Privacy policy

Privacy Policy

This privacy policy aims to provide all information regarding the processing of personal data carried out by Boniviri when the User accesses and browses this website (as further detailed below).


  1. INTRODUCTION - WHO ARE WE? 

BONIVIRI SOCIETÀ BENEFIT A RESPONSABILITÀ LIMITATA with registered office in Catania – Via Etnea n. 29, 95124, VAT no. 05761460871 (hereinafter, the “Controller”), owner of the website https://www.boniviri.com/ (hereinafter, the “Website”), as the data controller of the personal data of users browsing the website (hereinafter, “Users”) hereby provides the privacy policy pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, the “Regulation” or “Applicable Law”).

 

  1. HOW TO CONTACT US? 

The Controller places the utmost importance on the right to privacy and the protection of its Users’ personal data. For any information regarding this privacy policy, Users may contact the Controller at any time, using the following methods:

  • By sending a registered letter with return receipt to the Controller’s registered office: Via Etnea n. 29, 95124 Catania;

  • By sending an email to: info@boniviri.com;


The Controller has not appointed a Data Protection Officer (DPO), as it is not subject to the designation obligation provided for by art. 37 of the Regulation.


  1. WHAT DO WE DO? – PURPOSES OF PROCESSING

By browsing the Website, the User can purchase the Controller’s products, request a quote, purchase Gift Cards, publish reviews of purchased products (hereinafter, “Services”), contact the Controller through the appropriate form or via other contacts indicated on the website.


In relation to the activities that can be carried out through the Website, the Controller collects personal data relating to Users.


This Website and any services offered through the Website are reserved for individuals who are at least eighteen years old. The Controller therefore does not collect personal data relating to individuals under 18 years of age. Upon request from Users, the Controller will promptly delete any personal data inadvertently collected relating to individuals under 18 years of age. 


In particular, Users’ personal data will be lawfully processed by the Controller for the following processing purposes:


  1. provision of Services, i.e. (i) to allow browsing of the Website, (ii) to allow the User to register, creating a personal account and access it via the email and password selected by the User, (iii) to purchase the Services, in execution of the Website Terms and Conditions, which are accepted by the User during registration on the Website, and (iv) to publish reviews of purchased products – which may also include the User’s first and last name – publicly visible on the Website. The data collected by the Controller for possible registration on the Website include: personal details, contact information (email and phone number), access credentials, User’s billing data, further information provided by the User, as well as personal data whose transmission is implicit in the use of Internet communication protocols, which the computer systems and software procedures used to operate the Website acquire during their normal operation (IP addresses or domain names of the computers used by Users, addresses in URI notation - Uniform Resource Identifier of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server - e.g. success, error, etc. - and other parameters relating to the User’s operating system and IT environment).


  1. fulfilling User contact/information requests: Users’ personal data are collected and processed by the Controller solely to fulfill their request. The User data collected by the Controller for this purpose include name, contact details (email and phone number), and any other data the User may voluntarily provide in their request and/or subsequent exchanges. No other processing will be carried out by the Controller in relation to Users’ personal data.

  2. administrative and accounting purposes, i.e. to carry out organizational, administrative, financial, and accounting activities, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations;

  3. legal obligations, i.e. to comply with obligations provided by law, by an authority, by a regulation, or by European legislation.

Without prejudice to what is provided elsewhere in this privacy policy, under no circumstances will the Controller make Users’ personal data accessible to other Users and/or third parties.


The provision of personal data for the above processing purposes is optional but necessary, as failure to provide such data will make it impossible for the User to browse the Website, register on the Website, and use the services offered by the Controller on the Website.


The data whose provision is mandatory for the above purposes are indicated with an asterisk in the relevant collection forms.


  1. ADDITIONAL PROCESSING PURPOSES 

  1. Marketing (sending newsletters with advertising information, direct sales, and commercial communication)

Some User personal data (namely first name, last name, email address, and phone number) may also be processed by the Controller for marketing purposes (sending newsletters with advertising information, direct sales, and commercial communication), i.e. so that the Controller may contact the User by mail, email, telephone (landline and/or mobile, with automated calling systems or call communication with and/or without operator intervention) and/or SMS and/or MMS to propose the purchase of products and/or services offered by the Controller and/or third-party companies, present offers, promotions, and commercial opportunities.


If consent is not given, the ability to register on the Website will not be affected in any way.


If consent is given, the User may revoke it at any time by making a request to the Controller using the methods indicated in paragraph 8.

 

The User may also easily object to further promotional communications via email by clicking on the appropriate link to revoke consent, which is present in each promotional email. Once consent is revoked, the Controller will send the User an email to confirm the revocation of consent. If the User wishes to revoke their consent to receive promotional communications by phone, but continue to receive promotional communications by email, or vice versa, please send a request to the Controller using the methods indicated in paragraph 8.


The Controller informs that, following the exercise of the right to object to the sending of promotional communications by email, it is possible that, for technical and operational reasons (e.g. contact lists already completed shortly before the Controller receives the objection request), the User may continue to receive some further promotional messages. If the User continues to receive promotional messages more than 24 hours after exercising the right to object, please report the issue to the Controller using the contacts indicated in paragraph 8.


