2.METHODS AND PURPOSES OF PROCESSING AND USE
2.1. Data Subjects’ data is gathered in order to allow the Data Controller to provide its services in the maritime brokerage sector, in particular marketing, communication and promotional services in the pleasure sailing and/or motoryacht brokerage sector, and management, administrative and commercial consultancy services in the abovementioned sector.
The Data are collected, stored and, also, divulged outside the company setting for the following express purposes: correct and complete execution of the services due, fulfilment of fiscal and civil obligations, commercial promotion of the activities carried out by the company (direct and indirect marketing, newsletters, advertisements in specialist magazines and on social media pages).
The Data is collected and stored exclusively for the above-indicated purposes both through the official https://equinoxeinternational.com/ website and through third party platforms (Facebook, Instagram, LinkedIn, etc.) where present.
The Data may be communicated to our parent and subsidiary companies as well as the Data Controller’s employees, partners and trusted collaborators both in Italy and outside it.
2.2. Any new or different Data Processing will occur only after users and Data Subjects have been notified of a new policy information document, to obtain their specific consent where required.
2.3. The Controller will take all suitable computer security measures, practical and electronic, to prevent unauthorised access to, modification of, divulging of or destruction of the Data Subjects’ data.
The Processing is carried out using organisational methods pertinent to the purposes indicated and agreed with the DPO, where compulsory, or with the Data Processor.
The Privacy protocols and standards used by the Company for personal data protection are based on the following principles:
2.3.1. RESPONSIBLE PROCESSING AND USE
The Data Processing is managed over time by Mr Corrado Lorenzo Mario Di Majo, the in-house representative of the company as per above.
Aside from the Controller, various individuals involved in working in different ways on the organisation of the Site or for the Controller (e.g. administrative, commercial, systems administration staff, hosting providers, employees, partners and collaborators from parent or subsidiary companies) may also have access to your data.
In all instances, the Data Subject may at any time request an updated list of Processors from the Controller.
2.3.2. TRANSPARENCY OF PROCESSING AND USE
The Data are collected and processed under the principles outlined in this policy.
In terms of the data that can be gathered through automated procedures (technical or profiling cookies), explicit consent will be deemed to have been given if the visitor decides to continue navigating the site once the initial banner message has closed.
Consent is requested and can be implicitly provided also when data are collected through automated procedures (technical and profiling cookies).
It is, however, always possible for the Data Subject to request the concrete legal basis for each processing act from the Data Controller, specifying in particular if the latter is based on law, a contract or necessary to the completion of a contract.
2.3.3. RELEVANCE OF COLLECTED DATA
The Data are collected and processed fairly using legitimate methods. They are saved only for specific, explicit and legitimate purposes, listed in paragraph 2 of this document, and not further processed in a manner that is incompatible with those purposes.
2.3.4. PRINCIPLE OF VERIFIABILITY
The Data collected are updated, organised and stored in such a way as to provide all interested parties the possibility of establishing what information has been collected and saved, to check the quality of said information and to request any relevant rectification, completion and erasure as a result of the law being broken or to exercise all of their rights under article 9 of this document, using the means described in article 10.
2.3.5. PRINCIPLE OF SECURITY AND MEASURES ADOPTED
184.108.40.206. The Data collected and processed are protected in such a way as to prevent their being illegally altered or disclosed, using technical and/or computer security measures designed to minimise the risk of erasure, loss (including accidental) or access by unauthorised subjects.
220.127.116.11. These measures are periodically verified and updated in line with technical progress, the nature of the data and the specific characteristics of the processing.
18.104.22.168. Third parties that perform support work of any kind for the delivery of services on behalf of the Company which involve personal data processing, are designated as data processors and are thus obliged to respect processing security and privacy measures for the processing.
22.214.171.124. The information acquired may be disclosed to the following third parties:
Equinoxe S.r.l. , Via dei Mille 18, 10123 Torino, Italy ; parent company.
– SiteGround Spain S.L., Calle de Prim 19, 28004 Madrid; Hosting Provider
– Ideificio S.r.l., Via Marradi Giovanni 1, 20123, Milano, Webmaster
3. TYPE OF DATA AND PROCESSING METHODS
3.1. The data collected through the https://equinoxeinternational.com/ web domain and platforms owned by third parties (Facebook, Instagram, LinkedIn etc..), if present and active, may include: first name, family name, telephone number, tax /social security number, email address, IP connection address, and any other kind of information provided directly by Users, using connections on the web page (“Contact Us”) or the newsletter service.
Generally speaking, the data may be:
a) Data provided voluntarily by Users: Data gathered and processed on the site are necessary to providing services. Consequently, if such data are not provided or consent is not given, services requiring their use cannot be provided.
