Privacy Babonbo - Babonbo




Information notice pursuant to Article 13 of the European Regulation for the Protection of Personal Data No. 679/2016 ("GDPR")

Pursuant to and for the purposes of Article 13 of Regulation (EU) No 679/2016 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter also referred to as the "Regulation" or "GDPR"),Babonbo Ltd(hereinafter also referred to as "Data Controller" or "Company"), informs you that your personal data will be processed in compliance with current legislation on the protection of personal data in order to ensure security and confidentiality.


Identity and contact details of the Data Controller

The Data Controller of your personal data is:

Babonbo Ltd

64 Southwark Bridge, Road, London, United Kingdom, SE1 0AS

In addition to the above address, the Data Controller can be contacted at the following e-mail



Under Article 4 of the GDPR:


Personal data sources

The personal data being processed are collected directly from the person concerned and are processed in accordance with the principles of confidentiality which inspire the company's activities.


Object of the processing

The Data Controller processes personal identification and non-sensitive data (in particular, name, surname, tax code, VAT, company name, e-mail, telephone number, bank and payment references, hereinafter "personal data" or even "data") communicated by you.


Purposes of the processing

The personal data you provide will be:

  1. to stipulate contracts for services offered by the Company or to fulfil pre-contractual and contractual obligations;
  2. for the fulfilment of legal, regulatory and fiscal obligations deriving from existing relations with you or provided for by an order of the Authority;
  3. to handle any requests for services and/or information that are sent by e-mail;
  4. to send you by e-mail, post and/or text message and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Company and to measure the degree of satisfaction with the quality of services;


Legal basis of the processing and possible consequences of withholding data

For the purposes referred to in paragraph "Purposes of processing" letters a), and c), consent to the processing of such data is not necessary under Article. 6, paragraph 1, letter b), of the GDPR as “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract” and for the sole purpose of responding to requests made spontaneously to the e-mail address of the Company.

The processing carried out for the purposes referred to in letter b) of the same paragraph, pursuant to Art. 6, par. 1, letter c), of the GDPR is based on legal obligations to which the Company is subject.

However, it is necessary to obtain your specific consent, in accordance with Art. 7 of the GDPR, for the purposes referred to in paragraph "Purpose of processing", letter d) and in any case for all processing operations that are not related to the fulfilment of legal or contractual obligations.

Therefore, we inform you that your consent to these so-called secondary processing operations is optional, with the consequence that you may decide not to give your consent, or to revoke it at any time (with the consequent impossibility for the Data Controller to carry out the relevant processing operations) without, however, prejudicing in any way any existing consulting or contractual relationship with the Company.


Recipients of personal data

For the purposes referred to in the paragraph "Purposes of processing", the personal data you provide may be made accessible, pursuant to art. 13 of the GDPR:

All subjects belonging to the categories to which the data may be communicated will use them as "Data Processors" specifically appointed and instructed by the Company as Data Controller or autonomous "Data Controllers" authorized to access them by virtue of provisions of law, regulations.


Particular Data Processing

We inform you that, should the Data Controller process data that the GDPR defines as "particular" because they are suitable for revealing racial or ethnic origin, religious, philosophical or other beliefs, as well as personal data that may reveal the state of health, any processing can only take place under one of the conditions set forth in art. 9 of the GDPR or after appropriate information and your explicit written consent. To this respect, please be informed that in the event you voluntarily provide particular data related to your state of health or that of your child in order to book and obtain special services, the Data Controller will only process such data once you have specifically provided your consent by ticking the specific box provided at the bottom of this notice. By lack of your consent, the Data Controller will not be able to process such particular data and as a result might not be able to provide the special service requested by you.


Data Retention and Transfer of Personal Data Abroad

The data collected will be kept (in electronic or paper files) for the time strictly necessary for their processing and in any case no later than the period provided for by current legislation and/or the recommendations of the Guarantor for the Protection of Personal Data or until any revocation of the consent you may give.

We also inform you that your data will be collected, processed and stored in full compliance with the provisions of Articles 32 and seq. of the GDPR - on security measures.

If the transfer of your personal data by the Data Controller to a country outside the European Union or to an international organisation is envisaged, in the absence of an adequacy decision in accordance with article 45, par. 3, or of adequate safeguards in accordance with article 46, including standard contractual clauses approved by the European Commission or binding corporate rules (article 47), the transfer or set of transfers of personal data to such third country or international organisation shall take place only if the conditions set forth in article 49 of EU Regulation 679/2016 are met, or after having provided adequate information and obtained your explicit consent.


Rights of the Data Subject

Pursuant to and for the purposes of the GDPR, you have the following rights as a data subject that you may exercise against the Data Controller:

It should be noted that the revocation of consent for the processing of data for which consent is requested does not affect the lawfulness of processing based on consent prior to revocation.

The above-mentioned rights may be exercised by sending a request by registered letter or e-mail to the addresses indicated above.