Registration and login information
Information (5) provided pursuant to Art. 13 of EU Reg. No. 2016/679
[https://shopify.com/authentication/(...)]
I. Why are you receiving this information?
Because ABK Experience s.r.l. intends to process some of your personal data through the 'Login' form (within the website 'https://shopify.com/', external to the website 'https://abrakadabraitaly.com/') for the purposes and in the manner described below, and the law requires that you be informed in advance and adequately. All of this is distinct from what is contained in the Personal data protection policy and what is contained in the Cookies policy.
II. Who is providing you with this information?
The data controller is (according to the regulations) the subject who has independently decided both these purposes and these methods, controlling the website in question, and the regulations require that you know who they are and, above all, how they can be contacted.
In this case, it will be ABK Experience s.r.l. itself, a limited company with VAT number and tax code no. 04783490404, registered with the Business Register under no. RN-440772, located in Via Monte Rosa, 11 - Riccione (RN), 47838, and reachable via the company email contact 'compliance@abrakadabraitaly.com'.
III. What are the aforementioned processing purposes?
The data controller's primary task is (according to the regulations) to declare the objectives it intends to achieve through the processing of your personal data.
The first [1] purpose [main] is to develop the management service for your reserved web area activated by you, in light of what was agreed with you, so as to allow for a more efficient conduct of its business activities via web and your maximum satisfaction. If you intend to keep a record of your previous commercial and/or technical choices concerning the data controller, as well as to benefit from reserved discounts, because you are interested in the additional added value it can help create, this is the purpose for you.
The second [2] purpose [ancillary] is to comply with personal data protection regulations, conforming to one or more relevant legal obligations. Please read section (n. IV.c.) regarding your rights carefully to understand what the data controller will be required to do.
The third [3] purpose [ancillary] is to eventually protect - although it is hoped that this will not be necessary - its economic interests in out-of-court and/or judicial proceedings [legitimate interest]. Don't worry, it's just the legislator who imposes such a clarification on us...
IV.a. Who will help pursue the processing purposes?
The data controller's second task is (according to the regulations) to declare the methods it intends to adopt for the processing of your personal data: here, in particular, who will have access to your personal data. Please note that a service provider in this context is not a simple software reseller, but the entity that hosts your personal data involved in the use of the same software on its servers.
Internally, with regard to the first [1], second [2] and third [3] purposes, only the sole director (general management area) will be involved.
Externally, with regard to the first [1] purpose, the corporate website hosting service provider (A), the corporate email hosting service provider (B), - possibly - the secretarial - commercial and technical, compliance, commercial and technical assistance service provider (C) and - possibly - the corporate instant messaging hosting service provider (D) will be involved, all authorized to operate as data processors, as well as the web reserved area management service provider (1), acting as joint data controller.
Externally, with regard to the second [2] purpose, the corporate website hosting service provider (A), the corporate email hosting service provider (B), - possibly - the secretarial - commercial and technical, compliance, commercial and technical assistance service provider (C), - possibly - the corporate instant messaging hosting service provider (D), - possibly - the certified corporate email hosting service provider (E) and - possibly - the specifically selected lawyer(s) (F) will be involved, all authorized to operate as data processors, as well as the web reserved area management service provider (1), acting as joint data controller, rather than - possibly - the specifically selected lawyer(s) (I), acting as independent data controller(s).
Externally, with regard to the third [3] purpose, - possibly - the corporate email hosting service provider (A), - possibly - the secretarial - commercial and technical, compliance, commercial and technical assistance service provider (B), - possibly - the certified corporate email hosting service provider (C) and - possibly - the specifically selected lawyer(s) (D) will be involved, all authorized to operate as data processors, as well as - possibly - the specifically selected lawyer(s) (I), acting as independent data controller(s).
Please note that the corporate website hosting service provider, for the pursuit of the first [1] and second [2] purposes, will - in case of detected operational needs - transfer your personal data to Canada (CA) and - possibly - to one or more additional non-EU member states, which are still considered third countries, adopting as adequate safeguards the adequacy decisions regarding the individual relevant national legal systems concerning personal data protection, pursuant to art. 45, par. 1 of the GDPR and/or the standard contractual clauses for the transfer of personal data referred to in Commission Implementing Decision (EU) 2021/914, pursuant to art. 46, par. 2, letter c) of the GDPR, as declared at 'https://www.cloudflare.com/it-it/cloudflare-customer-dpa/' (section "6. Data transfers from the EEA, Switzerland, and the UK"), unfortunately not currently available in Italian.
