PRIVACY POLICY 

As required by the European Union Regulation n.679/2016 (hereinafter "GDPR") and in particular in art.13, below we provide the information required by law regarding the processing of personal data.
This information is provided to users who interact with our sales staff at one of our stores and with the web services of the Site (hereinafter "Interested Parties") not only to comply with legal obligations, but also because transparency and fairness towards interested parties is a fundamental part of our activity.

1. The Data Controller pursuant to art.4, paragraph 7 of the GDPR is Marald S.p.A. (hereinafter “SONNYBONO”), with headquarters in Via Monte Grappa n.7, 24121 Bergamo (BG), Italy, which defines the basis on which we collect, process and protect your personal data. SONNYBONO is the owner of the website www.sonnybono.com.

The processing of personal data will be based on the principles of correctness, lawfulness and transparency and will be carried out by protecting the fundamental rights and freedoms of the interested parties in compliance with current legislation on the security and protection of personal data (GDPR).

Pursuant to Article 4 of the GDPR, personal data is defined as any information that concerns an identified or identifiable natural person (data subject) directly or indirectly, with a particular reference to an identifier such as a name, an identification number, data relating to location, an online identifier or one or more elements characteristic of his physical, physiological, genetic, mental, economic, cultural or social identity.
In this case, these are the personal data of users who access this Website and which are provided voluntarily by the user.

Personal data will be acquired directly from the interested party, through:

1. Direct provision of the same
2. Automatic acquisition
   (sections 4 “Navigation data” and 5 “Cookies” or similar technologies).

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data (such as IP addresses or domain names of the computers used by users, the pages visited and the date/time of the visit) whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.
These data, recorded anonymously, are used for the sole purpose of obtaining statistical information on the use of the Site and to check its correct functioning.

The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Site.

To make navigation on this Site more efficient and immediate, during user access to this Website, cookies are used: small text strings that allow you to maintain the connection to the Site.

The Data Controller - SONNYBONO - carried out a self-assessment in order to verify the compliance of its website www.sonnybono.com and made the necessary changes in application of the Privacy Guarantor's Guidelines on Cookies and other tracking tools [Provision of the Guarantor for the protection of personal data n.23 of 10 June 2021 "Guidelines for cookies and other tracking tools], in application of the ePrivacy Directive, of the opinion of the EDPB of 12 March 2019 and the Guidelines of 5 June 2020 of the 'EDPB and the provisions of the Guarantor Authority, which followed one another.

What are cookies: Cookies are small alphanumeric strings that are sent by the websites that the user visits and stored on the physical unit of his terminal to then be re-transmitted to the same sites on the next visit.

The types of cookies we use
We use cookies of various types in order to optimize the use of our site:

1. Technical cookies: These are cookies used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service". Among these there are navigation, analytical and functionality cookies. Warning: disabling these cookies may compromise the full functionality of the site, limiting its interactivity.
2. Technical navigation cookies: They are aimed at guaranteeing normal navigation and use of the website. The use of this type of cookies is not subject to the user's consent.
3. Technical analytical cookies: They allow us to collect information, in aggregate form, on the frequency and methods of visiting our site. The use of this type of cookies is not subject to the user's consent.
4. Technical functionality cookies: They allow navigation of the site based on some preferences set by the user, for example the choice of language. The use of this type of cookies is not subject to the user's consent.

The user/visitor can object to such processing by clicking on the buttons in the banner or by deleting cookies on their browser/terminal.
The information on the use of cookies by our site is available at the following link, which takes you back to the page dedicated to it.

The processing of Personal Data will take place using manual or electronic methods suitable to guarantee, in relation to the purposes for which they were communicated and collected, their security and confidentiality, as well as to avoid unauthorized access to the data themselves, for the time strictly necessary to achieve the purposes for which they were collected.

Apart from what is specified for cookies, the Personal Data provided by users are processed for the following purposes:

1. “Comply with legal or regulatory obligations in force” – To comply with obligations imposed by law or regulations or by preventive orders from the competent authorities, we may have to share your personal data with the competent authorities. The legal basis of this processing is the need to fulfill a legal obligation to which the data controller is subject (art.6.1, letter c, GDPR).
2. “Create a personal account” – Registration via data collection form. Reference is made to the processing of data such as: name, tax code, address, telephone number. The creation of the personal account is aimed at storing your personal data in order to facilitate your future purchases. This purpose requires your explicit consent (art.6.1, letter a, GDPR), without which you will not be able to receive the requested service.
3. “Fidelity Card Marald” – Registration via membership form at one of our stores. Reference is made to the processing of data such as: name, tax code, address, e-mail, telephone number. To issue you with the Marald Fidelity Card and thus allow you to access all the advantages reserved for holders (discounts, promotions, participation and prize courses, invitations and participation in events, etc.), as well as to provide you with assistance where requested by you through our service clients. This purpose requires your explicit consent (art.6.1, letter a, GDPR), without which you will not be able to receive the requested service;
4. “Verification of compliance with the provisions of the Fidelity card Regulation and protection of rights” – To manage any conduct in violation of the provisions of the Fidelity card and GIFT CARD Regulation and to protect our rights in court, we may have to use your personal data provided to the when joining the loyalty program. The legal basis for this processing is the legitimate interest of the data controller (art.6.1, letter f – GDPR).
5. “Newsletter” – Registration via membership form when you create your personal user account, when you order via our website. Reference is made to data such as: Email and telephone number. The processing is aimed at keeping you informed about news, promotions, sending newsletters, events and initiatives of interest. This purpose requires your explicit consent (art.6.1, letter a, GDPR)
   – collected when requesting the Fidelity card and revocable at any time -, without which
   you will not be able to receive the requested service.;
6. “Customer care and Customer satisfaction” – Data you send to us via correspondence/email/surveys or other contact forms. Reference is made to data such as: name and email. The data processing is aimed at managing your requests for information and any reports to our customer service; The processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same (art.6.1, letter b – GDPR).
7. “Make purchases” – Directly on the online shop on the site owned by SONNYBONO, to allow you to purchase our products and services (e.g. Gift Card) in a convenient and fast way. Reference is made to data such as: Name, Shipping address, E-mail, Bank details. The processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same (art.6.1, letter b – GDPR).
8. “Marketing” - Analysis of consumer habits - To analyze your consumer habits and carry out market analysis and research in order to improve our commercial offer and send you promotions and invitations suited to you and your preferences, we will collect information relating to your purchases and your inactions with our website www.sonnybono.com. This purpose requires your explicit consent (art.6.1, letter a, GDPR) - collected when requesting the Fidelity card and revocable at any time -, without which you will not be able to receive the requested service.;

