Privacy Policy
Privacy Policy
This information describes the privacy policy of the site www.prestigeboat.it in reference to the processing of personal data of users who interact with the site's web services and the action of the cookies installed by the site itself.
INFORMATION RELATING TO THE PRIVACY POLICY OF THE WEBSITE IN ACCORDANCE WITH EUROPEAN REGULATION 2016/679 AND LEGISLATIVE DECREE. 196/2003, AS AMENDED BY LEGISLATIVE DECREE. No. 101/2018
​
This information aims to guarantee that the processing of your personal data is carried out in compliance with the rights, fundamental freedoms and dignity of people, with particular reference to confidentiality and personal identity. It is therefore our duty to inform you (as the "interested party") about our privacy policy.
1) Data controller
The owner and manager of the processing of the data collected is the company Prestige S.r.l., with registered office in Via Cavour 39, 25087 Salò (BS), CF, VAT No. 04506610981, n. REA BS - 619758, PEC prestigetrasportosrl@pec.it, owner of the site https://www.prestigeboat.it/
The data processing takes place at the registered office of the Data Controller.
If you wish to receive more information on how the owner processes your personal data, please write an email to the email address info@prestigeboat.it
To know your rights and always be updated on the legislation regarding the protection of individuals with regard to the processing of personal data, we recommend that you visit the website of the Guarantor for the protection of personal data at the address http://www.garanteprivacy. it.
2) What is meant by data processing
By processing of personal data we mean their collection, recording, organisation, conservation, processing, modification, selection, extraction, comparison, use, dissemination, cancellation, distribution, interconnection and anything else that is useful for the execution of the Service, including the combination of two or more such operations.
3) What data does the site process
The site collects different types of user/customer personal data for the purposes described later in this Policy, including:
- User/customer data such as name, surname, email address, telephone number and other personal data provided by the same by filling in forms on the Site.
- Personal data that may be contained in communications sent by the user/customer, for example to report a problem or to forward particular requests, problems or observations relating to the Site or its contents.
Other personal data that the user/customer decides to share voluntarily, for example by email.
Information is also collected regarding the use and navigation of the user/customer on the Site. The data collected may be the following: internet protocol (IP) address, type of browser and parameters of the device used to connect to the Site, name of the internet service provider (ISP), date and time of visit to the Site, web page of origin of the visitor (referral) and exit, possibly the number of clicks, other parameters relating to the operating system and the user's IT environment /customer on the Site, to the pages that have been visited or searched for.
The aforementioned information is processed in an automated form and collected in an exclusively aggregated form in order to verify the correct functioning of the Site and for security reasons.
They are never used for the identification or profiling of the user/customer, but only for the purposes of protecting the Site and its users/customers.
For the invoicing of purchased services, common data required by tax legislation (name, surname, address, tax code or VAT number) are processed.
Information about you is collected when you access our Site.
The site also processes personal data collected from third parties, such as data that the interested party agrees to share on publicly accessible social networks (e.g. Facebook, Instagram, Google, etc.) and/or that it can collect from other publicly accessible databases. .
The site also incorporates plugins for social networks (facebook, instagram, etc. etc.) to allow easy sharing of content on your favorite social networks.
These are buttons for third-party social sites; these sites can record information on the activities carried out by the user/customer on the Internet, including the activity on the site. The plugins are programmed so as not to set any cookies when accessing the page, to safeguard user privacy.
Cookies are possibly set, if so provided by social networks, only when the user/customer makes effective and voluntary use of the plugin. Please keep in mind that if the user/customer browses while logged into the social network then they have already consented to the use of cookies when registering on the social network.
The collection and use of information obtained through the plugin and the connect button are governed by the respective privacy policies of the social networks, to which please refer:
4) Types of data processed
The user/customer has no obligation to provide his personal data. However, the provision of personal data (in particular personal details, e-mail address and telephone number) are necessary for the provision of services upon request of the user/customer, or for the fulfillment of the obligations established by legislative or regulatory provisions.
The refusal by the user/customer to provide the data necessary for the pursuit of the aforementioned purposes may make it impossible to process the service request or to fulfill the obligations established by legislative or regulatory provisions.
