Pursuant to arts. 12 and 13 of EU Regulation No. 679/2016 (GDPR)
MEDIAINFO SRL, with registered office in Via Castello 13, 36050, Monteviale (Vi) and VAT No. 04323530248, (hereinafter, the "Data Controller" or also "TrovaVip"), in accordance with EU Regulation 679/2016, applicable from 25 May 2018 - General Data Protection Regulation ("GDPR") - and Legislative Decree No. 196 of 30 June 2003, known as the "Privacy Code" (hereinafter collectively the "Applicable Legislation"), recognizes the central importance of personal data protection, considering it one of the essential and priority purposes of its activity.
This Privacy Policy (hereinafter also "Privacy Policy") applies to the website available at the URL www.trovavip.it (hereinafter, the "Site") and does not concern other sites belonging to the Data Controller or websites that may be reachable via external links. It constitutes information provided pursuant to art. 13 of the Applicable Legislation to users who interact with the Site.
This Privacy Policy, together with the provisions of the Terms and Conditions, applies to the data subject (hereinafter "Data Subject/s") when they: (i) browse the Site; (ii) register and use the services made available on the Site; and/or (iii) use the contracting tools available on the platform.
Before providing any personal data, the Data Controller recommends a careful reading of this Privacy Policy, which clearly illustrates the methods of data processing and protection as well as the rights of the Data Subject.
The Data Controller for data relating to the Site is MEDIAINFO SRL, with registered office at Via Castello 13, 36050, Monteviale (Vi), VAT No. 04323530248, in the person of its pro tempore legal representative. Personal data collected through the Site is processed at the Data Controller's registered office.
The term "Personal Data" refers to any information relating to an identified or identifiable natural person. The Personal Data processed by TrovaVip can be: (i) provided directly by the Data Subject; (ii) collected automatically during the use of the Site; and/or (iii) generated as part of the contracting process between users and artists via the platform.
In particular, the Data Controller collects the following types of data, distinguished by subscriber category:
(i) Personal data provided by the Data Subject
a) Users
During registration, the following are collected: name, surname, e-mail address, mobile phone number. The phone number is used exclusively for OTP (SMS) verification and account management. No identity documents are required.
b) Artists and VIPs
During registration, the following are collected: name and surname, e-mail address, phone number, professional information entered in the profile (biography, photographs, videos, rates, availability, links to social profiles).
Solely for the purpose of identity verification, the upload of a valid identity document (ID card, passport or driving licence) is required. To ensure maximum protection of your data, the verification process is designed to take place entirely on your device (computer, smartphone or tablet), without the document ever being sent or saved on our servers. Verification takes place exclusively locally, in the user's browser cache, via our automated system. Once verification is complete, the document file is automatically and permanently deleted from your browser's temporary memory, and is neither accessible nor stored by TrovaVip or third parties in any form.
c) Agencies
During registration, the following are collected: trade name, company name, VAT number, data of the legal representative, e-mail address, phone number.
Solely for verification purposes, the upload of a valid identity document (ID card, passport or driving licence) for the legal representative of the legal entity owning the agency and the upload of an updated company registration report are required. Also in this case, verification takes place exclusively locally in the browser cache and the document is never transmitted or saved on the Platform's servers, being automatically deleted at the end of the procedure.
For the purpose of payment management, billing data (company name, VAT number, billing address) as well as data relating to the payment method used may be collected and processed. The processing of payment data takes place via certified third-party payment providers. TrovaVip does not store credit card data or other payment instruments, which are managed exclusively by the payment provider.
(ii) Navigation data
The platform's IT systems acquire, during their normal operation, some data whose transmission is implicit in the use of internet communication protocols (IP addresses, browser type, operating system, pages visited, access times). Although such data is not collected with the intent to directly identify the Data Subject, it could still allow identification through processing or association with data held by third parties.
(iii) Data relating to contracting
The platform offers users the possibility to stipulate pre-filled contracts or to upload and sign their own contracts using digital signature tools, also by availing themselves of third-party services (e.g. DocuSign or equivalents). In this context, the identifying data of the signing parties (name, surname, Tax Code, VAT number, residential address, certified e-mail address and e-mail address) may be processed for the purpose of formalising the contractual relationship. TrovaVip neither manages nor intermediates any payment between the parties.
Personal Data is processed primarily using IT and electronic tools, in ways strictly functional to the pursuit of the purposes indicated in this Privacy Policy and in compliance with adequate security measures.
privacy_sec3_text2
Personal Data provided through the Site is processed by the Controller for the following purposes:
privacy_sec4_i_titleprivacy_sec4_i_text
privacy_sec4_ii_titleprivacy_sec4_ii_text
privacy_sec4_iii_titleprivacy_sec4_iii_text
privacy_sec4_iv_titleprivacy_sec4_iv_text
privacy_sec4_v_titleprivacy_sec4_v_text
privacy_sec4_vi_titleprivacy_sec4_vi_text
Your Personal Data may be shared, for the purposes specified in point 4, with:
a) parties appointed by the Data Controller for the provision of services offered by the Site;
b) parties typically acting as data processors, namely: (i) providers of hosting and technical infrastructure services; (ii) providers of digital signature services for contracting between users and artists (e.g. DocuSign or equivalents), who process the data of the signing parties according to their own privacy policies; (iii) payment service providers for the management of the Agencies' annual subscriptions; (iv) security and backup service providers; (v) professionals and consultants of the Controller;
c) parties, bodies or authorities to whom it is mandatory to communicate personal data by virtue of provisions of law;
d) judicial authorities in the exercise of their functions.
