Dear Customer,
in accordance with applicable privacy laws (Regulation (EU) n. 679/2016 - GDPR and the Legislative Decree 196/2003 and subsequent amendments and addictions), we would like to take this opportunity to inform you that your personal information will be processed in an ethical and transparent manner, only for lawful purposes, and in a manner that safeguards your privacy and your rights.
1. Data Controller
Data Controller:
|
Prenotazioni 24 s.r.l.
registered office in Portoferraio (LI), Via Cacciò 9
CF.e P.Iva: 01512130491
PEC: prenotazioni24@pec.it.
|
2. Mode of treatment
Your data are processed with electronic tools, through our website www.MrFerry.co.uk or other electronic tools to ensure high levels of security and privacy; they can also be processed in paper form or even by telephone, through our call center.
3. Nature of the data processed
The data that can may be requested are: name, surname, telephone number, email address, number of a valid identification document, date of birth, bank identification, payment, financial, tax and similar data (hereinafter “personal data” or even only “data”).
The requested data are those required by Prenotazioni24 to make a reservation with one of the affiliate shipping companies and are necessarily communicated to the company with which the ticket holder travels.
Generally, we do not process any sensitive or judicial data, but, should this occur, we will first ask for your consent (Articles 9 and 10 GDPR).
We may have to process data of minors: in such cases, appropriate information is provided as the same time as the request for express and appropriate consent, in compliance with the Article 8 GDPR.
4. The purposes of the processing for which the personal data are intended as well as the legal basis for the processing
The Data Controller processes personal and identifying data only in order to carry out the services offered and to retain customers.
Our services consist of a main service, the issuance of the ticket, and a series of additional services: in all cases, given the necessary presence of the main service, in the absence of which the accessories could not survive, the data request are the same, as are the same purposes pursued by the Data Controller (perform the services agreed and retain customers), however, depending of the service requested may be necessary to communicate further data, by reason of the different activities required by the customer/user, imposed by the Data Controller in compliance with legal obligations, or dictated by adequately motivated operational choices.
The express and voluntary communication of the data though the compilation of forms specifically prepared on our website involves our subsequent acquisition of those same data. Specific summary information are prepared and/or displayed on the individual web pages dedicated to the request of individual accessory services.
Prenotazioni24 processes your personal data for the following purposes ad according to the related legal basis for the processing:
- Issue the ticket and perform any additional services budgeted/contracted. By collecting the data necessary to complete the booking, you agree to their subsequent communication to the chosen shipping company: the refuse to communicate even some of only such data and/or the refuse of consent to their communication to the chosen company makes it impossible to execute the service/s requested/s. As the processing is necessary for the definition of the contractual agreement and its subsequent implementation, your consent is not required (Article 6, paragraph 1, letter b) GDPR).
- Manage payments, including through third parties banking/financial (setefi - Intesa San Paolo; Braintree-Gruppo Paypal; Paypal; Amazonpay). As the processing is necessary for the definition of the contractual agreement and its subsequent implementation, your consent is not required (Article 6, paragraph 1, letter b) GDPR). Personal information is processed by us and our employees in charge of data processing, and is disclosed outside the company only when and if required by law. Should you refuse to submit the required data for the above purposes, we will not be able to provide you with the requested services.
- Managing your billing to comply with applicable administrative, accounting, and tax regulations. For these purposes, your consent is not required. Personal information is processed by us and our employees in charge of data processing, and is disclosed outside the company only when and if required by law. Should you refuse to submit the required data for the above purposes, we will not be able to provide you with the requested services. Data acquired for such purposes is retained by us for the required statutory period (10 years – or longer, in case of tax audits) (Article 6, paragraph 1, letter c));
- Managing any complaints and/or dispute. For these purposes, your consent is not required (Article 6, paragraph 1, letter f));
- Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller your consent is not required (Article 6, paragraph 1, letter e));
- In some cases processing is necessary for the purpose of the legitimate interests pursued by the controller, for example to deal with the effects of a default of contract, in this case processing il lawful even without your consent, according to Article 6, paragraph 1, letter f) GDPR;
- With your express consent and until the revocation of the same (Article 6, paragraph 1, letter a) and Article 7 GDPR), to be provided as a result of timely and comprehensive information illustrated before the acquisition of consent, your personal data may be processed for sending newsletters, advertising material, offers, even personalized, and other forms of direct and indirect marketing Article 130 Privacy Code and Article 7 GDPR).
5. Sample list of the services offered, the purpose of the processing and the types of data processed
a) Send a text message about the status of the ticket and booking for the sole purpose of processing the reservation (ticket) with: ticket number, port address and other similar information. The purpose of the processing is to facilitate the complete acquisition of all relevant data relating to the concluded purchase of the ticket. The additional data requested, if not already communicated, is a mobile number of the ticket holder.
b) Only on Saturday: sending of a text message with information of the state of traffic and other similar. The purpose of the processing is to facilitate the achievement of boarding without risk of obstruction local traffic jam particularly congested on Saturday. The additional data requested, if not already communicated, is a mobile number of the ticket holder.
c) Insurance cover against any subsequent cancellation of the ticket. Prenotazioni24 guarantees the refund, through the presentation of appropriate documentation, in compliance with the details indicated in the Appendix of coverage against cancellations. The purpose of the processing is to guarantee the refund of the ticket in case of subsequent impossibility to carry out the booked trip. The additional data requested, for this purpose are the same of those required for the ticket issue (name, surname, address, data at place of birth, tax number, telephone number, email address).
