Privacy Policy

Information on the Processing of Personal Data pursuant to EU Regulation no. 679/2016 (GDPR) and other applicable regulations

The following information is intended for all Users/Data Subjects who visit and interact with this SOC.EDIL. DI BONANNO SRL website and its e-commerce platform.

SOC.EDIL. DI BONANNO SRL is responsible for managing sales made through the e-commerce platform.

• To your bank (in case of payment by bank transfer); or
• PayPal or Stripe (in case of payment via PayPal/Stripe account or credit card); or
• Klarna (in case of installment payment)

Furthermore, to access product purchases on this website, registration to the e-commerce platform is required.
SOC.EDIL. DI BONANNO SRL will process the personal data provided by the User/Data Subject at the time of registration and for any online purchase agreement for a product, in compliance with the provisions of EU Regulation 679/2016 (GDPR) and related applicable regulations.

1. Data Controller (Processor and Persons in Charge of Processing)

The Data Controller is SOC.EDIL. DI BONANNO SRL with registered office in via dei Mulini 9 Misilmeri (PA) and can be contacted at ordini@bonannodresshome.com

Type and Purposes

The identifying personal data voluntarily provided during the use of the e-commerce platform through the registration service will be processed for the following purposes:
– to enable registration to the e-commerce platform and manage access to its services;
– to enable and facilitate online product purchases and any conclusion of the purchase agreement through the e-commerce platform;
– to maintain and manage the account created following registration;
– to store data and information in the created account (e.g., personal data, order/purchase/return history, preferred delivery and billing addresses);
– to allow products to be added to the cart and to conclude the purchase agreement through the e-commerce platform;
– to enable and facilitate online product purchases and any conclusion of the purchase agreement through the e-commerce platform for those who use the service by registering on the e-commerce platform;
– to execute the purchase agreement and related purposes and fulfill all legal obligations connected thereto;
– to perform administrative and/or accounting and/or tax obligations related to the provision of e-commerce services and/or the concluded purchase agreement (e.g., keeping accounting records and issuing sales invoices);
– delivery of products sold by courier;
– general assistance and customer care activities (e.g., responding to information requests from users or replies to complaints, reports, and disputes);
– to respond to requests to exercise the right of withdrawal and/or the legal guarantee of conformity and/or other rights arising from the purchase agreement concluded on the e-commerce platform and/or provided by law in relation to such agreement and/or service rendered, as well as to carry out activities that prove necessary as a consequence of exercising such rights and to proceed, if applicable, with related refunds;
– to receive and respond to requests to exercise rights regarding personal data protection provided by the Regulation and to carry out all consequent activities.
– marketing and/or profiling only if and where provided and solely with prior, separate, free and express consent of the User/Data Subject;
– to manage and possibly block fraudulent or unlawful use of the e-commerce platform;
– to ensure compliance with the contractual rights of the Data Controller and their legitimate interest (e.g., demonstrating compliance with obligations arising from the contract with the Data Subject or imposed by law);

Furthermore, during free browsing within the e-commerce platform and, subsequent to registration, during the period of access to the personal area of the e-commerce platform, the Data Subject's browsing data will be collected solely for the purpose of obtaining anonymous statistical information on the use of the e-commerce platform and to monitor its proper functioning, without associating them with data from other sources, but reserving the right to retrospectively verify them if concrete indications of illegal use are brought to our attention.

Regarding the use of Cookies, within the e-commerce platform and within the personal area of the e-commerce platform, the Data Subject is requested to read the Cookie Policy.
The processing of data for purposes other than those specified herein will not be carried out without the explicit prior consent of the Data Subject and the provision of the relevant information.

Nature of Data Provision

The provision of data:

1. In the fields of the e-commerce personal area registration form; or
2. In the fields of the order form, delivery form, or billing form within the e-commerce personal area; or
3. Is optional, with the exception of those fields indicated as mandatory.

These latter fields are, in fact, necessary to ensure:

1. Compliance with current contractual and legal obligations;
2. Correct and lawful use of the e-commerce platform;
3. Protection of any intellectual property rights and works;
4. Achievement of the purposes listed above;
Therefore, the Data Subject's refusal to provide them will make it impossible to proceed with the purchase and, consequently, to conclude the contract and receive the selected products through the e-commerce platform.

Subsequent to the purchase of products through the e-commerce platform, data concerning: purchase, shipment and related tracking, complaint, return, cancellation, and other activities carried out by the Data Subject within the e-commerce platform concerning their orders are collected, so that they can have an archive of their purchase activities and their status.

4. Processing Methods

Data will be processed using IT tools, paper, and any other medium useful for achieving the purposes set out in this policy and the contract, in compliance with the security measures provided by current legislation.

The personal data provided by the Data Subject at the time of registration to the e-commerce platform and subsequent purchases will be stored within the e-commerce platform itself and in other archives at the Data Controller's headquarters exclusively for the purposes indicated above.

