Data Protection Officer (DPO)

Booncy has appointed a Data Protection Officer (DPO). It's possible to contact the Data Protection Officer (DPO) by email at dpo@booncy.com



PRIVACY POLICY WEBSITE: booncy.com

Version as of 14/02/2025


Dear User,
This privacy notice describes, pursuant to and for the purposes of Article 13 of EU Regulation 679/2016 (General Data Protection Regulation, hereinafter GDPR), the information collected, how it is used and shared, and how the Data Controller manages your privacy and rights in connection with the use of this website. The processing of your personal data will be carried out in accordance with the principles of lawfulness, transparency, fairness, and confidentiality, always in compliance with the national and European regulations currently in force (GDPR, Legislative Decree 196/2003 and subsequent amendments, Legislative Decree 101/2018).



Data Controller

Booncy s.r.l. based at Via Sciaoloia, 49, 50136 Florence (Italy) - info@booncy.com



Data Protection Officer (DPO)

The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted at dpo@booncy.it



Types of Data Collected

The website collects:
- Browsing data. The IT systems and software procedures used to operate this website acquire, during their normal operation, certain data whose transmission is implicit in the use of Internet communication protocols. These are information that are not collected to be associated with identified individuals but, by their very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the response file, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user's operating system and IT environment. These data are used solely to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. Data may be used to ascertain responsibility in case of potential cyber crimes against the site: except for this possibility, web contact data do not persist for more than seven days.



Data Voluntarily Provided by the User

Through the "Contact Us – Let's Talk" section on this website, data such as email will be acquired, necessary to respond to your questions and/or requests.



Purposes and Legal Basis of Processing

The collected data will be processed for the following purposes:
a) To allow navigation on the website. This processing is based on the legitimate interest of the Data Controller (Art. 6(1)(f) GDPR);
b) To respond to your inquiries. This processing is based on the execution of a contract to which the User is a party or pre-contractual measures (Art. 6(1)(b) GDPR);
c) To fulfill legal obligations (e.g., tax data retention). This processing is based on compliance with legal obligations (Art. 6(1)(c) GDPR);
d) To send via email news about goods, services, promotions, and events promoted by the Data Controller. The processing is based on the explicit consent of the User (Art. 6(1)(a) GDPR);
e) To send personalized communications in line with interests, purchasing habits, and demonstrated preferences. The legal basis is the explicit consent of the User (Art. 6(1)(a) GDPR).



Provision of Personal Data

The provision of the data required for browsing the website, processing requests, and registration is mandatory for the provision of the service; any refusal to provide such data would make it impossible for the Data Controller to fully or partially execute the requested information.



Methods and Place of Processing

Data is processed, including with the aid of automated tools. Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access. The Data Controller has adopted all appropriate security measures as required by law and, inspired by the main international standards, has also implemented additional security measures to minimize risks concerning the confidentiality, availability, and integrity of the collected and processed data. The Data Controller carries out the necessary processing in compliance with national privacy regulations, as well as in accordance with the GDPR.



Data Disclosure

Personal data will be used solely for the purposes mentioned above and will not be disseminated, disclosed, or made available to unspecified parties. Those who may become aware of personal data include:
a) Categories of specifically trained personnel authorized to manage the website;
b) Public or private entities that may access the data in compliance with legal obligations;
c) Entities performing ancillary and instrumental tasks related to the Data Controller's activities, such as Suppliers (e.g., IT service providers, consultants, etc.) collaborating in consultancy, assistance, and maintenance services, who may use your data as "Data Processors" appointed under a specific contract.



Data Retention

Personal data processed through this site is retained for the period strictly necessary to achieve the purposes for which it was collected. Some data will be retained for longer periods due to obligations related to tax-administrative-accounting requirements (e.g., 10 years as per Article 2220 of the Civil Code).
Specifically:

  • Browsing data will be retained for no more than 12 months;
  • Data collected through cookies will be retained for no longer than the period indicated in the extended cookie policy;
  • Data collected via contact forms will be retained for the time necessary to process the User's request and, in any case, for no more than 12 months thereafter, unless new reasons arise due to ongoing legal proceedings or security reasons;
  • Data collected for marketing purposes will be retained until consent is revoked or as long as the User's interest remains active. Once the purpose for which the data was collected is fulfilled or consent is revoked, the data will be deleted or anonymized;
  • Data collected for profiling purposes will be retained until consent is revoked. Once the purpose for which the data was collected is fulfilled or consent is revoked, the data will be deleted or anonymized.
Once the processing purposes have been fulfilled, personal data will be permanently deleted or anonymized.



Data Transfer

The processed personal data is not subject to transfer to third countries. In the event of the transfer of Personal Data to third parties located outside the European Union, such transfer will be carried out in accordance with Articles 44 et seq. of the GDPR based on:
(a) Adequacy decisions issued by the European Commission in favor of third countries;
(b) Appropriate guarantees expressed by the third-party recipient;
(c) Binding corporate rules.



User Rights

Pursuant to Articles 15 and following of EU Regulation 679/2016, as a User, you have the right to:

  • Withdraw your previously given consent to the processing of your data at any time;
  • Access your data, obtain information on certain aspects of the processing, and receive a copy of the processed data (Article 15 of the GDPR, right of access);
  • Verify the accuracy of your data and request its update or correction (Article 16 of the GDPR, right to rectification);
  • Obtain, where possible, the deletion or removal of your personal data (Article 17 of the GDPR, right to erasure);
  • Obtain the restriction of the processing of your data when certain conditions apply (Article 18 of the GDPR, right to restriction of processing);
  • Receive your data in a structured, commonly used, and machine-readable format and, where technically feasible, have it transferred without obstacles to another Data Controller (Article 20 of the GDPR, right to data portability);
  • Object to the processing of your data when it is carried out on a legal basis other than consent (Article 21 of the GDPR, right to object);
  • File a complaint with the competent data protection supervisory authority (for Italy, the Privacy Guarantor, https://www.garanteprivacy.it/) or take legal action if you believe that the processing of your personal data violates the applicable regulations.
To exercise the aforementioned rights, you may send a request to the contact details provided in this document. Requests are free of charge and will be processed as quickly as possible.



Updates and Changes to This Privacy Policy

This policy is a constantly updated document: Booncy reserves the right to make changes at any time, including in response to modifications in laws or regulations governing this matter and protecting your rights. Changes will apply from the date of their publication. You are therefore encouraged to regularly check this section to review the most up-to-date Privacy Policy.