Pursuant to arts. 12 and 13 of EU Regulation No. 679/2016 (GDPR)
Mediainfo S.r.l., with registered office at Via Castello 13, 36050, Monteviale (VI) and VAT No. 04323530248, (hereinafter, the "Data Controller" or "TrovaVip"), in accordance with EU Regulation 679/2016, applicable from 25 May 2018 – General Data Protection Regulation ("GDPR") – and Legislative Decree No. 196 of 30 June 2003, known as the "Privacy Code" (hereinafter collectively the "Applicable Legislation"), recognises the fundamental importance of personal data protection, considering it one of the essential and primary objectives of its activities.
This Privacy Policy (hereinafter also "Privacy Policy") does not apply to other sites belonging to the Data Controller or to websites accessible via external links. It also constitutes the information notice provided pursuant to Art. 13 of the Applicable Legislation to users who interact with the Site.
This Privacy Policy, together with the Terms and Conditions, applies to the data subject (hereinafter "Data Subject(s)") when: (i) browsing the website available at the URL www.trovavip.it (hereinafter, the "Site"); (ii) using and benefiting from, following registration and creation of their account, the free services made available on the Site, and/or; (iii) using and benefiting from paid services, following the purchase or subscription of at least one of the products available on the Site.
This Privacy Policy does not apply to other sites or services of the Data Controller, nor to websites accessible via external links. It also constitutes the information notice provided pursuant to Art. 13 of the GDPR to Users who interact with the Site. Consequently, before providing any personal data, the Data Controller recommends careful reading of this Privacy Policy, which clearly illustrates the methods of processing and protecting data as well as the rights of the Data Subject, in compliance with the Applicable Legislation.
The Data Controller for data relating to the Site is Mediainfo S.r.l., as indicated above. Personal data collected through the Site is processed at the Data Controller's registered office, located at Via Castello 13, 36050, Monteviale (VI), Italy.
The term "Personal Data" refers to any information relating to an identified or identifiable natural person. Personal Data processed by TrovaVip (hereinafter, also the "Controller") may be: (i) provided directly by the Data Subject; (ii) collected automatically during the use of the Site; and/or (iii) received from third parties exclusively where the Data Subject chooses to use features involving interaction with such parties (e.g. social login/account linking).
In particular, the Data Controller may collect, use, store and record the following types of data, as governed by this Privacy Policy:
a) Personal information provided by the Data Subject: the Data Subject may access and browse the TrovaVip Site without necessarily registering. However, to use certain features or digital services of the Site, the Data Subject must register to create an account. During registration, the Data Subject provides an email address and a password, which is stored in protected form using irreversible cryptographic functions (hash) (hereinafter, "Registration Data"). When using TrovaVip services, including creating an artist profile, managing requests and publishing content, the Data Subject may enter specific personal information (such as name, address, email, etc.) and upload materials (e.g. photographs or other content) that may include Personal Data. Furthermore, when the Data Subject subscribes to packages and/or service orders, TrovaVip may collect various types of data: a) contact data: first and last name, username, email address, telephone number, address, date of birth; b) billing and payment data: billing information, card number/circuit, expiry date, name, address, transaction ID, date and time (timestamp), email, and bank details and routing number, for a limited period and based on the payment method.
b) Information provided by the Data Subject during use of the Site: when the Data Subject visits, browses, uses and/or benefits from one of the Site's services, the Controller may automatically collect personal data and technical information relating to use of the Site, such as browsing data, activity paths, page scrolling and most visited sections. In particular, data such as the IP address, information on the device used, operating system, internet browser, and the date and time of access may be collected. The IT systems and software procedures used to operate the Site, also through the use of cookies and similar technologies, acquire information whose transmission is implicit in the use of Internet communication protocols. Such information is not collected with the intent to directly identify the Data Subject, however, through processing or association with data held by third parties, identification may become possible. Data collected in this way is used to ensure the correct functioning of the Site and services, ensure system security, prevent or detect any unlawful activity and carry out statistical analyses of Site usage, including in aggregate or anonymised form. The Data Subject may manage cookie preferences as detailed in the Cookie Policy.
c) Information provided by other sources: TrovaVip may receive personal data relating to the Data Subject from third-party sources, such as email service providers or social network platforms (e.g. Google or others), where the Data Subject chooses to link their account on such platforms to their account on the Site. In this case, the Data Subject may authorise TrovaVip to automatically access certain personal data associated with that account (such as first and last name, profile picture, language or other information made available based on the selected privacy settings). TrovaVip collects, stores and uses such data within the limits of the authorisations granted by the Data Subject and in accordance with the privacy settings selected at third-party providers, as well as in accordance with this Privacy Policy and the privacy policies of those providers.
In general, Personal Data is processed primarily using IT and electronic means, in ways strictly functional to the pursuit of the purposes indicated in this Privacy Policy and in compliance with adequate security measures aimed at ensuring their confidentiality, integrity and availability.
