The data controller, the person who will materially process the data, is Franmarine Srl with headquarters in Termoli, Via Porto di Termoli, North-East pier (hereinafter, for the sake of brevity, the "Owner").
The purpose of this information notice is to inform the interested party (Customers and Passengers) of the purposes and methods in which their personal data will be processed by the Data Controller in relation to and by reason of the use of the site, of the purchase. travel and transport tickets on the ships of our fleet and contacts with staff by telephone or by mail and messages.
Type of data collected - What data are processed?
As regards the type of data, the latter will be those necessary to complete the assignment given to the Data Controller, in all aspects that might arise in the execution of the activity. In particular:
- personal data and necessary for issuing the invoice (name and surname, sex, age or date of birth, nationality, tax code or VAT number, billing address and place, etc.), as well as any data concerning belonging to categories professional
- contact details (telephone number, e-mail);
- bank details (IBAN, bank / postal data, and credit cards);
- possibly, data relating to the state of health of the passenger (falling within the "special categories of data" referred to in art. 9 of the GDPR) only if required by emergency regulations;
- information that the interested party provides by communicating by telephone via e-mail, messages or through the Site; - additional data provided by the Customer according to the content of the complaint or suggestion that may be presented.
What are the purposes of the processing?
Purpose of the treatment
The treatment will pursue the following purposes:
Pursuant to art. 6, paragraph 1, lett. b, GDPR (Treatment necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures)
- Booking, sale and accounting of travel tickets purchased
- Contacts with the interested party (customer, passenger) for reasons relating to the booked / purchased trip
- Management of requests and advanced requests through telephone contact, email and messages
- Communications relating to the services purchased and provided
Pursuant to art. 6, paragraph 1, lett. c, GDPR (Treatment necessary to fulfill a legal obligation to which the data controller is subject)
- Communication / transmission of data of the interested party to law enforcement agencies, port authorities, judicial authorities, terminal maritime agencies, possibly health authorities and further obligations imposed by current regulations
The data provided for the aforementioned purposes are necessary to perform the service requested by the interested party for the completion of the travel contract, respond to requests for information, adequately implement tax obligations and manage, to fulfill the obligations legal as well as for communication with the interested party. Any refusal to provide all or part of the data may make it impossible for the Owner to conclude the contract or provide the requested service.
Pursuant to art. art. 6, paragraph 1, lett. a, GDPR (Optional treatment based on the consent of the interested party)
- Any surveys on the quality of the service and the degree of customer satisfaction (customer satisfaction)
- Communications of offers and / or marketing initiatives
The consent to the processing of the data provided for the aforementioned purposes is optional and therefore in the event of failure to provide the data and consent to the processing for these purposes, the owner will be unable to carry out customer satisfaction and / or marketing activities. Failure to consent to the processing referred to in points 6 and 7 does not affect the execution of the requested contractual service.
What are the methods of treatment?
Personal data will be processed with the aid of manual and electronic tools and will be stored both on paper and in an electronic database. Adequate security measures will be used in the processing, in order to minimize the risks of destruction, loss, unauthorized access or processing that does not comply with the purposes for which the data was collected.
Personal data is collected at the time of booking / purchasing the ticket, or where it is necessary to offer the information services requested by the interested party (by telephone, by e-mail or message), in writing or by computer / support. The processing is carried out in strict compliance with the provisions on the protection of personal data and, in particular, with the technical / organizational measures prescribed by the Regulation. Always and in any case in strict compliance with every precautionary measure that allows to guarantee its confidentiality, integrity and availability
In any case, the personal data stored on the computer database will be accessible only to authorized and identified subjects, protected by personal access keys (passwords).
Who will the data be disclosed to?
Recipients of personal data
The personal data provided by the interested party may be communicated, in close relation and for the purposes indicated above, to the following subjects or categories of subjects including collaborators which the Data Controller uses for the execution of its activities and the support of subjects external to exclusive purposes of managing tax or legal aspects:
- Physical persons authorized in writing by the Company / owner pursuant to art. 29 of the Regulations by reason of the performance of their work duties (eg employees);
- Public authorities pursuant to and in compliance with the Circular of the Ministry of Infrastructure and Transport no. 104/2014 in compliance with Directive 98/41 / EC (ie harbor master and port authority);
- subjects in relation to which the current regulations (for example tax and accounting) have the obligation to communicate, including public bodies
- Judicial authorities and law enforcement agencies;
- Any ticket offices, terminals and / or shipping agencies for purposes related to the organization of boarding / disembarking activities;
- Law firms, in the event that disputes should arise;
- Insurance companies both when booking tickets, or when making a claim;
- Experts at the time of any complaints;
- Companies providing other services essential to the provision of the maritime transport service or to carrying out survey and marketing activities, also subject to the explicit consent given by the interested party, as well as the hosting of websites and web systems, e-mail services, marketing (subject to the explicit consent given by the interested party), sponsorship of sweepstakes and other promotions, audit services, data analysis, market research and satisfaction and / or quality service surveys.
Any person external to the Company who should process the data will in any case be appropriately contracted as a data processor pursuant to art. 28 EU Reg. 2016/679
How long are the data kept?
Data retention period
The data will be kept by the Data Controller for a timescale suitable for the prescription criteria dictated by civil law, for the purposes of the processing as well as in accordance with the times established to comply with specific provisions of the law. At the end of the foreseen period, the personal data of the interested party will be deleted from the database and from any other different storage device, both paper and computerized.
Where a dispute arises between the Company / Owner and the interested party, the retention period may be extended for the entire duration of this dispute and for the maximum term of 10 years following its complete definition (e.g. final judgment, settlement / conciliation agreement).
Is the data transferred abroad?
Data transmission abroad
The data could be transferred abroad as part of the use of cloud computing services, used for data storage as well as to comply with specific Italian and international legal provisions on navigation and maritime transport. Any transfer of data abroad will be carried out in accordance with the provisions of articles 45-49 of the EU Reg. 2016/679
What are my rights?
Rights of the interested party pursuant to art. 15-22 of the EU Regulation - GDPR 2016/679
The GDPR, European Regulation on the Protection of Personal Data (2016/679) provides that the interested party can exercise the right to access the data, to request rectification, cancellation, limitation of treatment or to oppose the treatment. You can also contact the Authority for the Protection of Personal Data.
- Right of access- The interested party may, at any time, submit a request regarding the type of data held by the owner, the origin, the purposes, the categories / types of data, the recipients, the existence of any profiling processes , to the retention period.
- Right of rectification- The interested party may, at any time, submit a request for rectification and / or integration of their data, and it will be the obligation of the company / owner to communicate these changes to third parties to whom the data were eventually transmitted.
- Right to be forgotten- The interested party may, at any time, request the deletion of data in the event of: exhaustion of the purpose of the processing; withdrawal of consent; presentation of opposition to processing; data processing in violation of the law. It will be the obligation of the company / owner to communicate these changes to third parties to whom the data were eventually transmitted.
- Right to limit the processing- The interested party may, at any moment, submit a request for limitation of the processing: in the case of inaccurate data up to correction; in case of dispute until clarification; upon request, as an alternative to cancellation.
- Right to object- The interested party has the right to object to the use of personal data for automated processing.
- Right to portability- The interested party has the right to exercise this right with reference and limited to the data processed for contractual purposes and by automated means and without prejudice to the case in which it is detrimental to the freedom or rights of third parties.
Requests for the exercise of rights can be sent to the attention of the owner via email at the address firstname.lastname@example.org or by registered mail to the address Via Porto di Termoli, North-East Pier.