Privacy Policy

Privacy Policy

This privacy policy is intended to provide all the information on the processing of personal data carried out by Boniviri when the User accesses and navigates this site (as better indicated below).

1. INTRODUCTION - WHO ARE WE? 

BONIVIRI SOCIETÀ BENEFIT A RESPONSABILITÀ LIMITATA with registered office in Catania – Via Etnea n. 29, 95124, VAT number 05761460871 (hereinafter, the “ Data Controller ”), owner of the website https://www.boniviri.com/ (hereinafter, the “ Site ”), as data controller of the personal data of users who browse the site (hereinafter, the “ Users ”) provides the following privacy policy pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, the “ Regulation ” or “ Applicable Legislation ”).

 

2. HOW TO CONTACT US? 

The Data Controller takes the right to privacy and personal data protection of its Users very seriously. For any information regarding this privacy policy, Users may contact the Data Controller at any time using the following methods:

• By sending a registered letter with return receipt to the registered office of the Data Controller: Via Etnea n. 29, 95124 Catania ;

• By sending an email to: info@boniviri.com ;

The Data Controller has not designated a Data Protection Officer (DPO), as it is not subject to the designation requirement set forth in Article 37 of the Regulation.

3. WHAT DO WE DO? – PURPOSE OF DATA PROCESSING

By browsing the Site, the User can purchase the owner's products, request a quote, purchase Gift Cards, publish reviews of the purchased products (hereinafter, " Services "), contact the owner through the appropriate form or through the other contacts indicated on the site .

In relation to the activities that can be carried out through the Site, the Data Controller collects personal data relating to Users.

This Site and any services offered through the Site are reserved for individuals who are at least eighteen years of age. The Data Controller therefore does not collect personal data relating to individuals under the age of 18. Upon request from Users, the Data Controller will promptly delete all personal data inadvertently collected relating to individuals under the age of 18. 

In particular, the Users' personal data will be lawfully processed by the Data Controller for the following processing purposes:

1. provision of the Services , or (i) to allow navigation of the Site, (ii) to allow the User to register, creating a personal account and access through the email and password selected by the same, (iii) to purchase the Services, in compliance with the Terms and Conditions of the Site, which are accepted by the User during registration on the Site and (iv) to publish reviews of the purchased products - possibly also containing the name and surname of the User - publicly visible on the Site. The user data collected by the Data Controller for the purposes of any registration on the Site include: personal data, contact data (email and telephone number), access credentials, billing data of the User, additional information communicated by the User, as well as personal data whose transmission is implicit in the use of Internet communication protocols, which the computer systems and software procedures used to operate the Site acquire during their normal operation (IP addresses or domain names of computers used by Users, URI - Uniform Resource Identifier addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server - e.g. successful, error, etc. - and other parameters relating to the operating system and the User's IT environment).

2. Processing User contact/information requests: Users' personal data is collected and processed by the Data Controller solely for the purpose of processing their requests. The User data collected by the Data Controller for this purpose includes name, contact information (email and telephone number), and any additional information voluntarily provided by the User in their request and/or in subsequent exchanges . No other processing will be performed by the Data Controller in relation to Users' personal data.

3. administrative-accounting purposes , or to carry out organizational, administrative, financial and accounting activities, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations;

4. legal obligations , or to fulfill obligations established by law, by an authority, by a regulation or by European legislation.

Without prejudice to what is provided elsewhere in this privacy policy, under no circumstances will the Data Controller make the Users' personal data accessible to other Users and/or third parties.

Providing personal data for the processing purposes indicated above is optional but necessary, as failure to provide such data will make it impossible for the User to browse the Site, register on the Site, and use the services offered by the Data Controller on the Site.

The data whose provision is mandatory for the purposes above are indicated with an asterisk in the relevant collection forms.

4. FURTHER PROCESSING PURPOSES 

1. Marketing (sending newsletters with advertising information, direct sales and commercial communications)

Some of the User's personal data ( i.e., name, surname, email address , and telephone number ) may also be processed by the Data Controller for marketing purposes (sending newsletters with advertising information , direct sales, and commercial communications), or so that the Data Controller can contact the User by post, email, telephone (landline and/or mobile, with automated calling or call communication systems with and/or without the intervention of an operator) and/or SMS and/or MMS to propose to the User the purchase of products and/or services offered by the Data Controller and/or third-party companies, or to present offers, promotions, and commercial opportunities.

Failure to provide consent will not affect your ability to register on the Site in any way.

In case of consent, the User may revoke it at any time by making a request to the Data Controller using the methods indicated in the following paragraph 8 .

 

The User may also easily opt out of receiving further promotional communications via email by clicking on the appropriate link to revoke consent, which is included in each promotional email . Once consent has been revoked, the Data Controller will send the User an email to confirm that consent has been revoked. If the User wishes to withdraw his/her consent to the sending of promotional communications by telephone, but continues to receive promotional communications by e-mail , or vice versa, please send a request to the Data Controller using the methods indicated in the following paragraph 8 .

The Data Controller informs that, following the exercise of the right to object to the sending of promotional communications via email , it is possible that, for technical and operational reasons (e.g., contact lists already completed shortly before the Data Controller receives the request to object), the User continues to receive some additional promotional messages. If the User continues to receive promotional messages after 24 hours have passed since exercising the right to object, please report the problem to the Data Controller using the contact details indicated in the following paragraph 8 .

