PRIVACY INFORMATION REGARDING THE PRODUCTS AND SERVICES OFFERED BY “BAM”
1. Who is the data controller of the data processed by “BAM” – “Beach Amnesties Management” ?
Pursuant to and for the purposes of art. 4, no. 7) of EU Regulation / 679/2016, the Data Controller of the Data Subjects processed through the website of https://bam-solutions.net/ from the company BAM SOLUTION d.o.o. (Ltd) registered in Rijeka, Avelina Turka 2B, 51000, Croatia - that can be contacted at the email firstname.lastname@example.org (subsequently also "BAM" and / or the "data controller").
For the purposes of this policy, the interested party means each user who accesses, registers, navigates and interacts within the website https://bam-solutions.net/ and uses the products and services we offer, such as an mobile application “BAM”.
2. What data is processed by BAM?
To offer products and services and to allow registration, navigation and use of the website a bam-solutions.net/ , BAM processes the data provided by the interested party relating, specifically, to:
• E-mail contact and telephone number (to contact you and support you in your requests);
• Name of your bathing establishment and region of allocation of the same;
• Tax code / VAT number, residence / domicile address and credit card data (for any billing and payment if a contractual relationship is established with us).
The data processed by BAM and listed above will be jointly referred to and defined as "data" below.
3. For what purposes are the data processed?
The processing of data provided by the interested party will be performed by BAM for the following purposes:
2. fulfill the pre-contractual, contractual and tax obligations deriving from any relationships established with the interested party;
3. fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for example in the matter of anti-money laundering);
4. exercise the rights as Data Controller, such as, for example, the right to defense in court.
b) Legitimate interest purposes:
1. for carrying out activities functional to any securitisations, assignments of credit and issue of securities, transfers of company and business unit, acquisitions, mergers, demergers or other transformations of BAM and for the execution of these operations;
2. for carrying out checks aimed at preventing any fraud.
1. for the promotion of products and services offered by BAM, also by sending advertising materials, commercial communications, carrying out market research and direct sales activities, both through traditional communication tools, such as paper mail, that through remote communication tools, such as email, chat, newsletter, telephone, SMS, video call, automatic call, instant message, chatbot, intelligent interactive automated communication systems, banners, social networks, search engines, notification systems and others remote communication tools.
2. for the transfer of data (in aggregate and non-aggregate form) to third parties located in the European Union in order to promote - also by carrying out the activities referred to in the previous letter (e) - products and services offered and belonging to the following product sectors: insurance activities, wholesale and retail trade, information and communication services, professional and technical activities, hospitality and tourism services, organization of events and tours; is
3. for the profiling of the interested party by BAM and / or third parties in order to make the promotional activities indicated above better focused on the needs, habits and interests of the interested parties and the performance of preparatory and / or functional activities for the correct execution of these promotional initiatives.
4. On what legal basis are the data processed?
The data controller can process the data provided by the interested party on the website https://bam-solutions.net/ because, in compliance with the conditions of lawfulness referred to in art. 6 of EU Reg. / 679/2016:
The processing of data for contractual purposes is mandatory: if the interested party does not provide such data, the Data Controller does not guarantee the correct provision of the services rendered and connected to the website https://bam-solutions.net/
- may need to treat them for the Legitimate Interest purposes referred to in art. 3, lett. b), nos. 1) and 2), pursuing its legitimate interest or that of third parties: according to art. 6, lett. f) of EU Regulation / 679/2019, the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties, adequately balanced with the interests of the interested party in light of the limits imposed on such treatment and the specific circumstances in which the processing takes place illustrated in the same paragraph 3.
The processing of data for legitimate interest purposes is not mandatory and the interested party may object by contacting the data controller directly: if the interested party opposes said treatment, his data cannot be used for legitimate interest purposes, except that the data controller demonstrates the presence of prevailing binding legitimate reasons or the exercise or defense of a right pursuant to article 21 of EU Regulation / 679/2016.
- does not need to process them for the Marketing Purposes referred to in art. 3, lett. c), nos. 1), 2) and 3) and can do so only with the consent of the interested party.
The processing of data for Marketing Purposes is optional and, if the interested party refuses his consent, he will not receive any commercial communications, will not participate in market research and will not receive communications and services adapted to his profile. Failure to consent to the provision of data for Marketing Purposes does not in any way affect the contractual relationships established with the data controller and the provision of the services offered by them.
5. How is the Data processed?
The processing of the data of the interested party is carried out by BAM by means of the operations indicated in art. 4 no. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
The data can be processed with manual or IT tools, suitable to guarantee its security, confidentiality and to avoid unauthorized access; by way of example, the data may be collected through the registration of the interested party on the IT platform arranged by BAM, creation of the user profile, purchase of BAM products and services, IT tools of third parties (such as surveys on social networks, google form, typeform), direct contact via email or telephone contact and chatbot.
