1) Owner of the treatment
The owner and manager of the processing of the data collected is the company SirmioneTaxiboat of Baccolo Pierpaolo with registered office in San Felice del Benaco (BS), via Boschette 119 25010, CF BCCPPL81T20D284U and VAT number N 03161630987, n. REA BS - 510455, PEC firstname.lastname@example.org, owner of the site https://www.sirmionetaxiboat.it/
The data processing takes place at the owner's registered office.
If you wish to receive more information on how the owner processes your personal data, please write an email to the email address email@example.com
To find out about your rights and keep up-to-date on the legislation on the protection of individuals with regard to the processing of personal data, we recommend that you visit the website of the Guarantor for the protection of personal data at the address http://www.garanteprivacy.it
2) What is meant by data processing
By processing of personal data we mean their collection, registration, organization, storage, processing, modification, selection, extraction, comparison, use, dissemination, cancellation, distribution, interconnection and anything else that is useful for the execution of the Service, including the combination of two or more of these operations.
3) What data does the site process
The site collects different types of personal data of the user/customer for the purposes described later in this Information, including:
- User/customer data such as name, surname, e-mail address, telephone number and other personal data provided by the same by filling in forms on the Site.
- Personal data that may be contained in communications sent by the user/customer, for example to report a problem or to forward special requests, problems or observations relating to the Site or its contents.
Other personal data that the user/customer decides to share voluntarily, for example by e-mail.
For the invoicing of the services purchased, common data required by tax legislation (name, surname, address, tax code or VAT number) are processed.
4) Types of data processed
The user/customer has no obligation to provide his personal data. However, the provision of personal data (in particular personal details, e-mail address and telephone number) are necessary for the provision of services at the request of the user/customer, or for the fulfillment of the obligations established by laws or regulations.
The refusal by the user/customer to provide the data necessary for the pursuit of the aforementioned purposes may make it impossible to process the service request or to fulfill the obligations established by legislative or regulatory provisions.
Failure to provide personal data may therefore constitute, in some cases, a legitimate and justified reason for not providing services.
The provision of additional personal data other than those required for the fulfillment of legal or contractual obligations and for the correct display of services with the necessary traffic data is instead optional and does not produce any effect on the use of the Site and related services.
The customer is informed at each stage if the provision of personal data is necessary or optional by affixing a symbol (*) on the information requested or on the data necessary for the purchase of the products and/or for the provision of the requested services on the site.
5) Purpose of the processing and legal basis
We inform you that the personal data you provide in the context of the activity we carry out, may be processed for the following purposes:
A) Contractual purpose: the sale of a private passenger transport service by motorboat.
- the verification of your identity, including IT;
- the communications we send you regarding our services or in response to your questions;
- the use of personal information about you contained in private messages sent to us to fulfill your requests for information and the sales contract.
B) Compliance purposes / legal obligations: for the purposes required by law, such as requests from government authorities or law enforcement agencies to conduct investigations, fulfill the obligations established in the tax and accounting fields and any other legal obligations.
C) Purpose of exercising rights: if necessary, to ascertain, exercise or defend the rights of the company, in court.
D) Functioning purposes of the site: the computer systems and software procedures used to operate the site acquire, during their normal service, some personal data in the use of Internet communication protocols.
E) Costumer service purposes: if requested by the user/customer via e-mail, to provide assistance, information on services.
We inform you that the owner collects the information collected anonymously and aggregated (so that it is not attributable to your person) to use it for purposes that include research, data analysis, improvement of the Site.
The legal basis of the processing of personal data for the purposes referred to in letters a), b), c), d) and e) is the art. 6.1 lit. b) and c) f) of the GDPR, as the treatments are necessary for the provision of services or for the response of requests from the interested party, also representing a treatment necessary to fulfill a legal obligation of the owner or respondent to a legitimate interest. The provision of personal data for these purposes is optional but failure to provide it would make it impossible to activate the services provided by the Site, respond to requests, etc. etc.
6) Categories of recipients of personal data
The personal data collected by the company SirmioneTaxiboat of Baccolo Pierpaolo may be shared with the subjects indicated below (the "Recipients"):
- subjects who typically act as data processors, i.e.: i) people, companies or professional firms that provide assistance and consultancy to the company in accounting, administrative, legal, tax, financial and debt collection matters relating to the provision of the Services;
- subjects with whom it is necessary to interact for the provision of the Services (for example hosting providers or platform providers for sending emails);
- subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks);
- persons authorized by the company to process data necessary to carry out activities strictly related to the provision of the Services, who are committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. employees or collaborators of the company);
- subjects, bodies or authorities to whom it is mandatory to communicate data for purposes of compliance, abuse or fraud, or by order of the authorities.