Please also note that the secretarial - commercial and technical, compliance, commercial and technical assistance service provider, for the pursuit of the first [1] and second [2] purposes, will - in case of detected operational needs - transfer your personal data to Canada (CA) and - possibly - to one or more additional non-EU member states, which are still considered third countries, adopting as adequate safeguards the adequacy decisions regarding the individual relevant national legal systems concerning personal data protection, pursuant to art. 45, par. 1 of the GDPR and/or the standard contractual clauses for the transfer of personal data referred to in Commission Implementing Decision (EU) 2021/914, pursuant to art. 46, par. 2, letter c) of the GDPR, as declared regarding its distinct hosting assistant (corporate email) at 'https://www.cloudflare.com/it-it/cloudflare-customer-dpa/' (section "6. Data transfers from the EEA, Switzerland, and the UK"), unfortunately not currently available in Italian.
Finally, please note that the corporate instant messaging hosting service provider, for the pursuit of the first [1] and second [2] purposes, will - in case of detected operational needs - transfer your personal data to the United States of America (US) and - possibly - to one or more additional non-EU member states, which are still considered third countries, adopting as adequate safeguards the adequacy decisions regarding the individual relevant national legal systems concerning personal data protection, pursuant to art. 45, par. 1 of the GDPR and/or the standard contractual clauses for the transfer of personal data referred to in Commission Implementing Decision (EU) 2021/914, pursuant to art. 46, par. 2, letter c) of the GDPR, as declared at 'https://www.whatsapp.com/legal/business-data-transfer-addendum' (section "6. Data transfers from the EEA, Switzerland, and the UK"), unfortunately not currently available in Italian.
IV.b. How long will it take to achieve the processing purposes?
The data controller's second task is (according to the regulations) to declare the methods it intends to adopt for the processing of your personal data: here, in particular, for how long it will have access to your personal data.
With regard to the first [1] purpose, the necessary personal data will be retained until the date of completion of the development of the service for managing your reserved web area, even if the relevant duration is shortened by a termination of the related contract.
Furthermore, with regard to the second [2] purpose, the necessary personal data will be retained until the date of completion of the development of the service for managing your reserved web area, but subsequently - in a separate and secure location, to ensure the pursuit of the third [3] purpose - for an additional 10 years thereafter.
Finally, with regard to the third [3] purpose, the necessary personal data will be retained for a period of 10 years from the date of completion of the development of the service for managing your reserved web area.
IV.c. What rights can you exercise before, during and after processing?
The data controller's second task is (according to the regulations) to declare the methods it intends to adopt for the processing of your personal data: here, in particular, what you can ask the data controller to do.
With regard to the first [1], second [2] and third [3] purposes, you can access your processed personal data, obtaining information on the processing similar to that found in this policy, as well as a copy of the same, rectify your processed personal data, for example if you have changed your email contact, have your processed personal data erased, for example if you believe the processing is unlawful, have the processing restricted for your processed personal data, instead of having them erased, for example if you believe the processing is unlawful: all of this can be done by writing to 'compliance@abrakadabraitaly.com'.
Furthermore, with regard to the first [1] purpose, you can obtain the portability of your processed personal data: this can also be done by writing to 'compliance@abrakadabraitaly.com'.
Furthermore, only with regard to the third [3] purpose, you can object to the processing of your processed personal data: this can also be done by writing to 'compliance@abrakadabraitaly.com'.
However, finally, with regard to the first [1], second [2] and third [3] purposes, you can lodge a complaint with the Italian Supervisory Authority (Garante per la protezione dei dati personali) at 'https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524’ or with the national Supervisory Authority operating within the territory of the EU Member State where you reside and/or work, which is in any case qualified as a competent Supervisory Authority: this will be very useful if at any time you believe that the processing of your personal data is unlawful.
IV.d. Is it mandatory to communicate your personal data to the data controller?
The data controller's second task is (according to the regulations) to declare the methods it intends to adopt for the processing of your personal data: here, in particular, whether there is a pre-contractual or contractual and/or legal obligation that requires the data controller to collect your personal data.
With regard to the first [1] purpose, there is a contractual obligation and therefore the data controller would otherwise be unable to act effectively to develop the service for managing your reserved web area.
Furthermore, with regard to the third [3] purpose, there is no pre-contractual or contractual and/or legal obligation and therefore the data controller acts solely to satisfy its legitimate interest connected to this purpose, ensuring you all the necessary guarantees.
Date: 12/01/2026
The legal representative of the data controller: Mr. Valerio MONTANARI
