INFORMATION ON THE PROCESSING OF PERSONAL DATA
of users consulting our website pursuant to Article 13 of Regulation (EU) 2016/679

WHY THIS INFORMATION
Pursuant to Regulation (EU) 2016/679 (hereinafter the “Regulation”), this page describes the methods for processing the personal data of users who consult the websites of our Nautical Society Bassa Marea accessible electronically at the following addresses:
https://www.bassamareaboatcharter.com/
This information does not concern other sites, pages or online services accessible via hypertext links that may be published on the sites but refer to resources outside the domain of the company Nautica Bassa Marea.

HOLDER OF THE TREATMENT
Nautica Bassa Marea, Marina del Cantone Massa Lubrense Italy, P.IVA 08076321218, Tel. 3397893530, email: info@bassamareaboatcharter.com

LEGAL BASIS OF TREATMENT
The Data Controller processes Personal Data related to the User in case one of the following conditions exists:
● The User has given consent for one or more specific purposes; Note: in some jurisdictions, the Controller may be authorized to process Personal Data without the need for the User’s consent or another of the legal bases specified below, until the User objects (“opts out”) to such processing. However, this does not apply if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
● The processing is necessary for the performance of a contract with the User and/or the execution of pre-contractual measures;
● The processing is necessary for the performance of a legal obligation to which the Data Controller is subject;
● The processing is necessary for the performance of a task of public interest or for the exercise of public powers vested in the Data Controller;
● The processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.

However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on law, required by a contract or necessary to conclude a
contract.

TYPES OF DATA PROCESSED AND PURPOSES OF PROCESSING
Navigation data
Computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the communication protocols of the Internet. This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and computer environment. These data, necessary for the use of web services, are also processed in order to: obtain statistical information
on the use of the services (most visited pages, number of visitors per hour or per day, geographical areas of origin, etc.) and to control the correct functioning of the services offered. Navigation data do not persist for more than seven days and are deleted immediately after their aggregation (except for any need to ascertain crimes by the judicial authorities).

Data communicated by the user
The optional, explicit and voluntary sending of messages to the contact addresses of the Owner, as well as the completion and submission of forms on the Owner’s sites,
involve the acquisition of contact data of the sender, necessary to respond, and all personal data included in communications. Specific information will be published on the pages of the Owner’s sites prepared for the provision of certain services. On the site there are several forms for collecting user data. Each form is designed to allow the user to access specific services.
The data related to the forms “Contact Us”, “Guestbook” and/or “Newsletter” can also be processed by the staff of the company that takes care of the maintenance of the technological part of the site, SEOperSEM (Responsible in Outsourcing of the Treatment), at the headquarters of the same company and/or through consultation of the data stored on its server. Users are kindly requested to pay particular attention to the provision of consent, remembering that any consent given may always and at any time be revoked by the same users, using the mailbox of the Owner, indicating in the subject of the email “Ref. Privacy”.

Cookies and other tracking systems

Why do we use cookies?
Cookies allow us to provide, protect and improve the Service, for example by personalizing content and providing a safer experience. Although the cookies we use may change from time to time as we improve and update the Service, we use cookies for the following purposes: to save your preferences and optimize your browsing experience by reducing your waiting time. These cookies include, for example, those to set the language and currency, login information to private sections or for the management of statistics by the Owner of the site.

Session and navigation technical cookies:
This website uses Session Cookies to perform activities strictly necessary for its operation.
Cookies are information installed within your browser when you visit a website or use a social network with your pc, tablet or smartphone. Each Cookie contains different information that assists the Owner in providing the service according to the purposes described. Cookies may remain in the system for the duration of a session (i.e., when the browser is closed) or for an extended period of time. Some of the purposes of installation may require the User’s consent.
We do not use cookies for user profiling, nor do we use other tracking methods.
Instead, session cookies (not persistent) are used strictly limited to what is necessary for the safe and efficient navigation of the sites. The memorization of session cookies in the terminals or in the browser is under the control of the user, whereas on the servers, at the end of the HTTPS sessions, information relative to the cookies remains recorded in the logs of the services, with a conservation time in any case of no more than 1 day like the other navigation data. Acceptance of the cookie banner has a duration of 1 year.
Third party cookies:
Statistics. The services contained in this section allow the Data Controller to monitor and analyze traffic data and serve to keep track of User behavior. By way of example we mention:
– Google Analytics (Google Inc.). Web analysis service provided by Google Inc. (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this website, compiling reports and sharing them with other services developed by Google. Google may use Personal Information to contextualize and personalize ads in its advertising network.
– Google AdWords (Google Inc.). Google AdWords conversion tracking is a statistical service provided by Google Inc. that links data from the Google AdWords ad network with actions taken within this Website.
– Personal Data Collected: Cookies and Usage Data; Place of Processing: 1600 Amphitheatre Parkway Mountain View – CA94043 USA; Privacy Policy;
revocation
Widgets. These services allow you to view content hosted on external platforms directly from the pages of this website and interact with them. If a service of this type is installed, it is possible that, even if Users do not use the service, it will collect traffic data relating to the pages where it is installed.
The site may also use some “social-plugins” for sharing and communication of content: their use is optional. When you use one of the plugins the site will get in touch, through your browser, with the servers where the social sharing services referred to are managed, communicating to them the data that the user intends to publish and share through his social profile (for which he remains solely responsible) and informing them (the servers) of the pages that the user has visited.
To exclude this possibility, you can avoid sharing content with the use of social share buttons. For further details about the use and collection of data through the following plugins and to know how the data collected and transmitted are treated (and for which purposes), please consult the privacy and legal information issued by the owners of the services in question.