The Controller observes the principle of data minimisation, limiting processing to only the personal data that is relevant and necessary for the specific purposes pursued and adopting, where possible, processing methods that are less intrusive for the Data Subject.
Personal Data provided through the Site is processed by the Controller for the following purposes and on the following legal bases:
a) Performance of contract and provision of services (Art. 6(1)(b) GDPR), including, by way of example: registration and account creation, management of access and Site features, purchase and use of paid services, user support and management of requests;
b) Compliance with legal obligations and protection of the Controller's rights (Art. 6(1)(c) and (f) GDPR), including the management of complaints or disputes, legal defence, and responding to requests from competent judicial or administrative authorities or parties authorised by them;
c) Pursuit of the Controller's legitimate interests (Art. 6(1)(f) GDPR), such as the management, maintenance and security of the Site, provision of administrative and IT services, prevention of fraud and other unlawful activities, as well as testing, collection of aggregate and anonymous statistics, system updates and maintenance, and management of hosting and technical infrastructure;
d) Direct marketing activities, subject to the Data Subject's consent (Art. 6(1)(a) GDPR), such as the sending of promotional communications, newsletters, commercial offers, informational initiatives or advertising material relating to the Site's services, by automated means and/or traditional contact methods. Consent may be withdrawn at any time without prejudice to the lawfulness of processing carried out before withdrawal.
TrovaVip assumes that the data communicated by the Data Subject is truthful and relates to them. Where the Data Subject communicates personal data relating to third parties, the Data Subject declares to be entitled to do so and that such communication complies with the Applicable Legislation. Where the Data Subject uses TrovaVip's services to create and manage content or profiles for their own customers or end users, the Data Subject acts as an independent data controller. In such cases, TrovaVip processes personal data solely to provide the requested technical services and acts as a data processor in accordance with the instructions received. The Data Subject is therefore responsible for providing end users with adequate privacy and cookie information, identifying the legal basis for processing and obtaining any necessary consents, indemnifying and holding TrovaVip harmless from any claims or penalties arising from processing carried out in breach of the Applicable Legislation.
For further information regarding the nature of the processing or the specific legal basis applicable to their personal data, the Data Subject may contact TrovaVip as set out in point 10.
Your Personal Data may be shared, for the purposes specified in point 4, with: a) parties appointed by the Data Controller for the provision of services offered by the Site; b) parties typically acting as data processors, namely: (i) individuals, companies or professional firms providing supply, support and consultancy services to the Data Controller in accounting, administrative, legal or technical matters; (ii) professional collaborators of the Data Controller whose activity is essential for the provision of the Site's services; c) parties, bodies or authorities to whom it is mandatory to communicate your personal data by virtue of provisions of law or orders of the authorities; d) judicial authorities in the exercise of their functions when required by the Applicable Legislation.
The Data Controller may use collaborators, appointed parties and/or data processors (bound by this Privacy Policy, adequate security and confidentiality standards and the obligations set out in the Applicable Legislation) for activities and services such as: (i) creation and development of profiles and content on the Site; (ii) registration of domain names; (iii) hosting and server management; (iv) email management; (v) management and supervision of customer databases; (vi) sending promotional or advertising communications; (vii) payment management and collection; (viii) data archiving and analysis; (ix) prevention and countering of fraud or unlawful activities, IT security and data protection; (x) analysis, management, development and improvement of Site systems, services and features.
With regard to the aforementioned third-party providers, the Data Subject is invited to consult their respective privacy policies in order to obtain detailed information regarding any processing of personal data carried out by them, as well as the related purposes and legal bases.
Personal data collected by the Controller may be processed within the European Union and, where necessary, also in third countries (outside the EU/EEA), such as the United States, including through service providers (e.g. Google LLC). In such cases, the transfer takes place: (i) on the basis of an adequacy decision by the European Commission pursuant to Art. 45(1) GDPR, where the recipient in the United States adheres to and is certified (with active certification) under the EU-U.S. Data Privacy Framework; or (ii) in the absence of such certification, on the basis of the Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Art. 46(2) GDPR, supplemented where appropriate by additional safeguards.
Personal Data will be retained by the Data Controller for the time strictly necessary to pursue the purposes set out in point 4, as well as to fulfil any legal, tax or accounting obligations. In any case, retention will not extend beyond 10 years from the date of the last processing. With regard to marketing activities, personal data will be retained for a maximum period of 24 months from the date of the last processing for such purposes. Technical logs relating to the operation of the Site are retained for a period not exceeding 30 days, while security and access logs are retained for a maximum period of 6 months, subject to further retention, limited to strictly necessary data, where required for incident management, fraud prevention or protection of the rights of the Controller or third parties.
For the purpose of determining the appropriate retention period for personal data, the Data Controller takes into account various criteria, including the quantity, nature and sensitivity of the data processed, the potential risk arising from unauthorised use or disclosure, the purposes pursued through processing and the possibility of achieving those purposes by alternative means, as well as applicable legal requirements.
