Checkout information

Information (4) provided pursuant to art. 13 of Regulation (EU) no. 2016/679

[https://abrakadabraitaly.com/checkouts/(...)]

I. Why are you receiving this information?

Because ABK Experience s.r.l. intends to process some of your personal data through the ‘Quick check-out’ form (within the website ‘https://abrakadabraitaly.com/’) for the purposes and methods described below, and the law requires you to be informed about this in advance and adequately. This is distinct from what is contained in the Personal data protection policy and the Cookies policy.

II. Who is providing you with this information?

The data controller is (according to the law) the entity that independently decided both these purposes and these methods, controlling the website in question, and the law requires you to know who it is and, above all, how to contact it.

In this case, it will be ABK Experience s.r.l., a limited company with VAT number and tax code n. 04783490404, registered with the Business Register under n. RN-440772, located in via Monte Rosa, 11 - Riccione (RN), 47838, and reachable via the company e-mail contact ‘compliance@abrakadabraitaly.com’.

III. What are the aforementioned purposes of processing?

The first task of the data controller is (according to the law) to declare which objectives it intends to achieve through the processing of your personal data.

The first [1] purpose [main] is to develop the recreational service you purchased according to the necessary configuration, in light of what was agreed with you, to enable more efficient business operations and your maximum satisfaction. If you have already engaged the data controller but need support because you have encountered a problem or have a doubt, this is the purpose for you.

The second [2] purpose [ancillary] is to comply with personal data protection regulations, by conforming to one or more relevant legal obligations. Please read section (n. IV.c.) regarding your rights with particular attention to understand what the data controller will be required to do.

The third [3] purpose [ancillary] is to eventually protect – even if it is hoped that there will be no need – its economic interests in extra-judicial and/or judicial proceedings [legitimate interest]. Don’t worry, it is only the legislator who imposes such a clarification on us…

IV.a. Who will help achieve the purposes of processing?

The second task of the data controller is (according to the law) to declare which methods it intends to adopt for the processing of your personal data: here, in particular, who will have access to your personal data. Please note that a service provider in this context is not a simple software reseller, but the entity that hosts your personal data involved in the use of the same software on its servers.

Internally, for the first [1], second [2] and third [3] purposes, only the sole director (general management area) will be involved.

Externally, for the first [1] purpose, the corporate website hosting provider (A), the corporate email hosting provider (B), - potentially - the secretarial - commercial and technical, conformity, commercial and technical assistance service provider (C), and - potentially - the corporate instant messaging hosting provider (D) will be involved, all authorized to act as data processors, as well as the bank(s) and/or financial intermediary(ies) specifically selected (I), acting as independent data controller(s).

Externally, for the second [2] purpose, the corporate website hosting provider (A), the corporate email hosting provider (B), - potentially - the secretarial - commercial and technical, conformity, commercial and technical assistance service provider (C), - potentially - the corporate instant messaging hosting provider (D), - potentially - the corporate certified email hosting provider (E) and - potentially - the lawyer(s) specifically selected (F) will be involved, all authorized to act as data processors, as well as the bank(s) and/or financial intermediary(ies) specifically selected (I) and - potentially - the lawyer(s) specifically selected (II), acting as independent data controller(s).

Externally, for the third [3] purpose, - potentially - the corporate email hosting provider (A), - potentially - the secretarial - commercial and technical, conformity, commercial and technical assistance service provider (B), - potentially - the corporate certified email hosting provider (C) and - potentially - the lawyer(s) specifically selected (D) will be involved, all authorized to act as data processors, as well as - potentially - the lawyer(s) specifically selected (I), acting as independent data controller(s).

Please note that the corporate website hosting provider, for the pursuit of the first [1] and second [2] purposes, will - in case of detection of its operational needs - transfer your personal data to Canada (CA) and - potentially - to one or more other non-EU countries, which are still considered third countries, adopting as adequate safeguards adequacy decisions regarding the individual relevant national legal systems concerning personal data protection, pursuant to art. 45, par. 1 of the GDPR and/or standard contractual clauses for the transfer of personal data as per Commission Implementing Decision (EU) 2021/914, pursuant to art. 46, par. 2, letter c) of the GDPR, as declared at ‘https://www.cloudflare.com/it-it/cloudflare-customer-dpa/’ (section “6. Data transfers from the EEA, Switzerland, and the UK”), unfortunately not currently available in Italian.

