Newsletter policy privacy

The subscription to the newsletter service is only allowed to people with a minimum age of 16 and requires the provision of some personal data.

In accordance with the current legislation regarding the protection of personal data (Article 13 General Data Protection Regulation, hereinafter also GDPR), the Antica Dolceria Bonajuto Srl, with registered office in Vicolo Franco Ruta, 1 – 97015 Modica (RG), VAT number 01218510889, data controller, (indicated as “Owner” or “Antica Dolceria Bonajuto”), provides those users, who wish to subscribe to the service by means of the form on the website www.bonajuto,it (hereinafter also referred to as “website”), some information regarding the processing of acquired data.

Important note

Only users with an e-mail address, who are at least 16 years old, can subscribe to the Newsletter. The Newsletter includes promotional and commercial information.

 

Who is the data controller?

The data controller is Antica Dolceria Bonajuto Srl.

 

Which data are processed?

The data processed is that provided by the user via compilation of the relevant enrolment form for the newsletter service.

 

What are the purposes and legal bases of processing personal data?

Personal data submitted by the user through the dedicated form are used to allow the interested party to subscribe to the newsletter and receive regular promotional and commercial information sent to the indicated e-mail address.
The legal base for the processing of such data is consent as the person concerned is enrolled in a service leading to the despatch of promotional and commercial emails. Consent can be revoked at any time.
If necessary, the data may also be used based on the Data Controller’s legitimate interest which consists in checking the security and correct operation of the IT systems used and the performance of defence action.

 

Data management

The data acquired is managed by the Data Controller through IT tools and paper supports with adequate security measures to prevent the loss of data, illegal or improper use and unauthorised access.

Storage time
Data is stored until the person concerned opposes despatch and indicates their desire to no longer receive the newsletter; in any case, not more than two years from the recording of the personal data. Data subject to profiling is stored for one year.
This is with the exception of any defence requirements for which the data may be stored beyond the terms indicated.

Transfer of the data abroad
The service used by the Data Controller to manage the newsletter (MailChimp) is offered by an American company meaning data is transferred abroad. Such transfer takes place with the guarantees offered by the standard contractual clauses.


Who has access to personal data?

The data will be processed by employees and authorized collaborators. The data may also be known by consultants or by companies providing IT supply and assistance services for the purposes related to the activities carried out on behalf of the owner, by marketing consultants who provide assistance for the management of mailing lists and by consultants for the management of litigation and for legal assistance in the event of any disputes that may require their expertise.
As already indicated, data may also be known by the MailChimp service provider, used for the service of sending Newsletters.
The interested party can request the list of external parties who carry out their activities as data controllers.
Moreover, data may also be communicated, subject to the consent of the interested party, to service providing companies planning marketing activities (they do not operate as data controllers), which the owner uses for his marketing activities.

 


What if no data provision takes place?

Provision of the data is optional but if not provided, the promotional and commercial emails sent periodically via the newsletter cannot be received.

 

Rights of the interested party

By law, the interested party has the right to ask the data controller for access to his/her personal data and to correct or cancel them or restrict their processing or to oppose to the processing. Moreover, the user has the right to data portability.
The interested party can assert his/her rights at any time, without formalities, by contacting the data controller using the e-mail address: info@bonajuto.it.
Below you can find details of the rights acknowledged by the current legislation are detailed the rights recognized by current legislation with regards to the protection of personal data.

    • Right of access: i.e. the right to obtain confirmation from the data controller whether or his/her personal data are being processed. If yes, he/she shall have access to those personal data as well as the following information: a) processing purposes; b) categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations; (d) the retention period of personal data or, if this is not possible, the criteria used to determine such period; e) the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data or to be against their treatment; f) the right to file a complaint with a supervisory authority; g) all information regarding the origin of the data, if these are not collected from the interested party, h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the used logic as well as the importance and expected consequences for the interested party for the processing. Whenever personal data are transferred to a third country or an international organization, the interested party has the right to be informed of the existence of adequate guarantees relating to the transfer.

