INFORMATION ON THE PROCESSING AND PROTECTION OF PERSONAL DATA

(Article 13 of EU Regulation No. 679/2016)

This information describes the processing of personal data entered or collected on the website https://www.unexpected-italy.com/ and is provided pursuant to Article 13 of EU Regulation 679/2016 (hereinafter "GDPR") and the national legislation on privacy and protection of personal data applicable.

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

The data controller of your personal data is Unexpected Italy S.r.l. Società Benefit (Tax code and VAT number 08704360729) with registered office in 70132 - Bari, Viale Volga c/o Fiera del Levante pav. 129, represented by its legal representative pro tempore Elisabetta Faggiana, email: privacy@unexpected-italy.com (hereinafter "Unexpected" or the "Company" or the "Controller").

In case the Controller uses data processors or sub-processors in accordance with Article 28 GDPR, the updated list of data processors and persons in charge of processing is kept at the Controller's registered office.

2. TYPES OF PERSONAL DATA WE PROCESS

The types of personal data we collect depend on the purpose for which they are collected. In general, we may directly collect from you the following types of personal data (hereinafter "Personal Data"):

a. Common personal data (such as, by way of example and not exhaustively: name, surname, email address, residential address, and telephone number);

b. Personal data provided directly by you through communications or attachments to communications;

c. Banking and tax identification data;

d. Usage, navigation, functional, session, statistical, profiling data, including the device identifier or user's IP address, the time when the user visits the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user's operating system and computer environment;

e. The processing also includes operations, or the set of operations concerning data collected also through the use of cookies, whose policy is fully referenced, viewable at the following link.

3. WHY WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASES

The processing of your Personal Data by the Controller is carried out:

A) Without your express consent (Articles 6 letters b) - f) GDPR), for the following purposes:

• To conclude contracts with the Controller;
• To fulfill pre-contractual, contractual, and tax obligations arising from existing relationships;
• To fulfill obligations provided by law, regulations, EU legislation, or an order of the Authority;
• To pursue a legitimate interest of the Controller or third parties, provided that your interests or fundamental rights and freedoms requiring the protection of personal data do not prevail (e.g., the Controller's right to legal defense).

B) Only with your specific and separate consent (Articles 6 letter a) and 7 GDPR), for the following marketing purposes:

• Sending via email, mail, and/or SMS and/or social networks (e.g., WhatsApp, Messenger, etc.), newsletters, commercial communications, and/or advertising material on products or services offered by the Controller and the detection of the satisfaction level on the quality of the products and/or services offered;
• Sending via email, mail, and/or SMS and/or phone contacts, invitations to events organized by the Controller or in which the Controller is a partner;
• Sending via email, mail, and/or SMS and/or phone contacts, commercial and/or promotional communications from third parties (e.g., business partners).

If you refuse your consent, it will not be possible to carry out the aforementioned activities under B), and if you have given consent to processing activities under B), you will always have the right to revoke it at any time.

4. PER QUANTO TEMPO CONSERVIAMO E TRATTIAMO I SUOI DATI PERSONALI

Your Personal Data will be processed by the Controller only for the period of time necessary to achieve the purposes of the processing referred to in the previous Article 3, after which they will be kept solely to comply with the legal obligations in force, for administrative purposes and/or to assert or defend one's own right and, in any case, not beyond the terms established by law for the prescription of rights. In particular, for marketing purposes, the User's Personal Data will be kept by the Controller for a maximum of two years.

5. HOW WE PROCESS YOUR PERSONAL DATA

Personal Data is subject to electronic and/or automated processing for the time necessary to achieve the purposes for which it is collected by the Controller or by duly authorized and/or appointed subjects to carry out these tasks, constantly identified and/or appointed, appropriately trained, and informed about the constraints imposed by the law, as well as by employing security measures to ensure the confidentiality and to avoid the risks of loss or destruction, unauthorized access, unauthorized processing, or processing not compliant with the aforementioned purposes.