Please also note that the secretarial - commercial and technical, conformity, commercial and technical assistance service provider, for the pursuit of the first [1] and second [2] purposes, will - in case of detection of its operational needs - transfer your personal data to Canada (CA) and - potentially - to one or more other non-EU countries, which are still considered third countries, adopting as adequate safeguards adequacy decisions regarding the individual relevant national legal systems concerning personal data protection, pursuant to art. 45, par. 1 of the GDPR and/or standard contractual clauses for the transfer of personal data as per Commission Implementing Decision (EU) 2021/914, pursuant to art. 46, par. 2, letter c) of the GDPR, as declared regarding its distinct hosting assistant (corporate email) at ‘https://www.cloudflare.com/it-it/cloudflare-customer-dpa/’ (section “6. Data transfers from the EEA, Switzerland, and the UK”), unfortunately not currently available in Italian.

Finally, please note that the corporate instant messaging hosting provider, for the pursuit of the first [1] and second [2] purposes, will - in case of detection of its operational needs - transfer your personal data to the United States of America (US) and - potentially - to one or more other non-EU countries, which are still considered third countries, adopting as adequate safeguards adequacy decisions regarding the individual relevant national legal systems concerning personal data protection, pursuant to art. 45, par. 1 of the GDPR and/or standard contractual clauses for the transfer of personal data as per Commission Implementing Decision (EU) 2021/914, pursuant to art. 46, par. 2, letter c) of the GDPR, as declared at ‘https://www.whatsapp.com/legal/business-data-transfer-addendum’ (section “6. Data transfers from the EEA, Switzerland, and the UK”), unfortunately not currently available in Italian.

IV.b. How long will it take to achieve the purposes of processing?

The second task of the data controller is (according to the law) to declare which methods it intends to adopt for the processing of your personal data: here, in particular, for how long it will have access to your personal data.

Regarding the first [1] purpose, the necessary personal data will be kept until the date of completion of the recreational service development according to the necessary configuration, even if its duration is interrupted by a dissolution of the related contract.

Regarding the second [2] purpose, furthermore, the necessary personal data will be kept until the date of completion of the recreational service development according to the necessary configuration, but subsequently - in a separate and secure location, to ensure the pursuit of the third [3] purpose - for an additional 10 years from then.

Regarding the third [3] purpose, finally, the necessary personal data will be kept for a period of 10 years from the date of completion of the recreational service development according to the necessary configuration.

IV.c. What rights can you exercise before, during, and after processing?

The second task of the data controller is (according to the law) to declare which methods it intends to adopt for the processing of your personal data: here, in particular, what you can ask the data controller to do.

Regarding the first [1], second [2], and third [3] purposes, you can access your processed personal data, obtaining information about the processing similar to what you find in this privacy policy, as well as a copy thereof, rectify your processed personal data, for example, if you have changed your email contact, have your processed personal data erased, for example, if you consider the processing unlawful, have the processing of your processed personal data restricted, instead of having them erased, for example, if you consider the processing unlawful: all of this can be done by writing to ‘compliance@abrakadabraitaly.com’.

Furthermore, regarding the first [1] purpose, you can obtain the portability of your processed personal data: this can also be done by writing to ‘compliance@abrakadabraitaly.com’.

Furthermore, only with regard to the third [3] purpose, you may object to the processing of your processed personal data: this can also be done by writing to ‘compliance@abrakadabraitaly.com’.

However, finally, regarding the first [1], second [2], and third [3] purposes, you can lodge a complaint with the Italian Supervisory Authority (Garante per la protezione dei dati personali) at ‘https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524’ or with the national Supervisory Authority operating within the territory of the European Union Member State where you reside and/or work, qualified as a competent Supervisory Authority: this will be very useful if at any time you consider the processing of your personal data to be unlawful.

IV.d. Is it mandatory to disclose your personal data to the data controller?

The second task of the data controller is (according to the law) to declare which methods it intends to adopt for the processing of your personal data: here, in particular, whether there is a pre-contractual or contractual and/or legal obligation that requires the data controller to collect your personal data.

Regarding the first [1] purpose, there is a contractual obligation and therefore the data controller could not otherwise act effectively to develop the recreational service according to the necessary configuration.

Furthermore, with regard to the third [3] purpose, there is no pre-contractual or contractual and/or legal obligation, and therefore the data controller acts solely to satisfy its legitimate interest related to this purpose, ensuring all necessary guarantees.

Date: 12/01/2026

The legal representative of the data controller: Mr. Valerio MONTANARI