top of page

Privacy & Policy

Information on the Processing of Personal Data


Information on the processing of personal data pursuant to and by effect of art. 13, Legislative Decree no. 196/2003 and in compliance with EU Regulation no. 2016/679 (General regulation on data protection, the so-called "GDPR") In compliance with the provisions of Legislative Decree no. 196/2003, as amended by EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereafter GDPR), the necessary information is provided regarding the purposes and methods of processing your personal data, in the context of communication and dissemination of the same. This information applies to all users, including registered and unregistered visitors, of our site: The user is invited to read this information carefully. In case of doubts or questions, the user can contact us

Data Controller

The Data Controller is BONGA SURF FAMILY ASD, with headquarters in Via Monte Airatu, 07100 Sassari SS

Type of Data processed and purpose of the processing

To provide our services, we collect the user's personal information (e.g. personal data and contact details; navigation data). The type of personal information we collect is the data that the user decides to provide us in order to use our services - specifically: name; email address; telephone number - and navigation data. The personal information provided by the user is used by the Data Controller in order to: provide and manage services at the user's request (e.g. contact/be contacted again by subscribing to the contact form; etc.); respond to user requests (e.g. commercial requests; quotes, etc.); make communications by various means (e.g. newsletter, etc.); exchange information aimed at the execution of the contractual relationship, including the previous and subsequent activities. comply with the obligations established by laws, regulations, or provisions issued by public authorities.

Processing methods

Users' personal data will be processed in compliance with current legislation and the principles of correctness, lawfulness, transparency and confidentiality. These data will be processed with and without the aid of electronic and IT tools. Users' personal data will be processed by the Data Controller, by the Data Processor, also external, sub-managers and/or persons in charge of the treatment. Users' personal data will not be subject to automated decision-making processes, nor to any type of profiling, except as provided for in points 6 and 7 below.

Legal basis of the treatment

A) navigation on our website: Legitimate interest pursuant to art. 6 lett. f) and recital 47: the processing is necessary for the pursuit of the legitimate interest of the data controller or of third parties, provided that the interests or fundamental rights and freedoms of the data subject who require the protection of personal data do not prevail, taking into account the reasonable expectations fed by the interested party based on his relationship with the data controller. Activities strictly necessary for the functioning of the site and for the provision of the navigation service on the platform. B) compilation of forms on our site to collect user requests: Execution of pre-contractual measures and/or execution of a contract adopted at the request of the interested party pursuant to art. 6 lett. b) and recital 44; consent of the interested party pursuant to art. 6 lett. a) and recitals 42 and 43.

Personal data

By personal data, we mean: any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number; personal data that allow the direct identification of the data subject.

Navigation data

The computer system used to operate this website acquires some personal data of the user during normal operation, the transmission of which is implicit in the use of internet communication protocols. This is information that is not collected to be associated with identified interests, but which by their very nature could, through further processing and association with data held by third parties, allow users to be identified. This category of data includes: the IP addresses or domain names of the computers used by users who connect to the site; the URI (Uniform Resource Identifier) rotation addresses of the requested resources; the time of the request; the method used in submitting the request to the server; the size of the file obtained in response; the numerical code indicating the status of the response given by the server (e.g. error, success, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.


A cookie is a small text file transferred from the server to the user's computer, the purpose of which is to inform the server about the user's access to that particular web page as well as providing further information that is obtained from the system's readable parameters via functions contained in the web page. Cookies can be temporary or permanent. This site uses cookies to: keep track of browsing sessions anonymously; improve navigation within the site; customize services. These data are not disclosed to third parties and are not subject to disclosure. The user has the option to disable or selectively accept the use of cookies, in which case some site functions may not be available and some web pages may not be displayed correctly.

Data provision and refusal

Apart from that specified for navigation data, the user is free to provide personal data in dedicated areas on the site. The provision of the user's personal data for the purposes indicated in this information is necessary to perfect the specific functions and use the services offered by the Data Controller through the Site. Failure to provide personal data may make it impossible to obtain the service requested or to use the services offered by the site.

Data communication

The user's personal data may be communicated, for the purposes referred to in point 2 of this information, to the following categories of subjects: employees and collaborators of the Data Controller; service providers (e.g. web hosting; web agency; mobile payment companies, etc.) and third parties who provide services instrumental to satisfying user requests. Studies and Companies in the context of assistance and consultancy relationships; Competent authorities for fulfillment of legal obligations and/or provisions of public bodies, upon request. The subjects belonging to the aforementioned categories perform the function of Data Processor, sub-processor, person in charge of processing, or operate in total autonomy as separate Data Controllers.

Data Recipients

The user's personal data will not be disclosed to third parties and unspecified subjects in any form (e.g. consultation of data, provision of data).

Data transfer

The personal data collected by us for the purposes described in this Information will be communicated and transferred to companies and individuals located in other countries belonging to the European Union or in non-EU countries. Any transfer of data to companies and/or individuals third parties who are in non-EU countries is always implemented within the limits and under the conditions set forth in articles 44 et seq. EU Reg. 2016/679 (GDPR). In this case, the user will be able to obtain a copy of the conditions underlying the transfer by writing to the office of the Data Controller indicated above.

Storage time of the collected data

The Data Controller will process the personal data collected for as long as necessary to fulfill the purposes referred to in point 2 of this information. Subsequently, the user's personal data will be stored, and not further processed, for a period of time that can vary significantly depending on: purposes pursued, type of data processed (e.g. navigation data, personal information), law (e.g. tax, administrative, etc.). In any case, if it is no longer necessary to keep said data, they will be deleted/destroyed in accordance with the provisions of the GDPR.

User rights

The user can ask the Data Controller to exercise the following rights at any time: art. 15 (right of access), art. 16 (right of rectification), art.17 (right of cancellation), art. 18 (right to limit processing), art. 19 (obligation to notify in case of rectification or cancellation of personal data or limitation of treatment), art. 20 (right to data portability) and 21 (right to object), art. 22 (automated decision-making and profiling) of the GDPR, may at any time request access to personal data and the rectification or cancellation of the same or the limitation of treatment or to oppose their treatment, in addition to the right to data portability, by forwarding written communication to the Data Controller. The interested party can lodge a complaint with the Italian Guarantor Authority for the protection of personal data ( The interested party also has the right, pursuant to art. 34 GDPR, to receive communication from the Data Controller, without unjustified delay, of any violations of personal data likely to present a high risk for the rights and freedoms of natural persons.

Methods of exercising rights

The interested party may at any time exercise the rights referred to in this information and in general the provisions of the GDPR legislation: (I) by sending a registered letter with return receipt to the Data Controller at the registered office of the company located inVia Monte Airatu, 07100 Sassari SS. (II) by sending an email to

Consent to the processing of data

Pursuant to and for the purposes of art. 6, par. 1, lit. a) of the GDPR, the interested party gives his consent to the processing of his personal data within the scope, for the purposes and according to the methods referred to above. This consent is to be considered valid until written revocation to be sent according to the methods described in the previous point.

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this website as well as, if technically and legally feasible, by sending a notification to Users via one of the contact details in its possession. Therefore, please consult this page frequently, referring to the date of the last modification indicated at the bottom. If the changes concern treatments whose legal basis is consent, the Data Controller will collect the User's consent again, if necessary.

Date of last revision: April 12, 2022

bottom of page