In case of activation of the policy, if the event consists of accident or illness, you may be required to communicate medical reports and/or certificates, which will be treated only with your express consent (Article 9 GDPR). Personal information is processed by us and our employees in charge of data processing, and is disclosed outside the company only when and if required by law. Should you refuse to submit the required data for the above purposes, we will not be able to provide you with the requested services.
d) Subscription to newsletters and direct marketing. The purpose of the processing is to obtain your express consent, according to Article 7 GDPR, for sending information and advertising material to the indicated email address. The only additional data requested (compared to those required to complete the procedure for issuing the ticket) is an email.
e)Indirect marketing: with your express consent in compliance with Article 7 GDPR, communication of your data to partner companies for sending information and advertising material directly by them, after the conclusion of the contract, to the email address you have indicated. The purpose of the processing is the possibility of carry out indirect marketing by partners and the only additional data requested is an email of the ticket holder.
f) Donation to non-profit organizations. Prenotazioni24 has an agreement with five different NGOs, which, on rotation, offer their own initiative to costumers of Prenotazioni24. At the time of purchase of the ticket a special form will ask you to choose to contribute to the initiative promoted by the non-profit organization in turn by donating 1 (one) euro in support. The purposes of the processing are indicated specifically on the web page you can find the donation form, together with the methods of collection and payment of the sums and the description of the project financed by the non-profit organization on duty. The required data are the same of the main service.
6. Transfers of data to third countries or international organizations
The transfer of personal data beyond the borders within which the GDPR operates carries the risk that the applicable legislation at the place of transfer does not present the same standards of guarantees. It therefore becomes relevant for the data subject to be made aware of the potential risks related to security and data protection.
Our processing does not provide for the transfer of personal data outside of the applicability limits of GDPR.
7. Duration of the data processing
The data are processed until the complete performance of the service and also later, in compliance with legal obligations and for administrative and commercial purposes; after these terms the data will be delated or made anonymous and used for statistical purposes only.
8. Obligation or right to provide data and consequences of refusal
We require the data listed above (name, surname, telephone number, email address, number of a valid identification document, date of birth) to be able to perform the required services and the refuse to provide it will not allow us to provide the requires services.
While browsing our site, or during your telephone contacts or even in case of direct visit you may also be required to provide us with additional data that is not strictly necessary for the performance of the main service, but we need them for the execution of any ancillary services, that from time to time will be purposed to you and that we have given a sample list to the previous point 5.
Every time we offer you an additional service we will at the same time describe the objectives pursued and you will be asked for express consent.
The refuse to provide should be valuated case by case and may determine the subsequent decisions according to the importance we attach to the data requested but not provided by you.
The Refuse to provide the data required for a specific service or the refuse to issue the data and the consequent consent to their use not affect the possibility to request and consent to the provision of other different ancillary services (or, even less, prevents or excludes the main service).
9. Communication and diffusion of collected data
We do not “disseminate” in any way the data we collect, in other words, we do not communicate them to indeterminate subjects in any way, not even for taking vision or consulting; instead we can “communicate” them to one or more specified subjects, in particular to:
- the chosen shipping company;
- habitual “staff” on the basis of precise negotiating arrangements, which are identified on the basis of their specific skills in relations to the services requested by them;
- public bodies in the cases provided for;
- the credit and/or financial institution, in case you have requested payment by electronic money;
- subjects who can access your data in accordance with provisions of law;
- third parties who become interlocutors or counterparties in the performance of the contracted services;
- partner Companies, in case you have expressed consent to the sending of advertising and the execution of direct marketing by them.
10. The rights of data subjects
As a data subject, you have the rights referred to in Articles 13/22 and 77/79 GDPR.
In particular, the data subject has the right to:
- right to withdraw consent at any time. The data subject shall always have the right to withdraw his consent to the processing of his personal data previously expressed (Article 12, paragraph 2, letter c) GDPR);
- right to object. The data subject shall have the right to object at any time to processing of personal data concerning him or her which is based on his or her previous consent, in the cases referred to in Article 21 GDPR;
- right to access. The data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to the personal data or to some information and obtain a copy of the personal data undergoing processing (Article 15 GDPR);
- right to rectification. The data subject shall have the right to obtain to the Controller without undue delay the rectification of inaccurate personal data concerning him or her (Article 16 GDPR);
- right to restriction of processing. Under certain circumstances the data subject shall have the right to obtain from the Controller restriction of processing: in these cases we will not process the data for any other purpose than their storage (Article 18 GDPR);
- right to erasure. Under certain circumstances the data subject shall have the right to obtain from the controller to erasure of personal data concerning him or her without undue delay (article 17 GDPR). In these cases we will erase your personal data without undue delay.
- right to data portability. Under certain circumstances the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used machine-readable format and have the right to transmit those data to another controller. This provision is applicable when data are processed with automated tools and processing is based on the consent of the data subject, on a contract to which the data subject is a party or on contractual measures related to it (Article 20 GDPR);
- right not to be subject to a decision based solely on automated individual decision-making, including profiling, when and insofar as applicable. (Article 22 GDPR)
- file a complaint with the Data Protection Authority, according to the procedures set forth under applicable regulations. Every data subject shall have the right to lodge a complaint with the supervisory Authority (Article 77);
- have recourse to the ordinary court. Each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation (Article 79 GDPR).
11. How to exercise your rights
To exercise any of the rights provided for in Articles 13/22 and 77/79 GDPR with regard to your personal data or for other questions or requests also on this privacy policy you should contact the Data Controller through one of the contact details indicated.
You may also propose a complaint with the Italian Data Protection Authority by a registered letter a/r to Garante per la protezione dei dati personali, Piazza Venezia 11, 00186, Roma, or by a certified email message addressed to protocollo@pec.gpdp.it.