How can I control Cookies?
Through your browser preferences you can manage your cookie preferences directly in your browser and prevent third parties from installing cookies. It is important to note that by disabling all or some cookies, the operation of this website may be impaired.
Your browser or device may contain settings that allow you to choose whether to set and delete cookies. For more information about these control options, please see the support materials for your browser or device.

How can I control Cookies?
You have the ability to manage your cookie preferences within your browser and prevent third parties from installing cookies. It is important to note that by disabling all or some cookies, the operation of this website may be impaired.
Your browser or device may contain settings that allow you to choose whether to set and delete cookies. For more information about these control options, please see your browser or device’s support materials.
For more information about how companies typically use cookies and the choices available to you, you can check out the following resources:

● Digital Advertising Alliance
Digital Advertising Alliance of Canada
European Interactive Digital Advertising Alliance

Payment Management
Payment processing services enable this website to process payments by credit card, wire transfer, or other means. The data used for payment is acquired directly from the operator of the payment service requested without being in any way processed by this website.
Some of these services may also allow for the scheduled sending of messages to the User, such as emails containing invoices or notifications regarding payment.

Infrastructure monitoring
These services allow this Application to monitor the use and behavior of components of the same, to allow the improvement of performance and functionality, maintenance or troubleshooting.

RIGHTS OF THE INTERESTED PARTY
In your capacity as data subject, at any time you may exercise your rights towards the Data Controller, pursuant to art. 15 of the GDPR:
i. obtain confirmation as to whether or not personal data relating to you exist, regardless of their being already recorded, and communication of such data in intelligible form; ii. obtain information on: a) the source of the personal data; b) the purposes and methods of the processing; c) the logic applied to the processing, if the latter is carried out with the help of electronic means; d) the identification data concerning data controller, data processors and the representative designated as per art. 3, paragraph 1, GDPR; e) the subjects or categories of persons to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or agents; iii. obtain: a) the updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected; iv. oppose, in whole or in part: a) for legitimate reasons the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and / or through traditional marketing methods by phone and / or mail. It should be noted that the right of the interested party to object, as set out in point b) above, for the purposes of direct marketing by automated means extends to traditional methods and that, in any case, the interested party may exercise the right to object even partially.
Therefore, the interested party may decide to receive only communications by traditional means or only automated communications or neither of the two types of communication.

Where applicable, you also have the rights under Articles 16-21 GDPR:
– Right to rectification (art. 16);
– Right to erasure – Right to be forgotten (art. 17);
– Right to restriction of processing (art. 18);
– Obligation to notify in case of rectification or erasure of personal data or restriction of processing (Art. 19);
– Right to data portability (art. 20);
– Right of opposition (art. 21);
– To revoke, at any time, the consent to the processing of one’s own Personal Data previously expressed;
– Submit a complaint to the Guarantor Authority.

RESPONSIBILITIES OF THE DATA CONTROLLER

● Facilitate the protection of personal data already in the design phase of all processing activities = PRIVACY BY DESIGN;
● Adopt security measures, assessing a priori the risks generated in the treatment process;
● Ensure transparency on data flows and processing activities;
● Intervene promptly in the event of a breach (also known as a data breach);
● Adapt to establish roles and responsibilities in each processing activity.

For any further information, and to enforce the rights recognized to you by the European Regulation, you may contact the Data Controller which for all legal purposes is Nautica Bassa Marea, Marina del Cantone Massa Lubrense Italy, P.IVA 08076321218, Tel. 3397893530, email: info@bassamareaboatcharter.com

MODALITIES ‘FOR THE EXERCISE OF RIGHTS BY THE INTERESTED PARTIES
The modalities for the exercise of rights by the interested parties are established, in a general way, in articles 11 and 12 of the regulation. The deadline for the response to the interested party is, for all rights (including the right of access), 1 month, extendable up to 3 months in cases of particular complexity; the owner must, however, give feedback to the interested party within 1 month of the request, even in case of refusal.
It is up to the data controller to assess the complexity of the response to the data subject and to establish the amount of any contribution to be requested from the data subject, but only if the request is manifestly unfounded or excessive (including repetitive) (art. 12.5), unlike the provisions of art. 9, paragraph 5, and 10, paragraphs 7 and 8, of the Code, or if more than one “copy” of the personal data is requested in the case of the right of access (art. 15, paragraph 3); in the latter case the data controller must take into account the administrative costs incurred. As a rule, the response to the data subject must be in writing, including by means of electronic media that facilitate accessibility; it may be given orally only if the data subject so requests (Art. 12(1); see also Art. 15(3)). The exercise of rights is, in principle, free of charge for the data subject, but there may be exceptions. The data controller has the right to request information necessary to identify the data subject, and the data subject has a duty to provide it, in an appropriate manner (see, in particular, Art. 11(2) and Art. 12(6)).

RIGHT TO COMPLAIN
Data subjects who believe that the processing of personal data relating to them carried out through this site is in breach of the provisions of the Regulation have the right to lodge a complaint with the Guarantor, as provided for by art. 77 of the Regulation itself, or to take legal action (art. 79 of the Regulation).

POLICY CHANGES
The Data Controller reserves the right to make changes to this policy at any time by giving notice to users on this page. Therefore, please consult this page often, taking as reference the date of last modification indicated at the bottom. If you do not accept the changes made to this privacy policy, you must cease using this Website and may request the Data Controller to remove your Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to Personal Data collected up to that point.

Last Modified: June 25, 2018