Privacy Policy for sites and commerce

Information on the Processing of Personal Data pursuant to EU Regulation no. 679/2016 (GDPR) and other regulations in force 

The following information is intended for all Users/Interested parties who visit and interact with this SO.C.EDIL DI BONANNO GIOVANNI & C. SAS website and the related e-commerce of 

SO.C.EDIL DI BONANNO GIOVANNI & C. SAS deals with the management of sales carried out through e-commerce

• to your bank (in the case of payment by bank transfer); or

• PayPal or stripe (in the case of payment via PayPal/stripe account or credit card); or

•the courier (in the case of payment on delivery).

Furthermore, in order to access the purchase of products on this website, it is necessary to register on e-commerce, which allows you to purchase products without prior registration and creation of an account.

The company SO.C.EDIL DI BONANNO GIOVANNI & C. SAS will process the personal data provided by the User/Interested party at the time of registration and for the possible conclusion of the online purchase contract of a product, in compliance with the provisions of the Regulation EU 679/2016 (GDPR) and the relevant legislation in force on the matter.

1. Data Controller (Manager and Persons in Charge)

The Data Controller is SO.C.EDIL DI BONANNO GIOVANNI & C. SAS with headquarters in via dei Mulini 9 Misilmeri (PA) contactable at ordini@bonannodresshome.it

Type and Purpose

The personal identification data voluntarily provided during the use of e-commerce through the registration service will be processed for the following purposes:

– allow registration to e-commerce and manage access to the related services;

– allow and facilitate the purchase of products online and the possible conclusion of the purchase contract via e-commerce;

– maintain and manage the account created following registration;

– store data and information in the created account (e.g. personal data, history of orders/purchases/returns, preferred delivery and billing addresses);

– allow you to put products in the cart and conclude the purchase contract via e-commerce;

– allow and facilitate the purchase of products online and the possible conclusion of the purchase contract via e-commerce for those who use the e-commerce registration service;

– execute the purchase contract and its related purposes and fulfill all legal obligations connected to it;

– execution of administrative and/or accounting and/or fiscal obligations, connected to the provision of e-commerce services and/or the concluded purchase contract (e.g.: keeping the accounting records and issuing the invoice sales);

– delivery of the products sold by courier;

– generic assistance and customer care activities (e.g.: responding to requests for information from users or responses to complaints, reports and disputes);

– respond to requests to exercise the right of withdrawal and/or exercise the legal guarantee of conformity and/or other rights arising from the purchase contract concluded on e-commerce and/or provided for by law in relation to this contract and /or service rendered, as well as to carry out the activities that prove necessary as a consequence of the exercise of these rights and to proceed, if necessary, with the related reimbursements;

– receive and respond to requests to exercise the rights regarding the protection of personal data provided for by the Regulation and carry out all consequent activities.

– marketing and/or profiling only if and where required and only with prior, separate, free and express consent of the User/Interested Party;

–manage and possibly block fraudulent or illicit uses of e-commerce;

– guarantee compliance with the contractual rights of the Data Controller and the related legitimate interest (e.g.: demonstrate that you have fulfilled the obligations arising from the contract with the interested party or imposed by law);

Furthermore, during free navigation within the e-commerce and, following registration, during the period of access to the personal area of the e-commerce, the interested party's navigation data will be collected for the sole purpose of obtaining anonymous statistical information on the use of e-commerce and to check its correct functioning, without associating them with data from other sources but reserving the right to verify them retrospectively if concrete indications of illegal use are brought to our attention.

As regards the use of cookies within e-commerce and within the personal area of e-commerce, the interested party is asked to read the cookie policy.

The processing of data for purposes other than those specified here will not be carried out without the prior explicit consent of the Institution

Data processing for purposes other than those specified here will not be carried out without the express consent of the interested party and delivery of the relevant information.

Nature of the provision of data

The provision of data:

1. in the fields of the registration form for the personal e-commerce area; or

2. in the fields of the order form, delivery form or invoicing form within the personal area of the e-commerce; or

it is optional with the exception of those form fields indicated as mandatory.

The latter, in fact, are necessary to ensure:

1. the fulfillment of contractual and legal obligations in force;

2. the correct and lawful use of e-commerce;

3. the protection of any intellectual rights and works;

4. the achievement of the purposes listed above;

therefore, the refusal of the interested party to provide them will determine the impossibility of proceeding with the purchase and, therefore, of concluding the contract and receiving the selected products through e-commerce.

Following the purchase of products through e-commerce, data is collected regarding: purchase, shipping and related tracking, complaint, return, cancellation and other activities carried out by the interested party within e-commerce as regards his orders, so that he can have an archive of his purchasing activities and the related status.

4. Treatment methods

The data will be processed with IT tools, on paper and on any other support useful for achieving the purposes set out in this information and the contract in compliance with the security measures required by current legislation.

