Privacy Policy

Information pursuant to art. 13 of the European regulation for the protection of personal data n. 679/2016 ("GDPR")

Pursuant to and for the purposes of art. 13 of Regulation (EU) no. 679/2016 of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data (General Data Protection Regulation, hereinafter also the "Regulation" or " GDPR "), Babonbo Ltd (hereinafter, also" Data Controller "or" Company "), informs that your personal data will be processed in compliance with the current legislation on the protection of personal data in order to guarantee their security and confidentiality.

Data Controller

The Data Controller of your personal data is:

Babonbo Ltd

64 Southwark Bridge, Road, London, United Kingdom, SE1 0AS

In addition to the aforementioned address, the Data Controller can be contacted at the following e-mail address: info@babonbo.com

Definitions

Pursuant to art. 4 of the GDPR:

• "personal data" means: any information concerning an identified or identifiable natural person (better known as "Data Subject"); the natural person is considered identifiable who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social;
• "processing" means: any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction .

Sources of personal data

The personal data being processed are collected directly from the interested party and are treated in compliance with the principles of confidentiality which inspire the Company's activity.

Object of the treatment

The Data Controller processes personal identification and non-sensitive data (in particular, name, surname, tax code, VAT number, company name, e-mail, telephone number, bank and payment details, hereinafter "personal data" or even " data ") communicated by you.

Purpose of the processing

The personal data you provide will be:

• processed, with the support of paper, computer or telematic means, exclusively for the following purposes:

1. to conclude contracts relating to services offered by the Company or to fulfill pre-contractual and contractual obligations;
2. for the fulfillment of legal, regulatory and tax obligations deriving from existing relationships with you or provided for by an order from a public or government authority;
3. to manage any requests for services and / or information that are sent by e-mail to the address info@babonbo.com;
4. to send you via e-mail, post and / or text message and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Company and survey of the degree of satisfaction with the quality of services;

• processed lawfully, fairly, and in full compliance with current legislation;
• collected exactly and, if necessary, updated;
• processed in a relevant and complete way, for specific and legitimate purposes, and within the limits of the purposes for which they are collected.

Legal basis of the processing and possible consequences of failure to communicate the data

For the purposes referred to in the paragraph "Purpose of processing" letters a) and c), consent to the processing of such data is not necessary pursuant to art. 6, par. 1, lett. b), of the GDPR as "the processing itself is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same" and for the sole purpose of responding to requests made spontaneously to the e-mail address of the Company.

The processing carried out for the purposes referred to in letter b) of the same paragraph, pursuant to art. 6, par. 1, lett. c) of the GDPR is based on legal obligations to which the Company is subject.

Instead, it is necessary to acquire your specific consent, pursuant to art. 7 of the GDPR, for the purposes referred to in the paragraph "Purpose of the processing", letter d) and in any case for all treatments that are not attributable to the fulfillment of legal or contractual obligations in a broad sense. Therefore, we inform you that the consent for these so-called secondary treatments is optional, with the consequence that you may decide not to provide your consent, or to revoke it at any time (with the consequent impossibility for the Data Controller to proceed with the related treatments) without, however, prejudicing in any way any relationships established with the Company.

Recipients of personal data

For the purposes referred to in the "Purpose of processing" paragraph, the personal data you provide may be made accessible, pursuant to art. 13 of the GDPR:

• to the Data Controller's staff in Italy and abroad, each for their own profiles of competence in their capacity as appointees;
• to the companies (so-called Providers) who will provide the equipment for the service offered by the Data Controller in their capacity as data processors;
• to third-party companies or other subjects (by way of example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Data Controller;
• supervisory bodies;
• to subjects, bodies or authorities to whom the communication of your personal data is mandatory by virtue of legal provisions or orders of the authorities;
• subjects or companies responsible for the management and maintenance of the Data Controller's IT and web platform and external suppliers through which the requested services are provided or for which consent has been given.

All the subjects belonging to the categories to which the data can be communicated will use them as "Data Processors" specifically appointed and instructed by the Company as Data Controller or as independent "Data Controllers" authorized to access them by virtue of the provisions of the law, regulations and regulations.

Treatment of Particular Data

We inform you that, should the Data Controller process data that the GDPR defines as "particular" as they are suitable for detecting racial and ethnic origin, religious, philosophical or other beliefs, as well as personal data suitable for revealing the state of health , each treatment can take place only in the presence of one of the conditions referred to in art. 9 of the GDPR or subject to suitable information and your explicit consent expressed in writing. In this regard, we inform you that in the event that you voluntarily provide particular data relating to your health or that of your child to book and use special services, the Data Controller will process such data only after you have expressly provided your consent. by ticking the appropriate box at the bottom of this information. In the absence of your consent, the Data Controller will not be able to process such particular data and consequently will not be able to provide the special service you requested.

Data retention and transfer of personal data abroad

The collected data will be stored (in electronic or paper archives) for the time strictly necessary for their processing and in any case not beyond the term provided for by current legislation and / or by the recommendations of the Guarantor for the Protection of Personal Data or until the revocation. of the consent you may have given.

We also inform you that your data will be collected, processed and stored in full compliance with the provisions of articles 32 and following of the GDPR - regarding security measures.

If the transfer by the owner of your personal data to a country located outside the European Union or to an international organization is envisaged in the future, in the absence of an adequacy decision pursuant to art. 45, par. 3, or adequate guarantees pursuant to art. 46, including the standard contractual clauses approved by the European Commission or the binding corporate rules (Article 47), the transfer or set of transfers of personal data to the said third country or international organization will take place only if the conditions of referred to in art. 49 of the GDPR or subject to suitable information and your explicit consent.

Rights of the interested party

Pursuant to and for the purposes of the GDPR, the following rights are recognized as an interested party that you can exercise towards the Data Controller:

• Right of access: obtain confirmation as to whether or not personal data concerning you are being processed and, in this case, receive information relating, in particular, to the purposes of the processing, categories of personal data processed and retention period, recipients to whom these can be communicated (art.15 GDPR);Right of rectification: obtain, without undue delay, the correction of inaccurate personal data concerning you and the integration of incomplete personal data (Article 16 of the GDPR);
• Right to erasure: obtain, without undue delay, the cancellation of personal data concerning you, in the cases provided for by the GDPR (Article 17 of the GDPR);
• Right of limitation: obtain from the Data Controller the limitation of the processing, in the cases provided for by the GDPR (Article 18 of the GDPR);
• Right to portability: to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Data Controller, as well as to obtain that the same are transmitted to another Data Controller without impediments, in the cases provided for by the GDPR (art . 20 GDPR);
• Right to object: to object to the processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue the processing (Article 21 of the GDPR);
• Right to lodge a complaint with the supervisory authority: to lodge a complaint with the Authority for the protection of personal data competent based on your country of residence (e.g. for Italy: Authority for the protection of personal data such as, Piazza Venezia n. 11 - 00187 Rome (RM)).

It should be noted that the withdrawal of consent for the processing of data for which it is requested does not affect the lawfulness of the processing based on consent before the withdrawal.

The aforementioned rights may be exercised by means of a request sent by registered letter with return receipt. or e-mail, to the above addresses.