Privacy & Cookie

1.1. The Data Controller for the processing of personal data is Beyonder s.r.l., represented by its legal representative pro tempore (hereinafter "Company" or "Controller").

2.1. Data provided by the User: a) Identification and personal data (name, surname, date of birth, email address); b) Data voluntarily communicated via messages, chat, or contact forms.

2.2. Data collected automatically: a) The Website uses automated data collection systems such as cookies and tracking tools (see Section 7).

2.3. Unless otherwise specified, all data requested by the Website is mandatory and necessary for its correct and complete operation. Failure to provide such data may prevent the proper functioning of the service.

2.4. Pursuant to Articles 22 and 13(2)(f) of Regulation (EU) 2016/679 (GDPR), we inform users that certain processing of personal data may include automated decision-making processes, including profiling, for the purposes of: a) Personalising the user experience by suggesting content or services based on expressed preferences; b) Improving the effectiveness of commercial and marketing communications; c) Analysing user behaviour to offer more relevant services; d) Assessing fraud risk or ensuring the security of transactions.

2.5. Automated decision-making processes and profiling are carried out by means of software that analyses data such as: a) Browsing data and interactions with the platform; b) Purchase history or service usage; c) Information provided by the user.

2.6. Unless otherwise stated in this document, personal data is processed and stored for the period required by the purpose for which it was collected and may be retained for a longer period due to any legal obligations.

2.7. The Company guarantees that such data will be processed exclusively in aggregate and anonymous form in compliance with applicable data protection legislation, and that adequate measures will be adopted to ensure its security and confidentiality.

3.1. The Controller adopts appropriate security measures to prevent unauthorised access, disclosure, modification, or destruction of personal data.

3.2. Processing is carried out by means of electronic and/or digital tools, with organisational methods and procedures strictly related to the purposes indicated.

3.3. In addition to the Controller, in certain cases, other parties involved in the organisation of the platform may have access to data (administrative, commercial, marketing, and legal staff, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communications agencies) who may also be appointed, where necessary, as Data Processors by the Controller. An updated list of Processors may be requested from the Controller at any time.

3.4. Where user data is processed in the public interest, in the exercise of official authority vested in the Controller, or in pursuit of the Controller's legitimate interest, users have the right to object to such processing on grounds relating to their particular situation. Where data is processed for direct marketing purposes, users may object to such processing at any time, free of charge.

3.5. Any requests to exercise user rights may be directed to the Controller through the contact details provided in this document.

4.1. The provision of data: a) Is mandatory for registration and the performance of contractual services; b) Is optional for marketing or profiling purposes.

5.1. Data processing is carried out by means of electronic and digital tools, in compliance with the principles of fairness, lawfulness, and transparency required by the GDPR.

5.2. The Company adopts all appropriate technical and organisational measures to ensure the security and confidentiality of data.

5.3. Personal data is retained for the period necessary to fulfil the stated purposes and, in any case: a) For the duration of the contractual relationship; b) For a further 10 years for tax, accounting, or legal purposes; c) Until withdrawal of consent for marketing or profiling activities.

5.4. Upon expiry of the retention period, personal data will be deleted. Accordingly, the right of access, deletion, rectification, and the right to data portability can no longer be exercised after that date.

6.1. Data may be communicated to: a) Parties acting on behalf of the Company (e.g. consultants, IT providers, hosting providers); b) Public or judicial authorities, in cases provided for by law.

6.2. Data will not be disseminated or transferred outside the European Economic Area, except where adequate safeguards are in place.

6.3. The user provides express consent to the transfer of collected data to countries outside the European Economic Area (EEA) in compliance with the provisions of Regulation (EU) 2016/679 ("GDPR"), to recipient countries able to offer an adequate level of protection pursuant to Article 45 GDPR, subject to the adoption of appropriate safeguards pursuant to Article 46 GDPR, whenever such transfer is deemed necessary for the performance of this contract or to establish, exercise, or defend a right in legal proceedings (Article 49 GDPR).

7.1. Cookies are small text files sent by the website and stored on the user's device. They serve to improve browsing, analyse site usage, and personalise content.

7.2. Types of cookies used: a) Technical cookies: necessary for the operation of the platform (consent not required). b) Analytical cookies: collect data in aggregate form on site usage (e.g. Google Analytics). c) Profiling and marketing cookies: used to propose personalised content and enable interest analysis of users (prior consent required).

7.3. Upon access, the user may manage their preferences via the consent banner. Consent may be modified or withdrawn at any time through the browser or site settings.

8.1. The user, as data subject, may exercise the following rights (Articles 15-22 GDPR): a) Right of access to personal data; b) Right to rectification or erasure ("right to be forgotten"); c) Right to restriction of or objection to processing; d) Right to data portability; e) Right to withdraw consent at any time; f) Right to lodge a complaint with the Data Protection Authority pursuant to Article 77 of Regulation (EU) 2016/679 (GDPR).

Where the data subject believes that the processing of their personal data is carried out in violation of applicable legislation, they have the right to lodge a complaint with the Data Protection Authority. The complaint may be submitted: a) By registered letter to: Garante per la Protezione dei Dati Personali, Piazza Venezia 11, 00187 Rome, Italy. By email (PEC): protocollo@pec.gpdp.it b) Via the official website: www.garanteprivacy.it

The exercise of this right does not preclude the possibility of seeking other judicial or administrative remedies. For further information on how to submit a complaint, the data subject may consult the website of the Data Protection Authority.

8.2. Requests may be sent by email to: privacy@beyonder.it

9.1. The Company reserves the right to amend this policy at any time.

9.2. Amendments will be published on the Website with the date of update.