Pursuant to the combined provisions of European Regulation 2016/679 (General Data Protection Regulation, hereinafter "GDPR") and Legislative Decree 196/2003 as amended (Legislative Decree 101/2018)
The Data Controller (hereinafter "Controller") is Cantiere Nautico Cranchi S.p.A. - Via Nazionale, 1319 - 23010 Piantedo (Italy), Reference: sales@cranchi.it – Mrs. Signora Desirée Fischietti – Phone +39 0342 683359 - website: www.cranchi.com.
|
|
|
Purpose |
Legal basis and nature of contribution |
Type of data |
|
a |
contract |
The Data Controller, in order to enable the purchase of its products and/or services, as well as to follow up on your requests needs to collect some of your Personal Data, as requested within the subscription or purchase form. |
Execution of pre-contractual measures taken at the request of the data subject and/or execution of a contract to which the data subject is a party (Art. 6(1)(b) GDPR). The provision of data is mandatory, and in case of refusal to provide personal data, it will not be possible for the Holder to provide the service
|
Identification and contact information: First name, last name, e-mail address, telephone number, Tax code, City, Country of residence, Country of berth, sailing area, other data as may be provided by the customer. |
|
b |
Legal obligations |
Recording invoices, receiving payments;
- Fulfilling pre-contractual, contractual and tax obligations arising from the customer relationship; - Fulfill obligations under the law, a regulation, EU legislation or an order of the Authority
|
Legal obligation to which the owner is bound (Art. 6(1)(c) GDPR). The provision of data is mandatory, and in case of refusal to provide personal data, it will not be possible for the Holder to provide the service
|
Identification and contact information: First name, last name, e-mail address, phone number, Social Security Number, City, Country of residence, Country of berth, sailing area, |
|
c |
Defense in jouissance |
- Exercise the rights of the Owner, such as any right of defense in court. |
Legitimate interest of the data controller (Art. 6(1)(f) GDPR): right of defense fairly balanced with the same right of data subjects |
Identification and contact information: First name, last name, e-mail address, telephone number, tax identification number, City, Country of residence, Country of berth, sailing area, and data necessary for defense in court |
|
d |
marketing |
Activities of sending newsletters, commercial communications and marketing: the performance by the Data Controller of its own promotional and/or marketing activities towards you. This category includes all activities performed to promote products, services, sold and/or provided by the Data Controller; subject to your specific consent. |
Legal basis and lawfulness of processing: legitimate interest under Article 6 letter f) of the Regulation - The Processing of your Personal Data will be conducted by the Data Controller and will be legally based on its legitimate interest in promoting its products and services; Legal basis and lawfulness of processing: consent of the data subject ex art. 6 letter a) of the Regulation - The Processing of your Personal Data will be conducted by the Data Controller and will be legally based on your free, express and unequivocal consent.
|
Identification and contact information: First name, last name, e-mail address, phone number, Social Security Number, City, Country of residence, Country of berth, sailing area, |
|
e) |
Front desk |
|
|
Master and contact information |
Processing is carried out using both manual and computerized methods and with the support of paper, computer or otherwise automated means.
In any case, the processing of data is carried out with the adoption of all appropriate measures to ensure the security and confidentiality of personal data, in particular in compliance with the security measures referred to in Article 32 of European Regulation No. 2016/679 and in accordance with the principles of lawfulness, necessity and proportionality.
Data are processed and stored on the tools used (e.g., computers) by the owner.
The Holder will retain personal data for as long as necessary to fulfill the above purposes.
Specifically : 10 years for reasons of accounting and legal compliance and 24 months for data collected according to the purpose d) (marketing, sending of informative and commercial material)
Data are not subject to communication and dissemination to third parties, except for obligations arising from the law.
Personal data may be transmitted to:
Third parties carrying out activities on behalf of the Controller as Data Processors appointed pursuant to Article 28 of the European Regulation 2016/679, (by way of example hosting services and IT services)
More information regarding the subjects listed above is available from the Holder's office.
In the management of the relationship with customers, there is no transfer of data to third countries nor to international organizations.
Should it become necessary to make transfers of personal data outside the territory of the European Union to countries not considered adequate by the European Commission, the Controller will ensure that appropriate or adequate safeguards are in place to protect personal data and that the transfer of such data complies with applicable data protection laws.
Any transfer of data subjects' data to countries located outside the European Union will, in any case, take place in accordance with the appropriate and adequate safeguards for the purposes of the transfer itself, pursuant to the applicable legislation and in particular Articles 45 and 46 of the Regulations.
Accordingly, where required by applicable data protection laws, the Owner will ensure that service providers sign Standard Contractual Clauses approved by the European Commission.
Art. 15 Right of access, the right to know whether any processing of one's personal data is taking place and - if confirmed - to obtain a copy of such data and to be informed about: the origin of the data; the categories of personal data processed; the recipients of the data; the purposes of the processing; the existence of automated decision making, including profiling; the period of data retention; the rights provided by the Regulation. The Right to lodge a complaint at any time with the Supervisory Authority (Garante Privacy: Piazza Venezia nr. 11, 00187 ROMA, Tel. +39 06 696771 - PEC: protocollo@pec.gpdp.it); Art. 16 Right of the data subject to obtain the updating, rectification or integration of personal data; Art. 17 Right to erasure and the right to be forgotten; Art. 18 Right to restriction of processing, when provided for; Art. 19 Obligation of the data controller to notify rectification, erasure and/or restriction; Art. 20 Right to data portability: the right to request that the data provided to the data controller be transferred to another data controller, where the processing is based on your consent or on a contract with you and is carried out by automated means; Art. 21 Right to object, at any time on grounds relating to your particular situation, where the processing is carried out in the exercise of public authority or in the performance of a task carried out in the public interest, or without the need to give reasons for the objection, when the data are processed for direct marketing purposes; Art. 22 Right not to be subjected to a decision based solely on an automated process, including profiling.
The owner does not carry out automated data processing.
The requests referred to in Article 7 above may be submitted by the Data Subjects to the Data Controller by registered letter or electronic mail to the addresses listed in Article 1 above.