2. Commercial communications about products and/or services similar to those purchased (so-called Soft Spam)

The Data Controller may send Users who have purchased the Services, without requesting their consent, commercial communications, exclusively (i) via email and (ii) relating to services similar to those already purchased , or belonging to the same product category. It will be possible to object at any time, easily and free of charge, to further sending of such communications by means of the automated unsubscribe links present in the Data Controller's communications, as well as using the ordinary methods indicated in the following paragraph 8 .

In this case, this processing purpose will be pursued by the Data Controller without the need to obtain the User's consent, in accordance with the exemption provided for by Article 130, paragraph 4, of Legislative Decree no. 196/2003, without prejudice to the aforementioned possibility for the User to easily object.

5. LEGAL BASIS 

Provision of Services (as described in the previous paragraph 3, letter a ): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, meaning that the processing is necessary for the performance of a contract to which the User is party or for the implementation of pre-contractual measures taken at the User's request.

Handling of User contact/information requests (as described in the previous paragraph 3, letter b ): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, as the processing is necessary for the performance of a contract and/or the implementation of pre-contractual measures taken at the User's request.

Administrative and accounting purposes (as described in paragraph 3, letter c) above ): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, as the processing is necessary for the performance of a contract and/or the implementation of pre-contractual measures taken at the User's request.

Legal obligations (as described in paragraph 3, letter d) above ): the legal basis is Article 6, paragraph 1, letter c) of the Regulation, as the processing is necessary for compliance with a legal obligation to which the Data Controller is subject.

Additional processing purposes : For processing related to marketing activities (as described in section 4.1 above ), the legal basis is Article 6, paragraph 1, letter a) of the Regulation, i.e., the data subject's consent to the processing of their personal data for one or more specific purposes. For this reason, the Data Controller requests the User's specific, free and voluntary consent to pursue this processing purpose. For processing related to soft spam activities, (as described in the previous paragraph 4.2. ), however, the legal basis consists of art. 130, paragraph 4, of Legislative Decree no. 196/2003, which provides for an exemption from the obligation to request consent.

6. DATA PROCESSING METHODS AND DATA STORAGE PERIODS

The Data Controller will process Users' personal data using manual and electronic tools, with logic strictly related to the purposes themselves and, in any case, in a way that guarantees the security and confidentiality of the data itself.

The personal data of the Users of the Site will be retained for the time strictly necessary to carry out the primary purposes illustrated in the previous paragraph 3 , or in any case as necessary for the protection in civil law of the interests of both the Users and the Data Controller.

In the cases referred to in the previous paragraph 4.1, the Users' personal data will be retained for the time strictly necessary to carry out the purposes illustrated and, in any case, for no longer than twenty-four (24) months , without prejudice to the right to withdraw consent and to object to the processing. With reference to the previous paragraph 4.2 , the personal data will be retained for the entire duration of the relationship with the Data Controller and in any case until the objection to the processing is made.

7. SCOPE OF COMMUNICATION AND DISSEMINATION OF DATA

The User's personal data may be transferred outside the European Union. In such cases, the Data Controller will ensure that the transfer is carried out in compliance with Applicable Law and, in particular, in accordance with Articles 45 (Transfer based on an adequacy decision) and 46 (Transfer subject to adequate safeguards) of the Regulation. 

Users' personal data may be disclosed to the Data Controller's employees and/or collaborators responsible for managing the Site. These individuals, who have been instructed to do so by the Data Controller pursuant to Article 29 of the Regulation, will process Users' data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Regulations.

Furthermore, third parties who may process personal data on behalf of the Data Controller in their capacity as Data Processors , such as, for example, suppliers of IT and logistics services functional to the operation of the Site, providers of outsourcing or cloud computing services , professionals and consultants, may become aware of the Users' personal data .

Users have the right to obtain a list of any data processors appointed by the Data Controller by making a request to the Data Controller using the methods indicated in the following paragraph 8 .

8. RIGHTS OF THE INTERESTED PARTIES 

Users may exercise the rights granted to them by the Applicable Regulations by contacting the Data Controller using the following methods:

• By sending a registered letter with return receipt to the registered office of the Data Controller: Via Etnea, n. 29, 95124 Catania;

• By sending an email to: info@boniviri.com .

The Data Controller has not designated a Data Protection Officer (DPO), as it is not subject to the designation requirement set forth in Article 37 of the Regulation.

Pursuant to Applicable Law, Users have:

1. the right to withdraw consent at any time, if the processing is based on their consent;

2. the right to access personal data;

3. (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to restriction of processing of the processing of personal data, the right to rectification and the right to erasure (“right to be forgotten”);

4. the right to object :

1. in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of the collection;

2. in whole or in part, to the processing of personal data concerning them for the purposes of sending advertising or direct sales materials or for carrying out market research or commercial communications;

If they believe that the processing of their data violates the Regulation, they have the right to lodge a complaint with a supervisory authority (in the Member State in which they habitually reside, in the one in which they work, or in the one in which the alleged violation occurred). The Italian supervisory authority is the Italian Data Protection Authority, located in Piazza Venezia, no. 11, 00187 - Rome (RM) ( http://www.garanteprivacy.it/) .