Pursuant to art 13 of Italian Legislative Decree n° 196 of 30.6.2003 (hereinafter, the “Privacy Code”) and art 13 of Regulation (EU) 2016/679 (hereinafter, the “GDPR”) and in relation to data provided by the User or obtained by the Controller during the contractual or pre-contractual relations, the User is hereby informed that its data will be processed by the following means and for the following purposes:
1. Data controller
The data controller is HoLAB S.r.l., whose registered office is in Genoa (Italy), via Brigata Liguria 9/1A, Tax code and VAT n° 02345550996, as well as the company with which HoLAB S.r.l. has and/or may sign a services contract (hereinafter the “Controller”). The Controller can be contacted via the contact details shown on the holaboat.com website, or via the e-mail address firstname.lastname@example.org.
2. Purpose of processing
The Controller processes the personal data (hereinafter, “personal data” or also “data”) provided by the User:
a. Without having to obtain the User’s explicit consent, for the following purposes:
• pre-contractual due diligence activities;
• to submit offers and bids and other activities aimed at setting up a contractual relationship for the supply of services by the Controller;
• to fulfil pre-contractual, contractual, and fiscal obligations arising from relations in force with the User;
• to fulfil the obligations imposed by law or by an order of the competent Authority; to exercise the Controller’s rights, such as the right of defence in a lawsuit.
b. Only with the User’s prior consent, for the following promotional purposes:
• to send the User emails, post, sms and/or telephone calls, newsletters, commercial communications, and/or advertising materials on products or services offered by the Controller, and to measure the level of satisfaction with the quality of such services
3. Processing method
The Controller will process personal data in accordance with the principles of lawfulness, fairness and transparency.
The User’s personal data are processed by means of the following operations: collection, recording, organisation, structuring, storage, consultation, adaptation or alteration, use, dissemination, disclosure by transmission, retrieval, alignment or combination, restriction, erasure or destruction of the data. The User’s personal details are subjected to both hard-copy and electronic processing.
The Controller will process the personal data for the time necessary to carry out the purposes indicated above and, in any case, for not more than 10 years from termination of contractual relations and not more than 2 years from collecting data for marketing purposes.
Once 10 years have passed since the contractual relations have ceased, access to the data will be limited to heads of departments.
Should the Controller have a documented need to store the data for a period longer than 10 years (e.g. if erasure could compromise its legitimate right to defence or in general, to safeguard its company assets), such further storage shall take place, limiting access to said data to the head of the legal department only, in order to guarantee the legitimate exercising of the right of defence of the Controller.
4. Purpose of processing
a. The User’s personal data are processed for the following purposes:
• to receive and respond to any request for a contact, by sending the information requested by the User;
• to collect information necessary for the obligations connected with the pre-contractual phase.
b. In addition, with the User’s explicit consent, their data will be processed to:
• send the User emails, post, sms and/or telephone calls, newsletters, commercial
• communications, and/or advertising materials on products or services offered by the Controller, and measure the degree of satisfaction with the quality of such services;
•analyse the User’s choices and surfing habits, in order to improve use of the website and choice of the Controller’s services.
5. Recipients of the data
The User’s data may be made accessible for the purposes indicated in art 2.a and 2.b to the following recipients:
• affiliate companies or subsidiaries of HolaBoat, in Italy and abroad, to the extent to which this is necessary for processing, in conformity to the binding corporate rules adopted by HolaBoat;
• companies or other third entities (credit institutions, professional firms, consultants, insurance companies for providing insurance services, auditing companies, supervisory institutions, etc.) who carry out activities on an outsourcing basis, on the Controller’s behalf;
• public entities, for fulfilling legal obligations.
Without requiring the User’s explicit consent, the Controller may communicate the User’s data for the purposes indicated in art 2.a to supervisory bodies, judicial authorities, insurance companies for providing insurance services, as well as to entities to which communication is mandatory in terms of the law, for carrying out said purposes.
6. Transfers of data
Personal data are stored on servers located within the European Union. In any case, it is understood that, should this be necessary, the Controller will have the right to move the servers even outside the EU. In such a case, the Controller hereby guarantees that transfers of data outside the EU will be done in accordance with the applicable laws, also by means of including standard contractual clauses provided for by the European Commission, and adopting binding corporate rules for intra-group transfers.
The provision of data and related processing for the purposes indicated in art. 2.a is necessary in order to guarantee the Controller’s services requested by the User, and for implementing the contract and any pre-contractual obligations. Any refusal will make it impossible for the Controller to provide the services covered by the contract.
Providing data for the purposes indicated in art. 2.b, on the other hand, is not mandatory. The User may, therefore, decide not to provide any data or subsequently refuse processing of data already provided - the only consequence of any such refusal will be that receiving newsletters, commercial communications, and advertising materials related to the services offered by the Controller will not be possible. However, the User will continue to have the right to the services indicated in art. 2.a.
8. Rights of the data subject
As the data subject, the User has the right to:
• obtain confirmation of whether or not personal details regarding the User are processed or not, as well as to obtain a copy of said data;
• obtain an indication of: a) the source of the personal data; b) the purposes and means of processing; c) the logic involved in the case of processing done with the help of electronic instruments; d) the identity and the contact details of the controller, processors and data protection officer; e) the recipients or categories of recipients to which the personal data can be communicated, or who can come to know the same as the designated representative within the territory of the State, processors, or employees who carry out processing;
• obtain: a) updating, rectification, or completion of the data; b) erasure, transformation into an anonymous form or blocking of data processed in violation of laws; c) certification that the operations referred to in letters a) and b) have been made known, also in relation to their content, to those to whom the data have been communicated or disclosed by transmission, unless this is impossible or involves a disproportionate effort; d) a structured format, from the Controller, commonly used and provided in an intelligible and easily accessible form with the personal data related to the User you, and, where technically feasible, to obtain transmission of said data directly from one controller to another;
• object to: a) processing of the User’s personal data, even if pertinent to the purpose for which they were collected. b) processing of the User’s personal data for the purposes of sending advertising or direct sales materials, or for carrying out market research or commercial communication, using automated telephone calling systems without an operator, by e-mail and or by means of traditional telephone and/or hard copy postal marketing methods. Such right of object may also be exercised only in part, thereby allowing the data subjects to choose whether to receive only communications using traditional means or only automated communications, or neither of the two types of communication.
•therefore, in the User’s capacity as Data Subject, the User has the rights pursuant to art 7 of the Privacy Code and art 15 – 21 of GDPR, as well as the right to lodge a complaint with the competent Authority pursuant to art 77 of GDPR.
9. Procedure for exercising rights and communications
The User may contact the Controller at any time by sending an e-mail message to email@example.com.
The User has the right to withdraw the consent given at any time by writing to firstname.lastname@example.org.