Privacy Policy
INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to and for the purposes of Regulation (EU) 2016/679 and national privacy legislation
Dear User,
- Introduction
When you browse our website or use our services, we collect information and personal data about you. For this reason, in accordance with Regulation EU No. 679/2016 (hereinafter “GDPR”) and any implementing laws, we have created this document (hereinafter “Privacy Policy”) to describe which personal data we collect, the purposes and methods of processing, and the security measures we adopt to protect them.
This information is provided to data subjects pursuant to and for the purposes of national and European legislation on the protection of personal data (meaning Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as the applicable personal data protection legislation in Italy ex Legislative Decree 196/03 and subsequent amendments, as well as the provisions of the Data Protection Authority).
Furthermore, we inform you that this Privacy Policy applies to the following sites owned by the company:
2. Data Controller
Trevi-Finanziaria Industriale S.p.A., with registered office in Cesena, via Larga di Sant’Andrea, 201 (“Company”) – as Data Controller – collects and processes your personal data in compliance with the provisions of current privacy legislation and manages the above-mentioned sites.
The Company is required to provide you with certain information regarding the processing of the aforementioned data that you voluntarily provide by filling in the forms on the site. The Controller is not responsible for untruthful data and information or data provided by third parties, even unlawfully.
The Controller informs you that your personal data will be processed using computerized and non-automated tools, as well as with the adoption of technical and organizational measures to ensure a level of security appropriate to the level of risk.
3. Data Protection Officer
Lawyer Floriana Francesconi has been appointed as Data Protection Officer (DPO), and can be reached at: dpo@trevifin.com
4. Purpose of the processing
Your personal data will be processed in full compliance with the obligations and principles set out in the aforementioned legislation for the following purposes:
a) To allow you to browse our sites;
b) To allow you to download the catalogs you have selected;
c) To contact you, with your prior consent, for the promotion of new products, marketing, and to send you newsletters;
d) To allow you to send your request for product quotations;
e) To allow you to send your request for information/assistance;
f) To forward your data to any external Data Processors appointed pursuant to Art. 28 GDPR;
g) For the evolutionary maintenance needs of the platform;
h) To fulfill any legal, accounting, and tax obligations and for defensive needs.
5. Types of data
For the purpose referred to in point 4.a):
This category of data includes the IP address and domain name of your computer, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server, and other parameters relating to your operating system.
Information collected through cookies and other technologies. Information on the cookies used by Trevi-Finanziaria Industriale Spa can be found in the Cookie Policy.
For the purpose referred to in point 4.b):
Identification data: name, surname, country, city, and email address. These are required fields to fill in the form and obtain the possibility to download the catalogs.
For the purpose referred to in point 4.c):
Identification data: name, surname, country, and email address: data required with prior consent for receiving newsletters.
For the purpose referred to in point 4.d):
Identification data: name, surname, telephone, and email: data required to send your request for product quotations.
For the purpose referred to in point 4.e):
Identification data: email: data required to send your request for information/assistance.
For the purposes referred to in points 4.f), g), h):
Identification data: name, surname, and email address.
With regard to data you voluntarily provide, we kindly ask you not to communicate special categories of data (formerly sensitive data) as they are not necessary.
6. Legal basis for Processing
The provision of data for the purposes referred to in points 4.a), b), d), e), f), and g) is always optional, but failure to provide such data will make it impossible to browse our sites. This is because the IT systems responsible for the operation of the Services acquire, during their normal operation, some of your personal data whose transmission is implicit in the use of Internet communication protocols. The legal basis for processing for this purpose is Article 6, paragraph 1, letters b) and c) of the Regulation, as the processing is necessary for the provision of services or for responding to requests from the data subject, and also represents processing necessary to fulfill a legal obligation incumbent on the Controller.
The provision of data for the purposes referred to in point 4.c) is optional and the legal basis is only consent; without your express consent, the Controller and the Group companies will not be able to send you the newsletters of the Company and the Trevi Group.
Consent is always revocable.
The legal bases for processing for the purpose referred to in point 4.h) are:
the legitimate interest of the data controller, such as, for example, protection against fraud or other conduct in violation of the terms of use of the service subscribed to by the user, as well as to assert and defend a right in court.
7. Recipients and/or any categories of recipients of personal data
Personal data will be made available to subjects and/or persons expressly authorized by the controller, including those belonging to the Trevi Group – and for this purpose designated, respectively, as data processors and persons in charge of processing, who carry out processing activities essential for the pursuit of the purposes indicated above; the categories of persons in charge are those of administration, communication, accounting, legal consultancy, technical maintenance of IT systems, marketing, depending on the specific request made by the user through the Site.
The updated list of processors is available upon simple request at the Controller’s address. The data may also be accessible to other companies of the Trevi Group for administrative-accounting purposes pursuant to Art. 6.1.f) and Recitals 47 and 48 of the Regulation.
Data may also be communicated to public bodies or public authorities in compliance with laws, regulations, and EU legislation.
The user’s personal data are also processed by persons designated as System Administrators pursuant to the Provision of the Data Protection Authority of 27 November 2008 and subsequent amendments.
Your personal data will not be disclosed.
8. Transfers outside the EEA
With regard to any transfer of data to third countries, the Controller informs you that processing will take place according to one of the methods permitted by current law, such as, for example, the consent of the data subject, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free movement of data or operating in countries considered safe by the European Commission, in compliance with the recommendations 01/2020 adopted on 10 November 2020 by the European Data Protection Board. More information is available, upon request, from the Controller and/or the DPO at the contacts indicated above.
9. Retention Period of Personal Data
Your personal data will be retained by the Controller or by Trevi Group companies or by third parties designated as external processors pursuant to Art. 28 Regulation 2016/679 (the list of which is available at the company) in full compliance with the principles of necessity, minimization, limitation of retention, through the adoption of technical and organizational measures appropriate to the level of risk of processing, for a period not exceeding 24 months and in any case for the time strictly necessary to fulfill legal obligations and for defensive purposes in the event of disputes.
Contact data for the purposes referred to in point 4.b) will be retained until your express request for deletion or withdrawal of consent.
10. Rights of Data Subjects
Where applicable, you may exercise at any time the rights referred to in Articles 15 et seq. of the GDPR, including:
- the right to obtain confirmation as to whether or not personal data concerning you are being processed;
- the right of access to personal data and to the following information concerning you (purposes of the processing to which the personal data are intended, categories of data, recipients of the data, retention period, etc.);
- the right to request rectification or restriction of processing of data concerning you;
- the right to obtain the erasure of personal data concerning you if there are grounds;
- the right to lodge a complaint with a supervisory authority;
- the right to withdraw consent.
These rights may be exercised by sending a request to: privacy.trevigroup@trevigroup.com
To comply with legal obligations, we may be required to retain some of your personal data even after you have requested deletion.
The Controller reserves the right to modify or simply update this Privacy Policy, in whole or in part. Therefore, we invite you to regularly visit this section to have the most updated version; for this reason, the date of the last modification is shown below. Use of the Site after the date of publication will constitute acceptance of this information.
11. Contacts
For more information, please refer to: privacy.trevigroup@trevigroup.com
18/09/2025