Failure to provide personal data may therefore constitute, in some cases, a legitimate and justified reason for failure to provide services.
The provision of additional personal data other than that required for the fulfillment of legal or contractual obligations and for the correct display of services with the necessary traffic data is optional and does not produce any effect on the use of the Site. and related services.
The customer is informed at each stage whether the provision of personal data is necessary or optional by placing a symbol (*) on the information requested or on the data necessary for the purchase of the products and/or for the provision of the requested services on the site.
5) Purpose of processing and legal basis
We inform you that the personal data provided by you as part of the activity carried out by us may be processed for the following purposes:
A) Contractual purpose: the sale of a private passenger transport service by motorboat.
This includes:
- verification of your identity, including IT;
- communications we send you regarding our services or in response to your questions;
- the use of personal information about you contained in private messages sent to us to fulfill your requests for information and the sales contract.
B) Compliance purposes/legal obligations: for the purposes required by law, such as requests from government authorities or law enforcement agencies to conduct investigations, fulfill tax and accounting obligations and any other legal obligations.
C) Purpose of exercising rights: if necessary, to ascertain, exercise or defend the company's rights, in court.
D) Operational purposes of the site: the computer systems and software procedures used to operate the Site acquire, during their normal service, some personal data when using Internet communication protocols.
E) Customer service purposes: if requested by the user/customer via email, to provide assistance and information on services.
We inform you that the owner collects the information collected in anonymous and aggregate form (so that it cannot be traced back to you) to use it for purposes that include research, data analysis, improvement of the Site.
The legal basis for the processing of personal data for the purposes referred to in letters a), b), c), d) e) is art. 6.1 letter b) and c) f) of the GDPR, as the processing is necessary for the provision of services or for the response to requests from the interested party, also representing a processing necessary to fulfill a legal obligation incumbent on the owner or responding to a legitimate interest. The provision of personal data for these purposes is optional but failure to provide it would make it impossible to activate the services provided by the Site, respond to requests, etc. etc.
6) Categories of recipients of personal data
The personal data collected by the company Prestige S.r.l. may be shared with the subjects indicated below (the "Recipients"):
subjects who typically act as data controllers, i.e.: i) people, companies or professional firms who provide assistance and consultancy to the company in accounting, administrative, legal, tax, financial and debt collection matters relating to the provision of the Services;
subjects with whom it is necessary to interact for the provision of the Services (for example hosting providers or providers of platforms for sending emails);
subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communications networks);
people authorized by the company to process data necessary to carry out activities strictly related to the provision of the Services, who are committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. employees or collaborators of the company);
subjects, bodies or authorities to whom it is mandatory to communicate the data for compliance, abuse or fraud purposes, or for orders from the authorities.
​
The data is not subject to dissemination.
In compliance with the General Provision of 11.28.2008 of the Guarantor, the data may be communicated to the System Administrator.
7) EU data transmission
To allow us to correctly manage your purchases and related services, your personal data may be transferred to countries belonging to the European Union.
By simple request to be made via email info@prestigeboat.it you will be able to receive more information on the transfer of your data and on the guarantees provided for their protection as well as on the means to obtain a copy of such data or the place where they have been made available.
8) Use of cookies
In compliance with the privacy policy lines adopted, the owner informs visitors that the respective site uses automatic data collection systems not directly released by the user, such as cookies.
For more information on the use of cookies by this site, see the related link.
9) Rights of the interested party
The subjects to whom the personal data refer (interested parties) have the right, at any time, to obtain confirmation of the existence or otherwise of the same data and to know its content and origin, verify its accuracy or request its integration or updating, or rectification (articles 15 to 23 and 34 EU REG. 678/2016, see here in full at the bottom of Annex A), cancellation (right to be forgotten), the right to data portability , the transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, their processing.
Requests must be forwarded to the Data Controller by writing to the following e-mail address: info@prestigeboat.it
Shortly:
- the interested party has the right to ask the Data Controller for access to their personal data and the rectification or cancellation of the same or the limitation of the processing that concerns them or to oppose their processing in addition to the right to data portability (art. 15, art. 17, art. 20 EU REG.
