PRIVACY POLICY
Last update: 17.7.2024
In compliance with the obligations deriving from the European regulation for the protection of personal data n. 2016/679, GDPR and subsequent amendments, this site respects and protects the privacy of visitors (ex. Art.4, c.1 of the GDPR), making every possible and proportionate effort not to harm the rights of the interested parties.
We have developed a privacy policy regarding how we collect, use, disclose, transfer, and store user data. This document aims to communicate to the interested parties the privacy protection criteria we adopt. This privacy policy applies exclusively to the online activities of this site and is valid exclusively for the interested parties and not for other websites that may be consulted via links.
By consulting this site and/or using its services, as an interested party, the user explicitly approves and consents to the processing of their personal data in relation to the methods and purposes described in this Privacy Policy.
PRINCIPLES REGARDING DATA PROTECTION
We are committed to processing your data only for lawful, fair, and transparent purposes and always for legitimate reasons. We process the data always considering the rights of the interested party and will provide, upon request, all information about the data that has been processed.
Data processing is always limited to the purpose of the request. Our processing activities always correspond to the purposes for which the personal data were collected.
Data processing is carried out with strictly necessary data. We collect and process only the minimum amount of personal data required for any purpose.
Data processing is limited to a specific period of time. We will not store your personal data for longer than necessary.
We are committed to ensuring the accuracy, respect for your data, ensuring integrity and confidentiality.
The personal data collected will be processed in compliance with the current legislation and confidentiality obligations, within the scope of institutional activities and related purposes strictly connected and instrumental to the management of the relationship with the interested party, and the fulfillment of obligations required by laws, regulations, and community legislation.
Porto Conte Marina Srl, based in Località Porto Conte (SS) (hereinafter referred to as the “Data Controller”), as the data controller, informs you pursuant to art. 13 D.Lgs. 30.06.2003 n. 196 (hereinafter referred to as the “Privacy Code”) and art. 13 EU Regulation n. 2016/679 (hereinafter referred to as “GDPR”) that your data will be processed in the following ways and for the following purposes:
1. OBJECT OF THE PROCESSING
The Data Controller processes personal, identifying, and non-sensitive data (by way of example but not limited to, name, surname, business name, address, telephone, e-mail – hereinafter referred to as “personal data” or simply “data”) communicated by you during the registration on this website of the Data Controller (hereinafter referred to as the “Site”), participation in opinion and satisfaction surveys, completion of contact forms and/or subscription to newsletters through the site for events organized by the Data Controller, online request for clarifications or support requests, and newsletter submissions.
2. PURPOSE OF PROCESSING
Your personal data are processed:
A) Without your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
– manage and maintain the Site;
– allow you to use the Services you may request;
– process a contact, quotation, or booking request;
– participate through the Site in initiatives organized by the Data Controller;
– fulfill obligations required by law, regulation, community legislation, or an order from the Authority;
– fulfill obligations connected to the management of relationships with your users/customers;
– prevent or detect fraudulent activities or harmful abuses for the Site;
– exercise the rights of the Data Controller, for example, the right to exercise a right in court.
B) Only with your specific and distinct consent (art. 23 and 130 Privacy Code and art. 7 GDPR), for the following Other Purposes:
– send you via e-mail newsletters and opinion/satisfaction surveys.
3. METHODS OF PROCESSING
The processing of your personal data is carried out by means of the operations indicated in art. 4 Privacy Code and art. 4 no. 2) GDPR, namely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and destruction of data. Your personal data are subjected to both paper and electronic and/or automated processing, through the use of a website hosted by VHosting in Italy. The Data Controller will process the personal data for the time necessary to fulfill the purposes mentioned above and in any case for no longer than 10 years from the termination of the relationship for Service Purposes and no longer than 2 years from the data collection for Other Purposes.
4. SECURITY
The Data Controller has adopted a variety of security measures to protect your data against the risk of loss, misuse, or alteration.
4.1 Security of this website
To ensure the security of this site, its users during navigation, and the data collected by the site or by third-party integrated systems, we adopt several precautions, including the HTTPS data transmission protocol for a secure connection, complex alphanumeric passwords, firewalls, constant scanning against viruses and malware, and system updates. In the event of any data breaches, we will notify the competent authorities in the ways and times provided by the current privacy legislation. The user or users will be directly informed in the case of violations related to their rights or interests.
4.2 Security of the hosting provider
This type of service has the function of hosting data and files that allow the site to function, enabling its distribution, and providing an infrastructure ready to deliver specific functionalities.
This site is installed on VHosting servers.
