privacy POLICY

  1. Owners of personal data processing

The Company Brandon Group S.r.l., with registered office in Via Vannella Gaetani n. 27, 80121, Naples, is the data controller of the personal data collected and processed through the services offered by the website

  1. Scope and updates of this Privacy Policy for users

The purpose of this Privacy Policy is to describe how the site is managed, with reference to the use of cookies and the processing of personal data of users/visitors (e.g. employees, customers, stakeholders, suppliers and other interested parties) who access it.

Contractors, consultants, partners and any other external entity with which the Company collaborates or acts on its behalf are also covered by this policy.

The information is provided pursuant to Regulation 2016/679/EU (General Data Protection Regulation – hereinafter GDPR) and the Personal Data Protection Code (Legislative Decree 196/03, the so-called Privacy Code), as amended by Legislative Decree 10 August 2018, no. 101.

The information is provided only for the website (hereinafter referred to as ‘the Site’ or ‘this Site’) and its possible sub-domains, but does not extend to other websites that may be consulted by the user via links.

Any questions relating to this privacy policy or the processing of data by the Brandon Group, including the right to be forgotten, can be sent to

  1. What personal data is collected and stored

The collection of personal data of the user of the site is aimed at providing and constantly improving the products and services offered by our Company, always maintaining the utmost care and confidentiality of the data received.

The categories of data that are collected are listed below, with a distinction between information provided directly by the user, received automatically through cookies or obtained from other sources.

3.1 Data provided voluntarily by the user

The Company receives and stores any data (the sender’s address and/or any other personal data) that the user provides in order to access certain services or to make e-mail requests in relation to the services provided by the site.

The data provided by the user in the course of accessing the site or identification are

data that identify the user (such as name, address, telephone numbers, e-mail addresses, user name or tax code that is provided at the time of setting up the account or later) for the use of the services provided by the website

other data that the law requires or authorises the site to collect and process and that are necessary for authentication or identification, or for verification of the data collected.

Any voluntary sending of electronic mail to the addresses indicated on the site entails the acquisition of the sender’s address,

and any other information contained in the message; such personal data will be used solely for the purpose of providing the requested service or performance.

The personal data provided by users/visitors will only be disclosed to third parties if such disclosure is necessary to fulfill the requests of the users/visitors themselves. Third parties cannot, under any circumstances, use the transmitted data for purposes unrelated to the agreement or partnership.

Users/visitors have the right not to provide their personal data. In this case, they may not be able to take advantage of certain services related to the website.

In particular, if the user does not consent to the use of email and phone for informational, advertising, direct sales, or interactive commercial communication purposes, these tools will not be used for such purposes.

3.2 Automatically collected data

The collection of user/visitor personal data sometimes occurs automatically.

The use of the website’s services results in the automatic receipt and storage of certain categories of data, such as information regarding their usage, including user interaction with the content and services available on the site.

The data automatically collected by the site includes:

  • Computer and connection information, such as statistics on the use of the website’s services, information about data traffic to and from websites, referral URLs, information about advertisements, IP address, access times, browser history data, language settings, and weblog information.
  • Location data, including general user location data (e.g., IP address) and precise location data from the mobile device used.
  • Data regarding all other interactions with our services, advertising preferences, and communications with us.

The use of “cookies” and other unique identification tools may result in the receipt of certain types of visitor/user data by the site. This occurs when the browser or device accesses the site’s services and other content provided by or on behalf of the website.

This data is used solely for anonymous statistical purposes regarding the site’s usage and to ensure its proper functioning.

The collected data includes the following information regarding usage and the device:

  • Data related to the pages visited by the user, access time, frequency and duration of visits, clicked links, and other actions performed when using the services and interacting with advertising and email content.
  • Data about the user’s activities and interactions with advertising partners, including data on displayed ads, the frequency of their display, when and where they were shown, and whether the user took any action, such as clicking on an ad.
  • Device model or type, operating system and version, browser type and settings, device ID or unique device identifier, ad ID, unique device token, and cookie-related data (e.g., cookie ID).
  • IP address from which the user’s device accesses the services.
  • Location data, including general location data (e.g., IP address) and precise location data from the user’s mobile device.

The Data Controller and, depending on the requested service, the designated Data Processors retain the connection/navigation logs for a limited period according to legal regulations to respond to any requests from the judicial authority or other public bodies authorized to request such logs for investigating potential liability in the event of cybercrimes.

3.3 Personal data from other sources

The site may receive information regarding the user from other sources, to the extent permitted by law.

