Privacy Policy

Information pursuant to Article 13, EU Regulation No. 2016/679

regarding the protection of natural persons with regard to the processing of personal data

With this document, Marina Porto Antico S.r.l. (hereinafter also the “Data Controller”) wishes to inform you that European Regulation No. 679 of April 27, 2016, and subsequent implementing regulations provide for the protection of natural persons (so-called “data subjects”) with regard to the processing of personal data concerning them.

We remind you that “personal data” refers to data that allows an individual to be identified directly or indirectly.

Providing your personal data to the Data Controller is not mandatory, but if the data is not provided, the Data Controller will not be able to – for example – provide assistance, diagnosis, and healthcare services, and more generally, correctly fulfill its contractual or legal obligations, nor provide the best possible service or respond to your requests.

The Data Controller protects the personal data of its clients, suppliers, and natural persons from whom it receives personal data in the course of its business activities according to the provisions of EU Reg. 679/16 and its implementing regulations.

Pursuant to Article 13 of the same Regulation, we particularly wish to provide you with the following information.

1. Identification details of the Data Controller and the Data Protection Officer

The Data Controller is the company Marina Porto Antico S.r.l. (hereinafter “the Data Controller”), with its operational headquarters in Genoa, Molo Ponte Morosini 34/1, contactable at mpa@marinaportoantico.it.

2. Types of data processed and purposes of processing

In general, the Data Controller processes common personal data for the execution of contractual services requested by the client and in the context of its business activities. The processing is therefore carried out for commercial purposes, for the stipulation and execution of contracts, to perform or have performed by third parties services functional to this, for the management of appointments, for communications regarding such services or further appropriate services related to them, for the procurement of tools, materials, and services, for administrative, accounting, and tax activities carried out within the Data Controller’s activities to allow the data subject to safely enjoy the services provided by the Data Controller or, in any case, connected with other legal obligations incumbent on the latter, for the evaluation of the quality of the service provided, and the acquisition, management, and better organization of human resources.

3. Legal basis of processing

The legal basis of processing is constituted, alternatively:

1. by the execution of the contract concerning the service requested by the data subject or by pre-contractual activities instrumental to this purpose;
2. by the fulfillment of legal obligations incumbent on the Data Controller;
3. by the consent expressed by the data subject in cases other than those referred to in letters a and b;
4. by any other legal basis provided for by Articles 6 and 9, EU Reg. 679/16, and in particular by legitimate interest, where ascertainable in the specific case. In such an eventuality, the Data Controller will indicate to the data subject the nature and type of legitimate interest in question.

4. Methods of processing

In relation to the above purposes, the data is subject to computer and paper processing.

The personal data provided will be processed by personnel specifically designated and instructed by the Data Controller and stored in suitable places specifically intended for this purpose, respecting the confidentiality of such data.

With reference to the personal data collected, the Data Controller adopts the protection measures referred to in Article 32 of EU Reg. 679/16, implementing processes and adopting technologies that allow restricting or preventing access to such data, accidental loss or destruction of the same, unauthorized access or dissemination of such data.

The personal data collected is not normally transferred to third countries, territories, international organizations, or entities outside the European Union or, where a transfer is necessary (for example, in the context of data storage services in the cloud provided by suppliers based outside the EU), such transfer will not be carried out except to countries that are not, in any case, subject to an adequacy assessment by the European Commission, unless the recipient adopts adequate protection measures pursuant to Articles 25, 32, and 46 of EU Reg. 679/16 or unless the transfer is necessary in relation to a contract, pre-contractual activities, or a legal action, or in other cases indicated by Article 49 of EU Reg. 679/16, including the consent of the data subject.

It is possible that some personal data of the data subject (e.g., email box or data contained in any email correspondence) may be processed and, in particular, stored in non-EU countries by the Data Processor appointed for this purpose (e.g., email provider that backs up the data contained therein).

The personal data collected may be processed and organized through automated procedures and through operational, analytical, or collaborative management applications or CRM. The Data Controller does not use automated decision-making processes, including profiling, as defined by EU Reg. 679/16 as any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, including professional performance, economic situation, health, personal preferences, location, and movements.

The personal data collected and any reviews made by the data subject through social networks or other applications may be processed within the same social networks for the purpose of promoting the activities carried out by the Data Controller.

5. Data retention period

If the reason for data collection is constituted by a contract or pre-contractual activity, or more generally, by relationships with the client or supplier, the data provided will be retained until the extinction of all rights exercised or potentially exercisable by the parties and, therefore, for the 10 (ten) years following the conclusion of the service subject to the contract or, in case of disputes or communications after this term, for the 10 (ten) years following the last communication between the Data Controller and the data subject.

