This website or third-party tools used in this make use of cookies required to operate and useful for the purposes described in the cookie policy.
By closing this banner, scrolling this page, clicking on a link or continuing navigation in any other way, you consent to the use of cookies.

 Monday, 20 September, 2021

  •   Phone: +39 0163 54446
  •   Email:


Turlo S.r.l., with registered office in Via Monte Rosa, 5 - 13019 Varallo (VC), VAT code 00170930028 (hereinafter referred to as the “Data Controller”), hereby informs you, pursuant to art. 13 of Legislative Decree no. 196 of 30 June 2003 (hereinafter referred to as the “Data Protection Code”) and to article no. 13 of EU Regulation no. 2016/679 (hereinafter referred to as the “GDPR”), that your data will be processed for the purposes and according to the procedures described below:

1. Subject-matter of Processing

The Data Controller will process all personal identification data (such as name, surname, company name, address, telephone number, e-mail, bank and payment details) – hereinafter referred to as the “data”, either directly supplied by you or acquired in the course of our operations.

2. Processing Purposes

Your personal data may be processed:
A) without your explicit consent (art. 24 par. a), b), c) Data Protection Code and art. 6 par. b), e) GDPR), for the following Operating Purposes:
- to perform contracts concerning the Data Controller’s services;
- to comply with pre-contractual, contractual and tax obligations arising from the existing relations with you;
- to manage activities concerning administration, accounting, orders, shipping, invoicing and services;
- to comply with the obligations provided for by laws, regulations, EU provisions or special rules provided for by specific regulatory Authorities (such as the money laundering legislation);
- to exercise the Data Controller’s rights, such as the right of defence in the course of legal proceedings.
B) with your prior explicit consent (art. 7 GDPR), as provided for by the law.

Please note that if you are already one of our customers, we may send you commercial information about the Data Controller’s products or services similar to the ones you’ve already used, save that you disagree (art. 130 par. 4 of the Data Protection Code).

3. Processing Procedures

Your personal data will be processed by the means outlined in article 4 of the Data Protection Code and of article 4 no. 2) of the GDPR, namely: collection, recording, organisation, storage, consultation, adaptation, alteration, selection, retrieval, alignment, use, combination, block, disclosure, erasure and destruction of data. Your personal data will be processed both by traditional paper-based means, and by electronic and/or automated means.
The Data Controller will hold your personal data for how long as is necessary to comply with the purposes described above in compliance with the legislation in force.

4. Access to data

Your data may be made accessible for the purposes outlined in art. 2.A) and 2.B):
- to the Data Controller’s employees and collaborators, as data processors and/or system administrators;
- to third party companies or other subjects (including, without limitation, banks, professional firms, consultants, insurance companies providing insurance services, and so on) carrying out outsourcing activities on behalf of the Data Controller, as external data processors.

5. Data disclosure

The Data Controller may disclose your personal data, with no need of your explicit consent (ex art. 24 par. a), b), d) Data Protection Code e art. 6 par. b) e c) GDPR), for the purposes outlined in art. 2.A), to surveillance bodies (such as IVASS), judicial authorities, insurance companies providing insurance services, and to those subjects to which data must be disclosed by law in order to fulfil the above mentioned purposes.
These subjects will handle data as independent data controllers.
Your data will not be disseminated.

6. Data Subject’s rights

As the Data Subject, you shall have the rights outlined in art. 7 of the Data Protection Code e in art. 15 of the GDPR, namely the rights to:
i. obtain confirmation of the existence of the personal data concerning the data subject, even though not yet recorded, and disclosure of the same in an intelligible form;
ii. obtain information about:
  a) the source of personal data;
  b) the purposes and procedures of processing;
  c) the logic applied in case of electronic processing;
  d) the identification details of the Data Controller, of the data processors and of the designated representative according to art. 5, par. 2 of the Data Protection Code and of art. 3, par. 1, of the GDPR;
  e) the recipients or the categories of recipients to whom personal data may be disclosed or who may get to know such data as the designated representatives within the territory of the country, or as external data processors;
iii. obtain:
  a) the updating, amendment and, if required, the integration of data;
  b) the erasure, anonymisation or block of data which have been processed in breach of the law, including the data which do not have to be stored for the purposes for which data have been collected and processed;
  c) the certification that the operations described in paragraphs a) to b) have been made known, also with reference to their content, to the subjects to whom data have been disclosed or disseminated, save when this task turns out to be impossible or the means to be employed are manifestly disproportionate to the right to be safeguarded;
iv. object, in whole or in part: a) for legitimate reasons, to the processing of your personal data, even though they may be relevant to the purposes of collection; b) to the processing of your personal data for the purposes of direct sales or marketing, or sending advertising material or carrying out market research through the use of automated calling systems with no operators, through e-mail and/or traditional phone and/or mail marketing procedures. Please note that the data subject’s right of objection for the purposes of direct marketing through automated means, outlined in paragraph b) above, may extend to traditional means, and the data subjects may also exercise their right of objection only in part. Therefore the data subject may decide to receive communications either only through traditional means or through automated means, or neither of the above.
Where applicable, the data subject also holds the rights outlined in articles 16-21 of the GDPR (right to rectification, right to erasure, right “to be forgotten”, right to restriction of processing, right to data portability, right to object), and has the right to apply to the Privacy Authority.

7. Data storage

Ordinary personal data will be erased 5 years after the end of the relationship.
Judicial data will be stored according to legal provisions.

8. Minors

The Data Controller’s Services and Web Site are not intended to minors under the age of 18 and the Data Controller will not intentionally collect personal information about minors.
In case of unintentional collection of information concerning minors, the Data Controller will erase them without undue delay upon request by the users.

9. How to exercise your rights

You may exercise your rights at any time by:
- registered letter with advice of receipt to Turlo Srl – operating/registered office Via Monte Rosa, 5 – 13019 Varallo (VC);
- e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it..

10. Data Controller, data processors and external data processors

The Data Controller is Turlo S.r.l. with registered and operating head office in Via Monte Rosa, 5 - 13019 Varallo (VC).
The updated list of data processors and of external data processors is held at the Data Controller’s registered head office.

Turlo SRL - P.IVA/VAT IT 00170930028 - Cap. Soc. EURO 49.920,00 I.V. - Cod. fisc. Registro imprese VC00170930028 - C.C.I.A.A. di VC R.E.A. 103993 - MEC N. VC001025