 

    • Right of rectification: i.e. the right to ask the data controller to rectify incomplete or incorrect personal data without unnecessary delay. Considering the purposes of the processing, the interested party has the right ask his/her personal data to be integrated, also by providing an additional declaration.

 

    • Right to cancellation: i.e. the right to ask the data controller to delete one’s personal data without unnecessary delay, if: a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the interested party revokes the consent on which the processing of his/her data is based on, and if there is no other legal basis for the processing; c) the interested party is against the processing because it is needed for the execution of a task of public interest or connected to the exercise of public authority for which the holder is appointed, or for the pursuit of legitimate interest and there is no legitimate reason to proceed the processing, or he/she is against processing for direct marketing purposes; d) personal data have been processed unlawfully; e) personal data must be deleted to fulfil a legal obligation under the EU or Member State law to which the data controller is subject to; f) personal data have been collected in relation to an offer by information society services of minors. However, the request for cancellation cannot be accepted if the processing is necessary: ​​a) for the exercise of the right to freedom of expression and information; b) for the fulfilment of a legal obligation requiring processing under the EU or a Member State law to which the data controller is subject to or for the performance of a task carried out in the public interest or in the exercise of official authority; c) for reasons of public interest in the public health sector; d) for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, insofar as the cancellation risks make it impossible or seriously prejudice the achievement of the objectives of such treatment; or e) for the assessment, exercise or defence of a right in court.

 

    • Right of limitation, i.e. the right to be guaranteed that data are processed, except for retention, only with the consent of the interested party or for the assessment, exercise or defence of a right in court or to protect the rights of another personal or legal person, or for reasons of significant public interest of the EU or a Member State, if: a) the interested party questions the accuracy of personal data for the period needed by the data controller to verify the accuracy of such personal data; b) the processing is illegal and the interested party is against the cancellation of his/her personal data and asks that they are used in a limited way instead; c) although the data controller no longer needs the data for processing purposes, the interested party needs them, in order to verify, exercise or defend a right in court; d) the interested party has opposed the processing carried out because it is necessary for the execution of a task of public interest or connected to the exercise of public authority the owner was appointed with, or for the pursuit of the legitimate interests of the data controller or third parties, waiting for verification of a possible prevalence of legitimate reasons of the data controller as opposed to those of the interested party.

 

    • Right to portability, i.e. the right to receive personal data (given to the holder) in a structured, commonly used and readable way from automatic devices, and the right to transfer such data to another holder without impediments by the holder they were given, as well as the right to obtain direct transfer of his/her personal data from one holder to another, if technically feasible, should the processing be based on consent or on a contract and the processing is done by automated means. This right does not affect the right to cancellation.

 

    • Right of opposition, i.e. the right of the interested party to oppose at any time, for reasons connected to his/her particular situation, the processing of personal data, since it is necessary for the performance of a task of public interest or related to the exercise of public authority for which the holder was appointed with, or for the pursuit of the legitimate interest of the data controller or third parties. If personal data are processed for direct marketing purposes, the interested party has the right to oppose the processing of personal data at any time, including profiling in so far as it is related to such direct marketing.

 

Should the processing the interested party’s personal data take place in violation of the provisions of the GDPR, he/she has the right to file a complaint with the guarantor, as provided for by art. 77 of the Regulations or to take appropriate judicial offices (Article 79 of the Regulations).

 

Further information on the processing of personal data

Additional information on processing the personal data of site users is available on the privacy and cookie policy statement pages available via the links in the site footer.


This Privacy Policy was updated on 10/12/2021

Attualmente gli ordini del nostro negozio online partiranno soltanto nei giorni di lunedì, martedì e mercoledì // Currently, orders from our online store are shipped only on Mondays, Tuesdays and Wednesdays.
+