Privacy Policy

The data controller is BONS SRL, the legal entity responsible for deciding how and why your personal data is processed.

BONS SRL Corso Unione Sovietica 612/15/c — 10135 Torino (TO), Italy VAT ID 11994670013 — C.F. 11994670013 Contact: privacy@bons.hair

Depending on how you interact with the site, we may process:

• Technical data such as IP address, device type, browser, language, and pages visited.
• Information you provide when contacting us or buying a ticket (name, email, billing details — these are collected and processed by our payment processor Shopify).
• Behavioural data captured through analytics and marketing cookies, only if you give consent.
• Cookie consent preferences stored locally in your browser.

We process personal data for the following purposes:

• Operating and securing the website (necessary cookies and request logs).
• Fulfilling ticket purchases and event registration, including communications about the event.
• Measuring site usage and improving the user experience (analytics — only with consent).
• Advertising and remarketing on third-party platforms (marketing — only with consent).

We rely on the following legal bases under Article 6 GDPR: contractual necessity (Art. 6(1)(b)) for ticket fulfilment; legitimate interest (Art. 6(1)(f)) for securing and operating the website; and your consent (Art. 6(1)(a)) for analytics and marketing cookies and any direct marketing communications.

We share personal data only with carefully selected processors who help us deliver the service:

• Shopify (payments and order processing) — see https://www.shopify.com/legal/privacy
• Meta Platforms (advertising performance, only with marketing consent) — see https://www.facebook.com/privacy/policy
• Hotjar (analytics, only with analytics consent) — see https://www.hotjar.com/legal/policies/privacy/
• Hosting and infrastructure providers under appropriate data-processing agreements.

Some providers may transfer data outside the EU/EEA. Where this happens, transfers are protected by Standard Contractual Clauses approved by the European Commission or equivalent safeguards.

We retain personal data only for as long as necessary for the purposes described above and to comply with legal obligations (for example, tax and accounting law requires keeping invoicing data for 10 years). Cookie consent preferences are retained for up to 12 months, after which we ask again.

Under the GDPR you have the right to:

• Access the personal data we hold about you.
• Have inaccurate data corrected.
• Have your data erased where applicable.
• Restrict how we process your data.
• Receive your data in a portable, machine-readable format.
• Object to processing based on legitimate interest or for direct marketing.
• Withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, email privacy@bons.hair. We respond within one month.

We apply appropriate technical and organisational measures to protect your data from unauthorised access, loss, or alteration. All payments are processed through secure third-party providers; we never store full card details on our systems.

If you believe we have processed your data unlawfully, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) — www.garanteprivacy.it.

We may update this Privacy Policy from time to time. The current version is always available on this page, with the last-updated date at the top. Material changes will be communicated through the website.