pursuant to art. 13 EU Reg. 2016/679 for the protection of personal data
1. DATA CONTROLLER
Data Controller - pursuant to art. 4 and 24 of EU Reg. 2016/679 - is NEXT Yacht Group S.r.l., with registered office in Lungocanale Palombari dell’Artiglio 42, 55049, Viareggio (LU), VAT number 02466190465.
The Data Controller can be contacted at the following e-mail address: firstname.lastname@example.org
The Data Controller has also appointed a Data Protection Officer (DPO) who can be contacted for questions relating to the processing of your personal data at the following e-mail address: email@example.com
2. TYPE OF DATA PROCESSED AND COLLECTED
The Data Controller will process the following personal data:
- biographic data; contacts data; email address;
- invoicing and payment data, tax identification number and VAT number.
3. PURPOSE, LEGAL BASIS AND LAWFULNESS OF THE DATA PROCESSING
The legal basis legitimizing data processing is the execution of contractual and pre-contractual obligations and the fulfilment of Law obligations.
We inform you that we will process your personal data in compliance with the conditions of lawfulness - pursuant to art. 6 EU Reg. 2016/679 - within the limits and to the extent strictly necessary to fulfil the following purposes:
- Performance of activities related to the conclusion of contracts/orders for the provision of professional services and performances and/or the awarding of related appointments and mandates;
- to carry out operations strictly connected with and ancillary to the initiation of contractual relationships, including the acquisition of preliminary information necessary for the conclusion of the Contract;
- management of relationships with the supplier for the activities of administration, accounting, purchasing orders, shipping, invoicing and handling of any disputes;
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The data collected may be disclosed to recipients, appointed pursuant to art. 28 EU Reg. 2016/679, who will process the data as external managers and / or entities acting as autonomous Data Controllers. Specifically, the data may be disclosed to:
- firms or companies within the relationships of legal assistance and consulting (accountants, labor consultants);
- subjects that provide services for the management of the information system and telecommunications networks;
- competent authorities for the fulfilment of legal obligations and/or provisions of public authorities, upon request.
5. TRANSFER OF DATA TO A THIRD COUNTRY AND / OR AN INTERNATIONAL ORGANIZATION
The data collected will not be transferred to a third country and / or an international organization. It should be noted, however, that the use of cloud services may involve the transfer of data to servers located abroad (both EU and non-EU), always in compliance with the applicable legal provisions and, in any case, ensuring respect for maximum security of the data.
6. PERIOD OF STORAGE OR CRITERIA USED TO DETERMINE SUCH PERIOD
The Data Controller will process your personal data for the entire duration of the contractual relationship and for 10 years following its termination for the sole purpose of fulfilling legal, fiscal, and administrative obligations and for the management of any disputes (including provisions for time-barring of claims).
7. RIGHTS OF THE INTERESTED PARTIES AND METHODS OF EXERCISE OF SUCH RIGHTS
In your capacity as an interested party, you can enforce your rights referred to in Chapter III (articles 15-22) of EU Reg. 2016/679 by contacting the Data Controller by e-mail at firstname.lastname@example.org, by registered letter to the address of the company's registered office or by delivery of a hard copy.
The rights you enjoy, pursuant to EU Reg. 2016/679, are the following:
- withdrawal of consent;
- limitation of processing;
- opposition to processing;
These rights are guaranteed to you without any formalities for their exercise, which is essentially free of charge.
Without prejudice to any other administrative or judicial action, you can also lodge a complaint with the Supervisory Authority in accordance with the provisions of EU Regulation 2016/679 and the Privacy Code, as amended by Legislative Decree 101/2018.
8. METHODS OF DATA PROCESSING
The personal data provided will be recorded, processed, managed and filed in paper form and / or with the aid of IT tools and in any case in such a way as to guarantee their security and confidentiality. The processing will be carried out by expressly authorized internal staff, without the intervention of automated systems or processes, and no profiling is carried out.
9. NATURE OF THE DATA PROVISION
The provision of data for the purposes referred to in point 3) is mandatory. Any total or partial refusal to provide data will result in the impossibility to begin the contractual relationship.
10. DISSEMINATION OF DATA
The personal data collected will in no case and in no way be disseminated to third parties not approved by the Data Controller and may be exhibited only at the request of the Judicial, Financial and Guarantor Authorities, as well as to all other subjects to whom the communication is required by law for the accomplishment of the aforementioned purposes.