Porto Turistico Internazionale di Rapallo S.p.A. with registered office in Calata Andrea Doria, 2 - 16035 Rapallo, Genova, Italia
VAT number: 00171880990
Codice Fiscale: 00834160103
Phone: 0185 6891
Economic and Administrative Index (REA): 227019
(hereinafter, the “Data Controller”), in accordance with the rules on protection of personal data, in particular, the EU Regulation 2016/679 (hereinafter, “GDPR”), through the site you are browsing (hereinafter, the “Site”).
1. Identity and contact details of the data controller
The Data Controller is Porto Turistico Internazionale di Rapallo S.p.A. is a company established in the Italian territory, therefore no representative has been appointed.
2. Contact details of the DPO
The Data Controller has not a Data Protection Officer (“DPO”), pursuant to Article 37 GDPR. The DPO can be contacted at the following address: P.zza Generale Armando Diaz, 1 - 20123 Milano.
3. Processing methods
Cookies are small text strings that the Site you visit sends to your browser, which stores them in order to transmit them to the Site when you visit it again.
Cookies allow us to collect information about your browsing experience.
Cookies may be permanently stored on your computer and have a variable duration (persistent cookies), or they may not be permanently stored on your device and be automatically deleted when you close your browser (session cookies).
Cookies may be installed by the site you are visiting or may be installed by other websites that provide various services to that site (third party cookies).
3.1 Technical cookies
Cookies in this category allow the Site to function properly.
3.2 Statistical cookies
The Site also uses statistical cookies created directly by the Data Controller, or provided by third parties.
With the statistical cookies created directly by the Data Controller, the Data Controller will carry out statistical analyses on various domains, websites or apps that can be traced back to Data Controller itself, and will carry out its own statistical processing, without such analyses being aimed at making commercial decisions.
4. Delete and disable cookies
You can configure your browser to prevent the processing of cookies, or delete them immediately after browsing. Below, we list how to disable and delete cookies with the main browsers:
- Delete/deactivate cookies with Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
- Delete/deactivate cookies with Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
- Delete/deactivate cookies with Chrome: https://support.google.com/accounts/answer/32050?hl=en&co=GENIE.Platform%3DDesktop
- Delete/deactivate cookies with Opera: https://help.opera.com/en/latest/web-preferences/#cookies
- Delete/deactivate cookies with Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac, https://support.apple.com/en-us/HT201265
5. Data you voluntarily provide
You have the right and the freedom to provide data by sending electronic mail to the addresses indicated on the Site, which the Data Controller may acquire for the purposes indicated from time to time. In addition to the email address necessary to respond to you, any other personal data contained in the relevant communication will be processed. The data collected in this way will be stored and processed exclusively for the purpose of keeping correspondence, without using it for any other purpose.
6. Purpose, legal basis of the processing, optional consent and consequences of non-consent
- Personal data processed with technical cookies: The provision of personal data is a contractual obligation, without which the website could not be made available in full working order in accordance with the terms and conditions of use;
- Personal data provided voluntarily via email or form: The communication of personal data is purely optional. If you fail to provide the data, the Data Controller will not be able to respond to your requests. The legal basis for the processing is the legitimate interest of the Data Controller, as Data Controller, to respond to requests.
You can express your consent to the processing of personal data with non-technical cookies by clicking on a specific box presented within a banner.
7. Automated decision-making and profiling
If you consent to processing through profiling cookies to benefit from personalized services, your personal data may be subject to an automated decision-making process, with a specific algorithm that will decide which communications are best suited to your profile or which might be of interest to you. The expected consequences of this processing are the sending of highly profiled commercial communications, sending discounts, sending invitations to events deemed to be of interest.
In accordance with Article 22 GDPR, you have the right to:
- obtain human intervention in the decision-making process by the Data Controller;
- express your opinion;
- obtain an explanation of the decision reached by the Data Controller;
- challenge the decision itself.
