Personal data protection policy
Personal data protection policy provided pursuant to art. 13 of EU Reg. no. 2016/679
[https://abrakadabraitaly.com/]
I. Why are you receiving this privacy notice?
Because ABK Experience s.r.l. intends to process some of your personal data through a series of automatic interactions (within the website ‘https://abrakadabraitaly.com/’), outside of the individual forms also available, for the purposes and according to the methods described below, and the law requires you to be informed of this in advance and adequately. All of this is distinct, in addition to what is contained in the individual privacy notices linked to each of the aforementioned individual forms, from what is contained in the Cookies policy, which you can find immediately next to this policy.
II. Who is providing you with this privacy notice?
The data controller is (according to the law) the entity that has autonomously decided both these purposes and these methods, controlling the website in question, and the law requires you to know who it is and, above all, how it can be contacted.
In this case, it will be ABK Experience s.r.l., a limited company with VAT number and tax code 04783490404, registered with the Register of Companies under no. RN-440772, located in via Monte Rosa, 11 - Riccione (RN), 47838 and reachable via the corporate email contact ‘compliance@abrakadabraitaly.com’.
III. What are the aforementioned processing purposes?
The first task of the data controller is (according to the law) to declare what objectives it intends to achieve through the processing of your personal data, regardless of whether you interact with the telephone link made available (‘+39 3888987502’) rather than with the email link also made available (‘info@abrakadabraitaly.com’), as well as with the WhatsApp function available (specific icon in the bottom left or button "Contact Us ->").
The first (A) [1.A] purpose [main alternative] is to define the configuration of the recreational service you need, in light of what you have requested, so as to allow for more efficient planning of its business activities and your maximum satisfaction. If you want to know more about the data controller because you are interested in the added value it can help create, this is the purpose for you.
The first (B) [1.B] purpose [main alternative] is to develop the recreational service you have purchased according to the necessary configuration, in light of what has been agreed with you, so as to allow for more efficient execution of its business activities and your maximum satisfaction. If you have already entrusted yourself to the data controller, but need support, because you have encountered a problem or have a doubt, this is the purpose for you.
The second [2] purpose [ancillary] is to comply with personal data protection legislation, conforming to one or more pertinent legal obligations. Please read the section (no. IV.c.) on your rights carefully to understand what the data controller will be required to do.
The third [3] purpose [ancillary] is to eventually protect - even if it is hoped that there will be no need - its economic interests in out-of-court and/or judicial proceedings [legitimate interest]. Don't worry, it's just the legislator who imposes such a clarification on us...
IV.a. Who will help pursue the processing purposes?
The second task of the data controller is (according to the law) to declare what methods it intends to adopt for the processing of your personal data: here, in particular, who will have access to your personal data. Please note that a service provider in this context is not a simple software reseller, but the entity that hosts your personal data involved in the use of the same software on its servers.
Internally, with regard to the first (A) [1.A], the first (B) [1.B], the second [2] and the third [3] purposes, only the sole director (general management area) will be involved.
Externally, with regard to the first (A) [1.A] and the first (B) [1.B] purposes, the secretarial - commercial and technical, conformity, commercial and technical assistance service provider (A) and - possibly - the corporate instant messaging hosting service provider (B), authorized to operate as a data processor, will be involved.
Externally, with regard to the second [2] purpose, the secretarial - commercial and technical, conformity, commercial and technical assistance service provider (A), - possibly - the corporate instant messaging hosting service provider (B), - possibly - the corporate email hosting service provider (C), - possibly - the certified corporate email hosting service provider (D) and - possibly - the specially selected lawyer/s (E), all authorized to operate as data processors, as well as - possibly - the specially selected lawyer/s (I), acting as independent data controller/s, will be involved.
Externally, with regard to the third [3] purpose, - possibly - the corporate email hosting service provider (A), - possibly - the secretarial - commercial and technical, conformity, commercial and technical assistance service provider (B), - possibly - the certified corporate email hosting service provider (C) and - possibly - the specially selected lawyer/s (D), all authorized to operate as data processors, as well as - possibly - the specially selected lawyer/s (I), acting as independent data controller/s, will be involved.
Please note that the secretarial - commercial and technical, conformity, commercial and technical assistance service provider, for the pursuit of the first (A) [1.A], the first (B) [1.B] and the second [2] purposes, will - in case of detection of its operational needs - transfer your personal data to Canada (CA) and - possibly - to one or more other non-EU countries, which are nevertheless to be considered third countries, adopting as adequate safeguards adequacy decisions regarding the individual pertinent national legal systems in the field of personal data protection, pursuant to art. 45, par. 1 of the GDPR and/or standard contractual clauses for the transfer of personal data referred to in ex. dec. (European Commission) no. 2021/914, pursuant to art. 46, par. 2, let. c) of the GDPR, as declared regarding its distinct hosting assistant (corporate email) at 'https://www.cloudflare.com/it-it/cloudflare-customer-dpa/' (section "6. Data transfers from the EEA, Switzerland, and the UK"), unfortunately not currently available in Italian.