The data is not subject to disclosure.
In compliance with the general Provision of 28.11.2008 of the Guarantor, the data may be communicated to the System Administrator.
7)EU data transmission
To allow us to correctly manage your purchases and connected services, your personal data may be transferred to countries belonging to the European Union.
By simple request to be made by e-mail firstname.lastname@example.org you can receive more information on the transfer of your data and on the guarantees provided for their protection as well as on the means to obtain a copy of such data or the place where they were made available.
9) Rights of the interested party
The subjects to whom the personal data refer (interested parties) have the right, at any time, to obtain confirmation of the existence or otherwise of the same data and to know its content and origin, verify its accuracy or request its integration o updating, or rectification (articles from 15 to 23 and 34 EU REG. 678/2016, see here in full at the bottom of Annex A), cancellation (right to be forgotten), the right to data portability , the transformation into anonymous form or the blocking of data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, their treatment.
Requests must be forwarded to the Data Controller by writing to the following e-mail address:
- the interested party has the right to ask the Data Controller to access their personal data and to correct or cancel them or limit their processing or to oppose their processing in addition to the right to data portability (art. 15, art. 16, art. 17, art. 18, art. 20 EU REGULATION 679/2016);
- the interested party has the right, in the event that the treatment is based on article 6, paragraph 1, letter a) or on article 9, paragraph 2, letter a), to revoke the consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
- the interested party has the right to lodge a complaint with a supervisory authority;
- the interested party has the right to be aware, by the Data Controller, who must do so without justified delay, of a violation of personal data likely to present a high risk for the rights and freedoms of natural persons (art. 34 EU REGULATION 679/2016).
10) Data retention period
The Personal Data processed for the purpose of Providing the Services will be kept for the time strictly necessary for the aforementioned purpose.
In any case, since these data are processed to provide services to the user/customer, the company SirmioneTaxiboat of Baccolo Pierpaolo may keep them for a longer period, in particular for what may be necessary in order to protect their interests from possible complaints relating to services (10 years).
The data processed for the purposes of Compliance / Legal obligations will be kept for the period established by specific legal obligations or by the applicable legislation.
The data processed in order to prevent abuse/fraud will be kept for the time strictly necessary for the aforementioned purpose and therefore until the moment in which the company is required to keep them to protect itself in court and/or to communicate it to the competent authorities.
To ensure that the data is accurate and updated, however pertinent and complete, please report any changes to the contact details of the owner.
Personal data may be stored both in paper and electronic archives.
At the end of the retention period, the data will be deleted or anonymized.
11) Security measures
The SirmioneTaxiboat company of Baccolo Pierpaolo attaches great importance to the security of all personal data relating to users/customers.
It implements security measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized communication or access.
To best protect the personal data of the user/customer outside the limits of its control, the devices of the users/customers must be protected (with up-to-date antivirus systems) and the internet service provider must take adequate measures for the security of the data transmission over the network (such as firewalls and spam filters).
Although the company Sirmione Taxiboat of Baccolo Pierpaolo does its best to protect the personal data of the user/customer, it cannot guarantee that the personal data communicated to it will be 100% secure or that no data breaches will occur.
The user/customer accepts the implications connected to online negotiation and will not hold the company SirmioneTaxiboat of Baccolo Pierpaolo, or the respective operators, responsible for any data breaches unless this is due to its negligence.
12) Applicable law
Changes and updates to the Privacy Section will be notified to users by posting them on the home page as soon as they are adopted; they will be binding as soon as they are published on the website. We therefore ask you to access this section regularly to check the publication of the most recent and updated Privacy Section.
14) Consent given by the parental manager
Pursuant to article 8 of the 2016/679 European Regulation, in cases where the interested party is a minor of fourteen years, the consent of the parental responsible is required for the processing of personal data of the aforementioned minor.
Written communications addressed to the SirmioneTaxiboat company of Baccolo Pierpaolo will be considered valid only if sent to the following email address email@example.com.
You must indicate the name and surname, telephone number or e-mail address to which you wish communications to be sent. You will be informed of receipt and your requests will be followed up as soon as possible.