- the interested party has the right, in the event that the processing is based on Article 6, paragraph 1, letter a) or on Article 9, paragraph 2, letter a), to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;
- the interested party has the right to lodge a complaint with a supervisory authority;
- the interested party has the right to learn, from the Data Controller, who must do so without justified delay, of a violation of personal data likely to present a high risk for the rights and freedoms of natural persons (art. 34 EU REG. 679/2016).
10) Data retention period
The Personal Data processed for the purpose of Provision of Services will be kept for the time strictly necessary for the aforementioned purpose.
In any case, since these data are processed to provide services to the user/customer, the company Prestige S.r.l. you may keep them for a longer period, in particular as may be necessary to protect your interests from possible complaints relating to the services (10 years).
The data processed for the purposes of Compliance/Legal Obligations will be kept for the period required by specific legal obligations or applicable legislation.
The data processed in order to prevent abuse/fraud will be kept for the time strictly necessary for the aforementioned purpose and therefore until the moment in which the company is required to keep them to protect itself in court and/or to communicate it to the competent authorities.
To ensure that the data is accurate and updated, relevant and complete, please report any changes to the owner's contact details.
Personal data may be stored both in paper and computer archives.
At the end of the retention period, the data will be deleted or anonymized.
11) Security measures
The company Prestige S.r.l. o attaches great importance to the security of all personal data relating to users/customers.
It adopts security measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized communication or access.
To best protect the personal data of the user/customer outside the limits of its control, the devices of the users/customers must be protected (with updated antivirus systems) and the internet service provider must take adequate measures for the security of the transmission of data over the network (such as firewalls and anti-spam filters).
​
Although the company Prestige S.r.l. does its best to protect the personal data of the user/customer, it cannot guarantee that the personal data communicated to it will be 100% secure or that data breaches will not occur.
The user/customer accepts the implications connected to online negotiation and will not hold Prestige S.r.l., or their respective operators, responsible for any data breaches unless this is due to their negligence.
12) Applicable law
This Privacy Policy is governed by the new European regulation for the protection of personal data (GDPR) 2016/679 and subsequent supplementary laws.
13) Changes and updates to the Privacy Policy
The Data Controller may modify or simply update, in whole or in part, the Privacy Policy, also in consideration of the modification of the laws or regulations that govern this matter and protect your rights. Changes and updates to the Privacy Section will be notified to users by publication on the home page as soon as they are adopted; they will be binding as soon as they are published on the website. We therefore ask you to regularly access this section to check the publication of the most recent and updated Privacy Section.
14) Consent given by the parental manager
Pursuant to article 8 of European Regulation 2016/679, in cases where the interested party is under the age of fourteen, the consent of the parental manager is required for the processing of the personal data of the aforementioned minor.
15) Contacts/complaints
Written communications addressed to the company Prestige S.r.l. they will be considered valid only if sent to the following email address info@prestigeboat.it.
You must indicate your name and surname, telephone number or e-mail address to which you wish communications to be sent. You will be informed of receipt and requests will be followed up as soon as possible.
Last modification date: 10/19/2022
ANNEX A:
RIGHTS OF THE INTERESTED PARTY
REGISTERED EXTRACT EU 679/2016
Article 15
Right of access of the interested party (C63, C64)
1. The interested party has the right to obtain confirmation from the data controller as to whether or not personal data concerning him or her are being processed and, in this case, to obtain access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organisations;
d) when possible, the expected retention period of personal data or, if this is not possible, the criteria used to determine this period;
e) the existence of the right of the interested party to ask the data controller to rectify or delete personal data or to limit the processing of personal data concerning him or to oppose their processing;
f) the right to lodge a complaint with a supervisory authority;
g) if the data are not collected from the interested party, all available information on their origin;
h) the existence of an automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.
2. If personal data are transferred to a third country or to an international organisation, the interested party has the right to be informed of the existence of adequate guarantees pursuant to Article 46 relating to the transfer.
3. The data controller provides a copy of the personal data being processed. In case of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs. If the interested party submits the request by electronic means, and unless the interested party indicates otherwise, the information is provided in a commonly used electronic format.