6. TO WHOM WE MAY DISCLOSE YOUR PERSONAL DATA

For the purposes indicated above, your collected data may be made accessible or communicated to:

• Employees and collaborators of the Controller, in their capacity as authorized persons to process data, within the scope of their respective duties and in accordance with the instructions received. These individuals are, however, subject to confidentiality and secrecy obligations;
• Third-party subjects performing outsourcing activities on behalf of the Controller to whom certain activities or parts thereof are entrusted, functional to the provision and distribution of services offered through the website (e.g., hosting companies, programmers, system administrators and database administrators, technical support centers, Internet and telecommunications operators) or whose activity is connected, instrumental, or supportive to that of the Controller (e.g., cloud-based management and/or marketing software, etc.);
• All those public and/or private subjects, natural and/or legal persons (legal, administrative and tax consulting firms, debt collection companies, Judicial Offices, Chambers of Commerce, Labor Offices, etc.), if communication is necessary or functional to the correct fulfillment of contractual obligations assumed, as well as the obligations arising from the law;
• All those subjects (including Public Authorities) who have access to personal data by virtue of regulatory or administrative provisions;

In any case, your collected personal data will not be sold or transferred to third parties for marketing purposes and will not be disclosed.

7. TRANSFER OF PERSONAL DATA OUTSIDE THE EU AREA

The management and storage of your Personal Data will take place in Europe. It is understood, however, that the Controller, if necessary, may have the right to have your Personal Data processed outside the EU Area (EEA). In such case, the Controller ensures from now on that the transfer of data outside the EU will take place in accordance with the applicable legal provisions by stipulating, if necessary, agreements guaranteeing an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.

8. MINORS

This website and the Controller do not intentionally collect Personal Data relating to minors under 18 years of age. In accordance with applicable laws, the parental responsibility holder must provide consent for the collection of Personal Data of the minor. In the event that Personal Data on minors are inadvertently recorded, the Controller will promptly delete them upon request of the parental responsibility holder.

9. YOUR RIGHTS

Pursuant to Articles 15 and following of the GDPR and the applicable national legislation on privacy and personal data protection, you have the right to:

1. Obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:

• The purposes of the processing;
• The categories of personal data concerned;
• The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
• Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
• The right to lodge a complaint with a supervisory authority;
• Where the personal data are not collected from the data subject, any available information as to their source;
• The existence of automated decision-making, including profiling.

2. Obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Obtain from the Data Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies, and where the Data Controller is obliged to erase the personal data in accordance with the applicable law.

4. Obtain from the Data Controller restriction of processing.

5. Receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or on a contract and the processing is carried out by automated means.

6. Object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, including profiling.

7. If you believe that your rights have been violated by the Data Controller, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at Piazza Venezia 11, 00187 Roma (RM) - www.garanteprivacy.it, and/or with another competent supervisory authority under the GDPR.

Following the exercise of the rights under points 2), 3), and 4), the Data Controller communicates any rectifications, erasures, or restrictions of processing to each of the recipients to whom the personal data have been disclosed, within the limits and in the manner provided by the applicable regulations.

To exercise the rights listed above against the Data Controller, you must submit a written request by sending a registered letter with acknowledgment of receipt to Unexpected S.r.l. Società Benefit, at 70132 - Bari, Viale Volga c/o Fiera del Levante pad. 129, or by sending an email to privacy@unexpected-italy.com.

10. WHAT HAPPENS IN CASE OF CHANGES TO THE PRIVACY POLICY

This privacy notice may be modified and/or updated at any time. Should the Data Controller intend to process your personal data for purposes other than those set out in the preceding article 3, it undertakes to provide you, before such further processing, with adequate information regarding such different purposes and to carry out such further processing in compliance with the applicable regulations, collecting your specific consent where necessary.

This Privacy Policy was last updated on 09/04/2024. Any updates will be published on this page.