Customers Privacy Policy
pursuant to art. 13 EU Reg. 2016/679 for the protection of personal data
Dear Customer,
in compliance with the provisions of EU Reg. 2016/679 (European Regulation for the protection of personal data) and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, through this privacy policy Next Yacht Group S.r.l. - as Data Controller - provides you with the necessary information regarding the processing of your personal data.
1. DATA CONTROLLER
Data Controller - pursuant to art. 4 and 24 of EU Reg. 2016/679 - is Next Yacht Group S.r.l., with registered office in Lungocanale Palombari dell'Artiglio n.41, 55049, Viareggio (LU), VAT number 02466190465.
The Data Controller can be contacted at the following e-mail address: privacy@nextyachtgroup.com
The Data Controller has also appointed a Data Protection Officer (DPO) who can be contacted for questions relating to the processing of your personal data at the following e-mail address: dpo@nextyachtgroup.com
2. TYPE OF PROCESSED AND COLLECTED DATA
The Data Controller will process the following personal data:
- biographic data; phone and mail contacts data; email address;
- invoicing and payment data, tax identification number and VAT number.
3. PURPOSE, LEGAL BASIS AND LAWFULNESS OF THE DATA PROCESSING
The legal basis legitimizing data processing is the execution of contractual and pre- contractual obligations and the fulfilment of Law obligations.
We inform you that we will process your personal data in compliance with the conditions of lawfulness - pursuant to art. 6 EU Reg. 2016/679 - within the limits and to the extent strictly necessary to accomplish the following purposes:
- to implement pre-contractual requirements (such as, for example, requests for information or requests for quotations) in relation to the company services offered (specifically yachts and boats sales; yachts and boats refitting; yachts and boats maintenance);
- to carry out operations strictly connected with and ancillary to the initiation of contractual relationships, including the acquisition of preliminary information necessary for the conclusion of the Contract;
- to complete and enforce the contractual relationship with the interested party in relation to the company services offered by the Data Controller;
- management of relationships for the activities of administration, accounting, shipping, invoicing and handling of any disputes;
- in compliance with the legislation on the so-called soft spam, for sending promotional communications regarding products similar to those being sold, as well as communications relating to events organized by the Data Controller.
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The data collected may be disclosed to recipients, appointed pursuant to art. 28 EU Reg. 2016/679, who will process the data as external managers and / or entities acting as autonomous Data Controllers. Specifically, the data may be disclosed to:
- third-party companies or other subjects (credit institutions, professional firms, consultants, insurance companies);
- subjects that provide services for the management of the information system and telecommunications networks;
- competent authorities for the fulfillment of legal obligations and/or provisions of public authorities, upon request.
5. TRANSFER OF DATA TO A THIRD COUNTRY AND / OR AN INTERNATIONAL ORGANIZATION
The processed personal data will not be transferred to a third country and / or an international organization.
It should be noted, however, that the use of cloud services may involve the transfer of data to servers located abroad (both EU and non-EU), always in compliance with the applicable legal provisions and, in any case, ensuring respect for maximum security of the data.
6. PERIOD OF STORAGE OR CRITERIA USED TO DETERMINE SUCH PERIOD
The Data Controller will process your personal data for the entire duration of the contractual relationship and for 10 years following its conclusion for the sole purpose of fulfilling legal, fiscal, and administrative obligations and for the management of any disputes (including provisions for time-barring of claims).
To send the newsletters, your personal data will be processed and stored in compliance with the legislation on the so-called soft spam, provided that the interested party does not refuse such use, initially or in case of subsequent communications. At the time of collection and at the time of sending any communication made for this purpose, the interested party is informed of the possibility to object to the processing at any time, in a user-friendly way and free of charge.
7. RIGHTS OF THE INTERESTED PARTIES AND METHODS OF EXERCISE OF SUCH RIGHTS
In your capacity as an interested party, you can enforce your rights referred to in Chapter III (articles 15-22) of EU Reg. 2016/679 by contacting the Data Controller by e-mail at privacy@nextyachtgroup.com, by registered letter to the address of the company's registered office or by delivery of a hard copy.
The rights you enjoy, pursuant to EU Reg. 2016/679, are the following:
- access;
- rectification;
- cancellation;
- withdrawal of consent;
- limitation of processing;
- opposition to processing;
- portability.
These rights are guaranteed to you without any formalities for their exercise, which is essentially free of charge.
Without prejudice to any other administrative or judicial action, you can also lodge a complaint with the Supervisory Authority in accordance with the provisions of EU Regulation 2016/679 and the Privacy Code, as amended by Legislative Decree 101/2018.
8. METHODS OF DATA PROCESSING
The personal data provided will be recorded, processed, managed and filed in paper form and / or with the aid of IT tools and in any case in such a way as to guarantee their security and confidentiality. The processing will be carried out by expressly authorized internal staff.
We inform you that we do not adopt any automated decision-making process, including profiling activities.
9. NATURE OF THE DATA PROVISION
The provision of data is necessary to provide feedback to your requests for quotation and/or information, and/or to enforce the contract of which you are a party and to fulfill the legal obligations indicated in this information. Any refusal to provide the aforementioned data could make it impossible to provide the requested services and/or to follow up on the contract you are a party to.
The provision of your data for marketing activities (purpose of letter d) is optional. Any failure to your consent to the provision will have the sole consequence of not being able to receive our promotional communications.
10. DISSEMINATION OF DATA
The personal data collected will in no case and in no way be disseminated to third parties not approved by the Data Controller and may be exhibited only at the request of the Judicial, Financial and Guarantor Authorities, as well as to all other subjects to whom the communication is required by law for the accomplishment of the aforementioned purposes.