The informative storage of data is carried out using cloud computing tools on servers located within the territory of the EU (UK): for more information on the safety, compliance and compliance standards required by the GDPR adopted by the chosen external providers, consult the web page https://faelix.net/legal/data-processing/.
6. To whom is the data communicated?
The data may be disclosed for contractual purposes to subjects that perform services connected and functional to the management of the relationship in place or to be entered into with the interested party and, in particular, to the following categories of subjects located within the European Union and, within the limits set out in paragraph 7 of this statement, outside the European Union:
- service providers connected to the activities of the owner
- assistance, tax and legal advice, including debt collection companies;
- suppliers of IT or archiving services, such as, among others, the company that issues and manages the digital signature certificate in the event that the digital signature is used by the interested party to sign the contract.
The data may be disclosed for the purposes of legitimate interest to suppliers of assistance services, technical, tax and legal consultancy, assignees of receivables in the context of credit securitization or credit assignment operations for purposes strictly connected and instrumental to the management of the relationship with the transferred interested party, as well as the issue of securities, company assignees or business units, potential purchasers of the data controller and companies resulting from possible mergers, divisions or other transformations, also in the context of activities functional to these operations, and to competent authorities.
Finally, the data may be communicated for marketing purposes to service providers such as external data processors and with the prior consent of the interested party, to the third parties referred to in paragraph 3, lett. c), nos. 2) and 3).
The subjects indicated above may act, as appropriate, as external data processors or independent data controllers.
7. Are the data transferred abroad?
The data may be freely transferred outside the national territory to countries located in the European Union, but could also be transferred outside the European Union.
Any transfer of the data of the interested party to countries located outside the European Union will take place, in any case, in compliance with the appropriate and appropriate guarantees for the purposes of the transfer itself in accordance with the applicable legislation and in particular with articles 45 and 46 of EU Regulation 679/2016.
8. What are the rights of the interested party?
The interested party, pursuant to and for the purposes of articles 15 - 22 of EU Regulation / 679/2016, has the right to:
- obtain confirmation from the data controller whether or not data processing is in progress- obtain access to data and information relating to the processing of data concerning him;
- obtain from the data controller the correction of inaccurate data concerning him without undue delay;
- obtain the integration of incomplete data, also by providing an additional declaration;
- obtain from the data controller the cancellation of data concerning him without undue delay;
- obtain from the data controller the limitation of the treatment:
a) for the period necessary for the verification of the accuracy of such data by the data controller, when the interested party disputes its accuracy;
b) when the processing is unlawful and the interested party opposes the deletion of the data, requesting instead that their use be limited;
c) when the data are necessary for the interested party to ascertain, exercise or defend a right in court, although the data controller no longer needs it for processing purposes;
d) when the interested party has opposed the processing pursuant to Article 21, paragraph 1 of EU Regulation / 679/2016 and for the whole period in which it remains pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party ";
- receive in a structured format, commonly used and readable by an automatic device, the data concerning him provided to the data controller;
- transmit this data to another data controller without hindrance by the data controller to whom it has provided them;
- obtain the direct transmission of data from one data controller to another, if technically feasible;
- object at any time, for reasons related to your particular situation, to the processing of data concerning you pursuant to Article 6, paragraph 1, letters e) or f), including profiling;
- not be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which has similarly significant effects
- - propose a complaint directly to the Guarantor Authority if there is a violation of the data protection legislation by the data controller.
The right of complaint, however, can be freely exercised by the interested party by preparing an act to be sent to the Guarantor Authority in the manner deemed most appropriate
9. Who are the external data processors?
10. How long will the data be kept?
The data processed by the Data Controller:
- for the Contractual Purposes and for the Legitimate Interest Purpose referred to in paragraph 3, lett. b) no. 1), will be kept for a period equal to the duration:
- the use of the website;
- any contractual relationship for the product and / or service offered (including any renewals) and for the 10 years following the end, termination or withdrawal of the same, except in cases where storage for a later period is required for any disputes, requests from competent authorities or pursuant to applicable legislation;
- for the Legitimate Interest Purposes referred to in paragraph 3, lett. b) no. 2), will be kept for the duration strictly necessary to ensure the reliability of the checks indicated therein;
- for the Marketing Purposes referred to in paragraph 3, lett. c), nos. 1) and 2) of this information, will be kept for a period equal to the duration of the Contract and / or the service offered (including any renewals) and for a maximum period equal to 24 months from the expression of the consent by the interested party ;
- for the Marketing Purposes referred to in paragraph 3, lett. c), no. 3) of this information, will be kept for a period equal to the duration of the Contract and / or the service offered (including any renewals) and for a maximum period equal to 12 months from the expression of the consent by the interested party.
This information is valid from the date indicated at the bottom.
The Data Controller may also make changes and / or additions to said information, also as a consequence of any subsequent changes and / or regulatory additions in force on the matter.