4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
Article 16
Right of rectification (C65)
The interested party has the right to obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
Article 17
Right to erasure (‘right to be forgotten’) (C65, C66)
​
1. The interested party has the right to obtain from the data controller the deletion of personal data concerning him without unjustified delay and the data controller has the obligation to delete the personal data without unjustified delay, if one of the following reasons exists:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the interested party withdraws the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and if there is no other legal basis for the processing ;
c) the interested party objects to the processing pursuant to Article 21, paragraph 1, and there is no overriding legitimate reason to proceed with the processing, or objects to the processing pursuant to Article 21, paragraph 2;
d) the personal data have been processed unlawfully;
e) the personal data must be erased to comply with a legal obligation established by Union or Member State law to which the data controller is subject;
f) the personal data were collected in relation to the offer of information society services referred to in Article 8, paragraph 1.
2. The data controller, if he has made personal data public and is obliged, pursuant to paragraph 1, to delete them, taking into account the available technology and implementation costs, adopts reasonable measures, including technical ones, to inform the data controllers who are processing the personal data of the interested party's request to delete any link, copy or reproduction of his/her personal data.
3. Paragraphs 1 and 2 do not apply to the extent that processing is necessary:
a) for the exercise of the right to freedom of expression and information;
b) for the fulfillment of a legal obligation that requires processing provided for by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of public authority of which the data controller is invested;
(c) for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3);
(d) for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1), to the extent that the right referred to in paragraph 1 is likely to render impossible or seriously undermine the achievement of the objectives of such processing; or
e) for the establishment, exercise or defense of a right in court.
Article 18
Right to restriction of processing (C67)
1. The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:
a) the interested party disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
b) the processing is unlawful and the interested party opposes the deletion of the personal data and instead requests that their use be limited;
c) although the data controller no longer needs them for the purposes of the processing, the personal data are necessary for the interested party to ascertain, exercise or defend a right in court;
d) the interested party has objected to the processing pursuant to Article 21, paragraph 1, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
2. If processing is limited pursuant to paragraph 1, such personal data shall be processed, except for storage, only with the consent of the interested party or for the establishment, exercise or defense of legal claims. or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. The interested party who has obtained the limitation of processing pursuant to paragraph 1 shall be informed by the data controller before said limitation is revoked.
Article 19
Obligation to notify in case of rectification or deletion of personal data or restriction of processing (C31)
The data controller shall communicate to each of the recipients to whom the personal data have been transmitted any rectifications or cancellations or limitations of processing carried out pursuant to Article 16, Article 17, paragraph 1 and Article 18, unless this is proves impossible or involves a disproportionate effort. The data controller communicates these recipients to the interested party if the interested party requests it.
Article 20
Right to data portability (C68)
​
1. The interested party has the right to receive the personal data concerning him or her provided to a data controller in a structured, commonly used and machine-readable format and has the right to transmit such data to another data controller without impediments on the part of the data controller to whom it was provided if:
a) the processing is based on consent pursuant to Article 6, paragraph 1, letter a) or Article 9, paragraph 2, letter a) or on a contract pursuant to Article 6, paragraph 1, letter b) ; and b) the processing is carried out by automated means.
2. When exercising their rights relating to data portability pursuant to paragraph 1, the interested party has the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.
3. The exercise of the right referred to in paragraph 1 of this article is without prejudice to Article 17. This right does not apply to processing necessary for the execution of a task of public interest or connected to the exercise of public powers referred to the data controller is vested.
4. The right referred to in paragraph 1 must not adversely affect the rights and freedoms of others.
Article 21
Right to object (C69, C70)
1. The interested party has the right to object at any time, for reasons connected to his particular situation, to the processing of personal data concerning him pursuant to Article 6, paragraph 1, letters e) or f), including profiling on basis of these provisions. The owner
of the processing refrains from further processing the personal data unless he demonstrates the existence of compelling legitimate reasons to proceed with the processing which prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court.
2. If personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him or her carried out for such purposes, including profiling to the extent that it is connected to such marketing direct.
3. If the interested party objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
4. The right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the interested party and shall be presented clearly and separately from any other information at the latest at the time of the first communication with the interested party.