Please also note that the corporate instant messaging hosting service provider, for the pursuit of the first (A) [1.A], the first (B) [1.B] and the second [2] purposes, will - in case of detection of its operational needs - transfer your personal data to the United States of America (US) and - possibly - to one or more other non-EU countries, which are nevertheless to be considered third countries, adopting as adequate safeguards adequacy decisions regarding the individual pertinent national legal systems in the field of personal data protection, pursuant to art. 45, par. 1 of the GDPR and/or standard contractual clauses for the transfer of personal data referred to in ex. dec. (European Commission) no. 2021/914, pursuant to art. 46, par. 2, let. c) of the GDPR, as declared at 'https://www.whatsapp.com/legal/business-data-transfer-addendum' (section "6. Data transfers from the EEA, Switzerland, and the UK"), unfortunately not currently available in Italian.
IV.b. How long will it take to pursue the processing purposes?
The second task of the data controller is (according to the law) to declare what methods it intends to adopt for the processing of your personal data: here, in particular, for how long it will have access to your personal data.
With regard to the first (A) [1.A] purpose, the necessary personal data will be stored until the date of completion of the definition of the recreational service configuration, even if the outcome is negative.
With regard to the second [2] purpose, if it follows the pursuit of the first (A) [1.A] purpose, moreover, the necessary personal data will be stored until the date of completion of the definition of the recreational service configuration, but subsequently - in a separate and secure location, to ensure the pursuit of the third [3] purpose - for an additional 10 years from then.
With regard to the third [3] purpose, if it follows the pursuit of the first (A) [1.A] purpose, moreover, the necessary personal data will be stored for a period of 10 years from the date of completion of the definition of the recreational service configuration, without prejudice to what has already been specified regarding the subsequent management after such completion.
With regard to the first (B) [1.B] purpose, the necessary personal data will be stored until the date of completion of the development of the recreational service according to the necessary configuration, even if the relative duration is shortened by a termination of the relevant contract.
With regard to the second [2] purpose, if it follows the pursuit of the first (B) [1.B] purpose, moreover, the necessary personal data will be stored until the date of completion of the development of the recreational service according to the necessary configuration, but subsequently - in a separate and secure location, to ensure the pursuit of the third [3] purpose - for an additional 10 years from then.
With regard to the third [3] purpose, finally, if it follows the pursuit of the first (B) [1.B] purpose, the necessary personal data will be stored for a period of 10 years from the date of completion of the development of the recreational service according to the necessary configuration, without prejudice to what has already been specified regarding the subsequent management after such completion.
IV.c. What rights can you exercise before, during, and after processing?
The second task of the data controller is (according to the law) to declare what methods it intends to adopt for the processing of your personal data: here, in particular, what you can ask the data controller to do.
With regard to the first (A) [1.A], the first (B) [1.B], the second [2] and the third [3] purposes, you may access your processed personal data, obtaining information about the processing similar to that found in this privacy notice, as well as a copy thereof, rectify your processed personal data, for example if you have changed your email contact, have your processed personal data erased, for example if you consider the processing unlawful, have the processing of your processed personal data restricted, instead of having them erased, for example if you consider the processing unlawful: all of this can be done by writing to ‘compliance@abrakadabraitaly.com’.
Furthermore, with regard to the first (B) [1.B] purpose, you may obtain the portability of your processed personal data: this can also be done by writing to ‘compliance@abrakadabraitaly.com’.
Furthermore, only with regard to the third [3] purpose, you may object to the processing of your processed personal data: this can also be done by writing to ‘compliance@abrakadabraitaly.com’.
However, finally, with regard to the first (A) [1.A], the first (B) [1.B], the second [2] and the third [3] purposes, you may lodge a complaint with the Italian supervisory authority (Garante per la protezione dei dati personali) at ‘https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524’ or with the national supervisory authority operating within the territory of the European Union Member State where you reside and/or work, in any case qualified as the competent supervisory authority: this will be very useful if at any time you consider the processing of your personal data unlawful.
IV.d. Is it mandatory to communicate your personal data to the data controller?
The second task of the data controller is (according to the law) to declare what methods it intends to adopt for the processing of your personal data: here, in particular, whether there is a pre-contractual or contractual and/or legal obligation that requires the data controller to collect your personal data.
With regard to the first (A) [1.A] purpose, there is a pre-contractual obligation and therefore the data controller could not otherwise act effectively to define the configuration of the recreational service.
Furthermore, with regard to the first (B) [1.B] purpose, there is a contractual obligation and therefore the data controller could not otherwise act effectively to develop the recreational service according to the necessary configuration.
Finally, with regard to the third [3] purpose, there is no pre-contractual or contractual and/or legal obligation and therefore the data controller acts solely to satisfy its legitimate interest connected to this purpose, ensuring all necessary guarantees.
Date: 12/01/2026
The legal representative of the data controller: Mr. Valerio MONTANARI
