Privacy Policy

The company PONYU SRL , with registered office in (80142) Naples (NA), Via Benedetto Brin n. 59, registered in the Register of Companies of Naples R.E.A. n. NA – 963155, Tax Code and VAT number 04751310261, in the person of the legal representative pro tempore , Lucia Turolla, (hereinafter, PonyU) (hereinafter, the Company), as data controller (hereinafter, the Data Controller ), informs, pursuant to art. 13 EU Regulation no. 2016/679 concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data (hereinafter, the GDPR), that personal data will be processed as indicated below.



  1. Object of the processing
  2. 1.1


    The Data Controller processes personal and identification data (name, surname, address, company name, registered office, tax code, VAT number, registration in the Business Register, telephone, e-mail, bank and payment details) (of hereinafter, the Personal Data), communicated by the interested party (hereinafter, the interested party) at the time of signing contracts for the performance of his activities.
  1. Purpose of the treatment
  2. 2.1


    Personal data are processed by the owner

    1. without express consent (Article 6 letter b, and GDPR) for the following purposes:
      • fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships;
      • fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
      • prevent or discover fraudulent activities or abuses harmful to your website and / or accounts of social networks ;
      • exercise rights, for example the right to defense in court;
    2. with the prior consent (Article 7 of the GDPR) for the purposes of marketing (e.g., sending newsletters , commercial communications and / or advertising material on products or services offered by the Data Controller).
  3. 2.2


    The subjects, who are already customers, will be able to receive commercial communications on the Controller’s services and products similar to those they have already used, except in the case in which they have communicated their dissent.
  1. Processing methods
  2. 3.1


    The processing of Personal Data is carried out by means of the operations indicated in art. 4, paragraph 2, GDPR, or collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
  3. 3.2


    The Personal Data are subjected by the Data Controller to both paper and electronic and / or automated processing.
  4. 3.3


    The Data Controller processes Personal Data for the time necessary to fulfill the obligations related to the purposes indicated in Article 2, paragraph 1, lett. a) of this information and, in any case, no later than 1 (one) years from the termination of the relationship with the interested party.
  5. 3.4


    The Data Controller processes Personal Data for the time necessary to fulfill the purposes indicated in Article 2, paragraph 1, lett. b) of this information and, in any case, more than 1 (one) year from the date of data collection, except in the case in which the interested party has communicated his dissent to the continuation of the treatment.
  1. Access to data
  2. 4.1

    & nbsp;

    Personal Data may be made accessible to employees and collaborators of the Data Controller and / or to companies, which carry out activities on behalf of the Data Controller, in their capacity as external data processors.
  1. Data communication
  2. 5.1

    & nbsp;

    Without the express consent of the interested party, pursuant to art. 6, lett. b) and c), GDPR, the Data Controller may communicate the Personal Data of the Data Subject to Supervisory Bodies, Judicial Authorities as well as to all other subjects, to whom communication is mandatory by law.
  1. Data transfer
  2. 6.1

    & nbsp;

    The management and storage of Personal Data will take place

    1. on the Controller’s server located within the European Union; o
    2. on servers of third-party companies, which may be located in Italy and / or in the European Union and / or in non-EU countries.
  3. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to Italy and / or to the European Union and / or to non-EU countries.
  4. 6.2

    & nbsp;

    The Data Controller hereby ensures that the transfer of Personal Data to non-EU countries will take place in compliance with the provisions of the GDPR.
  1. Nature of the provision of data and consequences of refusal
  2. 7.1

    & nbsp;

    The provision of Personal Data for the purposes referred to in art. 2, paragraph 1, lett. a), of this information is mandatory. Otherwise, the Data Controller will not be able to guarantee the execution of the services for which it is appointed by the interested party.
  3. 7.2

    & nbsp;

    The provision of Personal Data for the purposes referred to in art. 2, paragraph 1, lett. b), of this information is optional. The interested party may not provide any data or subsequently deny the possibility of processing data already provided. In the latter case, the interested party will not receive newsletters and / or commercial communications and / or advertising material relating to the services offered by the Data Controller.
  1. Rights of the interested party
  2. 8.1

    & nbsp;

    Pursuant to art. 15 GDPR, the interested party will have the right to

    1. obtain confirmation of the existence or not of Personal Data, even if not yet registered, and their communication in an intelligible form;
    2. obtain the indication i) of the origin of the Personal Data; ii) the purposes and methods of the processing; iii) of the logic applied in case of treatment carried out with the aid of electronic instruments; iv) the identification details of the Data Controller, of the managers and of the designated representative pursuant to art. 3, paragraph 1, GDPR; v) the subjects or categories of subjects, to whom the Personal Data may be communicated or who can learn about them as appointed representatives in the territory of the State, managers and / or agents;
    3. obtain i) updating, rectification or, when interested, integration of Personal Data; ii) the cancellation, transformation into anonymous form or blocking of Personal Data processed in violation of the law, including those that do not need to be kept for the purposes for which they were collected or subsequently processed; iii) the attestation that the operations referred to in letters i) and ii) have been brought to the attention, also as regards their content, of those to whom the Personal Data have been communicated or disseminated, except in the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;
    4. object, in whole or in part, i) for legitimate reasons to the processing of Personal Data, even if pertinent to the purpose of the collection; ii) to the processing of Personal Data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator via email and / or through traditional marketing methods, by telephone and / or paper mail. The right of opposition for direct marketing purposes through automated methods extends to traditional ones and in any case the possibility of exercising the right of opposition even only partially remains unaffected. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
  3. 8.2

    & nbsp;

    If the conditions provided for by the GDPR exist, the interested party may exercise the right to be forgotten, the right to limit the processing, the right to the portability of Personal Data and the right to object, as well as the right to complain to the Guarantor Authority .
  1. How to exercise rights
  2. 9.1

    & nbsp;

    The interested party may at any time exercise his rights by sending a registered letter with return receipt. to PONYU SRL, Via Benedetto Brin, n. 59, (80142) Naples (NA), or a PEC at ponyu@pec.it.
  1. Minors
  2. 10.1

    & nbsp;

    The services of the Data Controller may also involve persons under 18 (eighteen) years of age. The Data Controller collects personal information relating to minors with the prior written consent expressed by both parents or by the subjects who take their place. In the event that information on minors were unintentionally registered, the Data Controller will proceed with their cancellation.
  1. Owner, manager and appointees
  2. 11.1

    & nbsp;

    The Data Controller is PONYU SRL, Via Benedetto Brin, n. 59, (80142) Naples (NA). The updated list of data processors and persons in charge of processing is kept at the headquarters of the Data Controller.