Privacy Policy
Privacy Notice
This privacy notice aims to provide all information on the processing of personal data carried out by Boniviri when the User accesses and browses this site (as better specified below).
-
INTRODUCTION - WHO ARE WE?
BONIVIRI BENEFIT COMPANY WITH LIMITED LIABILITY with registered office in Catania – Via Etnea no. 29, 95124, VAT number 05761460871 (hereinafter, “Data Controller”), owner of the website https://www.boniviri.com/ (hereinafter, the “Site”), as data controller of personal data processing of users browsing the site (hereinafter, “Users”) provides the following privacy notice pursuant to art. 13 of EU Regulation 2016/679 of April 27, 2016 (hereinafter, “Regulation” or “Applicable Law”).
-
HOW TO CONTACT US?
The Data Controller highly values the right to privacy and the protection of personal data of its Users. For any information regarding this privacy notice, Users can contact the Data Controller at any time, using the following methods:
-
By sending a registered letter with return receipt to the Data Controller's registered office: Via Etnea no. 29, 95124 Catania;
-
By sending an email to the address: info@boniviri.com;
The Data Controller has not appointed a Data Protection Officer (DPO), as it is not subject to the designation obligation under Article 37 of the Regulation.
-
WHAT DO WE DO? – PURPOSES OF PROCESSING
By browsing the Site, the User can purchase the Data Controller's products, request a quote, buy Gift Cards, post reviews of purchased products (hereinafter, “Services”), contact the Data Controller through the dedicated form or through other contacts indicated on the site.
In relation to the activities that can be carried out through the Site, the Data Controller collects personal data relating to Users.
This Site and any services offered through the Site are reserved for individuals who have reached the age of eighteen. The Data Controller therefore does not collect personal data relating to individuals under 18 years of age. Upon Users' request, the Data Controller will promptly delete all personal data inadvertently collected relating to individuals under 18 years of age.
In particular, the Users' personal data will be lawfully processed by the Data Controller for the following processing purposes:
-
provision of Services, namely (i) to allow navigation of the Site, (ii) to enable the User to register, creating a personal account and access it through the e-mail and password selected by the same, (iii) to purchase the Services, in accordance with the Terms and Conditions of the Site, which are accepted by the User during registration on the Site, and (iv) to post reviews of purchased products - which may also include the User's first and last name - publicly visible on the Site. The user data collected by the Data Controller for possible registration on the Site include: personal data, contact details (email and phone number), access credentials, User billing data, additional information provided by the User, as well as personal data whose transmission is implicit in the use of Internet communication protocols, which the IT systems and software procedures responsible for the Site's operation acquire during their normal operation (IP addresses or domain names of the computers used by Users, addresses in URI notation - Uniform Resource Identifier of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server - e.g., success, error, etc. - and other parameters related to the User's operating system and IT environment).
-
fulfill the User's contact/information requests: Users' personal data are collected and processed by the Data Controller solely to fulfill their request. The User data collected by the Data Controller for this purpose include name, contact details (email and phone number), and any other data the User may voluntarily provide in their request and/or in subsequent exchanges. No other processing will be carried out by the Data Controller in relation to Users' personal data.
-
administrative and accounting purposes, that is to carry out organizational, administrative, financial, and accounting activities, such as internal organizational activities and activities functional to fulfilling contractual and pre-contractual obligations;
-
legal obligations, that is to comply with obligations established by law, by an authority, by a regulation, or by European legislation.
Without prejudice to what is provided elsewhere in this privacy policy, under no circumstances will the Data Controller make Users' personal data accessible to other Users and/or third parties.
Providing personal data for the processing purposes indicated above is optional but necessary, as failure to provide such data will make it impossible for the User to browse the Site, register on the Site, and use the services offered by the Data Controller on the Site.
Data whose provision is mandatory for the purposes above are indicated with an asterisk in the respective collection forms.
-
ADDITIONAL PURPOSES OF PROCESSING
-
Marketing (sending of newsletter with advertising information, direct sales, and commercial communication)
Some personal data of the User (or the first name, last name, address email and the phone number) may also be processed by the Controller for purposes of marketing (sending of newsletter with advertising information, direct sales and commercial communication), or so that the Controller can contact the User via mail, email, phone (landline and/or mobile, with automated calling systems or call communication with or without operator intervention) and/or SMS and/or MMS to offer the User the purchase of products and/or services offered by the same Controller and/or third-party companies, present offers, promotions, and commercial opportunities.
If consent is not given, the possibility to register on the Site will not be affected in any way.
If consent is given, the User may withdraw it at any time by requesting it from the Controller using the methods indicated below paragraph 8.
The User can also easily object to further sending of promotional communications via email also by clicking on the specific link for the withdrawal of consent, which is present in each email promotional. Once the consent withdrawal is made, the Controller will send the User an email message to confirm the withdrawal of consent. If the User wishes to withdraw their consent to receiving promotional communications by phone, while still receiving promotional communications via email, or vice versa, please send a request to the Controller using the methods indicated below paragraph 8.
The Controller informs that, following the exercise of the right to object to receiving promotional communications via email, it is possible that, for technical and operational reasons (e.g., the contact lists were already completed shortly before the Controller received the objection request) the User may continue to receive some additional promotional messages. If the User continues to receive promotional messages after 24 hours have passed since exercising the right to object, please report the issue to the Controller using the contacts indicated below paragraph 8.