VHosting pays great attention to data protection, welcoming the European regulation. VHosting, in relation to the data for which it collects consent for processing and for those it hosts on its applications, does not access or use customer data for purposes such as “data mining,” “data profiling,” or transfer to third parties.
5. TYPES OF DATA PROCESSED ON THIS SITE
5.1 Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified subjects, but by its very nature, it could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users who connect to the website, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment.
These data are used only to obtain anonymous statistical information on the use of this website and to check its correct functioning. They could also be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this possibility, personal data are kept for no longer than thirty days.
5.2 Data provided voluntarily by the user
The optional, explicit, and voluntary sending of information via e-mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the request sent by the site visitor. Specific summary information will be reported or displayed on the site pages prepared for particular services on request.
5.3 Contact forms
The User, by filling in their data on one or more forms on this site, consents to their use to respond exclusively to the specific request. The data from the contact forms are sent via email to the recipient of this site and are not saved in any database.
Place of processing: ITALY
Duration: 24 months or as long as necessary for the provision of the service.
Personal data collected: Name and Surname, Phone Number, Email, Message, Date and Time of consent to the processing of personal data.
5.4 Information collected automatically
This refers to data that is automatically stored in the server log files. The information collected can be as follows: (1) the types of browsers and versions used, (2) the operating system used by the access system, (3) the web page of origin and destination of the visitor (referral), (4) the country of origin, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the name of the Internet service provider (ISP), and (8) any other similar data and/or information that may be used in case of attacks on the computer system. These are in any case anonymous information that is used mainly to improve the visitor/user experience of the site or to ensure an optimal level of protection of the personal data processed. The anonymous data of the server log files are stored separately from all personal data provided by the interested parties. The traffic of this site is monitored by the Web Hosting VHosting through the collection of the interested parties’ IP addresses for a duration of one month.
6. ACCESS TO DATA
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
– to employees and collaborators of the Data Controller, in their capacity as data processors and/or internal managers of processing and/or system administrators;
– to third-party companies or other subjects (by way of example, the website hosting provider, suppliers, hardware and software maintenance technicians, shippers, carriers, credit institutions, professional firms, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as data processors.
7. DATA COMMUNICATION
Without your express consent (ex. art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the fulfillment of said purposes. These subjects will process the data in their capacity as independent data controllers.
Your data will not be disclosed.
8. DATA TRANSFER
The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/or third-party companies appointed and duly designated as Data Processors. Currently, the servers are located in Italy. The data will not be transferred outside the European Union. It remains in any case understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller assures from now on that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, after the stipulation of the standard contractual clauses provided by the European Commission.
9. NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL TO RESPOND
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we cannot guarantee you the Services of art. 2.A).
The provision of data for the purposes referred to in art. 2.B) is instead optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications, and advertising material related to the Services offered by the Data Controller. In any case, you will continue to be entitled to the Services referred to in art. 2.A).
10. RIGHTS OF THE INTERESTED PARTY
As an interested party, you have the rights referred to in art. 7 Privacy Code and art. 15 GDPR and precisely the rights to:
i. obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
ii. obtain the indication: a) of the origin of the personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) of the identification details of the data controller, of the data processors and of the designated representative pursuant to art. 5, paragraph 2 Privacy Code and art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as a designated representative in the territory of the State, of data processors or appointees;
iii. obtain: a) the updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the knowledge, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the protected right;
iv. object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator via email and/or through traditional marketing methods via telephone and/or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case, the possibility remains for the interested party to exercise the right of opposition even only in part. Therefore, the interested party may decide to receive only communications through traditional methods or only automated communications or neither of the two types of communication.
Where applicable, you also have the rights referred to in arts. 16-21 GDPR (Right of Rectification, Right to be Forgotten, Right to Limitation of Processing, Right to Data Portability, Right of Opposition), as well as the right to lodge a complaint with the Guarantor Authority.
11. PROCEDURES FOR EXERCISING RIGHTS
You may exercise your rights at any time by sending:
– a registered letter with return receipt to Porto Conte Marina S.r.l., Località Porto Conte – 07041 Alghero (SS)
– an e-mail to info@portocontermarina.it
12. MINORS
This Site and the Data Controller’s Services are not intended for minors under the age of 18, and the Data Controller does not intentionally collect personal information relating to minors. In the event that information on minors were inadvertently registered, the Data Controller will delete it in a timely manner, upon the request of the users.
13. DATA CONTROLLER, DATA PROCESSOR, AND DATA PROTECTION OFFICER
The Data Controller is Porto Conte Marina S.r.l., with headquarters in Località Porto Conte – 07041 Alghero (SS). The updated list of data processors and persons in charge of processing is kept at the headquarters of the Data Controller.