If the Data Subjects do not give their express consent for the information provided (e.g. email address, landline and cell phone numbers, ID document) to be used, the latter will not be used for publicity, direct sales or interactive commercial communication purposes.
In the section of the Site designed for Data to be provided, specific information may be provided.
When emails are voluntarily sent to the Controller’s addresses, the latter will acquire the email address of the sender and any other information contained in the message. These Data will be used to contact the Sender and to make it possible for Exquinoxe Yachts International to carry out its maritime brokerage activities.
b) Navigation data: The Site’s automated procedures will acquire certain Data, the transmission of which is implicit in using web communication protocols.
Although this information will not be associated with identified Users, by its nature, if associated with other data held by third parties (e.g. internet service providers), it may allow the identification of the users navigating the internet domain (e.g. IP addresses, domain names of PCs used by users connecting to the Site, URLs of requested resources, time of request, numerical code relating to the response status of server).
These data are used for statistical purposes, to check traffic to the Site and its correct functioning, and to keep individuals signed up for the newsletter of the company’s commercial and other initiatives, informed.
The Controller, or designated processors, save the track of the connections made for a limited period, to ensure they can fulfil all requests from the judiciary, which may legitimately request it when in the process of establishing responsibility in case of computer crimes.
When not otherwise specified, cookies are used simply to provide the Service the user requests, by guaranteeing that they can use the internet site and by making navigation between the various pages possible.
The aims of installing temporary markers may, however, require users’ consent.
For your information, the main types of cookies are:
a) Technical and statistical cookies
Technical cookies are essential to the correct functioning of the website. The technical cookies used by the Controller can be divided into the following categories:
i. navigation cookies, to allow the user’s navigation preferences to be saved and to optimise your navigation experience;
i. analytics cookies, which gather statistical information regarding users’ navigation methods. These data are processed in aggregate and anonymous form;
i. functionality cookies – including those of third parties, which activate specific functionalities on the Site and are necessary to allow us provide our services.
Said cookies do not require prior consent of Data Subjects for their installation and use.
Other types of cookies or third party tools which may use them
Some of the services listed below may not require users’ consent and may be managed directly by the Controller without any need for third parties. Whenever said tools include services managed by third parties, these may possibly carry out user tracking activities, even unbeknownst to the Controller.
In detail, the cookies used by the Controller are as follows:
Control of cookie installation
In addition to the indications contained in this policy, Data Subjects can also manage their cookie preferences through their own browser, preventing, for example, installations by third parties.
However, if all cookies are disabled, the Site’s functioning may be compromised.
The Controller wishes to state that the User can also avail of tools such as Your Online Choices (http://www.youronlinechoices.com/it/), which allow you to manage the tracking preferences of most advertising tools.
The Controller strongly advises Data Subjects and Users of the Website to use these resources in addition to the information provided in this document.
For any other technical information about cookies additional to that contained in this policy, please refer to: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/2142939.
5. DATA PRESERVATION METHODS
Data, including navigation data, will be held, in compliance with GDPR, only for the time required to fulfil the purposes outlined in this document i.e. two years when the processing is for marketing and/or promotional initiatives (including newsletter services), and 10 years for legal obligations.
6. ACCESS TO DATA
6.1. The Data processed by the Controller may be accessible to the latter’s employees, partners and collaborators in their role as processors and/or as in-house processors and computer systems managers. These individuals will only be given access to the data when processing is necessary to their performance of their duties and will involve only those operations necessary to the performance of their duties.
6.2. The Controller will protect the Users’ information against unauthorised access, illegal processing, accidental loss, destruction and damage, and will keep said information only for the period strictly necessary to the completion of the purposes it is collected for.
7. COMMUNICATION OF DATA
7.1. Without requiring express consent as per article 6, points b) and c) of GDPR, the Controller may disclose the Data at the request of Supervisory Bodies (such as IVASS) or the Legal Authorities, as well as those subjects to which communication is compulsory to comply with legal obligations, or to enforce or defend a right in court. Said subjects will process the data in their roles as autonomous data controllers. The data will not be shared, unless the requested service requires this.
7.2. If necessary, in relation to particular services or products requested, the Data may be shared with third parties who, in their roles as autonomous data controllers, carry out tasks closely connected with, and instrumental to, the provision of the services.
7.3. Aside from the provisions of points 1 – 2 – 7 of this policy, the Data Controller will not transfer personal data to countries outside of the EU or to international organisations.