8. Source of personal data and data categories
9. Recipients and possible categories of recipients of personal data
They may receive your personal data:
- companies offering hosting services;
- companies offering information society services;
- the service providers of the communication company.
10. Data Transfer
The Data Controller intends to transfer your personal data to entities established in a country outside of the European Union or to an international organization. Such entities could be represented, without limitation, by:
- communications companies that perform communications activities on behalf of the Data Controller;
- companies offering information society services;
- companies that offer hosting services;
- the service providers of the communication company.
The transfer of personal data to such entities, if established in a third country, or to an international organization, is carried out in the presence of an adequacy decision by the European Commission, which has verified that the third country, the territory or one or more specific sectors within the third country, or the international organization in question ensure an adequate level of protection of your rights. In the absence of such decisions, if deemed appropriate, (completare) reserves the right to enter into specific and separate agreements obliging such entities to adopt adequate security measures, including organizational measures, aimed at providing appropriate safeguards with respect to your rights.
Google Inc., in particular, is contractually bound to ensure adequate protection of the rights of the data subject. The data may thus be transferred to the following countries: United States of America. To obtain a copy of this data or the place where it has been made available, simply send your request to the Controller at the addresses shown above.
11. Data retention period
- The Data Controller will keep your personal data provided voluntarily and processed to respond to your requests for a period of time strictly necessary for achieving this purpose and, in any case, for no longer than 12 (twelve) months from the date of individual collection.
The Data Controller reserves the right, in any case, to ask you to renew your consent to the processing and / or to verify the consents you have already expressed.
12. Your rights
12.1 Right of objection
As a “data subject”, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you pursuant to Article 6(1)(e) or (f) of the GDPR, including profiling on the basis of those provisions.
The Data Controller refrains from further processing your personal data, unless the Data Controller itself demonstrates the existence of compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data about you carried out for such purposes, including profiling insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
You may object to the processing of your personal data for direct marketing purposes even in part, for example by objecting only to the sending of promotional communications carried out by automated and/or digital means, or to the sending of paper communications and/or the receipt of telephone communications.
If your personal data is processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out in the public interest.
12.2. Other rights
The Data Controller would also like to inform you of the existence of the following rights:
- Right of access: you have the right to obtain confirmation from the Data Controller that personal data concerning you is or is not being processed. If so, you have the right to access your personal data and specific information, in accordance with Article 15 of the GDPR;
- Right of rectification: you have the right to obtain from the Data Controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration, in accordance with Article 16 of the GDPR;
- Right to erasure: you have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay. The Data Controller is obliged to delete your personal data without undue delay, if there are grounds listed in Article 17 of the GDPR;
- Right to restriction of processing: you have the right to obtain from the Data Controller the restriction of processing, if the grounds listed in Article 18 of the GDPR exist;
- Right to data portability: you have the right to receive in a structured, commonly used and machine-readable format, personal data concerning you provided to the Data Controller, as well as the right to transmit such data to another data controller without hindrance by the Data Controller, in the cases and under the conditions specified by Article 20 of the GDPR;
- Right to obtain human intervention, express your opinion, obtain an explanation of the decision reached by the Data Controller and challenge the decision reached by means of automated decision-making processing: you have the right to obtain human intervention in the decision-making process by the Data Controller, express your opinion, obtain an explanation of the decision reached by the Data Controller and challenge the decision itself in accordance with Article 22 GDPR;
- Right to object to commercial communications: you have the right to object at any time, free of charge, to receiving commercial communications from the Data Controller;
- Right to lodge a complaint with the Data Protection Authority: you have the right to lodge a complaint with the Data Protection Authority, to complain about a violation of the rules on the protection of personal data, in accordance with Article 77 of the GDPR.
13. How to exercise your rights
You may lodge a complaint with the Italian Personal Data Protection Authority in the manner provided for by the official website, addressing it to the contact details available at https://www.garanteprivacy.it/home/footer/contatti.