Privacy & Cookies Policy

Last updated: 8 July 2025

This Policy explains how TrolMaster Europe SRL (“TrolMaster”, “we”, “our”) processes your personal data and uses cookies when you visit trolmaster.eu (“Site”). It complies with:

• EU General Data Protection Regulation (GDPR 2016/679)

• EU e-Privacy Directive 2002/58/EC and its Italian implementation (Legislative Decree 196/2003 & 101/2018)

• Italian Data-Protection Authority (Garante) Cookie Guidelines, 10 June 2021

• EDPB Cookie Banner Task-force Report (January 2023)

 

1. Controller & Contact Details

• Company: TrolMaster Europe SRL

• Address: S.S. Cassia Nord KM 88,200, 01100 Viterbo (VT), Italy

• Email: sales@trolmaster.eu

• Website: https://trolmaster.eu

• Supervisory Authority: Garante per la Protezione dei Dati Personali (https://www.garanteprivacy.it/)

 

2. Key GDPR Definitions

• Personal Data: Information relating to an identified or identifiable person.

• Processing: Any operation on personal data (collection, storage, use, etc.).

• Controller: Entity that decides why and how data are processed (TrolMaster).

• Processor: Third party processing data on our behalf (e.g., hosting provider).

• Cookie: Small text file stored on your device that holds information.

 

3. How We Collect Personal Data

1. Directly from you – account registration, contact forms, newsletter sign-ups, orders.

2. Automatically – server logs, cookies, pixel tags, analytics events.

3. From third parties – payment gateways, social-media plugins, advertising networks.

 

4. What Data We Process, Why, and for How Long

4.1 Site-Usage Data

• Typical items: IP address, browser type, pages visited, timestamps.

• Purpose: Operate Site, maintain security, detect fraud.

• Legal basis: Legitimate interest (GDPR Art. 6 (1)(f)).

• Retention: 12 months.

4.2 Account Data

• Typical items: Name, email, password hash.

• Purpose: Create and manage your account.

• Legal basis: Contract (Art. 6 (1)(b)).

• Retention: Until account deletion + 6 years (legal obligations).

4.3 Order & Payment Data

• Typical items: Billing address, VAT ID, transaction details.

• Purpose: Fulfil purchases and comply with tax law.

• Legal basis: Contract & legal obligation (Art. 6 (1)(b)(c)).

• Retention: 10 years.

4.4 Marketing Preferences

• Typical items: Email address, opt-in status, consent timestamp.

• Purpose: Send newsletters and promotions.

• Legal basis: Consent (Art. 6 (1)(a)).

• Retention: Until consent is withdrawn.

4.5 Support Correspondence

• Typical items: Emails, chat transcripts, attachments.

• Purpose: Resolve enquiries and disputes.

• Legal basis: Legitimate interest (Art. 6 (1)(f)).

• Retention: 24 months.

4.6 Job Applications

• Typical items: CV, covering letter, contact details.

• Purpose: Recruitment process.

• Legal basis: Pre-contractual steps (Art. 6 (1)(b)).

• Retention: 6 months (longer only with explicit consent).

We do not engage in automated decision-making that produces legal or similarly significant effects.

 

5. Cookies & Similar Technologies

5.1 What Are Cookies?

Cookies are small files set on your device by websites or third parties. Under the e-Privacy Directive, any cookie that is not strictly necessary requires prior, explicit, opt-in consent.

5.2 Cookie Categories We Use

Strictly Necessary Cookies

• Examples: PHPSESSID, load-balancer token.

• Purpose: Enable core Site functions and security.

• Consent required? No.

Preference Cookies

• Examples: lang, contrast_mode.

• Purpose: Remember your language or accessibility settings.

• Consent required? Yes.

Analytics Cookies

• Examples: _ga, _gid (Google Analytics 4, IP anonymised).

• Purpose: Measure traffic and improve user experience.

• Consent required? Yes.

Marketing / Retargeting Cookies

• Examples: fbp, ads/ga-audiences.

• Purpose: Serve personalised ads across platforms.

• Consent required? Yes.

The exact list may evolve; both the banner and this Policy are updated accordingly.

5.3 Cookie Banner & Consent Management

• On first visit you see a banner explaining each category in plain language.

• Buttons provided: “Accept all”, “Reject non-essential”, and “Customise” (all boxes unticked by default).

• Your choice is stored for 12 months, unless you delete cookies or change settings.

• You may revisit “Cookie Settings” in the footer at any time to modify or withdraw consent.

5.4 Browser Controls

Most browsers let you block or delete cookies (e.g., Chrome → Settings → Privacy & Security → Cookies). Blocking strictly necessary cookies may impair Site functionality.

5.5 Other Trackers

Pixel tags, local storage, or SDKs are used only in line with the consent you give for the corresponding cookie category.

 

6. Third-Party Processors & Recipients

Hosting & CDN

• Provider: AWS Europe (Frankfurt).

• Safeguards: EU data-centres; Data-Processing Agreement (DPA) in place.

Payment Processing

• Provider: Stripe Payments Europe Ltd.

• Safeguards: PCI-DSS Level 1; Standard Contractual Clauses (SCCs) for any transfers.

Email Marketing

• Provider: Mailchimp (Intuit Inc.).

• Safeguards: SCCs; processing occurs only with your marketing consent.

Analytics

• Provider: Google Analytics 4.

• Safeguards: IP anonymisation; EU data-sharing disabled.

Advertising

• Providers: Meta Ads, Google Ads.

• Safeguards: Activated only if you accept marketing cookies.

Customer Support

• Provider: Zendesk Inc.

• Safeguards: SCCs; processor agreement in place.

We never sell or rent your personal data.

 

7. International Transfers

• Adequacy decisions (GDPR Art. 45) or

• Standard Contractual Clauses (GDPR Art. 46)
  are used for any transfers outside the EEA/UK. Additional technical and organisational measures—such as encryption and strict access controls—are applied where needed.

 

8. Data Security

• TLS 1.3 encryption for data in transit.

• AES-256 encryption for data at rest.

• ISO 27001-certified hosting environment.

• Role-based access controls and multi-factor authentication.

• Quarterly vulnerability scans and annual penetration tests.

• Formal incident-response plan.

 

9. Data Retention

We retain personal data only as long as necessary for the purposes outlined in Section 4 or to meet legal, contractual, or statutory obligations (e.g., tax, accounting, warranty, dispute-resolution).

 

10. Your GDPR Rights

1. Access your data.

2. Rectify inaccuracies.

3. Erase data (“right to be forgotten”).

4. Restrict processing.

5. Object to processing based on legitimate interests or direct marketing.

6. Port your data (receive it in a structured, machine-readable format).

7. Withdraw consent at any time (affects future processing only).

How to exercise these rights: Email sales@trolmaster.eu or write to our postal address. We may request proof of identity to prevent unauthorised disclosure.

10.1 Right to Complain

You may lodge a complaint with the Garante per la Protezione dei Dati Personali or with your local supervisory authority.

 

11. Children’s Privacy

Our services are not directed to children under 16. We do not knowingly process such data. If you believe a child has provided us personal information, please contact us and we will delete it promptly.

 

12. Changes to This Policy

We may update this Policy to reflect legal, technical, or business changes. Material changes will be announced via banner or, where appropriate, by email. The “Last updated” date shows the most recent revision.

 

13. Contact

Data-Protection Contact
TrolMaster Europe SRL
S.S. Cassia Nord KM 88,200
01100 Viterbo (VT), Italy
sales@trolmaster.eu