Privacy Policy


Last update: January 15, 2024

Pursuant to the provisions of Article 13 of the European Union Regulation No. 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter also referred to as GDPR and subsequent amendments), Toriello LSN provides the necessary information regarding the processing of personal data provided.


The Data Controller is: Toriello LSN, represented by its legal representative pro tempore, located at Via XX Settembre, 14/14, 16121 Genova, Italy email:, hereinafter referred to as “Data Controller” or “Controller”.


Toriello LSN may process the following categories of user’s personal data:

Personal data: any information identified or identifiable, directly or indirectly, relating to an individual, including a personal identification number, general identification data, or personal data that allows direct identification (e.g., name, VAT number, address, email address, telephone number, etc.) – see art. 4, para. 1, n. 1 GDPR.

Navigation data: the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its nature – through processing and association with data held by third parties – may identify users. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URIs (Uniform Resource Identifiers) of requested resources, request time, method used to submit the request to the server, size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and computer environment. These data are used only to obtain anonymous statistical information on site use and to check its correct functioning and are deleted immediately after processing.

System logs: for operational and maintenance needs, this platform and all third-party services it uses may collect system logs, which are files that record interaction and may also contain personal data, such as the IP address.

“Processing” means any operation or set of operations performed on personal data or sets of personal data, even with automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Data Subject” means an identified or identifiable natural person.


For data and cookies collected automatically, the legal basis is the legitimate interest of the controller, and the purpose is to ensure and improve the web browsing experience. (Legitimate interest) For data voluntarily provided by the user and for other purposes, the legal basis is consent. In particular, your data will be used by Toriello LSN to allow your registration on the site and to send you newsletters, communications, and/or non-personalized advertising material about products or services offered by us via email, SMS, chat, and to detect the degree of satisfaction with the quality of services. (Newsletter).

Consent to the processing of these data is optional, and refusal to process will not prevent the use of services offered by Toriello LSN.

We inform you that some activities may be carried out through suppliers, appointed as processors specifically appointed, even residing outside the European Union.


The processing of personal data is carried out using the operations indicated in Art. 4, No.

2 of GDPR 2016/679, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


Your personal data is processed, without your explicit consent, pursuant to Art. 6 letters a), c), d), e), f) GDPR 2016/679, for the following purposes:

  • The data subject has given consent to the processing of their personal data for one or more specific purposes;
  • To comply with obligations under the law, European Union legislation, regulations, or an order of the Authority;
  • Processing is necessary for the performance of a legal obligation to which the data controller is subject;
  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Processing is necessary for the purposes of the legitimate interests pursued by the data controller or by third parties.


Your personal data will not be disclosed but may be communicated where necessary for the provision of the service to third parties appointed, if necessary, as Data Processors by Toriello LSN for technical or organizational tasks instrumental to the provision of services.

An updated list of the data processors and persons in charge of processing can always be requested from the data controller.

The right to communicate to third parties remains reserved if you have given specific and optional consent.


The personal data provided can be communicated to recipients, appointed pursuant to Art. 28 of the EU Reg. 2016/679, who will process the data as processors and/or natural persons acting under the authority of the owner and manager, for the purpose of fulfilling contracts or related purposes. More precisely, the data can be communicated to recipients belonging to the following categories:

  • Employees and collaborators of the Controller, in their capacity as persons in charge and/or internal data processors and/or system administrators, in Italy and abroad without involving data transfer;
  • Third-party companies or other entities performing outsourcing activities on behalf of the Controller, in their capacity as external data processors.


Toriello LSN, in compliance with the principles of lawfulness, purpose limitation, and data minimization, pursuant to Art. 5 of the GDPR, retains your data for a period of time not exceeding the achievement of the purposes for which they are processed and/or as necessary for legal obligations. Periodic checks on the obsolescence of data stored in relation to the purposes for which they were collected are carried out.


Regarding navigation data, the user is free to provide personal data. Fields marked with * are mandatory for registration. Their absence makes it impossible to register.


Personal data will be processed by Toriello LSN within the territory of the European Union.

Should it be necessary to communicate the data subject’s data outside the European Union, for the purposes indicated in this Privacy Policy, or should it be necessary to transfer some of the data collected to technical systems and services managed in the cloud and located outside the European Union area, the processing will be regulated in accordance with the provisions of Chapter V of the Regulation (GDPR) and authorized based on specific decisions of the European Union. The processing of data will therefore be guaranteed by: a) the decision of adequacy of such third country, as published by the European Commission; b) adequate guarantee provided by the third recipient pursuant to Art. 46 of the Regulation, in particular, through the application of binding corporate rules, the so-called Corporate Binding Rules (BCR), or standard data protection clauses approved by the Commission.


Under the GDPR, you can exercise certain rights towards the Controller, such as obtaining the deletion of your data (right to be forgotten), limitation, updating, correction, portability, and opposition to the processing of your personal data. More specifically, you can exercise the following rights provided by Articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR:

  • Request the data controller to access personal data (Article 15), i.e., confirmation of whether or not personal data processing is taking place and, in this case, access to the data;
  • Request the data controller for a correction (Article 16), to obtain correction and/or integration of incorrect personal data concerning you;
  • Ask the data controller to delete them (Art. 17) or obtain the deletion of data concerning you without undue delay;
  • Ask the data controller to limit the processing concerning you (Article 18), i.e., obtain confirmation that the processing of personal data is limited to what is necessary for storage purposes;
  • Have data portability (Article 20), which is to obtain, in a structured and readable format, your personal data;
  • Oppose their processing (Article 21) or, at any time, oppose, for any reason related to your particular situation, the processing of data;
  • Rights related to automated decision-making processes (Article 22), i.e., the right not to be subject to a decision based solely on automated data processing without your explicit consent;
  • Cancel (Article 17), i.e., the right to obtain, in the cases provided for by the Regulation, the deletion of user’s personal data. Furthermore, at any time, it is possible to revoke the consent on which the treatment carried out, on reaching the consent to the treatment, is based.

The data subject has the right to lodge a complaint with the Supervisory Authority (Article 77) for the protection of personal data (


Pursuant to Art. 33 of the GDPR in case of a data breach, the data controller must without undue delay and, where feasible, no later than 72 hours after having become aware of it, notify the personal data breach to the competent Supervisory Authority pursuant to Article 55, unless it is unlikely that the personal data breach presents a risk to the rights and freedoms of natural persons. The data controller provides a description of the nature of the data breach, including the number of data subjects and categories of data concerned. The name and address of the data protection officer must also be indicated. If the notification to the supervisory authority is not made within 72 hours, it must be accompanied by reasons for the delay.


Any request for information or clarifications or exercise of rights can be addressed to the Data Controller by sending:

Furthermore, you always have the right to file a complaint with the Authority for the protection of personal data, which can be contacted at or through the website


If you have given your consent to receive commercial communications, the processing of your data may be carried out to send promotional communications or newsletters by email or other informational content related to the website.

The consent of the data subject, expressed in accordance with this information, constitutes a legal basis. The data subject has the right to provide personal data; however, in the absence of such data, it will not be possible to carry out any marketing activities. The personal data thus processed are stored as long as the data subject does not withdraw their consent.


The Controller reserves the right to modify, update, add or remove parts of this privacy notice at its discretion and at any time. The data subject should periodically check for changes. To facilitate the review of the notice, a mention of the update date of the information should be included. The use of the site, after the publication of the changes, will constitute acceptance of the same.