Privacy Policy - Truffle Selection | Data protection and GDPR transparency

Welcome to the Privacy Policy of Truffle Selection. In this section we explain in a clear and transparent way how we collect, use and protect your personal data when you browse our website and as part of our services. We tell you what data we process, on what legal basis, for what purposes, how you can exercise your rights and what measures we take to ensure security and GDPR compliance.

Privacy Policy in accordance with Regulation (EU) 2016/679 (“GDPR”) Articles 13 and 14 and subsequent national adaptation regulations

This document (hereinafter referred to as the “Information Notice”) is intended to provide indications regarding the processing of information, as specified below, which will be provided or otherwise available at our facility and which will be processed by the same and/or other identified parties for the purposes set out below. The Information Notice, in particular, is provided pursuant to EU Regulation No. 679/2016 (“GDPR”) and subsequent national adaptation regulations (together with the GDPR hereinafter referred to as “Applicable Legislation”). The Information is provided for visitors and users of the website www.truffleselection.com (hereinafter referred to as the “Site”) and not for any further websites that may be consulted by the user via internal links.

  1. Identity and contact details of the data controller

The data controller, pursuant to Articles 4 and 24 of EU Reg. 2016/679, is Sette2 srls, with registered office in Serra San Quirico (AN), VAT No. IT02869890422, info@rotorscio37.it in the person of its pro-tempore legal representative (hereinafter referred to as “Data Controller”).

  1. Contact details of the Data Protection Officer (DPO)

Pursuant to Articles 37 - 39 of EU Reg. 2016/679, a Data Protection Officer has been appointed and can be reached at the following e-mail address: info@truffleselection.com
3. Purpose and legal basis of processing
The Personal Data collected will be processed for the purposes and under the legal bases set out below:

  • Purposes: point 3, letter a): for the management of your contractual relationship or to implement pre-contractual measures (such as, for example, the request for information or the request for an estimate); to allow navigation on this website and the technical management of connections to it; to manage any contact requests made by the person concerned and to respond to them and to follow up on requests for assistance and the needs of customers and users (hereinafter referred to as “site management purposes”).

In this case, you are free to provide your Personal Data, but failure to do so will not allow you to establish the aforementioned relationship and fulfil your request and may result in the impossibility of using all the services provided by the Site.

o Legal basis: processing is necessary in connection with the performance of a contract to which you are a party, the provision of a service or the need to respond to requests from the data subject and is necessary to comply with a legal obligation to which the data controller is subject

  • Purposes: point 3, letter b): subject to your specific consent, revocable at any time, to send you promotional communications relating to the Controller and communications relating to events organised by the Controller (hereinafter “marketing purposes”).
    Withholding consent will not affect the possibility of using all the services offered by the Site.

o Legal basis: your consent

  1. Categories of personal data processed

Within the limits of the purposes and methods described in this Policy, information that can be considered as “Personal Data” may be processed, which includes your personal details, contact details (such as, for example, mobile phone number, e-mail address, IP address, cookies, etc.).
Full details on each type of data collected are provided in the dedicated sections of this privacy policy

policy or by means of specific information texts displayed prior to the collection of the data. Any use of Cookies (or other tracking tools) by this website or the owners of third party services used by this website, unless otherwise specified, is for the purpose of providing the service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy.

4.1 Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the date and time of the request, the method used to submit the request, the size of the response file, the numerical code indicating the status of the response given by the server and other parameters relating to the User's operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation, and is deleted immediately after processing. The data could be used exclusively by the Judicial Authority to ascertain responsibility in case of hypothetical computer crimes against the site.

4.2 Data Voluntarily Provided by the User

The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website, or the filling in of forms, entails the subsequent acquisition of the sender's address, which is necessary in order to reply to requests, as well as any other personal data entered voluntarily by the User. The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this website and guarantees that he/she has the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.

4.3 Redirect via social plug-ins

It is possible that so-called social plug-ins may be used while browsing the Site. Social plug-ins are special tools that make it possible to incorporate social network functions directly into the Site (e.g. the Facebook “like” function). All social plug-ins on the Site are marked with the respective logo owned by the social networking platform.

When you visit a page on the Website and interact with the plug-in (e.g. by clicking the “like” button) or decide to leave a comment, the corresponding information is transmitted from your browser directly to the social networking platform (in this case Facebook) and stored there. For information on the purpose, type and manner of collection, processing, use and storage of personal data by the social networking platform, as well as on how to exercise your rights, please refer to the privacy policy of the respective social network.

4.4 Links to Third Party Sites

From our Site it may be possible to connect via links to other third-party websites. The Owner does not control or monitor these websites and their contents, and provides links to these sites solely to facilitate the User's search and navigation and to facilitate hypertext links on the Internet to other sites.

Activation of the links does not imply any recommendation or recommendation by the Owner to access and navigate these sites, nor any guarantee of their content, services or goods provided or sold by them to Users.
We therefore disclaim any responsibility for the contents of these sites and the rules adopted by them, also with regard to the protection of personal data and the processing thereof when navigating within the sites in question.

