Privacy Policy
Under articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and the Italian Personal Data Protection Code (Legislative Decree 196/2003 as amended), this notice describes how Tonpho Benessere SAS processes your personal data.
1. Data controller
Tonpho Benessere SAS di Sriburint Vimonsiri e C.
Via Cavour 248/250, 00184 Roma RM, Italy
VAT: 16589001003
Email: tonphobenessere@gmail.com
Phone: +39 06 4893 9945
2. Categories of personal data processed
We may process the following personal data:
- Contact information: first name, last name, email address, phone number (with international dial code).
- Message content: the text you send via the contact form.
- Browsing data: IP address, browser and operating system (user agent), date and time of the request, pages visited. These are collected automatically from server logs and technical cookies (see Cookie Policy).
- Consent records: we log the date, time and policy version you accepted when granting consent (GDPR art. 7(1)).
3. Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Replying to your contact-form enquiry | Consent (GDPR art. 6(1)(a)) |
| Managing your treatment booking | Pre-contractual measures (GDPR art. 6(1)(b)) |
| Site security and abuse prevention | Legitimate interest (GDPR art. 6(1)(f)) |
| Compliance with legal obligations (e.g. tax, accounting) | Legal obligation (GDPR art. 6(1)(c)) |
4. How we process your data
Data are processed by electronic means, by authorised and trained personnel, and in line with the data-minimisation principle (GDPR art. 5(1)(c)). Our technical and organisational measures include:
- Data transmission over encrypted connections (HTTPS / TLS).
- Cryptographic password hashing with a high-cost algorithm.
- Login throttling and automatic IP blocks against brute-force attempts.
- Audit logging of administrative actions.
- Regular backups and recovery procedures.
5. Retention period
| Data category | Retention |
|---|---|
| Contact-form messages | 24 months from the last interaction, unless an earlier deletion is requested |
| Security logs (logins, failed attempts) | 90 days |
| Administrative data and back-office audit log | Duration of the relationship + 5 years |
| Tax and accounting records | 10 years (Italian Presidential Decree 633/1972 and later amendments) |
Once the period expires, data are deleted or irreversibly anonymised.
6. Recipients of the data
Your data may be shared with:
- Authorised internal personnel (therapists, receptionists, administration).
- Hosting provider: appointed as data processor under GDPR art. 28.
- SMTP service provider: for sending transactional confirmation emails, also appointed as data processor.
- Accountants, tax and legal advisors: only for the data strictly required for legal obligations.
We do not sell or rent your data to third parties for commercial purposes, and we do not carry out automated profiling or decisions producing legal effects solely on the basis of automated processing (GDPR art. 22).
7. Transfers outside the EU
Data are processed within the European Economic Area. Where a technical provider relies on infrastructure outside the EU/EEA, we ensure the transfer is supported either by an adequacy decision of the European Commission (GDPR art. 45) or, failing that, by Standard Contractual Clauses approved by the Commission (GDPR art. 46).
8. Your rights
As a data subject you may exercise, at any time, the rights granted by articles 15-22 of the GDPR:
- Access to your personal data (art. 15);
- Rectification of inaccurate or incomplete data (art. 16);
- Erasure (“right to be forgotten”, art. 17);
- Restriction of processing (art. 18);
- Portability of the data you provided to us (art. 20);
- Object to processing based on legitimate interest (art. 21);
- Withdraw consent at any time, without affecting the lawfulness of processing based on consent before the withdrawal (GDPR art. 7(3));
- Lodge a complaint with the supervisory authority: the Italian Data Protection Authority (art. 77).
9. How to exercise your rights
You can exercise your rights by writing to:
Tonpho Benessere SAS
Email: tonphobenessere@gmail.com
Address: Via Cavour 248/250, 00184 Roma RM, Italy
We will reply without undue delay and in any event within 30 days from receipt (extendable by up to 60 additional days for particularly complex requests, GDPR art. 12(3)). We may ask for additional information to verify your identity.
10. Cookies
The use of cookies is detailed in our Cookie Policy.
11. Providing your data and consequences of refusal
Providing the data requested by the contact form is voluntary, but failing to do so makes it impossible for us to respond. Consent to the processing for the response purpose is required to submit the form.
12. Changes to this notice
We may update this notice over time to reflect changes in law, technology or operations. The last-updated date and the version number are shown at the top of the page. We retain evidence of previous versions and of which version each data subject accepted.