INFORMATION ON THE PROCESSING OF PERSONAL DATA
below you will find all the information required by Article 13 of the European Regulation on the Protection of Personal Data (EU Reg. 2016/679 - henceforth, GDPR), in relation to the processing of personal data carried out by Marinedi S.r.l., through the website https://www.marinadi-procida.com/,
1. PERSONAL DATA.
The term "personal data" refers to any information that may relate to a natural person (his or her characteristics, habits, lifestyle, personal relationships, health status, economic situation, etc.) and that allows for his or her identification, taken alone or through their combination (Art. 4(1)(1) GDPR).
Personal data that identify a natural person directly are, for example, biographical data (first and last name) and images. Personal data that identify a natural person indirectly are, for example, telephone number, social security number, IP address, e-mail, license plate number, credit card details, etc.
In detail, personal data are distinguished into so-called "common" personal data (i.e., those that we have indicated above and that are also referable to entities-public and private-associations and companies), and so-called "special" or also called "sensitive" personal data, i.e., those revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, relating to health or sexual life. Regulation (EU) 2016/679 also included genetic data, biometric data, and data relating to sexual orientation in this category. Also considered personal data are so-called "judicial" data, i.e., data relating to criminal convictions, offenses or related security measures, which may reveal the existence of certain judicial measures subject to registration in the criminal record (e.g., final criminal convictions, conditional release, prohibition or obligation to stay, alternative measures to detention) or the quality of defendant or suspect. Finally, very significant personal data are considered to be those related to electronic communications(via the Internet or telephone) and those that enable geolocation, providing information on places frequented and movements.
2. DATA CONTROLLER.
The Data Controller of the Personal Data is the Company "MARINEDI s.r.l." with registered office in Via Ajaccio 14 - 00198 Rome - R.E.A. n° 1389748 P.IVA and C.F. 12633221002, which can be contacted at the following dedicated e.mail address: email@example.com
The GDPR defines Data Controller as "the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purpose and the means of the processing of personal data."
Simply put, the owner is the one who processes data without receiving instructions from others. He is the one who decides "why" and "how" the data should be processed.
3. PLACE OF DATA STORAGE.
Marinedi does not transmit personal data to third countries, extra - EU, or international organizations. For the storage of collected data, the Company uses servers insisting on the national territory.
4. TYPE OF DATA COLLECTED BY THE SITE.
Through https://www.marinadi-procida.com/, Marinedi processes the following personal data:
- data voluntarily provided by the User, through the completion of the form of the site, found in the "Contact Us" section, namely name, e-mail and other possibly personal information that the User intends to enter in the "Message" area of the form.
c) data collected through cookies and related technologies
5. PURPOSES FOR WHICH PERSONAL DATA ARE COLLECTED.
(a) To make contact directly with Marina di Procida.
Through the "Contact Us" section of the site, the User can contact the Company through the telephone number, e-mail address or by filling out the form therein. By doing so, you consent to the processing of the data provided, as well as any other data that you intend to provide in order to make direct contact with the Company and request further information about the services offered.
The legal basis for the processing of personal data for this purpose is established in Art. 6(1)(b) of the GDPR (performance of a contract or pre-contractual measures) as the processing operations are necessary for the provision of services or for the response to requests from the data subject and do not require his or her consent.
Personal data can be freely provided by the User.
If the User refuses to communicate them, it may be impossible to provide the service. In cases where certain data are indicated as optional, Users are free to refrain from communicating such data, without this having any consequence on the availability of the service or its operation.
Users who are in doubt about which data are mandatory are encouraged to contact the Controller.
b) To comply with obligations under applicable laws, regulations or EU legislation, or fulfill requests from the Authorities.
The legal basis for the processing of personal data for this purpose is established by Article 6 para. 1 lit. c) of the GDPR ("the processing is necessary for compliance with a legal obligation to which the controller is subject").
(c) For defense in court.
The User's Personal Data may be used by Marinedi S.R.L., in court or in the preparatory stages of its possible establishment for the defense against abuse by the same User, in the use of the website or related services.
d) For statistical research/analysis purposes aimed at measuring the operation of the Site, measuring traffic, and assessing usability and interest. These researches and analyses are related to aggregated or anonymous data, so it is not possible to identify the User. This type of processing can, therefore, be freely carried out by the Owner because it is not based on personal data.
Providing Personal Data for the purposes listed above is optional, but failure to do so may make it impossible for the Company to respond to a request or fulfill a legal obligation to which it may be subject.
6. PROCESSING OF PERSONAL DATA PROVIDED THROUGH THE "BOOK NOW" FORM.
It should be noted that by clicking in the "Book Now" section, the personal data provided by the User in filling out the form of interest (first name, last name, telephone, social security number), will be processed by Marina di to comply with the request made and finalize the contractual relationship requested.