  1. Addressees and target groups

Personal data will not be disseminated, i.e. they will not be disclosed to undefined subjects. On the other hand, they may be communicated to well-defined subjects, in full compliance with the provisions of the law, for purposes strictly related to those indicated above. Any access to your personal data is limited to subjects authorised by the Controller. Communication to the identified recipients, only if involved and functional, is linked to the achievement of the purposes set out in point 3 above, therefore the personal data collected and processed may be:

  1. used anonymously for statistical purposes;
  2. made available to the Controller's employees, in their capacity as managers or persons authorised to

processing of personal data;

  1. communicated to third persons, natural or legal, public administrations, professionals, forces

law enforcement agencies, government bodies, regulatory bodies, courts or other public authorities

authorised by law;

  1. parties providing services for the management of the information system and communication networks

including e-mail, newsletters and website management;

  1. firms or companies in the context of assistance and consultancy relationships;
  2. if necessary, transferred to another Data Controller in accordance with the GDPR,

also with regard to the right to data portability.

The information may also be communicated whenever it may be necessary to comply with requests by the Judicial or Public Security Authorities. The data collected will not be disseminated under any circumstances.
The list of Data Processors is available at the Data Controller's office.

  1. Data transfer abroad

The Controller currently processes your data without transferring it to foreign countries. However, the GDPR permits the transfer of personal data abroad with your consent or where there is another legal justification and an adequate level of data protection is guaranteed. The Data Controller undertakes to ensure that where data is transferred abroad, this is done in full compliance with local and EU legal principles and requirements and that appropriate security measures are taken to protect personal data in those countries/territories.

  1. Data retention period (criteria for determination)

Below is a table containing indications of the retention times (i.e. the criteria for determining) of Personal Data:

  • Purpose: point 3(a): site management
    o Retention period: For the duration of the relationship and thereafter for 10 years

(ordinary prescription).
- Purpose: point 3(b): marketing purposes

o Retention period: Until revocation of your consent
Moreover, the Controller may be obliged to store Personal Data for a longer period in

compliance with a legal obligation or by order of an authority.

  1. Modalities of data processing

The processing of Personal Data shall be carried out by manual, computerised or telematic means, suitable to guarantee their security and confidentiality, and shall be performed by staff duly trained in compliance with Applicable Law. There is no automated decision-making process.
In addition to the Data Controller, in some cases, other parties involved in the organisation may have access to the Data

of this Website (administrative, sales, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Controller.

Potential customers web information (for marketing purposes) v1.0

In addition to the cases in which it is necessary to contact you for needs related to the management of your position, if you consent to the processing of your data for the purposes set out in point 3, letter b), you may be contacted by e-mail, newsletter, text message, instant messaging systems or by any equivalent electronic means, or by post or call through an operator at any of the addresses provided. Should you prefer to be contacted only at one or some of these addresses, you may make an express written request to the Data Controller without formalities.

8.1 Defence in court

The User's Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages of such proceedings to defend against abuses in the use of this website or related services by the User. The User declares that he/she is aware that the Data Controller may be obliged to disclose the Data by order of public authorities.

8.2 Specific disclosures

At the User's request, in addition to the information contained in this privacy policy, this website may provide the User with additional and contextual information regarding specific services, or the collection and processing of Personal Data.

8.3 System logs and maintenance

For operation and maintenance purposes, this website and any third-party services used by it may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User's IP address.

8.4 Information not contained in this policy

Further information in connection with the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

8.5 Responding to “Do Not Track” requests”

This website does not support “Do Not Track” requests. To find out whether any third-party services used support them, the User is invited to consult their respective privacy policies.

8.6 Amendments to this privacy policy

The Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page and, if possible, by sending a notification to Users through one of the contact details held by the Controller. Please therefore consult this page regularly, referring to the date of last modification indicated at the bottom. If the changes affect processing whose legal basis is consent, the Data Controller will collect the User's consent again, if necessary.

  1. Rights to which you are entitled

We inform you that you may exercise the rights recognised in the Applicable Legislation including, but not limited to, the right:

  1. to have access to their Personal Data and to know their origin, the purposes and aims of the processing, the data of the persons to whom they are communicated, the data retention period or the criteria for determining it (Art. 15);
  2. to request its rectification (Art. 16);
  3. deletion (“oblivion”) if no longer necessary, incomplete, erroneous or collected in violation of the

law (Art. 17);

  1. to request that processing be limited to a part of the information concerning you

(Art. 18);

  1. as far as technically possible, to receive in a structured format or to transmit

to you or to third parties indicated by you the information concerning you (so-called “portability”) or that which is

voluntarily provided by you (Art. 20);

  1. to object to their processing based on legitimate interest (Art. 21);
  2. as well as to revoke their consent at any time if this constitutes the

basis of the processing (revocation of consent, however, does not affect the lawfulness of the processing based on consent before revocation).

The aforementioned rights may be exercised by means of a written request addressed without formalities to the Controller at the contacts indicated in point 1.
The Controller shall do so without delay and, at the latest, within one month of receipt of the request. The deadline may be extended by two months if necessary, taking into account the complexity and number of requests received by the Controller. In such cases, the Controller shall, within one month of receipt of your request, inform you and inform you of the reasons for the extension.

We remind you that if the response to your request has not been satisfactory in your view, you may address and lodge a complaint with the Italian Data Protection Authority ( http://www.garanteprivacy.it/) in the manner provided for by the Applicable Legislation.

  1. Information Update

This Policy may be amended or simply updated, in whole or in part, also in consideration of changes in the laws or regulations governing the protection of personal data. Amendments and updates shall be notified to Users as soon as they are adopted and shall be binding as soon as they are published on the Site. The Controller therefore invites Users to regularly access this page to check the publication of the most recent and updated version. For this purpose, the document highlights the date of update.

Revision: January 2020