This includes the following data:

  • Data from public sources (e.g., demographic data).
  • Data obtained from data providers (e.g., data relating to identity verification procedures, demographic data, data relating to online interest-based advertising).

The website, however, combines or correlates the personal data obtained from the user with data from these additional sources. In cases where personal data is disclosed by third parties, the site ensures that such third parties are legally authorized to do so.

3.4 Personal data from Social

The site also allows the user facilitated access through the use of social networks (such as Facebook) or other Single Sign-On service providers (such as Google or Apple) with which the user already has an account.

The user can decide which personal data to grant access to on the site when the connection with the Single Sign-On service is authorized.

Social networks can automatically provide the site with access to certain personal data they have stored about the user (e.g., content viewed or liked by the user, information about displayed or clicked ads, etc.).

  1. Processing methods

The processing is carried out using computer and telematic tools and/or manually (e.g., on paper) for the time strictly necessary to achieve the purposes for which the data was collected, and in any case, in compliance with current legal provisions.

  1. Purposes of personal data processing

The site processes the user’s personal data to perform, provide, and improve the services it offers to customers. These purposes include:

  • Provision of website services and general customer support. The use of personal data aims to provide functionality, analyze performance, correct errors, and improve the use and efficiency of the website’s services.
  • Additional purposes with prior consent. The use of the user’s personal data for additional purposes, which will be communicated, requires the user’s prior consent to process their personal data for specific purposes.

Only with the user’s express consent in accordance with the law, electronic tools can be used for activities such as analysis and profiling related to purchasing and professional choices to improve the offering of services and commercial information, direct sales, market research on products, services, and events by companies that align with users’ interests.

The user has the right to withdraw consent at any time. Failure to consent to profiling activities would make it impossible to improve the marketing offering to align with users’ interests.

Compliance with legal obligations. The site collects personal data in accordance with the legal obligations imposed, which require the retention and processing of the user’s personal data. For example, data is collected for participation in surveys and proceedings (including legal proceedings) conducted by public authorities or government bodies, particularly for the purpose of identifying, investigating, and prosecuting illicit conduct.

  1. Rights of data subjects

However, users/visitors have the right to access their data at any time and exercise other rights provided (e.g., requesting the origin of the data, rectification of inaccurate or incomplete data, limitation of processing, erasure or oblivion, data portability, as well as objecting to their use for legitimate reasons), by contacting the appropriate phone numbers or email address of the Company, as previously indicated.

In any case, the user has the right to withdraw consent to the processing of their personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

The user also has the right to access their personal data processed by the site. In particular, the user can request information about the purposes of processing, categories of personal data, categories of recipients to whom the personal data has been or will be disclosed, the expected period of retention of personal data, the right to request rectification or erasure of personal data or restriction of processing, the right to lodge a complaint with the supervisory authority, and any available information regarding the source of personal data.

The user has the right to prompt rectification of inaccurate personal data concerning them, such as in the case of incomplete personal data, as well as to obtain from the site the erasure of personal data concerning them. This is always provided that processing is not necessary to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the establishment, exercise, or

concerning claims/legal proceedings or defense activities. The right to erasure may also be limited by national laws.

The user is also granted the right to obtain from the website the restriction of processing where such restriction is possible.

  1. Minors

As part of the internal company policy, the Company does not process data of children under 14 years of age. Therefore, the Company will not be held responsible for any untrue statements provided by the minor during the provision of personal data. In the event that the falsity of the statements made by the minor is determined, the Data Controller will proceed with the immediate deletion of all personal data related to them.

Users under the age of 18 can only use the services with the presence and collaboration of a parent or guardian.

  1. Retention Period and Deletion of Personal Data

The website retains personal data of its users in order to allow them to continuously use the services provided, to the extent necessary for the processing purposes defined in the Privacy Policy for users. The retention period is set at five (5) years.

After the necessary period, the website undertakes to delete personal data in accordance with the rules of data retention and deletion or to take measures to anonymize the data, unless there is a legal obligation to retain personal data for a longer period (e.g., for legal, tax, accounting, or auditing purposes).

  1. Data Security

The website protects the personal data it holds through technical and organizational security measures aimed at reducing the risks associated with loss, misuse, unauthorized access, unauthorized disclosure, and unauthorized alteration of data. For example, the website uses (e.g., document destruction, security locks, frequent backups, access authorization, data encryption systems, etc.) as well as physical access restrictions to its data centers and authorization controls for data access.

Similarly, the user must keep their login credentials to avoid disclosing their sensitive data.