purpose of sending the newsletter. Therefore, the User will receive a periodic newsletter from the Partner, which will contain information in relation to news and promotions on the Site and/or initiatives of the Partner.

If no consent is granted, the possibility of registering on the Site will not be affected in any way.

In the event of consent, the User may revoke it at any time by making a request to the Controller in the manner provided in paragraph 7below.

The User may also easily object to further sending of promotional communications by clicking on the appropriate link for revocation of consent, which is present in each email containing the newsletter. Once consent has been withdrawn, the Partner shall send the User an e-mail confirming the withdrawal of consent.

 

  1. 4. Further processing purposes: profiling

With the User's free and optional consent, the User's personal data (i.e. first name, last name, gender, date of birth, physical address, email address, telephone/mobile phone number, purchasing habits, interests and information relating to the services in which the User has expressed an interest may also be processed by the Partner for profiling purposes, i.e. to reconstruct the User's tastes and consumption habits, identifying his consumer profile, in order to be able to send the User commercial offers consistent with the identified profile.

If no consent is granted, the possibility of registering on the Site will not be affected in any way.

In the event of consent, the User may revoke it at any time by making a request to the Partner in the manner set out in paragraph 7below.

 

  1. 5. Methods of data processing and retention periods

The Data Controllers shall process the Users' personal data by means of manual and computerised tools, by applying reasoning that is strictly related to said purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data.

The Users’ personal data shall be kept for the time strictly required to fulfil the primary purposes listed in paragraph 1 above, or in any case as necessary for the protection in civil law of the interests of both the Data Controller and Users.

In the cases under in paragraphs 2, 3 and 4 above, Users' personal data shall be retained for the time strictly necessary to fulfil the purposes set out therein and, in any event, for no longer than twenty-four (24) and twelve (12) months respectively[1].

 

  1. 6. Scope of data disclosure and dissemination

User personal data may be disclosed to the employees and/or collaborators of the Controllers tasked with managing the Site and any service related to the supply of the Services. These individuals, who have been instructed to do so by the Controllers pursuant to Item 29 of the Regulation, shall process User data exclusively for the purposes indicated in this privacy policy and in compliance with the provisions of the Applicable Legislation.

User personal data may also be disclosed to third parties who may process personal data on behalf of the Controllers in their capacity as “External Data Processors”, such as, by way of example, suppliers of IT and logistical services that are functional to the operation of the Site and/or the Services, suppliers of outsourced or cloud computing services, professionals and advisers.

The User has the right to obtain a list of any data processors appointed by the Data Controller by submitting a request to the Data Controller in the manner detailed in paragraph 7 below.

Furthermore, Users' personal data may be disclosed by Triboo, to the extent that this is necessary and essential to fulfil contractual obligations, to independent third party data controllers, such as the managers of payment services and logistics services necessary for the delivery of goods sold through the Site. These autonomous controllers shall process the User's data exclusively for the purpose of the proper execution of orders relating to the Services.

 

  1. 7. Rights of the Data Subjects

Users may exercise the rights guaranteed to them by the Applicable Legislation by contacting the Data Controllers in the following ways:

  • By sending a registered letter with acknowledgement of receipt to Data Controllers’ registered office

Triboo: Viale Sarca n. 336, Edificio Sedici, 20126 Milan ITALY

Partner: Viale del Lavoro. 8, 37060 Sorgà (VR) ITALY

  • By sending an e-mail message to

Triboo: privacy@triboo.it

Partner: privacy@diamantdmt.com

Triboo shall comply with Users' requests relating to the processing referred to in paragraph 1, and the Partner shall comply with Users' requests relating to the processing referred to in paragraphs 2, 3 and 4.

Pursuant to Applicable Legislation, the Data Controllers shall inform Users that they have the right to obtain information on (i) the origin of their personal data; (ii) the purposes and methods of processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) the identification details of Data Controllers and the data processors; (v) the persons or categories of persons to whom their personal data may be disclosed or who may become aware of them in their capacity as data processors or persons in charge of processing.

 

Furthermore, Users have the right to obtain:

  1. a) access, update, amendment or, where interested, integration of the data;
  2. b) deletion, transformation into anonymous form or restriction of the data processed in breach of the law, including data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed;
  3. c) proof that the operations listed under letters a) and b) were communicated, also with regards to the content thereof, to the subjects to which the data was communicated or disseminated, except where this would result impossible or implies a clearly excessive effort as compared to the protected right.

In addition, Users have:

  1. a) the right to withdraw their consent at any time, if the processing is based on their consent;
  2. b) (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to restrict the processing of personal data and the right to erasure ('right to be forgotten');
  3. c) the right to object:
  4. i) in whole or in part, for legitimate reasons to process personal data concerning them, even if pertinent to the purpose of collection;
  5. ii) in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communications;

iii) if personal data are processed for direct marketing purposes, at any time, the processing of the data for that purpose, including profiling insofar as it is related to such direct marketing.

  1. d) if they consider that processing concerning them is in breach of the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State where they normally reside, in the Member State where they work or in the Member State where the alleged breach occurred). The Italian supervisory authority is the Garante per la protezione dei dati personali, with offices in Piazza di Monte Citorio no. 121, 00186 – Roma (http://www.garanteprivacy.it/).

 

The Data Controllers are not responsible for updating all links displayed in this Policy, therefore whenever a link is not working and/or updated, Users acknowledge and agree that they must always refer to the document and/or section of the websites referred to by such link.

 

[1] As stipulated in the general provision of the Garante per la protezione dei dati personali entitled “‘Fidelity card’ e garanzie per i consumatori. Le regole del Garante per i programmi di fidelizzazione” dated 24 February 2005.