-
Commercial communications about products and/or services similar to those purchased (so-called Soft Spam)
To Users who have purchased the Services, the Controller may send, without requesting their consent, commercial communications exclusively (i) by e-mail and (ii) related to services similar to those already purchased, or belonging to the same product category. It will be possible to object at any time, easily and free of charge, to further sending of such communications via the automated unsubscribe links unsubscribe present in the Controller's communications, as well as by the ordinary methods indicated in the following paragraph 8.
In this case, this processing purpose will be pursued by the Controller without the need to obtain the User's consent, in line with the exemption provided by art. 130, paragraph 4, of Legislative Decree no. 196/2003, without prejudice to the aforementioned possibility for the User to easily object.
-
LEGAL BASIS
Provision of Services (as described in previous par. 3, letter a)): the legal basis consists of art. 6, paragraph 1, letter b) of the Regulation, meaning the processing is necessary for the performance of a contract to which the User is a party or for the implementation of pre-contractual measures at their request.
Fulfillment of User contact/information requests (as described in previous par. 3, letter b)): the legal basis consists of art. 6, paragraph 1, letter b) of the Regulation, as the processing is necessary for the performance of a contract and/or the implementation of pre-contractual measures at the User's request.
Administrative and accounting purposes (as described in previous par. 3, letter c)): the legal basis consists of art. 6, paragraph 1, letter b) of the Regulation, as the processing is necessary for the performance of a contract and/or the implementation of pre-contractual measures at the User's request.
Legal obligations (as described in previous par. 3, letter d)): the legal basis consists of art. 6, paragraph 1, letter c) of the Regulation, as the processing is necessary to comply with a legal obligation to which the Controller is subject.
Additional processing purposes: for processing related to marketing (as described from the previous par. 4.1.), the legal basis consists of art. 6, paragraph 1, letter a) of the Regulation, namely the provision by the data subject of consent to the processing of their personal data for one or more specific purposes. For this reason, the Controller requests the User to provide specific, free, and optional consent to pursue this processing purpose. For processing related to soft spam activities (as described from the above paragraph 4.2.), instead, the legal basis consists of Article 130, paragraph 4, of Legislative Decree no. 196/2003, which provides an exemption from the obligation to obtain consent.
-
DATA PROCESSING METHODS AND DATA RETENTION PERIODS
The Data Controller will process Users' personal data using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in a way that guarantees the security and confidentiality of the data.
Users' personal data on the Site will be retained for the time strictly necessary to fulfill the primary purposes described in the above paragraph 3, or in any case as necessary to protect the interests of both Users and the Data Controller in civil proceedings.
In the cases referred to in the above paragraph 4.1, Users' personal data will be retained for the time strictly necessary to fulfill the purposes described and, in any case, for no more than twenty-four (24) months, without prejudice to the right to withdraw consent and to object to processing. With reference to the above paragraph 4.2, personal data will be retained for the entire duration of the relationship with the Data Controller and in any case until opposition to processing.
-
SCOPE OF DATA COMMUNICATION AND DISCLOSURE
The User's personal data may be transferred outside the European Union and, in such cases, the Data Controller will ensure that the transfer takes place in accordance with the Applicable Law and, in particular, in compliance with Articles 45 (Transfer based on an adequacy decision) and 46 (Transfer subject to appropriate safeguards) of the Regulation.
Employees and/or collaborators of the Data Controller responsible for managing the Site may also become aware of Users' personal data. These individuals, who have been instructed accordingly by the Data Controller pursuant to Article 29 of the Regulation, will process Users' data exclusively for the purposes indicated in this privacy notice and in compliance with the provisions of the Applicable Law.
Third parties who may process personal data on behalf of the Data Controller as Data Processors, such as, by way of example, IT and logistics service providers functional to the operation of the Site, service providers in outsourcing or cloud computing, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Data Controller by requesting it from the Data Controller using the methods indicated in the following paragraph 8.
-
DATA SUBJECTS' RIGHTS
Users may exercise the rights guaranteed to them by the Applicable Law by contacting the Data Controller using the following methods:
-
By sending a registered letter with return receipt to the Data Controller's registered office: Via Etnea, no. 29, 95124 Catania;
-
By sending an email to the address: info@boniviri.com.
The Data Controller has not appointed a Data Protection Officer (DPO), as it is not subject to the designation obligation under Article 37 of the Regulation.
Under the Applicable Law, Users have:
-
the right to withdraw consent at any time, if the processing is based on their consent;
-
the right of access to personal data;
-
(where applicable) the right to data portability (right to receive all personal data concerning them in a structured, commonly used, and machine-readable format), the right to restriction of processing of personal data, the right to rectification and the right to erasure ("right to be forgotten");
-
the right to object:
-
in whole or in part, for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
-
in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication;
if they believe that the processing concerning them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State where they usually reside, where they work, or where the alleged violation occurred). The Italian supervisory authority is the Data Protection Authority, located at Piazza Venezia, no. 11, 00187 - Rome (RM) (http://www.garanteprivacy.it/).
The Data Controller is not responsible for updating all the links visible in this Privacy Policy; therefore, whenever a link is not working and/or updated, Users acknowledge and agree that they must always refer to the document and/or section of the websites referenced by that link.