8. DATA TRANSFER
8.2. It is understood in any case that, where necessary, the Controller will be able to move the servers outside of the EU. In that case, the Controller will ensure that the transfer of data outside of the EU is carried out in compliance with the applicable legal provisions, after the stipulation of the standard contractual clauses provided for by the European Commission.
9. RIGHTS OF DATA SUBJECTS
9.1. The Data Subject has the following rights as per article 15 of GDPR, specifically:
i. to right to confirmation of the existence or otherwise of personal data pertaining to them, even if not yet saved, and the latter’s communication in intelligible form;
ii. the right to the identification of:
a) the source of the personal data;
b) the purposes and means of processing;
c) the logic applied in the case of processing using electronic means;
d) the identification details of the Controller, the Processors and the designated representative as per article 3, paragraph 1, GDPR;
e) the subjects and categories of subjects to whom the personal data can be communicated or who may become aware of them as the designated representatives in State territory, as processors or those charged with processing;
a) the updating, rectification, or, where of interest, completion of the data;
b) the erasure, anonymization or blocking of illegally processed data, including data the conservation of which is not necessary for the purposes for which the data was gathered or successively processed;
c) confirmation that the operations described (including their content) in paragraphs a) and b) have been made known to subjects to whom the data have been communicated or shared, with the exception of instances in which compliance is impossible or involves the use of means manifestly disproportionate to the right being protected;
to object to:
iv. wholly or in part:
a) for legitimate reasons, the processing of your Personal Data, even if pertinent to the purposes of its collection; b) the processing of your Personal Data for the purposes of sending advertising or direct sales material or for market research or commercial communications purposes using automated call systems without the intervention of an operator, by e-mail and/or using traditional marketing methods by telephone and/or regular printed post. Please note that the Data Subject’s right to object, laid down in point b) above, for direct marketing purposes through automated means extends also to traditional means and also allows the Data Subject to object only in part. Thus, the Data Subject can decide to only receive communications through traditional means or only automated communications or neither of the two types of communication.
Please note that the Data Subjects still retain the right to object to the processing of their Data for direct marketing purposes without having to give any reason.
Where applicable, they also have the rights outlined in article 15-21 GDPR (Right to rectification, right to forgetting, to limit processing, right to portability of data, right to object) as well as the right to complain to the Supervisory Authority.
9.2. Where permitted under law law, the user may have the right to obtain a copy of the data in our possession.
9.3. Before responding to each specific request, we may ask the User for optional information such as:
(i) to verify their identity;
(ii) further details necessary to meet their request as completely as possible.
9.4. The Controller will provide individual answers within an appropriate period of time and, in any case, within the period of time required under law. If the User decides to exercise that right, they must contact us using the contact details outlined in articles 11 and 13 of this document.
10. MEANS OF EXERCISING YOUR RIGHTS
Users and interested parties can exercise the rights provided for under EU Regulation 2016/679 at any time and free of charge, by sending one of the following:
– a registered letter to the current legal headquarters at Via Dei Mille no. 18 in Turin;
– an email to the following email address: email@example.com
11. CONTROLLER, PROCESSORS AND INDIVIDUALS TASKED WITH PROCESSING
The Controller is the company Equinoxe Yachts International S.r.l. (C.F 11904260012), in the person of its acting legal representative, Mr Di Majo Corrado Lorenzo Mario, and with a legal headquarters t Via Dei Mille no. 18, Turin.
The updated list of Data Processors and those tasked with processing is held at the company’s legal headquarters and can be accessed by request using the methods indicated above.
12. CONTACT DETAILS
Processing carried out through the https://equinoxeinternational.com/ web domain takes place at the company headquarters or at the headquarters of the hosting provider, Siteground (https://it.siteground.com/privacy), currently at Calle de Prim 19, 28004 Madrid, Spain.
For further information, you may always contact the Controller.
Any comments, questions or requests relating to the use made by the Controller of the User’s information should be sent to the following email address: firstname.lastname@example.org
It may become necessary to modify those methods should new sector regulations come into force and also as a result of our constant examination and updating of services to Users.
However, whenever the modifications involve processing the legal basis of which is consent of the Data Subject, the Processor will request the consent of the latter where necessary.
14. REDIRECTS TO THIRD PARTY SITES
The Site has plug-ins which redirect to other platforms of social media networks (Facebook, Instagram, LinkedIn, Google+ etc.). These plug-ins are provided for the Users’ convenience and to facilitate connections between various pages as well as the publicising of the company’s activities and the services provided by it.
The Controller has no control over any other sites aside from the one through which it promotes its activities, or their accessibility to the public.
For this reason, the Controller cannot be held responsible for the data that are gathered, shared or processed by said sites, and invites Users to read their respective privacy policies.
Last modified: December 5 2018