For the purposes of this paragraph, the Data Controller undertakes to observe specific security measures to prevent data loss, unlawful or incorrect use, and unauthorized access, in full compliance with legal and regulatory provisions.

5. Lawfulness

The Data Subject must express consent to the processing of their personal data for the purposes set out in this Policy in order to proceed with registration to the e-commerce platform.
Regarding the purchase of products through the e-commerce platform, data processing is necessary for the fulfillment of the relevant contract and other legal obligations.

6. Communication of Data to Third Parties

The Data Subject's data is communicated to third parties to the minimum extent necessary for the fulfillment of contractual and legal obligations and/or only upon explicit request of the Data Subject.

The entities to whom the data are communicated act as external data processors designated by the Data Controller through a specific contract ("Data Processors") or as persons authorized to process data under the direct authority of the Data Controller ("Persons in Charge of Processing"), except in cases where the recipient acts as an independent data controller, for example, in the case of couriers.
The data will also be provided to the competent Authorities in case of legal obligations.

The Data Subjects' data may, therefore, be communicated by the Data Controller to the following categories of recipients:
– To companies, consultants or professionals who may be in charge of the installation, maintenance, updating and, in general, the management of the Data Controller's hardware and software, including cloud computing service providers.
– To companies that carry out logistical support and/or warehousing and/or packaging and/or shipping and delivery or collection activities for products purchased on the e-commerce platform.
– To all those entities, including public authorities, who have access to the data by virtue of regulatory or administrative provisions.
– To all those public and/or private entities, natural and/or legal persons (legal, administrative and tax consultancy firms), if the communication proves necessary or functional for the correct fulfillment of contractual obligations assumed in relation to the e-commerce services, including the purchase agreement, as well as obligations arising from the law or, in the case of assessment, exercise or defense of a right.

7. Transfers to Third Countries

The personal data of Data Subjects are not transferred to third countries outside the EU.

8. Data Retention

The provided data will be retained for the time strictly necessary to carry out the individual processing activities (e.g., registration data will be processed until the account is closed, taking into account the technical time required; data necessary for the conclusion of the contract until product delivery or, in case of non-delivery, until contract termination, etc.), it being understood that, once this period has expired, they will in any case be retained for 1 year, while they will be retained for longer periods only in cases provided for by current legislation or only in the case of a superior legitimate interest of the Data Controller.

Beyond these terms, the data provided through the e-commerce platform will be deleted, retaining only those data related to the fulfillment of legal and fiscal obligations, held for the maximum periods established by the relevant laws and regulations (e.g., for fiscal obligations they will be held for 10 years).

9. Security Measures

The transfer, storage, and processing of the Data Subject's data collected through the e-commerce platform are ensured through appropriate technical and security measures.

All Data Subject information is protected with access keys chosen by the user themselves; passwords are not stored in plain text but are protected with MD5 technology.

Furthermore, the e-commerce platform is provided over an encrypted HTTPS connection using SSL certificates to ensure the security of users and profiles.

The Data Subjects' data are collected, stored, and retained on a secure server, protected by a firewall and physically located in a controlled-access web farm in Italy or the EU, while data downloaded and processed in paper form are stored in appropriate paper databases, ensuring appropriate security standards.

10. Data Subject Rights

The Data Subject has the right to:

1. Obtain confirmation of the existence, content, and origin of personal data concerning them, even if not yet registered, and their communication without delay in an intelligible form.
2. Request information, in writing, about their personal data stored by us (e.g., origin, purpose, methods, categories, applied logic, retention period, rights, identification data of the Data Controller, subjects or categories to whom the data may be communicated).
3. Revoke consent to the processing of their data.
4. Delete their data.
5. Transform and/or limit or block data processed in violation of the law.
6. Update, rectify, or integrate their data.
7. Obtain their personal data, provided to the Data Controller, in order to transmit them to another Data Controller.
8. Obtain certification that the aforementioned operations have been brought to the attention of those to whom the data have been communicated, except in cases where such fulfillment proves impossible or involves a disproportionate use of means compared to the protected right;
9. Object, in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of the collection.
10. Lodge a complaint with the Garante per la Privacy (Italian Data Protection Authority) (www.garanteprivacy.it).

For further information on privacy rights, we invite the Data Subject to visit the website of the Garante per la Privacy: www.garanteprivacy.it.

The Data Subject who wishes to exercise their right must use the contact details of the Data Controller.

******

Useful Information

Company Name: SOC.EDIL. DI BONANNO SRL

Registered Office: via dei Mulini 9 Misilmeri (PA) 90036
VAT No.: 03617550821 Tax Code: 03617550821
Business Register Palermo and Enna
REA: PA - 143672

LAST UPDATE: MARCH 2025