The Data Controller does not sell, assign or transfer personal data to third parties for their own marketing purposes. With reference to third-party digital signature and payment services, the Data Subject is invited to consult the respective privacy policies in order to obtain detailed information on the processing carried out by such providers.
Personal data collected by the Controller is processed primarily within the European Union. Where necessary, for the use of specific technical services (e.g. digital signature services), data may be transferred to third countries (outside the EU/EEA). In such cases, the transfer takes place: (i) on the basis of an adequacy decision by the European Commission pursuant to Art. 45(1) GDPR; or (ii) on the basis of the Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Art. 46(2) GDPR, supplemented where appropriate by adequate additional measures.
Personal Data will be retained by the Data Controller for the time strictly necessary to pursue the purposes indicated in point 4, as well as to fulfil any legal obligations. In any case, retention will not extend beyond 10 years from the last processing carried out.
With regard to identity documents and company registration reports, as indicated in point 2, verification takes place exclusively locally in the browser cache. Documents are never transmitted or stored on the platform's servers and are automatically deleted from the cache at the end of the verification procedure. Therefore, no retention period is applicable by the Controller.
In the case of profiles deactivated for failure to renew annually, the artist's profile is deactivated but not deleted. Profile data is retained for a maximum period of 36 months from deactivation to allow the member to renew at any time. After this period, in the absence of renewal or a request for deletion, the data will be automatically deleted or irreversibly anonymised. In the event of a request for definitive deletion by the data subject, the data will be deleted without undue delay.
Technical logs relating to the operation of the Site are retained for a period not exceeding 30 days. Security and access logs are retained for a maximum period of 6 months.
Finally, profiling data is retained for a maximum period of 24 months from the last processing or until consent is withdrawn.
Once the identified retention period has expired, personal data will be deleted or anonymised.
In accordance with EU Regulation 679/2016, the Data Subject may exercise the following rights at any time:
1. Right of access: the Data Subject has the right to obtain confirmation as to whether their personal data is being processed by the Controller and to access information relating to purposes, categories of data, recipients, criteria and retention periods.
2. Right to rectification: the Data Subject has the right to request the correction or completion of inaccurate or incomplete personal data concerning them.
3. Right to be forgotten: the Data Subject has the right to request the erasure of their personal data in the cases provided for by law, without prejudice to retention obligations established by law.
4. Right to restriction of processing: the Data Subject has the right to obtain the suspension of the processing of their personal data in the cases provided for by law.
5. Right to data portability: the Data Subject has the right to receive their personal data in a structured, commonly used and machine-readable format, as well as to transmit it to another controller, where technically feasible.
6. Right to object: the Data Subject has the right to object to the processing of their personal data carried out on the basis of the Controller's legitimate interest.
7. Right to withdraw consent: the Data Subject may withdraw their consent at any time; withdrawal does not affect the lawfulness of processing carried out before it.
8. Right to lodge a complaint: the Data Subject has the right to lodge a complaint with the Supervisory Authority for the protection of personal data.
To exercise the rights described above, the Data Subject is invited to contact TrovaVip according to the procedures indicated in point 10.
This Privacy Policy is effective from 25/04/2026. The Data Controller reserves the right to modify or update its content, in whole or in part, including as a result of changes in the Applicable Legislation. Substantial updates will be communicated to members by email or notification on the platform. The Data Controller invites you to visit this section regularly to become aware of the most updated version.
The Data Controller is MEDIAINFO SRL, a company incorporated under Italian law with registered office at Via Castello 13, 36050, Monteviale (VI), Italy, VAT No. 04323530248.
To exercise the rights described above or for any other request, the Data Subject may write to the following email address: Click to reveal e-mail.
The processing of personal data is carried out by adopting adequate technical and organisational measures, preventive and proportionate to the risk, aimed at protecting data from destruction or loss, even accidental, from unauthorised access, as well as from unlawful processing or processing that does not comply with the purposes for which it was collected. The security system adopted by the Controller includes, in particular: the register of personal data processing activities; the regulation of access reserved for authorised personnel according to the specific purposes; the assessment of risks associated with processing; the identification of measures to ensure confidentiality, integrity and availability of data; and the definition of procedures for restoring data in the event of destruction or damage.
The Data Controller uses cookies to collect certain Personal Data. Further details on the use of cookies and similar technologies are available in the dedicated section of the Site.