Privacy Policy
Privacy Policy
Information on the Processing of Personal Data pursuant to EU Regulation no. 679/2016 (GDPR) and other applicable regulations
The following information is intended for all Users/Data Subjects who visit and interact with this SOC.EDIL. DI BONANNO SRL website and its e-commerce platform.
SOC.EDIL. DI BONANNO SRL is responsible for managing sales executed through the e-commerce platform.
• To your bank (in case of payment by bank transfer); or
• PayPal or Stripe (in case of payment via PayPal/Stripe account or credit card); or
• Klarna (in case of installment payments)
Furthermore, to access the purchase of products on this website, registration on the e-commerce platform is required.
SOC.EDIL. DI BONANNO SRL will process the personal data provided by the User/Data Subject at the time of registration and for any online purchase agreement for a product, in compliance with the provisions of EU Regulation 679/2016 (GDPR) and related applicable legislation.
1. Data Controller (Processor and Authorized Persons)
The Data Controller is SOC.EDIL. DI BONANNO SRL with registered office in via dei Mulini 9 Misilmeri (PA) and can be contacted at ordini@bonannodresshome.com
Type and Purposes
The identifying personal data voluntarily provided during the use of the e-commerce platform through the registration service will be processed for the following purposes:
– to enable registration on the e-commerce platform and manage access to its services;
– to enable and facilitate the online purchase of products and any conclusion of a purchase agreement through the e-commerce platform;
– to maintain and manage the account created following registration;
– to store data and information in the created account (e.g., personal data, order/purchase/return history, preferred delivery and billing addresses);
– to allow products to be added to the cart and the purchase agreement to be concluded through the e-commerce platform;
– to enable and facilitate the online purchase of products and any conclusion of a purchase agreement through the e-commerce platform for those who use the service by registering on the e-commerce platform;
– to execute the purchase agreement and related purposes and to fulfill all legal obligations connected thereto;
– to fulfill administrative and/or accounting and/or fiscal obligations related to the provision of e-commerce services and/or the concluded purchase agreement (e.g., keeping accounting records and issuing sales invoices);
– to deliver products sold by courier;
– general assistance and customer care activities (e.g., responding to information requests from users or replies to complaints, reports, and disputes);
– to respond to requests to exercise the right of withdrawal and/or the right to legal conformity guarantee and/or other rights arising from the purchase agreement concluded on the e-commerce platform and/or provided by law in relation to such agreement and/or service rendered, as well as to carry out activities deemed necessary as a consequence of exercising such rights and, if applicable, to process related refunds;
– to receive and respond to requests to exercise personal data protection rights provided by the Regulation and to carry out all consequent activities.
– marketing and/or profiling only if and where provided and solely with prior, separate, free, and explicit consent of the User/Data Subject;
– to manage and potentially block fraudulent or unlawful uses of the e-commerce platform;
– to ensure compliance with the contractual rights of the Data Controller and its legitimate interest (e.g., demonstrating compliance with obligations arising from the contract with the Data Subject or imposed by law);
Furthermore, during free browsing within the e-commerce platform and, subsequently after registration, during access to the personal area of the e-commerce platform, the Data Subject's browsing data will be collected solely for the purpose of obtaining anonymous statistical information on the use of the e-commerce platform and to monitor its correct functioning, without associating them with data from other sources, but reserving the right to retrospectively verify them if concrete indications of illegal use are brought to our attention.
Regarding the use of Cookies, both within the e-commerce platform and within the personal area of the e-commerce platform, the Data Subject is asked to read the Cookie Policy.
The processing of data for purposes other than those specified here will not be carried out without the explicit prior consent of the Data Subject and the delivery of the relevant information.
Nature of Data Provision
The provision of data:
1. In the fields of the e-commerce personal area registration form; or
2. In the fields of the order form, delivery form, or billing form within the e-commerce personal area; or
3. Is optional, with the exception of those fields of the forms indicated as mandatory.
These latter, in fact, are necessary to ensure:
1. The fulfillment of contractual obligations and current legal requirements;
2. The correct and lawful use of the e-commerce platform;
3. The protection of any intellectual property rights;
4. The achievement of the purposes listed above;
Therefore, the Data Subject's refusal to provide them will make it impossible to proceed with the purchase and, consequently, to conclude the contract and receive the selected products through the e-commerce platform.
Following the purchase of products through the e-commerce platform, data concerning: purchase, shipment and related tracking, complaint, return, cancellation and other activities carried out by the Data Subject within the e-commerce platform concerning their orders are collected, so that they can have an archive of their purchasing activities and their status.
4. Processing Methods
Data will be processed using IT tools, paper, and any other medium useful for achieving the purposes set out in this information and the contract, in compliance with the security measures provided by current legislation.
