DATA PROTECTION INFORMATION

Privacy Policy

Last updated: 14 May 2026

This privacy notice is provided in accordance with articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter, "GDPR") and Italian Legislative Decree 196/2003 ("Personal Data Protection Code"), as amended by Legislative Decree 101/2018.

This notice describes how TRA.VE.RO. S.r.l. processes the personal data of users visiting the website www.travero.it and applies exclusively to this site. It does not extend to other websites that may be accessed via external links, for which TRA.VE.RO. S.r.l. is not responsible.

In short: we only collect data strictly necessary to respond to user inquiries submitted through the contact form and to ensure the proper functioning of the website. We do not use data for direct marketing purposes nor do we transfer it to third parties.

1. Data Controller

The Data Controller of personal data collected through the site is:

Company nameTRA.VE.RO. S.r.l.
Registered officeVia Ariana, 78 — 00049 Velletri (RM), Italy
VAT / Tax ID05565691002
REA (Business Register)RM-900555
Phone+39 06 9634558
Certified email (PEC)travero@gigapec.it
Privacy contact emailprivacy@travero.it

For any request regarding the processing of personal data, fulfillment of GDPR obligations, or to exercise the rights set out in section 7, users may write to privacy@travero.it.

2. Data Protection Officer (DPO)

TRA.VE.RO. S.r.l. has not appointed a Data Protection Officer, as it does not fall within the cases of mandatory designation provided for in article 37 of the GDPR.

For any data protection inquiry, users may contact the Data Controller directly using the contact details indicated in section 1.

3. Types of data processed

3.1 Browsing data

The IT systems and software procedures responsible for the operation of this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category includes:

  • IP address of the device used by the user;
  • browser type and parameters of the device used for the connection;
  • name of the internet service provider (ISP);
  • date and time of visit;
  • web page of origin (referrer) and exit;
  • number of clicks and any parameters related to the operating system.

This data is used solely to obtain anonymous statistical information on the use of the site and to monitor its proper functioning, as well as for security purposes. The data may be used to ascertain liability in the event of hypothetical cyber crimes against the site.

3.2 Data voluntarily provided by the user

The optional, explicit, and voluntary submission of communications through the contact form on the site, or via email to the addresses indicated, results in the subsequent acquisition of the data provided by the sender, which is necessary to respond to inquiries.

The data collected through the contact form includes:

  • Full name
  • Email address
  • Company (optional)
  • Phone number (optional)
  • Subject of the inquiry
  • Message content

3.3 Cookies

The site uses technical cookies and, subject to user consent, third-party cookies for analytical purposes. For a detailed description of the cookies used, their purposes, and management methods, please refer to the Cookie Policy.

4. Purposes and legal bases of processing

Personal data collected through the site is processed for the following purposes:

Purpose Legal basis Retention period
Response to contact requests submitted through the site's contact form or via email Performance of pre-contractual measures at the data subject's request (art. 6.1.b GDPR) and legitimate interest of the Controller in responding to information requests received (art. 6.1.f GDPR) For the time strictly necessary to handle the request and manage any resulting pre-contractual or commercial relationship
Ensuring the proper functioning of the site (technical cookies, system logs, browsing data) Legitimate interest of the Controller (art. 6.1.f GDPR) Up to 12 months from collection
Aggregated statistical analysis of site usage (Google Analytics, when activated) Consent of the data subject (art. 6.1.a GDPR), expressed through the cookie banner As provided by the third-party service (see Cookie Policy)
Compliance with legal obligations (e.g., tax, accounting, IT security) Compliance with a legal obligation (art. 6.1.c GDPR) For the time required by applicable law (typically 10 years for accounting documents)

Providing data for the purpose of responding to inquiries through the contact form is optional, but failure to provide it makes it impossible to respond to the user's request.

5. Processing methods and storage

Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific technical and organizational security measures are adopted to prevent data loss, unlawful or incorrect use, and unauthorized access, in accordance with article 32 of the GDPR.

Data is stored on servers located within the European Union. Specifically, the site's hosting infrastructure is located in data centers in Germany (Falkenstein, Hetzner Online GmbH).

