This information describes, in accordance with and for the purposes of art. 13 of EU Regulation 679/2016 (General Data Protection Regulation, hereinafter GDPR), the manner in which the Data Controller processes the personal data provided by you while browsing this website.
The processing of personal data will be based on the principles of lawfulness, transparency, fairness and protection of privacy and your rights, always in accordance with the national and European legislation currently in force.
The Data Controller, pursuant to and for the purposes of art. 4 and 24 GDPR, is Marina Yacht Sales S.r.l., Marina Cala de’ Medici – Rosignano Solvay (LI), Via Agostino Straulino 1, tel. 0586 792642, e-mail address email@example.com
Type of data collected
The Data Controller collects the following types of data:
- common personal data identification and contact (name, surname, e-mail, telephone, address), as well as all other data you provide by filling in the forms on the site. In some cases the procedure of filling in the forms can be bypassed through social login. This is an alternative filling procedure that allows you to automatically enter data via Facebook or Google profile. This way, you can transfer the information directly from your social profile. This data is used exclusively to process your requests;
- personal data transmitted by you in an optional, explicit and voluntary way to the e-mail addresses indicated on the site. In this case you have the acquisition of your e-mail address, as well as all other personal data entered in the letter. This data is used exclusively for the purpose of fulfilling your specific requests;
- any personal and particular data contained in the CV that may be received through the contact forms or e-mail addresses indicated on the site. In this case, the Data Controller – in accordance with the provisions and guidelines of the Guarantor – will provide the information on the processing of data contained in the CVs at the time of the first useful contact with the candidate;
- navigation data. The computer systems and software procedures for the operation of this website acquire, in the course of their normal operation, personal data, the transmission of which is implicit in the use of Internet communication protocols. It is, however, information that is not collected to be associated with identified data subjects, but that by their very nature could, through processing and association with data held by third parties, allow you to identify users. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the required resources, the browser, the time of the request and other parameters related to the operating system and the computer environment of the user. This data is only used to receive anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing.
Purpose and legal basis of processing
The data are processed for the following purposes:
- to execute the User’s requests and answer the questions asked through the forms or e-mail addresses indicated on the site. The legal basis is the legitimate interest of the Data Controller (Article 6, letter f), GDPR) to be more efficient, to satisfy any type of request submitted, to give information on the services offered, as well as to improve and develop new products and services;
- to follow up contractual agreements and fulfill administrative and tax purposes. The legal basis is the execution of contractual and pre-contractual measures taken at the request of the customer (Article 6, letter b), GDPR) and the fulfillment of legal obligations of a fiscal, accounting, administrative (Article 6, letter c), GDPR);
- for marketing and commercial promotion purposes, for the purpose of sending, by email, sms, telephone, or other digital communication tools, news about products, services, events and promotions. The legal basis is the express consent issued by the User (article 6, letter a), GDPR);
- the processing of data contained in the received CVs is lawful as necessary to implement pre-contractual measures (Article 6, letter b), GDPR) adopted at the request of the data subject. The processing of “particular” data is lawful on the basis of the Provision of the Guarantor of 5 June 2019 that integrates and modifies the General Authorization n. 1/2016;
- comply with legal obligations to which the Data Controller is subject (Article 6, letter c), GDPR).
The provision of personal data
The mandatory or optional nature of the transfer is specified from time to time – with reference to the individual information required – also by affixing a special symbol (*) to the mandatory information. Any refusal to communicate the data marked as mandatory makes it impossible for the Data Controller to perform the contract or provide the services available. The provision of further data is optional.
Method and place of processing
The processing of personal data is carried out by the Data Controller mainly electronically and electronically, using internal personnel specially authorized. Appropriate security measures shall be taken in order to minimize the risk of destruction or loss – including accidental loss – of data, unauthorized access or unauthorized processing or non-conformity with the purpose of collection. The data are processed at the offices of the Data Controller and at any other place where the parties involved in the processing are located, as well as at the host servers. For further information, contact the Data Controller.
The data are processed for the time necessary to perform the service requested by the User or in general until the purposes for which they were collected. Some data will be stored for longer periods due to the obligations relating to tax-administrative-accounting obligations. With regard to marketing purposes, the retention period is 24 months from the date of consent, subject to the User’s right to request revocation at any time. Subsequently, personal data will be automatically deleted or made anonymous permanently.
Distribution and communication of personal data.
The User’s personal data will not be disclosed to indeterminate subjects, however, they may be disclosed to professionals, collaborators, legal persons and third parties who perform technical and organizational services on behalf of the Data Controller. These subjects may process data such as Data Controllers, Joint Data Controllers and Data Processors duly appointed pursuant to art. 28 GDPR, in full compliance with the law indicated above; they are provided only the information necessary to perform the relevant functions. The complete and updated list of Data Processors is available upon request. The data may also be communicated or made available to subjects who have the right to access it pursuant to provisions of law, regulation or European legislation, within the limits and for the purposes provided for by these rules; as well as to banks, credit institutions, credit recovery companies, insurance agencies.
Transfer of personal data
Any transfer of personal data to non-EU countries, which is necessary to fulfil the contract with the User, is carried out in accordance with art. 44 et seq. of the GDPR, providing special tools that guarantee adequate guarantees of data protection.
Links to other sites, platforms and social networks
Google and YouTube: https://policies.google.com/privacy?hl=it
Instagram: Normativa sui dati di Instagram | Centro assistenza di Instagram
Rights of the data subject
At any time, pursuant to articles 15 and ss. of EU Regulation 679/2016, the User may exercise the following rights:
- Access to data;
- rectification, erasure of data or restriction of processing;
- obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and the retention period;
- opposition to processing;
- data portability;
- withdrawal of consent, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
- submit a complaint to the Supervisory Authority, Data Protection Authority.
The exercise of the rights, with the exception of letter g), can be done by sending a request to the e-mail address firstname.lastname@example.org
Updates and changes
This document has been updated on 01/09/2021.