5. In the context of the use of information society services and without prejudice to Directive 2002/58/EC, the interested party may exercise his right to object by automated means using specific techniques.
6. If personal data are processed for scientific or historical research purposes or for statistical purposes in accordance with Article 89, paragraph 1, the interested party, for reasons related to his particular situation, has the right to object to the processing of personal data concerning him, unless the processing is necessary for the performance of a task in the public interest.
Article 22
Automated decision-making relating to natural persons, including profiling (C71, C72)
1. The interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or which similarly significantly affects him or her.
2. Paragraph 1 shall not apply where the decision:
a) is necessary for the conclusion or execution of a contract between the interested party and a data controller;
b) is authorized by Union or Member State law to which the data controller is subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the interested party;
c) is based on the explicit consent of the interested party.
3. In the cases referred to in paragraph 2, letters a) and c), the data controller shall implement appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, at least the right to obtain human intervention on the part of the data controller of the treatment, to express one's opinion and to contest the decision.
4. The decisions referred to in paragraph 2 shall not be based on the special categories of personal data referred to in Article 9(1), unless points (a) or (g) of Article 9(2) apply and there are no adequate measures in place to protect the rights, freedoms and legitimate interests of the interested party.
Article 23
Limitations (C73)
​
1. Union or Member State law to which the data controller or processor is subject may, by means of legislative measures, limit the scope of the obligations and rights referred to in Articles 12 to 22 and 34, as well as in Article 5, to the extent that the provisions contained therein correspond to the rights and obligations set out in Articles 12 to 22, where such limitation respects the essence of fundamental rights and freedoms and is a necessary and proportionate measure in a society democratic to safeguard:
a) national security;
b) defense;
c) public safety;
d) the prevention, investigation, detection and prosecution of criminal offenses or the enforcement of criminal sanctions, including safeguarding against and preventing threats to public security;
(e) other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including in monetary, budgetary and tax matters, public health and security social;
f) safeguarding the independence of the judiciary and judicial proceedings;
g) activities aimed at preventing, investigating, ascertaining and prosecuting violations of the ethics of regulated professions;
h) a control, inspection or regulatory function connected, even occasionally, to the exercise of public powers in the cases referred to in letters a), to e) and g);
i) the protection of the interested party or the rights and freedoms of others;
j) the execution of civil actions.
2. In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions covering at least, where appropriate:
a) the purposes of the processing or the categories of processing;
b) the categories of personal data;
c) the scope of the limitations introduced;
d) safeguards to prevent abuse or illicit access or transfer;
e) the precise indication of the data controller or categories of data controllers;
f) the retention periods and applicable guarantees taking into account the nature, scope and purposes of the processing or categories of processing;
g) the risks to the rights and freedoms of the interested parties; and h) the right of data subjects to be informed of the limitation, unless this would compromise the purpose of the limitation.
Article 34
Communication of a personal data breach to the interested party (C68-C88)
1. When the violation of personal data is likely to present a high risk for the rights and freedoms of natural persons, the data controller shall communicate the violation to the interested party without unjustified delay.
2. The communication to the interested party referred to in paragraph 1 of this article describes in simple and clear language the nature of the personal data breach and contains at least the information and measures referred to in Article 33, paragraph 3, letters b) , c) and d).
3. The communication to the interested party referred to in paragraph 1 is not required if one of the following conditions is met:
a) the data controller has implemented appropriate technical and organizational protection measures and such measures had been applied to the personal data subject to the breach, in particular those intended to make the personal data incomprehensible to anyone who is not authorized to access them, such as encryption;
b) the data controller has subsequently adopted measures to avoid the occurrence of a high risk for the rights and freedoms of the interested parties referred to in paragraph 1;
c) such communication would require disproportionate efforts. In this case, a public communication or similar measure is instead carried out, through which interested parties are informed with similar effectiveness.
4. In the event that the data controller has not yet communicated the personal data breach to the interested party, the supervisory authority may request, after having assessed the probability that the personal data breach presents a high risk, to do so. or may decide that one of the conditions referred to in paragraph 3 is met.