BLU NAVY PRIVACY POLICY
INFORMATION ON THE PROCESSING OF PERSONAL DATA COLLECTED ON THE BOOKING.BLUNAVYTRAGHETTI.COM SITE Ex Art. 13 Regulation 2016/679 / EU (GDPR)
INFORMATION ON THE PROCESSING OF PERSONAL DATA COLLECTED ON THE BOOKING.BLUNAVYTRAGHETTI.COM SITE Ex Art. 13 Regulation 2016/679 / EU (GDPR)
BN DI NAVIGAZIONE S.P.A., Data Controller of personal data already communicated or that will be communicated in the future, wishes to inform you that the data concerning you may be processed, in compliance with the European Regulation on theprotection of personal data 2016/679 / EU (hereinafter also “Regulation” or “GDPR”), by the Company in relation to contractual relationships with you or those that may be entertained in the future.
La società BN DI NAVIGAZIONE S.P.A.
with registered office in CALATA ITALIA 24/A – 57037 – PORTOFERRAIO (LI) – P.I.: 01968710994
PEC: BNDINAVIGAZIONESRL@LEGALMAIL.IT – E-MAIL: INFO@BLUNAVYTRAGHETTI.COM
TEL.: +39 0565.269752 – FAX: +39 0565.919894 (hereinafter, the “Soc ietà”) informs that it is the Data Controller.
The Data Controller may process the following types of personal data communicated by you on the occasion of the conclusion of contracts for the services rendered by the Data Controller:
– personal and contact data (name, surname, company name, VAT number, SDI code, tax code, address of residence / domicile / registered office, date of birth, nationality, place of residence, license plate and model of the vehicle; telephone number and / orfax; email and / or PEC address, tax data, accounting data.).
– data necessary to allow the accreditation of the remuneration (bank data, accounting, etc.) and in general the execution of the employment relationship (eg data of the legal representative whosigns the contract on behalf of the customer and / or supplier, etc.).
Personal data will be kept for the entire duration of the contractual relationship and their cancellation is expected at the end of the relationship, unless other regulatory obligations (eg fiscali) and not (eg defense in court of a right of the Data Controller or third parties) do not require longer retention times.
The personal data, referred to above, will be processed for the following purposes:
a) for the management of the contractual relationship and the consequent administrative and regulatory obligations;
b) for communication to third parties and / or recipients for activities connected and necessary to the relationship (for example, accounting,remuneration, social security, welfare, tax, security, etc.);
c) purposes related to obligations established by law;
d) for all activities related to the provision of services offered by the Data Controller.
e) only with your specific consent, for Marketing purposes
The processing of personal data of the interested party for the purposes indicated above finds its legal basis in art. 6, paragraph 1, letters a (the interested party has given consent to the processing of personal data for one or more specific purposes) b (execution of pre-contractual and contractual obligations) and c (processing necessary to fulfill a legal obligation) of the Regulation.
Personal data are processed with manual and electronic tools and are stored in theelectronic database in charge and, where appropriate, in any paper archives at the headquarters of the Data Controller and / or recipients (including any suppliers of the latter) of which the Data Controller uses for the pursuit of its purposes.
The personal data contained in the aforementioned automated information systems, as well as those kept in the archives of the Data Controller, are processed in accordance with the provisions of national legislation on the protection of individuals with regard to the processing of personal data and the GDPR regarding security measures, so as to minimize the risks of destruction or loss, of unauthorized access or processing that does not comply with the purposes of the collection.
With reference to the purpose referred to in points a) and b) of art. 3 above, the provision of personal data is mandatory and, failing that, it will not bepossible to regularly proceed with the contractual relationship. Consent is required with reference to the purpose referred to in point e).
Your personal data, subject to processing for the purposesindicated above, will be kept for the duration of the contract and, subsequently, for the time in which the Data Controller is subject to retention obligations for tax purposes or for other purposes, provided for by law or regulation.
With regard to marketing purposes, your data will be processed for the duration of the contract, without prejudice to your right of revocation.
Subsequently, the data will be stored until the statutory limitation period withreference to the individual rights enforceable by the parties. After these terms, your data will be anonymized or deleted, unless it is necessary to keep it for other and different purposes provided for by express provision of the law.
The personal data provided by the interested party for the purposes described in art. 3 above, may be brought to the attention of or communicated to the following subjects:
(i) employees and / or collaborators of the Data Controller, as well as professionals and / or professional firms in charge of the administrative and accounting management of the contractual relationship;
(ii) public or private subjects for tax purposes, etc. (e.g. Revenue Agency, etc.);
(iii) public or private subjects who, byvirtue of legal provisions and / or an administrative or judicial measure, have the right to access it;
(iv) private subjects used by the Data Controller for the pursuit of one or more of the purposes indicated in paragraph 2 above (credit institutions;accounting firms, labor consultants; companies offering IT services, etc.).
The Data Controller does not transfer personal data to third countries or to international organizations.
In the possibility of transferring data to a third country or an international organization, for the possible use of cloud services, in which case, it will be the task of the Data Controller to ascertain that for the recipient country where the service providers operate, there is an adequacy decision of the European Commission, or the reference to adequate guarantees pursuant to articles 46 – 49 of the GDPR. The list of “responsible for the processing of personal data” pursuant to art. 28 of the GDPR possibly appointed will be consultable at the headquarters of the Data Controller or can be requested by sending a written request to: PRIVACY@BLUNAVYTRAGHETTI.COM
The personal data of the interested party are not subject to profiling and dissemination.
For the pursuit of the processing purposes described above, no decision is taken based solely on automated processing that produces legal effects concerning you or that significantly affects your person.
Arts. 15-22 of the Regulation confer on the interested party the exercise of the following rights:
• request confirmation of the existence or otherwise of their personal data;
• obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated, and when possible, the retention period;
• obtain the correction and deletion of data;
• obtain the limitation of processing;
• obtain data portability, i.e. receive them from the Data Controller, in a structured format, commonly used and readable by automatic device, and transmit them to another data controller without hindrance;
• oppose an automated decision-making process relating to individuals, including profiling;
• if the processing is based on consent, revoke your consent at any time(ex art.7 paragraph 3 GDPR).
The above rights may be exercised by the interested parties by contacting the Data Controller by sending an email to the email address PRIVACY@BLUNAVYTRAGHETTI.COM, by registered letter with return receipt addressed to BN DI NAVIGAZIONE S.P.A., CALATA ITALIA 24 / A – 57037 – PORTOFERRAIO (LI), or to the PEC address: BNDINAVIGAZIONESRL@LEGALMAIL.IT.
Pursuant to Article 77 of the GDPR, if the interested party considers that the processing concerning your personal data violates this regulation, he has the right to lodge a complaint with the Supervisory Authority, which in Italy is the Guarantor Authority for the protection of personal data, Piazza Venezia n. 11 – Scala B, 00187, Rome (RM) – www.garanteprivacy.it.