  1. Commercial communications about products and/or services similar to those purchased (so-called Soft Spam)

To Users who have purchased Services, the Controller may send, without requiring their consent, commercial communications, exclusively (i) by email and (ii) relating to services similar to those already purchased, i.e. belonging to the same product category. It will be possible to object at any time, easily and free of charge, to further such communications via the automated unsubscribe links in the Controller’s communications, as well as by the usual methods indicated in paragraph 8.


In this case, such processing purpose will be pursued by the Controller without the need to obtain the User’s consent, in line with the exemption provided by art. 130, paragraph 4, of Legislative Decree no. 196/2003, without prejudice to the aforementioned possibility for the User to easily object.


  1. LEGAL BASIS 

Provision of Services (as described in previous par. 3, letter a)): the legal basis is art. 6, paragraph 1, letter b) of the Regulation, i.e. processing is necessary for the performance of a contract to which the User is a party or for the performance of pre-contractual measures taken at the User’s request.

Fulfilling User contact/information requests (as described in previous par. 3, letter b)): the legal basis is art. 6, paragraph 1, letter b) of the Regulation, as processing is necessary for the performance of a contract and/or for the performance of pre-contractual measures taken at the User’s request.

Administrative and accounting purposes (as described in previous par. 3, letter c)): the legal basis is art. 6, paragraph 1, letter b) of the Regulation, as processing is necessary for the performance of a contract and/or for the performance of pre-contractual measures taken at the User’s request.


Legal obligations (as described in previous par. 3, letter d)): the legal basis is art. 6, paragraph 1, letter c) of the Regulation, as processing is necessary to comply with a legal obligation to which the Controller is subject.


Additional processing purposes: for processing related to marketing activities (as described in previous par. 4.1.), the legal basis is art. 6, paragraph 1, letter a) of the Regulation, i.e. the data subject’s consent to the processing of their personal data for one or more specific purposes. For this reason, the Controller asks the User for specific, free, and optional consent to pursue this processing purpose. For processing related to soft spam activities (as described in previous par. 4.2.), instead, the legal basis is art. 130, paragraph 4, of Legislative Decree no. 196/2003, which provides an exemption from the obligation to obtain consent.


  1. PROCESSING METHODS AND DATA RETENTION PERIODS

The Controller will process Users’ personal data using manual and electronic tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the data.


Users’ personal data on the Website will be retained for the time strictly necessary to fulfill the primary purposes described in paragraph 3, or in any case as necessary for the protection of the interests of both Users and the Controller in civil proceedings.


In the cases referred to in paragraph 4.1, Users’ personal data will be retained for the time strictly necessary to fulfill the purposes described and, in any case, for no more than twenty-four (24) months, without prejudice to the right to revoke consent and object to processing. With reference to paragraph 4.2, personal data will be retained for the entire duration of the relationship with the Controller and in any case until objection to processing.


  1. SCOPE OF DATA DISCLOSURE AND DISSEMINATION

User personal data may be transferred outside the European Union and, in such case, the Controller will ensure that the transfer takes place in accordance with the Applicable Law and, in particular, in compliance with articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to appropriate safeguards) of the Regulation. 


Employees and/or collaborators of the Controller appointed to manage the Website may become aware of Users’ personal data. These individuals, who have been instructed accordingly by the Controller pursuant to art. 29 of the Regulation, will process Users’ data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.


Third parties who may process personal data on behalf of the Controller as Data Processors, such as, by way of example, providers of IT and logistics services functional to the operation of the Website, providers of outsourcing or cloud computing services, professionals, and consultants, may also become aware of Users’ personal data.


Users have the right to obtain a list of any data processors appointed by the Controller by making a request to the Controller using the methods indicated in paragraph 8.


  1. DATA SUBJECTS’ RIGHTS 

Users may exercise the rights granted to them by the Applicable Law by contacting the Controller using the following methods:

  • By sending a registered letter with return receipt to the Controller’s registered office: Via Etnea, n. 29, 95124 Catania;

  • By sending an email to: info@boniviri.com.


The Controller has not appointed a Data Protection Officer (DPO), as it is not subject to the designation obligation provided for by art. 37 of the Regulation.


Pursuant to the Applicable Law, Users have:

  1. the right to withdraw consent at any time, if processing is based on their consent;

  2. the right of access to personal data;

  3. (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used, and machine-readable format), the right to restriction of processing of personal data, the right to rectification and the right to erasure (“right to be forgotten”);

  4. the right to object:

  1. in whole or in part, on legitimate grounds, to the processing of personal data concerning them, even if relevant to the purpose of collection;

  2. in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication;

  1. if they believe that the processing concerning them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State where they habitually reside, in the one where they work, or in the one where the alleged violation occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, located at Piazza Venezia, n. 11, 00187 - Rome (RM) (http://www.garanteprivacy.it/).

_____________


The Controller is not responsible for updating all the links displayed in this Policy, therefore whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by such link.