Once the identified retention period has expired, personal data will be deleted or anonymised, unless further retention is necessary for the pursuit of additional legitimate purposes (e.g. to comply with legal obligations) or until consent is eventually withdrawn, where processing is based on that legal basis.
In exceptional cases, the Controller may retain personal data relating to users included in blocking lists (blacklists) connected to fraudulent conduct or security threats for an indefinite period, solely for the purpose of protecting the Services, the Site and users' personal data. Such lists may be shared, to the extent strictly necessary, with collaborators, processors and authorised parties bound by confidentiality and security obligations, for the purposes of fraud prevention and combating, and strengthening the security of the Services.
In accordance with EU Regulation 679/2016, the Data Subject may exercise the following rights at any time:
1. Right of access, understood as the right to obtain confirmation that their personal data is being collected, processed and retained by the Data Controller. In particular, the Data Subject may access the following information: (i) purposes of processing; (ii) types or categories of personal data; (iii) legal bases for processing depending on the type of data; (iv) parties to whom personal data has been or will be disclosed; (v) retention criteria and period envisaged for each type of data. The Data Subject will also have the right to obtain a written digital copy of the personal data concerning them, upon proving their identity by means of an official identity document, provided this does not adversely affect the rights and freedoms of other persons.
2. Right to erasure and rectification, understood as the right to request the suppression and removal of personal data in the Data Controller's database and the right to request modifications or additions regarding the accuracy and currency of the personal data held by the Controller. The Data Subject may request the deletion of their personal data, which will be erased without undue delay in any of the following cases: (i) personal data is no longer necessary for the purposes for which it was collected and processed; (ii) withdrawal of consent, where processing was based on consent and no other legal basis permits it; (iii) objection to processing without legitimate grounds overriding those for continuing; (iv) unlawful processing of personal data; (v) legal obligation requiring erasure. Erasure affects data in the Controller's systems and its use for future activities and communications; however, it is not possible to guarantee the removal of information already shared or transmitted to third parties (e.g. other users or payment providers), who may retain it for legitimate purposes or legal obligations. The Data Subject may also request rectification of their personal data, following which the Controller will carry out appropriate checks and proceed to complete or update the incomplete personal data concerning them.
3. Right to restriction of processing, understood as the Data Subject's right to obtain from the Controller the suspension of processing of their personal data where: (i) the Data Subject contests the accuracy of the personal data, for the time necessary for the Controller to verify its accuracy; (ii) processing is unlawful and the Data Subject, rather than requesting erasure, asks for use of the data to be restricted; (iii) the personal data, although no longer needed by the Controller for the purposes of processing, is needed by the Data Subject for the establishment, exercise or defence of a legal claim; (iv) the Data Subject has objected to processing, pending verification of whether the Controller's legitimate grounds override those of the Data Subject.
4. Right to data portability, understood as the Data Subject's right to receive the personal data concerning them in a structured, commonly used and machine-readable format (e.g. computer, smartphone) and to have it transmitted to another company where: (i) processing is based on consent or a contract; (ii) processing is carried out by automated means.
5. Right to lodge a complaint with a supervisory authority in the Data Subject's Member State, if they consider that the processing carried out by the Controller is contrary to or violates the Applicable Legislation.
The Data Subject may withdraw their consent to the processing of their personal data at any time; withdrawal does not affect the lawfulness of processing carried out before such withdrawal. To exercise the rights described above, the Data Subject is invited to contact the TrovaVip support team as set out in point 10 of this Privacy Policy.
This Privacy Policy has been in force since 20/02/2026. The Data Controller reserves the right to modify or update its content, in whole or in part, including as a result of changes to the Applicable Legislation. The Data Controller will notify such changes as soon as they are introduced, and they will be binding from the moment they are published on the Site. The Data Controller therefore invites regular visits to this section to stay informed of the most recent and updated version.
The Data Controller is Mediainfo S.r.l., a company incorporated under Italian law with registered office at Via Castello 13, 36050, Monteviale (VI), Italy, VAT No. 04323530248.
To exercise the rights described above or for any other request, the Data Subject may write to the TrovaVip privacy support team at the following email address: info@trovavip.it.
The processing of personal data is carried out by adopting adequate technical and organisational measures, preventive and proportionate to the risk, aimed at protecting data from destruction or loss, even accidental, from unauthorised access, as well as from unlawful processing or processing that does not comply with the purposes for which it was collected. The security system adopted by the Controller includes, in particular: the register of personal data processing activities; the regulation of access reserved for authorised personnel according to the specific purposes; the assessment of risks associated with processing; the identification of measures to ensure confidentiality, integrity and availability of data; and the definition of procedures for restoring data in the event of destruction or damage.
The Data Controller uses cookies to collect certain Personal Data. Further details on the use of cookies and similar technologies are available in the dedicated section of the Site.