1. sending advertising material (examples of activities are: sending advertising material on new services to your e-mail; the legal basis of this purpose is identified in the acquisition of your consent to the processing of personal data for a purpose (art.6.1, letter a, GDPR);
2. activities connected to the execution of the contract of which you are a party, including the pre-contractual phase (examples of activities are: the provision of a service: the legal basis of the aforementioned purpose is identified in the contract and pre-contractual measures (art. 6.1, letter b, GDPR), but also (if applicable) in the legitimate interest (art. 6.1, letter f, GDPR) as regards the need to defend a right and also in the fulfillment of a legal obligation or regulations in force or to fulfill an obligation imposed by the Authorities (art. 6.1, letter c, GDPR);
3. maintenance of IT systems and devices (the parties in charge of carrying out maintenance and repairs on the Site may accidentally have access to your personal data. These are entirely occasional and unpredictable events and in any case have no identification purpose and are of limited duration to execution of the maintenance/repair operation); the legal basis of the aforementioned purpose is identified in legitimate interest (art. 6.1, letter f, GDPR).

SONNYBONO undertakes to ensure that the Personal Data of which it becomes aware will be processed in ways that are suitable to guarantee its security and confidentiality, as well as to avoid unauthorized access to the data itself. The personal data and information provided by users through registration on the page may be communicated, for the above purposes, to the following categories of subjects:

1. SONNYBONO employees, who will process the data as agents
2. Public authorities competent to carry out the checks required by law in relation to prize competitions
   (e.g. ministries, notary or protection officer, chambers of commerce and others).

We share your Personal Data with the named entities, who may be located in Switzerland or other countries within or outside the European Economic Area (EEA), including in countries whose laws may not provide the same level of protection as data expected in the EEA or Switzerland. We guarantee that various security measures are in place, appropriate to protect your Personal Data in accordance with our legal obligations and that the recipient will only process your Personal Data in accordance with our instructions.
Where necessary, we use data transmission agreements with recipients, which are based on the standard contractual clauses approved by the European Commission (in Article 46 (2) of the General Data Protection Regulation) and/or the Federal Data Protection Act and the Swiss Transparency Officer.

The personal data will be processed by persons authorized to process who act under the authority of the Data Controller, adequately trained by the Data Controller himself, in compliance with the provisions of the art. 29 of the GDPR through automated tools for the time strictly necessary to achieve the purposes for which they were collected, as well as for any further period necessary to fulfill specific legal obligations.

Duration of storage for the respective purposes (Methods and purposes of processing)

Within certain limits based on applicable law, you have the right (which you may exercise at any moment):

• to withdraw your consent for the sending of marketing material, e.g. to object to the processing of your personal data for direct marketing purposes, including customer profiling to the extent that the same is related to such direct marketing purposes;
• to access your personal data and receive information on how they are processed;
• to rectify your personal data;
• to obtain the cancellation of your personal data;
• to limit the processing of your personal data;
• to oppose their treatment;
• to oppose an automated decision-making process relating to natural persons including profiling;
• to object to the processing at any time;
• to the portability of personal data.
• to request confirmation of the existence or otherwise of personal data;
• to lodge a complaint with the supervisory authority.

Furthermore, you may lodge an appeal before the judicial authority (in accordance with the provisions of art. 80 of the GDPR and art. 13 of Legislative Decree 101/2018) or a complaint to the Guarantor for the Protection of Personal Data,
through:

• registered letter with return receipt addressed to the Guarantor for the Protection of Personal Data, Piazza Venezia, 11,
  00187 Rome
• e-mail to the address:[email protected] [email protected]
• fax to the number: 06696773785

It is specified that a complaint to the Guarantor cannot be lodged if, for the same object and between the same parties, an appeal has been lodged before the judicial authority.

If you have any questions or comments regarding this Privacy Policy, the way in which we process your Personal Data or the way in which you would like to exercise any of your above-mentioned rights, please contact the Data Controller's DPO/Data Protection Officer at the following e-mail address [email protected]  or by post to the address of the Data Controller: Marald SpA – Interporto di Nola, Lotto C A9-A11, 80035 Nola, NA (Italy).

Marald S.p.A.
Ultimo aggiornamento: 16/01/2023 - Rev.0.5