The personal data provided by the interested party at the time of registration on the e-commerce and subsequent purchases will be stored within the e-commerce itself and in other archives at the headquarters of the Data Controller exclusively for the purposes indicated above.

For the purposes of this paragraph, the Data Controller undertakes to observe specific security measures to prevent data loss, illicit or incorrect use and unauthorized access, in full compliance with the laws and regulations.

5. Lawfulness

The interested party must express consent to the processing of their personal data for the purposes set out in this Policy in order to register for the e-commerce.

However, as regards the purchase of products through e-commerce, data processing is necessary for the fulfillment of the relevant contract and other legal obligations.

6.Communication of data to third parties

The data of the interested party are communicated to third parties to the minimum extent necessary for the fulfillment of contractual and legal obligations and/or only upon explicit request of the interested party.

The subjects to whom the data are communicated act as external data controllers designated by the Data Controller through a specific contract (“Data Controllers”) or as persons authorized to process data under the direct authority of the Data Controller (“ Persons in charge"), except in cases where the recipient acts as an independent data controller as, for example, in the case of couriers.

Furthermore, the data will be provided to the competent authorities in case of legal obligations.

The data of the interested parties may, therefore, be communicated by the Data Controller to the following categories of recipients:

– To companies, consultants or professionals possibly responsible for the installation, maintenance, updating and, in general, management of the Data Controller's hardware and software, including the providers of cloud computing services.

– To companies that carry out logistics and/or warehouse support and/or packaging and/or shipping and delivery or collection of products purchased on e-commerce.

– To all those subjects, including public authorities, who have access to the data pursuant to regulatory or administrative provisions.

– To all those public and/or private entities, natural and/or legal persons (legal, administrative and tax consultancy firms), if the communication is necessary or functional for the correct fulfillment of the contractual obligations undertaken in relation to the e-mail services commerce, including the purchase contract, as well as obligations deriving from the law or, in the case of assessment, exercise or defense of a right.

7.Transfers to third countries

The personal data of the interested parties are not transferred to third countries outside the EU.

8. Storage of personal data

The data provided will be kept for the time strictly necessary to carry out the individual processing activities (e.g. the registration data will be processed until the account is closed, taking into account the technical times necessary for the same;

the data necessary for the conclusion of the contract until the delivery of the product or, in case of non-delivery, until the termination of the contract, etc.), without prejudice to the fact that, once this period has expired, they will be kept in any case for 1 year, while they will be kept for longer periods only in the cases provided for by current legislation or only in the case of superior legitimate interest of the Data Controller.

Beyond these terms, the data provided through e-commerce will be deleted, retaining only those data relating to the fulfillment of legal and tax obligations, retained for the maximum periods established by the relevant laws and regulations (e.g.: for tax obligations they will be retained for 10 years).

9. Security measures

The transfer, storage and processing of the interested party's data collected through e-commerce are ensured through appropriate technical and security measures.

All the interested party's information is protected with the access keys that the user has chosen, the passwords are not recorded in clear text but rather protected with MD5 technology.

Furthermore, e-commerce is provided over an encrypted HTTPS connection using SSL certificates to guarantee the security of users and profiles.

The data of the interested parties are collected, archived and stored on a secure server, protected by a firewall and physically located in a web farm with controlled access located in Italy or the EU, while the data downloaded and processed in paper form are stored in special paper databases ensuring the appropriate safety regulations.

10.Rights of the interested party

The interested party has the right to:

1 Obtain confirmation of the existence, content and origin of personal data concerning him, even if not yet registered, and their communication without delay in an intelligible form.

2. Request information, in writing, on your personal data stored by us (e.g. origin, purpose, methods, categories, applied logic, retention period, rights, identification data of the Data Controller, subjects or categories to whom they may be communicated the data).

3.Revoke consent to the processing of your data.

4.Delete your data.

5.Transform and/or limit or block data processed in violation of the law.

6.Update, rectify or integrate your data.

7.Obtain your personal data, provided to the Data Controller, so as to be able to transmit them to another Data Controller.

8. Have certification that the aforementioned operations have been brought to the attention of those to whom the data were communicated, except in the case in which such fulfillment proves impossible or involves a use of means disproportionate to the protected right;

9.Object, in whole or in part, for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection.

10 Submit a complaint to the Privacy Authority (www.garanteprivacy.it).

For further information on privacy rights we invite the interested party to visit the website of the Guarantor Authority: www.garanteprivacy.it.

The interested party who wants to exercise his right must use the contact details of the Data Controller.


Useful information


Registered office: via dei Mulini 9 Misilmeri (PA) 90036

VAT number: 03617550821

Palermo and Enna Business Office

REA: PA - 143672