Date of last modification: 04/11/2022
RIGHTS OF THE INTERESTED PARTY
REGISTRATION EXTRACT EU 679/2016
Right of access of the data subject (C63, C64)
1. The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients from third countries or international organizations;
d) when possible, the envisaged retention period for personal data or, if this is not possible, the criteria used to determine this period;
e) the existence of the right of the interested party to ask the data controller to rectify or cancel personal data or limit the processing of personal data concerning him or to oppose their treatment;
f) the right to lodge a complaint with a supervisory authority;
g) if the data are not collected from the interested party, all the information available on their origin;
h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and envisaged consequences of such processing for the interested party.
2. If personal data are transferred to a third country or to an international organization, the interested party has the right to be informed of the existence of adequate guarantees pursuant to article 46 relating to the transfer.
3. The data controller provides a copy of the personal data being processed. In case of further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format.
4. The right to obtain a copy referred to in paragraph 3 must not prejudice the rights and freedoms of others.
Right to rectification (C65)
The interested party has the right to obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
Right to erasure ("right to be forgotten") (C65, C66)
1. The interested party has the right to obtain from the data controller the cancellation of personal data concerning him without unjustified delay and the data controller has the obligation to cancel personal data without unjustified delay, if one of the following reasons exists:
a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
b) the interested party revokes the consent on which the treatment is based in accordance with article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), and if there is no other legal basis for the treatment ;
c) the interested party opposes the treatment pursuant to article 21, paragraph 1, and there is no prevailing legitimate reason to proceed with the treatment, or opposes the treatment pursuant to article 21, paragraph 2;
d) the personal data have been processed unlawfully;
e) personal data must be canceled to fulfill a legal obligation established by Union or Member State law to which the data controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in article 8, paragraph 1.
2. The data controller, if he has made personal data public and is obliged, pursuant to paragraph 1, to delete them, taking into account the available technology and implementation costs, adopts reasonable measures, including technical ones, to inform the data controllers who are processing the personal data of the data subject's request to delete any link, copy or reproduction of his personal data.
3. Paragraphs 1 and 2 do not apply to the extent that the processing is necessary:
a) for the exercise of the right to freedom of expression and information;
b) for the fulfillment of a legal obligation which requires the treatment envisaged by the law of the Union or of the Member State to which the data controller is subject or for the execution of a task carried out in the public interest or in the exercise of public powers with which the data controller is invested;
c) for reasons of public interest in the field of public health in accordance with Article 9, paragraph 2, letters h) and i) and with Article 9, paragraph 3;
d) for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1), in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
e) for the assessment, exercise or defense of a right in court.
Right to restriction of processing (C67)
1. The interested party has the right to obtain from the data controller the limitation of the treatment when one of the following hypotheses occurs:
a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
b) the processing is unlawful and the interested party opposes the cancellation of personal data and instead requests that their use be limited;
c) although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
d) the interested party has opposed the treatment pursuant to article 21, paragraph 1, pending the verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
2. If the processing is limited pursuant to paragraph 1, such personal data are processed, except for storage, only with the consent of the interested party or for the assessment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. The interested party who has obtained the limitation of treatment pursuant to paragraph 1 is informed by the data controller before said limitation is revoked.
Obligation to notify in the event of rectification or erasure of personal data or restriction of processing (C31)
The data controller informs each of the recipients to whom the personal data have been transmitted of any corrections or cancellations or limitations of the treatment carried out pursuant to article 16, article 17, paragraph 1 and article 18, unless this is proves impossible or involves a disproportionate effort. The data controller communicates these recipients to the interested party if the interested party requests it.
Right to data portability (C68)
1. The interested party has the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and has the right to transmit such data to another data controller without impediments by the data controller to whom they have been provided if:
a) the processing is based on consent pursuant to article 6, paragraph 1, letter a) or article 9, paragraph 2, letter a) or on a contract pursuant to article 6, paragraph 1, letter b) ; and b) the processing is carried out by automated means.
2. In exercising their rights in relation to data portability pursuant to paragraph 1, the interested party has the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.
3. The exercise of the right referred to in paragraph 1 of this article is without prejudice to article 17. This right does not apply to the processing necessary for the execution of a task in the public interest or connected to the exercise of public powers referred to the data controller is invested.
4. The right referred to in paragraph 1 must not harm the rights and freedoms of others.
Right to object (C69, C70)
1. The interested party has the right to object at any time, for reasons connected to his particular situation, to the processing of personal data concerning him pursuant to article 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions. The owner
of the treatment refrains from further processing the personal data unless he demonstrates the existence of compelling legitimate reasons for proceeding with the processing which prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court.
