Information for customers and suppliers


Dear Customer / Supplier

Trovami Srl takes the protection of personal data very seriously.

We therefore ask you to carefully read this information which is provided pursuant to art. 13 of Legislative Decree. 196/2003 (Privacy Code) and subsequent amendments and art. 13 of EU Regulation 2016/679 (GDPR), natural persons operate in the name and on behalf of the Customer / Supplier.


The data will be processed by applying appropriate security measures to ensure compliance with the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality, in compliance with current national and European regulations.


The Data Controller is Trovami Srl with registered office in Via Donatello n. 30 – 20131 Milan Tax Code and VAT number 09792490964.

For any further information or clarification, the Data Controller can be contacted at the email address indicated, or at the e-mail address

The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the email address



The Data Controller – for the establishment and execution of contractual relationships – processes personal data belonging to customers and potential customers and suppliers, or personal data of natural persons who work on their behalf.

The personal data processed are those provided by the interested party on the occasion of: – Visits or phone calls; – Direct contacts for participation in fairs or events; – Proposition of offers; – Transactions and subsequent transmissions to the order.

The data subject to processing includes basic contact information such as name and surname, e-mail address, telephone numbers, place and address of work, role in the company or job, information on the economic activity of the person concerned.


Your personal data will be processed for the purposes specified below.

a. exchange information aimed at the execution of the contractual relationship, including pre and post contractual activities;

b. formulate requests or process requests received;

c. fulfill the administrative, accounting and tax obligations deriving from existing relationships;

d. fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority

e. forward communications related to the execution of the contract with different means of communication (telephone, fax, email).

f. exercise the rights of the owner, for example the right to defense in court.

The legal basis of the processing is represented by the execution of a contract of which the customer / supplier is a party or the execution of pre-contractual measures adopted at the request of the same (e.g. requests for sending information or commercial offers) as well as the fulfillment of a legal obligation to which the Data Controller is subject. In any case, it is a legitimate interest of the Data Controller to be able to process the data in order to effectively and efficiently manage the relationship with its customers and / or suppliers and to manage the related internal and external organizational processes. The provision of data for these purposes is mandatory and, therefore, any refusal to provide them in whole or in part would not allow the execution of the contract.

Pursuant to art. 130 paragraph 4 of the Privacy Code, the Owner – if he were already our Customers – reserves the right to send, even without explicit consent, information newsletters on products similar to those covered by the service provided, unless your explicit dissent and with the right to object in any time to treatment.


For the purposes indicated, personal data may be disclosed to the employees and collaborators of the Data Controller in their capacity as persons authorized to process the processing for the performance of the necessary activities and with a guarantee of protection of the rights of the interested party.

The data may also be disclosed to professionals or service companies that carry out outsourced activities on behalf of the Data Controller, in their capacity as Data Processors (by way of example, credit institutions, professional firms, consultants, etc.)

Finally, the data may be disclosed to all those public and private subjects whose right to access the data is recognized by legal provisions or by orders of the authorities.

More information on the subjects to whom the data may be disclosed will be provided to the interested parties in the exercise of their rights pursuant to Article 15 of the Regulation.

The personal data processed will not be disclosed in any way and will not be transferred outside Europe.


The data will be kept

i for the entire duration of the contractual relationship and no later than 10 years from the end of the relationship, in compliance with current regulations.


The interested party, pursuant to articles 15-22 REG UE 679/16, has the right to:

  • access your data and receive a copy;
  • obtain the correction of personal data concerning you, obtaining its integration if incomplete;
  • obtain the cancellation of your personal data;
  • obtain the limitation of processing when certain conditions are met;
  • receive your data or have it transferred to another owner, in a structured format, commonly used and legible if technically feasible;
  • oppose the processing of your data for reasons related to your particular situation;
  • not be subjected to a fully automated decision-making process unless mandatory

Requests must be sent in writing to the Data Controller at the addresses indicated in the “Data Controller” paragraph of this information.

In any case, the interested party always has the right to lodge a complaint with the competent supervisory authority (Guarantor for the protection of personal data), pursuant to art. 77 of the Regulation, if you believe that the processing of your data is contrary to the legislation in force.


Last updated 22.12.2018