Upon expiration of the storage periods indicated, data will be deleted or irreversibly anonymized, except in cases where retention is necessary to comply with legal obligations or for the defense of the Controller's rights in court.

6. Disclosure and recipients of data

The personal data collected will not be disseminated. It may be disclosed, exclusively for the purposes indicated above, to the following categories of recipients:

  • Authorized internal personnel (administrative, commercial, technical) of TRA.VE.RO. S.r.l., duly instructed pursuant to article 29 of the GDPR;
  • External technical service providers (hosting providers, site maintainers, email service providers) appointed as external Data Processors pursuant to article 28 of the GDPR;
  • Professional consultants (accountants, lawyers, labor consultants) where necessary for administrative, accounting, or judicial defense purposes;
  • Competent authorities, where required to comply with legal obligations or orders from the Judicial Authority.

Data is not disclosed to third parties for marketing or commercial profiling purposes.

6.1 Transfer of data outside the EU

Some technical services used by the site (for example, Google Analytics, when activated) may involve the transfer of personal data to countries located outside the European Union, in particular the United States.

Such transfers are carried out in compliance with the safeguards provided by articles 44 and following of the GDPR, in particular:

  • on the basis of an adequacy decision by the European Commission (art. 45 GDPR), such as the EU-US Data Privacy Framework approved on 10 July 2023 for participating US providers;
  • or by means of Standard Contractual Clauses approved by the European Commission pursuant to article 46 GDPR.

Users may request more detailed information on specific transfers and copies of the safeguards applied by writing to privacy@travero.it.

7. Rights of the data subject

In relation to the personal data being processed, users may exercise at any time the rights granted by articles 15 to 22 of the GDPR, in particular:

  • Right of access (art. 15 GDPR): obtain confirmation as to whether or not personal data concerning them is being processed, and, where this is the case, access to such data and information about the processing;
  • Right to rectification (art. 16 GDPR): request the correction of inaccurate personal data and the completion of incomplete data;
  • Right to erasure ("right to be forgotten", art. 17 GDPR): request the deletion of data in the cases provided for by the GDPR;
  • Right to restriction of processing (art. 18 GDPR): request the restriction of processing in the cases provided for by the GDPR;
  • Right to data portability (art. 20 GDPR): receive in a structured, commonly used, and machine-readable format the data provided to the Controller, and transmit it to another controller;
  • Right to object (art. 21 GDPR): object at any time, for reasons related to their particular situation, to the processing of data based on the Controller's legitimate interest;
  • Right to withdraw consent (art. 7 GDPR): withdraw at any time the consent given, without affecting the lawfulness of processing based on consent given before the withdrawal;
  • Right to lodge a complaint with the supervisory authority (art. 77 GDPR): lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali — www.garanteprivacy.it) if they believe that the processing of their personal data violates the GDPR.

To exercise these rights, users may write to privacy@travero.it or send a certified email (PEC) to travero@gigapec.it, attaching a copy of a valid identity document.

The Controller will respond to the request within 30 days of receipt, except in cases of particular complexity for which this period may be extended up to a maximum of 90 days, with prompt notification to the data subject.

8. Minors

The site is not intended for individuals under the age of 16, and TRA.VE.RO. S.r.l. does not knowingly collect personal data from minors. If it becomes apparent that data from minors has been provided without parental consent, such data will be deleted as soon as possible.

9. Data security

The Controller adopts adequate security measures to protect personal data from unauthorized access, disclosure, alteration, or destruction, in accordance with article 32 of the GDPR. In particular:

  • connection to the site via HTTPS protocol with SSL certificate;
  • periodic data backups;
  • access control through individual credentials;
  • continuous updating of software and operating systems;
  • training of personnel authorized to process data.

Despite adopting appropriate technical and organizational measures, the Controller informs users that no data transmission and storage system can be considered 100% secure. In the event of a personal data breach, the Controller will comply with the notification obligations provided for by articles 33 and 34 of the GDPR.

10. Changes to this notice

This Privacy Policy may be subject to changes due to regulatory updates, technological developments of the site, or new processing methods. Users are invited to consult this page periodically to stay informed of any changes.

The date of the last update is indicated at the beginning of the document. Any substantial changes will be appropriately announced on the site.