pursuant to art. 13 EU Reg. 2016/679 for the protection of personal data
1. DATA CONTROLLER
Data Controller - pursuant to art. 4 and 24 of EU Reg. 2016/679 - is Next Yacht Group S.r.l., with registered office in Lungocanale Palombari dell’Artiglio 42, 55049, Viareggio (LU), VAT number 02466190465.
The Data Controller can be contacted at the following e-mail address: firstname.lastname@example.org
The Data Controller has also appointed a Data Protection Officer (DPO) who can be contacted for questions relating to the processing of your personal data at the following e-mail address: email@example.com
2. TYPE OF PROCESSED AND COLLECTED DATA
The Data Controller will process the following personal data:
- biographic data;
- telephone number, email address;
- interest in the boat and any other data provided voluntarily by the user.
3. PURPOSE, LEGAL BASIS AND LAWFULNESS OF THE DATA PROCESSING
The legal basis legitimizing the data processing is the execution of pre-contractual obligations and the consent freely expressed by the interested party.
We inform you that we will process your personal data in compliance with the conditions of lawfulness - pursuant to art. 6 EU Reg. 2016/679 - within the limits and to the extent strictly necessary to fulfil the following purposes:
- to respond to requests for information and to send information material (eg boat brochures, catalogues and other information material);
- for the management of pre-contractual obligations;
- for marketing / commercial purposes and to send your newsletter containing information on products and services, as well as promotions or invitations to events (for these purposes the express consent of the interested party is required).
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The data collected may be disclosed to recipients, appointed pursuant to art. 28 EU Reg. 2016/679, who will process the data as external managers and / or entities acting as autonomous Data Controllers. Specifically, the data may be disclosed to:
- firms or companies within relationships of assistance and consultancy;
- subjects that provide services for the management of the information system and the telecommunication networks;
- specifically authorized internal personnel.
5. TRANSFER OF DATA TO A THIRD COUNTRY AND / OR AN INTERNATIONAL ORGANIZATION
The collected data will not be transferred to a third country and / or an international organization. It should be noted, however, that the use of cloud services may involve the transfer of data to servers located abroad (both EU and non-EU), always in compliance with the applicable legal provisions and, in any case, ensuring respect for maximum security of the data.
6. PERIOD OF STORAGE OR CRITERIA USED TO DETERMINE SUCH PERIOD
The Data Controller will process your personal data for the time necessary to pursue the aforementioned purposes according to the following temporal criteria:
- if information is requested, the data will be processed for the time necessary to provide feedback;
- if a quotation is requested, however, the data will be processed for a maximum of 36 months following the effective period of the proposal, without prejudice to further storage for the time necessary to settle any disputes that may have arisen;
- as to the sending of the newsletter, the data will be processed for 36 months, unless consent is revoked in advance.
7. RIGHTS OF THE INTERESTED PARTIES AND METHODS OF EXERCISE OF SUCH RIGHTS
In your capacity as an interested party, you can enforce your rights referred to in Chapter III (articles 15-22) of EU Reg. 2016/679 by contacting the Data Controller by e-mail at firstname.lastname@example.org, by registered letter to the address of the company's registered office or by delivery of a hard copy.
The rights you enjoy, pursuant to EU Reg. 2016/679, are the following:
- withdrawal of consent;
- limitation of processing;
- opposition to processing;
These rights are guaranteed to you without any formalities for their exercise, which is essentially free of charge.
Without prejudice to any other administrative or judicial action, you can also lodge a complaint with the Supervisory Authority in accordance with the provisions of EU Regulation 2016/679 and the Privacy Code, as amended by Legislative Decree 101/2018.
8. METHODS OF DATA PROCESSING
The personal data collected during fairs and events will be recorded, processed, managed and filed in paper form and / or with the aid of IT tools and in any case in such a way as to guarantee their security and confidentiality. The processing will be carried out by expressly authorized internal staff and without the intervention of automated systems or processes and no profiling activities are carried out.
9. NATURE OF THE DATA PROVISION
The provision of data for the purposes referred to in point 3 is mandatory. Any partial or total failure to provide data will make it impossible to manage and respond to requests. The provision of data for the purposes referred to in point 3 lett. c) is optional and subject to explicit and separate informed consent, to be expressed at the bottom of this document.
10. DISSEMINATION OF DATA
The personal data collected will in no case and in no way be disseminated to third parties not approved by the Data Controller and may be exhibited only at the request of the Judicial, Financial and Guarantor Authorities, as well as to all other subjects to whom the communication is required by law for the accomplishment of the aforementioned purposes.