BYLO Group
IT
Legal

Privacy Policy

Last updated:

⚠ Draft: Document under review by our legal counsel. Final version coming soon.

This privacy policy describes how TOMMY BY S.R.L. ("we", "us") processes personal data collected through the website tommy.bylogroup.it, in compliance with EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended.

1. Data controller

The data controller for the personal data processed through this site is TOMMY BY S.R.L., with registered office at Via A. Brunetti 14, 20156 Milano, VAT no. 14194470960.

Contact for privacy matters: privacy@bylogroup.it · +39 02 334 90 890 · PEC: tommybysrl@legalmail.it

2. Categories of personal data collected

We may collect the following categories of personal data:

  • Identification and contact data (name, surname, email, phone) provided when you contact us via email, WhatsApp or telephone.
  • Browsing data automatically collected by the site (IP address, browser type, pages visited, timestamps) — see the section on cookies.
  • Communication content (text of emails or messages you send us).

3. Purposes and legal basis

We process your data for the following purposes:

  • To respond to your requests for information, quotes or services (legal basis: pre-contractual measures at your request, art. 6.1.b GDPR).
  • To fulfil our legal and tax obligations (legal basis: legal obligation, art. 6.1.c GDPR).
  • To ensure security of the website and prevent fraud (legal basis: legitimate interest, art. 6.1.f GDPR).
  • For aggregated, anonymous statistical analysis of website usage (legal basis: consent, art. 6.1.a GDPR — only if you accept analytics cookies).

4. Data retention

Personal data is kept only for the time strictly necessary to achieve the purposes for which it was collected, and in any case no longer than: 24 months for commercial communications without a follow-up contract, 10 years for accounting/tax data as required by Italian law, the duration of the contract plus 10 years for client data.

5. Recipients and processors

Your data may be shared with the following categories of recipients:

  • IT service providers (hosting, email, analytics) acting as data processors under art. 28 GDPR.
  • Professional consultants (accountants, lawyers) when required for legal or tax obligations.
  • Public authorities when required by law.

A complete and updated list of data processors is available upon request to the controller.

6. Transfers outside the EU

Some of our service providers (e.g. hosting, analytics) may process data in countries outside the European Economic Area. In such cases, transfers are protected by Standard Contractual Clauses approved by the European Commission or by other legal mechanisms provided by the GDPR.

7. Your rights

Under articles 15-22 GDPR, you have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten") in the cases provided by law.
  • Restrict processing in the cases provided by law.
  • Object to processing based on legitimate interest.
  • Data portability (in machine-readable format).
  • Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

To exercise your rights you can write to privacy@bylogroup.it .

8. Cookies

For detailed information on the cookies used by this site and to manage your preferences, see the Cookie Policy.

9. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of this page indicates the date of the latest revision. We invite you to consult this page periodically.