Please note that this document is a translation for informational purposes only. The official and legally binding version is the Italian one.
Pursuant to Article 13 of EU Regulation No. 2016/679 (“General Data Protection Regulation” or “GDPR”), SmartBugs s.s. (“SB”) hereby informs all users (“users” or “data subjects”) who access the website https://butterflies4events.com and use its online services of the following information. This notice applies exclusively to the website welcome.farfallexeventi.com and not to other websites that may be accessed by users via links on this portal.
The Data Controller is SmartBugs s.s., headquartered in Villorba (TV), Via Cave, 66 – VAT No. IT04659080263, email info.smartbugs@gmail.com.
The personal data processed directly by the Controller or by third-party Data Processors include identification data such as name, surname, tax code, address, telephone number, email, bank and payment details, for the following purposes:
To fulfill pre-contractual and contractual obligations related to the requested service;
To comply with legal or regulatory obligations, including requests from judicial authorities;
To exercise the Controller’s rights, including legal defense;
Only upon explicit consent, for marketing purposes (sending emails, SMS, newsletters to promote products or services offered by the Controller);
To manage and maintain the website, enable use of services, satisfy user requests, and to prevent or detect fraudulent activities or abuses against the Controller via the website.
The legal basis for processing data under points 1 and 5 is the execution of the contract or pre-contractual activities requested by the user; for point 2, it is compliance with legal obligations; for point 3, it is the legitimate interests pursued by the Controller; for point 4, it is the freely given consent of the data subject.
Providing personal data for processing is optional. However, failure to provide some or all data may result in partial or total inability to establish or continue the contractual relationship, where such data are necessary for contract execution.
Providing data for marketing purposes is also optional. Users may refuse or later revoke consent to marketing communications; in this case, they will not receive newsletters, commercial communications, or advertising material related to the Controller’s services.
Data processing is carried out by authorized internal personnel (employees, collaborators) instructed according to applicable privacy and data security regulations.
Where necessary, data may be processed by third-party Data Processors (per Article 28 GDPR) or independent Data Controllers, including but not limited to:
Professionals, companies, associations, or firms providing administrative, accounting, or tax support;
Public institutions required by law to receive mandatory communications;
Banks, payment service providers, professionals managing credit card payments or electronic payments, postal and courier services, and debt collection agents;
Messaging service platforms (e.g., https://it.sendinblue.com/legal/termsofuse/);
Couriers and other carriers responsible for product delivery.
Personal data are not subject to public dissemination.
No transfer of personal data outside the EU or to international organizations without adequate legal safeguards under the GDPR is planned within the scope of contractual management.
For purposes under points 1, 2, and 3, personal data will be processed and retained by the Controller for the duration of the contractual relationship and subsequently for the legally required periods related to accounting, tax, civil, and procedural regulations (10 years).
For marketing purposes (point 4), data will be retained for two years or until the withdrawal of consent or exercise of the right to deletion by the data subject.
The portal may contain links to third-party websites for user convenience and information. Accessing these links leads users away from the Controller’s site to external sites not controlled by the Controller, who assumes no responsibility for their data practices. Users are advised to review each external site’s privacy policies.
Under Articles 7, 15-21, and 77 of the GDPR, data subjects have the following rights:
Right of access (Art. 15): to confirm whether personal data concerning them is processed and to obtain a copy of such data;
Right to rectification (Art. 16): to have inaccurate personal data corrected without undue delay and to complete incomplete data;
Right to erasure (right to be forgotten) (Art. 17): to obtain deletion of personal data without undue delay;
Right to restriction of processing (Art. 18): to limit processing under specific circumstances (e.g., data accuracy contested, unlawful processing, legal claims);
Right to data portability (Art. 20): to receive personal data in a structured, commonly used, machine-readable format and transmit it to another controller;
Right to object (Art. 21): to object to data processing based on legitimate interests or public interest, including profiling, except when overriding legitimate grounds exist; also, to object at any time to direct marketing processing, including profiling related to direct marketing;
Right to withdraw consent (Art. 7): consent may be revoked at any time without affecting the lawfulness of processing before withdrawal;
Right to lodge a complaint (Art. 77): the data subject may file a complaint with the Supervisory Authority (Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Rome, Italy).
Data subjects can exercise their rights free of charge by sending a registered letter with return receipt to: SmartBugs s.s., Via Cave, 66 – 31020 Villorba (TV), Italy, or by email at info.smartbugs@gmail.com.
Unfounded or excessive requests, including repetitive ones, may result in a reasonable administrative fee or refusal of the request.