2. If personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him carried out for these purposes, including profiling to the extent that it is connected to such marketing direct.
3. If the interested party opposes the processing for direct marketing purposes, the personal data are no longer processed for these purposes.
4. The right referred to in paragraphs 1 and 2 is explicitly brought to the attention of the data subject and is presented clearly and separately from any other information at the latest at the time of the first communication with the data subject.
5. In the context of the use of information society services and without prejudice to Directive 2002/58/EC, the interested party can exercise his right to object by automated means that use technical specifications.
6. If personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to article 89, paragraph 1, the interested party, for reasons connected with his particular situation, has the right to object to the processing of personal data concerning him, unless the processing is necessary for the performance of a task in the public interest.
Automated decision-making relating to natural persons, including profiling (C71, C72)
1. The interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person in a similar way.
2. Paragraph 1 does not apply if the decision:
a) it is necessary for the conclusion or execution of a contract between the interested party and a data controller;
b) is authorized by Union or Member State law to which the data controller is subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the data subject;
c) is based on the explicit consent of the data subject.
3. In the cases referred to in paragraph 2, letters a) and c), the data controller implements appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, at least the right to obtain human intervention on the part of the controller of the treatment, to express their opinion and to contest the decision.
4. The decisions referred to in paragraph 2 shall not be based on the special categories of personal data referred to in Article 9(1), unless Article 9(2)(a) or (g) applies, and adequate measures are not in place to protect the data subject's rights, freedoms and legitimate interests.
1. Union or Member State law to which the controller or processor is subject may limit, by means of legislative measures, the scope of the obligations and rights referred to in Articles 12 to 22 and 34, as well as to Article 5, insofar as the provisions contained therein correspond to the rights and obligations set out in Articles 12 to 22, if such limitation respects the essence of fundamental rights and freedoms and is a necessary and proportionate measure in a society democracy to safeguard:
a) national security;
c) public safety;
d) the prevention, investigation, detection and prosecution of criminal offenses or the execution of criminal penalties, including safeguarding against and preventing threats to public safety;
e) other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including in monetary, budgetary and taxation matters, public health and security social;
f) safeguarding the independence of the judiciary and judicial proceedings;
g) activities aimed at preventing, investigating, ascertaining and prosecuting violations of the ethics of regulated professions;
h) a function of control, inspection or regulation connected, even occasionally, to the exercise of public powers in the cases referred to in letters a), to e) and g);
i) the protection of the interested party or of the rights and freedoms of others;
j) the execution of civil actions.
2. In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions concerning at least, where appropriate:
a) the purposes of the processing or the categories of processing;
b) the categories of personal data;
c) the extent of the limitations introduced;
d) the guarantees to prevent abuse or illicit access or transfer;
e) the precise indication of the data controller or of the categories of controllers;
f) the retention periods and applicable guarantees taking into account the nature, scope and purposes of the processing or the categories of processing;
g) the risks for the rights and freedoms of the interested parties; and h) the right of data subjects to be informed of the limitation, unless this could compromise the purpose of the limitation.
Communication of a personal data breach to the data subject (C68-C88)
1. When the violation of personal data is likely to present a high risk for the rights and freedoms of natural persons, the data controller communicates the violation to the interested party without unjustified delay.
2. The communication to the interested party referred to in paragraph 1 of this article describes the nature of the personal data breach in simple and clear language and contains at least the information and measures referred to in article 33, paragraph 3, letter b) , c) and d).
3. The communication to the interested party referred to in paragraph 1 is not required if one of the following conditions is met:
a) the data controller has implemented the appropriate technical and organizational protection measures and these measures had been applied to the personal data subject to the violation, in particular those intended to make the personal data incomprehensible to anyone who is not authorized to access them, such as encryption;
b) the data controller has subsequently taken measures to prevent the occurrence of a high risk for the rights and freedoms of the data subjects referred to in paragraph 1;
c) such communication would require disproportionate efforts. In this case, instead, a public communication or a similar measure is carried out, by which the data subjects are informed with similar effectiveness.4. In the event that the data controller has not yet notified the data subject of the personal data breach, the supervisory authority may request, after assessing the likelihood that the personal data breach presents a high risk, that it proceed or it may decide that one of the conditions set out in paragraph 3 is met.