Conversely, if the data is processed for the fulfillment of legal obligations or for the legitimate interests of the Data Controller, until the definitive fulfillment of the obligation or the definitive satisfaction of the legitimate interest.

If, on the other hand, the legal basis of processing is exclusively constituted by the consent of the data subject (e.g., commercial newsletters), the data will be retained until the revocation of such consent.

The Data Controller periodically verifies the strict relevance and non-excessiveness of the data concerning the relationship, service, or assignment to which they refer. Data that, following the checks, are found to be excessive or irrelevant or unnecessary are destroyed through deletion and subsequent physical destruction or wiping, except for the possible retention, in accordance with the law, of the act or document containing them.

6. Scope of data communication and dissemination

The data is not subject to public dissemination.

The data may be communicated or made accessible to all subjects whose right to access such data is recognized by regulatory provisions, to our partners in the context of checks carried out by them, to collaborators, and employees, within the scope and limits of their respective duties assigned to process the data and to all natural and/or legal persons, public and/or private, to whom communication is necessary or appropriate to fulfill explicit legal, contractual, and non-contractual obligations (for example, consultants of the Data Controller, authorities, and public bodies), and, moreover, to the following predominant categories of recipients:

1. Accountants, accounting consultants, labor consultants for accounting and tax obligations related to business activities
2. Other consultants (legal, security, certification bodies, etc.) of the Data Controller or other professionals, in the pursuit of interests and the protection of the Data Controller’s rights
3. System administrators for the processing of personal data functional to the obligations related to business activities
4. Host provider, email provider, backup system provider, for the processing of personal data functional to their retention
5. Consultants for management applications
6. Authorities or public bodies in the fulfillment of obligations or in the pursuit of legitimate interests of the Data Controller

Our employees are subject to specific confidentiality obligations regarding the data processed and are required to comply with the internal regulation specifically issued for this purpose. External collaborators who process personal data for us, including companies and professionals whose consultancy and services we use, are subject to the obligations indicated in the assignment conferred on them pursuant to Article 28, EU Reg. No. 679/16.

6. Rights under Articles 7, 15, 16, 17, 18, 20, 21, and 22 of EU REG. 2016/679

We inform you that, by contacting the subjects referred to in paragraph 1 at the contact details indicated therein, as a data subject, you have the right:

• to Access personal data, a right that includes obtaining information such as the purposes and legal basis of processing, the categories of personal data processed, any recipients of such data, the data retention period, the data subject’s right to access, rectification, deletion of data, to object to the related processing and to complain to the supervisory authority, the source from which the acquired personal data originates, and the existence of any automated decision-making processes based on the personal data provided
• to Deletion of personal data concerning you, where the data is no longer necessary for the purposes for which it was collected, revocation of the consent given when consent constitutes the sole legal basis of processing, the processing is unlawful or there is no overriding legitimate reason to proceed with processing, or deletion is due to compliance with a legal obligation to which the Data Controller is subject.
• to Rectification and portability of personal data (including direct transmission of data to a different Data Controller): rectification of data and portability of the same may be requested at any time by the data subject by sending an email to the email address indicated above.

A response to the request for rectification or portability will be provided as soon as possible and, in any case, within 30 days of receipt of the same;

The possible request for data portability does not preclude the subsequent processing of the same data carried out on a legal basis other than the consent of the data subject;

• to Revoke the consent to processing possibly given, where consent constitutes the exclusive legal basis of the processing carried out. It remains understood that the revocation will remain without effect concerning all data processing for which specific consent is not necessary and that respond to rights or legitimate interests of the Data Controller;
• to limit processing where the accuracy of the data is contested and for the time necessary for its verification, where processing is necessary for the establishment or defense of a right in court and in other cases provided for by Article 18 of EU Reg. 679/16;
• to limit, except as necessary for the execution of the contract and compliance with legal regulations and, therefore, with exclusive reference to processing based on consent, the scope of communication of any genetic data and the transfer of biological samples as well as their possible use for further purposes;
• to object to processing of data for direct marketing purposes by sending an email to the email address indicated above;
• not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way, except in the cases referred to in Article 22, paragraph 2, of EU Reg. 679/16;
• to lodge a complaint with the competent Supervisory Authority.

Genoa, on _______________

I have read the information and consent to the related processing

The data subject

____________________________

I consent to the processing of my personal data to receive information on commercial initiatives, promotional campaigns, and services of Marina Porto Antico S.r.l..

The data subject

____________________________