Information required under Article 13 Regulation (EU) No. 2016/679 of the European Parliament and of the Council (“GDPR”)
the following policy describes the methods used to process the personal data collected automatically or supplied by you when browsing or using this Website venezianiyachting.com (hereinafter the "Website").
1. Data controller
The Data Controller is Boero Bartolomeo S.p.A., through its legal representative domiciled at the company’s head office: Via Giuseppe Macaggi n. 19, Genoa (hereinafter “Boero”, “Società” or the “Data Controller”).
The Data Controller has appointed a Data Protection Officer, whose details are available on the Website and who can be contacted at the following email address: firstname.lastname@example.org.
2. Categories of personal data processed
To allow you to use this Website and its services and make purchases, register on the site or contact us with queries (hereinafter the “Services”), the Data Controller needs to know and process some of your personal data.
Except where specified in this policy, please refer to the Website’s Privacy and Cookies Policy.
Data provided voluntarily by the User
To allow you to register on the Website, the Data Controller needs to know your name and surname, email address and telephone number. In order to buy our products, you need to provide your name and surname, tax code, residential address and other contact details such as telephone number and email address, as well as your payment details.
The optional, explicit and voluntary sending of emails requires the acquisition of your general details, email address and any other details you may include in the email or form.
The computer systems and software procedures used for the functioning of this Website will acquire certain personal data during the course of their normal operation. The transmission of such data is implicit in the use of Internet communication protocols.
This type of data includes the IP addresses or domain names of the computers utilised by Users logging onto the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to send the request to the server, the size of the response file, the numerical code indicating the status of the response from the server (successful, error etc.), and other parameters relating to the User’s operating system and digital environment.
This type of data, which is necessary to use the Website, will only be processed to obtain statistical information about the use of the Services (the most-visited pages, the number of visitors per hour or day, the geographical area of origin etc.) and to check the proper functioning of the Services we offer.
The browsing data will be erased immediately after the browsing session has been closed, except where legal authorities need to investigate criminal offences.
3. Purpose and legal basis for the data processing; mandatory or optional provision of data
Use of content and Services of the Website(i); guarantee of network and information security,(ii, iii) defence of a right(iii).
These purposes include, for example, the option of making purchases through vendors operating on this Website, and the possibility of sending requests and communications through the Website.
These purposes also include the processing of personal data relating to web traffic, where strictly necessary and proportionate to guarantee the security of the networks and information. These purposes also include the exercise of rights of defence in legal proceedings.
(i) Execution of a contract to which you are a party
(ii) Fulfilment of legal obligations
(iii) Legitimate interest
Provision of the data is mandatory.
Failure to provide authorisation for the processing of your data will mean that you are unable to use the content or services on this Website.
Furthermore, failure to authorise the processing of your data would make it impossible to guarantee the security of networks and information.
Registration for newsletters and receipt of promotional information and direct marketing communications(i).
These purposes include the possibility of registering for our newsletter and obtaining direct marketing communications, information about our services and offers, as well as information about discounts, promotions or customer loyalty campaigns either through traditional means of contact or through fully-automated methods, including but not limited to the use of your email address.
(i) Express consent
Provision of the data is optional.
Failure to provide authorisation for the processing of your data will not impede your use of this Website in any way. However, it may mean that you are unable to fully take advantage of the benefits we offer to our community through our newsletter promotional information and direct marketing.
Receipt of offers, discounts and other benefits based on profiling(i).
These purposes include the possibility of receiving offers, discounts and other benefits or promotional initiatives based on your specific requirements and purchasing preferences; this may involve participation in loyalty schemes which require, for their functioning, the registration, identification and profiling of data pertaining to your purchases, habits and consumer choices.
(i) Express consent
Provision of the data is optional.
Failure to provide authorisation for the processing of your data will not impede your use of this Website in any way. However, it may mean that we are unable to send you personalised communications based on your requirements and purchasing preferences.
4. Conservation period
Your personal browsing data and the data retained while using this Website will be erased when the browsing session is closed.