The personal data provided by the Data Subject at the time of registration on the e-commerce platform and subsequent purchases will be stored within the e-commerce platform itself and in other archives at the Data Controller's headquarters exclusively for the purposes indicated above.
For the purposes of this paragraph, the Data Controller undertakes to observe specific security measures to prevent data loss, illicit or incorrect use, and unauthorized access, in full compliance with legal and regulatory provisions.
5. Lawfulness
The Data Subject must give consent to the processing of their personal data for the purposes provided for in this Policy in order to proceed with registration on the e-commerce platform.
However, regarding the purchase of products through the e-commerce platform, data processing is necessary for the fulfillment of the related contract and other legal obligations.
6. Disclosure of Data to Third Parties
The Data Subject's data is disclosed to third parties to the minimum extent necessary for the fulfillment of contractual and legal obligations and/or only upon the Data Subject's explicit request.
The entities to whom the data are communicated act as external data processors appointed by the Data Controller through a specific contract ("Data Processors") or as persons authorized to process data under the direct authority of the Data Controller ("Authorized Persons"), except in cases where the recipient acts as an autonomous data controller, as, for example, in the case of couriers.
Data will also be provided to competent Authorities in case of legal obligations.
The Data Subjects' data may therefore be communicated by the Data Controller to the following categories of recipients:
– To companies, consultants, or professionals who may be responsible for the installation, maintenance, updating, and, in general, the management of the Data Controller's hardware and software, including cloud computing service providers.
– To companies that carry out logistical support and/or warehousing and/or packaging and/or shipping and delivery or collection of products purchased on the e-commerce platform.
– To all those entities, including public authorities, who have access to data by virtue of regulatory or administrative provisions.
– To all public and/or private entities, natural and/or legal persons (legal, administrative, and tax consultancy firms), if the communication is necessary or functional for the correct fulfillment of contractual obligations undertaken in relation to e-commerce services, including the purchase contract, as well as obligations arising from the law or, in the case of assessment, exercise or defense of a right.
7. Transfers to Third Countries
The personal data of Data Subjects are not transferred to third countries outside the EU.
8. Data Retention
The data provided will be stored for the time strictly necessary to carry out the individual processing activities (e.g., registration data will be processed until the account is closed, taking into account the technical times required for this; data necessary for the conclusion of the contract until product delivery or, in case of non-delivery, until the contract is terminated, etc.), it being understood that, once this term has expired, they will in any case be stored for 1 year, while they will be stored for longer periods only in cases provided for by current legislation or only in the case of a superior legitimate interest of the Data Controller.
Beyond these terms, the data provided through the e-commerce platform will be deleted, retaining only those data relating to the fulfillment of legal and tax obligations, kept for the maximum periods established by relevant laws and regulations (e.g., for tax obligations they will be kept for 10 years).
9. Security Measures
The transfer, storage, and processing of the Data Subject's data collected through the e-commerce platform are ensured through appropriate technical and security measures.
All information of the Data Subject is protected with access keys chosen by the user themselves; passwords are not recorded in plain text but are protected with MD5 technology.
Furthermore, the e-commerce platform is provided over an encrypted HTTPS connection using SSL certificates to ensure the security of users and profiles.
The Data Subject's data are collected, stored, and kept on a secure server, protected by firewalls and physically located in a controlled-access web farm in Italy or the EU, while data downloaded and processed in paper form are stored in appropriate paper databases ensuring appropriate security standards.
10. Data Subject's Rights
The Data Subject has the right to:
1. Obtain confirmation of the existence, content, and origin of personal data concerning them, even if not yet registered, and their communication without delay in an intelligible form.
2. Request information, in writing, about their personal data stored by us (e.g., origin, purpose, methods, categories, applied logic, retention period, rights, identification data of the Data Controller, subjects or categories to whom the data may be communicated).
3. Withdraw consent to the processing of their data.
4. Delete their data.
5. Transform and/or limit or block data processed in violation of the law.
6. Update, rectify, or integrate their data.
7. Obtain their personal data, provided to the Data Controller, in order to transmit them to another Data Controller.
8. Obtain certification that the aforementioned operations have been brought to the attention of those to whom the data have been communicated, except in cases where this fulfillment proves impossible or involves a disproportionate use of means compared to the protected right;
9. Object, in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of collection.
10. Lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).
For further information on privacy rights, we invite the Data Subject to visit the website of the Data Protection Authority: www.garanteprivacy.it.
The Data Subject who wishes to exercise their right must use the contact details of the Data Controller.
******
Useful Information
Company Name: SOC.EDIL. DI BONANNO SRL
Registered Office: via dei Mulini 9 Misilmeri (PA) 90036
VAT No.: 03617550821 Tax Code: 03617550821
Palermo and Enna Business Register
REA: PA - 143672
LAST UPDATE: MARCH 2025