TROIANI

Privacy Policy

Last updated: February 27, 2026

1. Data Controller

The data controller is Troiani S.A.S., registered office at Via Zire 13, 33010 Magnano in Riviera (UD), Italy. VAT: IT01558880306. Email: info@cagliotroiani.com. PEC: pectroiani@pec.it. Tel: +39 0432 785665.

2. Data Collected

We collect the following personal data depending on how you interact with our platform:

2.1 Registration data

  • Full name
  • Email address
  • Password (stored in encrypted form)
  • Italian Tax Code (Codice Fiscale)
  • Address (optional for private users)

2.2 Business data (business accounts)

  • Company name
  • VAT number
  • SDI code (for electronic invoicing)
  • Certified email (PEC)
  • Full business address

2.3 Purchase data

  • Order details and purchased products
  • Shipping address
  • Billing information
  • Payment data (managed by Stripe, not stored on our servers)

2.4 Technical data

  • IP address
  • Browser type and device
  • Browsing data (technical session cookies)

3. Purpose of Processing

  • Service delivery: account management, order processing, shipping, and customer support.
  • Electronic invoicing: invoice generation through Fatture in Cloud, as required by Italian law.
  • Transactional communications: order confirmations, shipping updates, invoice delivery.
  • Security: account protection, fraud prevention, administrative activity logging.
  • Legal obligations: tax and accounting requirements under applicable regulations.

4. Legal Basis

  • Contractual performance (Art. 6.1.b GDPR): processing necessary for order management and service delivery.
  • Legal obligation (Art. 6.1.c GDPR): compliance with tax and electronic invoicing obligations.
  • Legitimate interest (Art. 6.1.f GDPR): platform security and fraud prevention.
  • Consent (Art. 6.1.a GDPR): for any processing not strictly necessary for service delivery.

5. Third-Party Services

We use the following third-party providers, each with their own privacy policy:

  • Stripe (Stripe Inc., USA): online payment processing. Credit card data is handled directly by Stripe and never passes through our servers. Stripe is PCI DSS Level 1 certified.
  • Fatture in Cloud (TeamSystem S.p.A., Italy): electronic invoice generation and delivery.
  • Supabase (Supabase Inc., USA): secure storage of PDF documents (invoices, product certifications).
  • Amazon SES (Amazon Web Services, USA): transactional email delivery (order confirmations, invoices, password resets).
  • Vercel (Vercel Inc., USA): web platform hosting.

Data transfers to the USA are carried out in compliance with the EU-US Data Privacy Framework or through Standard Contractual Clauses (SCCs).

6. Data Retention

  • Account data: retained for the duration of the account and deleted upon user request.
  • Order and invoice data: retained for 10 years as required by Italian tax regulations.
  • Session and log data: retained for a maximum of 12 months.

7. Your Rights

Under EU Regulation 2016/679 (GDPR), you have the right to:

  • Access your personal data
  • Request rectification of inaccurate data
  • Request erasure of your data ("right to be forgotten")
  • Restrict processing
  • Request data portability
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, contact: info@cagliotroiani.com or write to Troiani S.A.S., Via Zire 13, 33010 Magnano in Riviera (UD), Italy.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali - www.garanteprivacy.it).

8. Security

We adopt appropriate technical and organizational measures to protect personal data, including: password encryption (bcrypt), HTTPS connections, HttpOnly and Secure session cookies, access rate limiting, and administrative activity monitoring.