With regard to the processing of your personal data for the purposes of direct marketing, the Company will arrange for your personal data to be erased automatically, or to be permanently, irreversibly converted into anonymous form after 24 months have elapsed from the date on which the data was registered.
With regard to the processing of your personal data for the purposes of profiling, in accordance with the legal requirements and with your express authorisation, the Company will arrange for your personal data to be erased automatically, or to be permanently, irreversibly converted into anonymous form after 12 months have elapsed from the registration of personal data used for profiling purposes.
With regard to any other personal data we may acquire, as it is not possible to accurately predetermine the period of conservation, the Data Controller hereby undertakes to process such data in accordance with the principles of adequacy, pertinence and minimisation as required by the GDPR, and will check each year whether or not it is necessary to preserve such data. This does not include cases in which data needs to be kept in order to fulfil a legal requirement or to establish, exercise or defend a right in legal proceedings.
5. Categories of data recipients
Your personal data will not be disclosed to any third party, but it may be communicated - in relation to the data processing purposes described above - to the following persons:
- anyone who has access to the data under a provision of law of the European Union or the law of the Member State which governs the Data Controller;
- parties performing services which are ancillary to the activities and services described in paragraph 3, namely the vendors of our products, as joint data controllers, companies offering publicity, marketing and communications services, providers of IT infrastructure, ICT assistance and consulting, software and website designers and builders, companies offering services used to customise and optimise our services, companies offering data analysis and development services (including services relating to users’ interactions with our services), auditing firms, newsletter service providers, service centres, firms or consultants commissioned to provide other services to the Data Controller, limited to the purposes for which such data was collected.
data controllers within our corporate group or entities linked to a central body, exclusively for the purposes of internal administration;
Your personal data may also be known to our personnel provided that they have previously been designated as a person acting under the authority of the Data Controller pursuant to Article 29 of the GDPR, or as a System Administrator.
For further information about the joint data controllers, the other recipients or categories of recipients of your personal data, you may contact the Data Controller at the addresses given in paragraph 8 (“Rights of the data subject”). Please also note that an excerpt from the joint controller agreement with the vendors will be published in the relevant section of the Website.
6. Transfer of personal data to third countries
The Data Controller does not intend to transfer your personal data to any third country.
7. Automated decision-making processes
If you expressly authorise the processing of your personal data for profiling purposes, the Data Controller will use automated decision-making processes in order to profile your browsing habits, preferences and interactions with the Website. The objective is to allow you to use the Website in a way that reflects your interests and preferences and to offer you the opportunity to take advantage of offers, discounts and other benefits or promotional initiatives, based on your specific requirements. In order to function correctly, these processing activities require the registration, analysis and profiling of your general details, contact details, occupation and details of the products you have purchased, as well as your purchasing preferences.
The logic applied to the profiling process is based on (i) segmentation, which allows us to segment users depending on their purchasing habits, and (ii) clustering, which involves aggregation methods which allow to identify types of users that share similar behaviours, by analysing their personal data. Therefore, as a result of these profiling activities, you may take advantage of the display of content targeted exclusively to your interests, and you may receive communications that may respond to your habits or interests.
8. Rights of the Data Subject
As the data subject you have the right to revoke the consent to the processing of your personal data at any time and you may obtain access from our Company to your personal data. You may also ask the Company to rectify or erase your data. You also have the right to object at any time to the processing of personal data that relates to you, as well as the right to the portability of such data.
In addition, you have the right to object at any time, for reasons relating to your situation, to the processing of personal data concerning you which is based on points (e) or (f) of Article 6(1), including profiling based on those provisions, as provided for in Article 21 of the GDPR. Furthermore, if your personal data is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data for such purposes including profiling, to the extent that it is connected to this kind of direct marketing.
Finally, you have the right to file a complaint with a regulatory body if you consider that your data has been processed in breach of the GDPR.
To exercise your rights, you may contact the Data Protection Officer or the Data Controller by sending a communication to our head office at Via Giuseppe Macaggi n. 19, Genoa, or by sending an email to email@example.com.
Document version 1.0 del 01/03/2022