In detail, you authorize the use of your personal data for the following purposes:
- Management of one's Reservation;
- sending communications to update him on berth availability;
Only personal data necessary for the proper processing of the Reservation (including name, e-mail address, vessel identification data, and data related to the payment of the Reservation fee) will be processed.
Personal data will not be disseminated and will be processed only for the time necessary for the performance of activities related to the Reservation, and will be kept for a period not exceeding one year after the closing of the period of validity of the Reservation.
7. SUBJECTS WHO MAY PROCESS DATA.
For the purposes of #5 of this policy, personal data may be shared with:
- persons authorized (ex art. 29 of the GDPR) by the Controller to process personal data necessary to carry out activities strictly related to the provision of services, who have committed themselves to confidentiality or otherwise have an appropriate legal obligation of confidentiality;
- the so-called. Data Processors (ex art. 28 GDPR), i.e. individuals who cooperate with the Controller for the pursuit of the aforementioned purposes, including individuals delegated to perform technical maintenance activities;
- Subjects, entities or authorities to whom it is mandatory to communicate personal data by virtue of legal provisions or orders of the Authorities.
The Personal Data Processor, as well as the Authorized Persons, are appointed by formal deed and indicated in a special list that can be consulted by the User, subject to the latter's request to be forwarded to the following email address: firstname.lastname@example.org indicating in the subject line the words "List Request". This list is subject to changes and updates by the Data Controller.
8. RETENTION TIME OF PERSONAL DATA.
The personal data provided for the provision of services offered by Marina di Procida will be kept for the period of time necessary for the provision of the same, within the time provided for and allowed by the Italian legislation to protect its interests (and in any case not beyond the terms of art. 2946 c.c. et seq. - prescription).
In any case, the User is informed that the data provided will be kept only the purposes for which they were provided, in accordance with the principle of necessity of the storage time of the processing.
9. MODE OF PROCESSING AND PROTECTION OF PERSONAL DATA.
The data are collected in accordance with the principle of minimization of the data processed (only the data strictly necessary to provide the services requested or achieve the other purposes specified here in point 5 are acquired). The processing of personal data by the Company is carried out using manual, computerized and telematic tools with logics strictly related to the aforementioned purposes. Processing operations are carried out in such a way as to ensure the security of data and systems. Adequate security measures are adopted in order to minimize the risks of destruction or loss, even accidental, of the data themselves, of unauthorized access, of unauthorized processing or processing that does not comply with the purposes indicated in this information sheet. The security measures adopted, however, do not allow to exclude, absolutely, the risks of interception or compromise of personal data transmitted by telematic means. It is therefore recommended that the User verify that his/her device (Pc, smartphone, tablet etc.) is equipped with software systems adequate to protect the telematic transmission of data, both incoming and outgoing (such as, for example, updated antivirus systems, firewalls and spam filters).
10. USER RIGHTS.
According to Articles 15 et seq. of the GDPR, the User has the right to:
-access to their personal data, to request their rectification, updating and deletion or restriction if incomplete, incorrect or collected in violation of the law;
- To object to the processing for legitimate reasons or to obtain portability;
- Obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet registered, and their communication in intelligible form.
The User has, in addition, the right to obtain
(a) the indication:
- Of the origin of personal data;
- Of the purposes and methods of processing;
- Of the logic applied in the case of processing carried out with the aid of electronic instruments;
- of the identification details of the Owner, the Person(s) in charge (internal/external) and the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as Authorized Persons;
b) the updating, rectification or supplementation of their data within the limits of relevance to the activity carried out by the Company;
c) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose storage is not necessary in relation to the purposes of processing;
d) certification that the operations referred to in letters b) and c) have been brought to the attention of those to whom the data have been communicated, except where this proves impossible or involves the use of means manifestly disproportionate to the protected right.
The User has, also, the right to object, in whole or in part:
e) for legitimate reasons to process personal data concerning him/her, even if relevant to the purpose of collection;
f) to the processing of personal data provided at the time he/she made contact with the Company through the dedicated form or the email address indicated in the "Contact" section of the site.
11. EXERCISE OF RIGHTS.
The rights listed in Section 9 above of this policy are exercised by a request made freely and without formality to the Data Controller, either directly or through one of its appointees, by sending an e-mail message to the e-mail address: email@example.com with the subject heading "Rights."
The Interested Party has the right to receive appropriate response to the transmitted request, without undue delay and, in any case, at the latest within one month from the receipt of the request (deadline extendable by two months, due to complexity and number of instances), which may be renewed for justified reasons.
In any case, if you believe that the Company processes your personal data in violation of the provisions of the GDPR, you have the right to file a complaint with the Guarantor (art. 77 GDPR, art. 141 Privacy Code) or to take appropriate legal action (art. 79 GDPR, art. 152 Privacy Code). The complaint form and information on how to fill it out and submit it are available at here. In order to exercise the rights in question, the interested party may have recourse to natural persons, entities, associations or bodies, giving, for this purpose, written power of attorney and being assisted by a trusted person.
This policy is updated to December 19, 2022.