INFORMATION PURSUANT TO THE REGULATION EU 679/2016 (“GDPR”)

The purpose of this document is to inform the individual (hereinafter “Data Subject”) regarding the processing of their personal data (hereinafter “Personal Data”) collected by the data controller, Marina Blu S.p.A., with registered office in Rimini (RN), via Ortigara 80, email address info@marinadirimini.it, (hereinafter “Controller”), through the website https://marinadirimini.com/ (hereinafter “Application”).

Changes and updates will be binding as soon as they are published on the Application. In the event of non-acceptance of the changes made to the Privacy Policy, the Data Subject is required to cease the use of this Application and may request the Controller to delete their Personal Data.

1 Categories of Personal Data processed

The Controller processes the following types of Personal Data voluntarily provided by the Data Subject:

Contact Data: name, surname, address, email, phone, images, authentication credentials, any additional information sent by the Data Subject, etc.

Tax and Payment Data: tax code, VAT number, credit card details, bank account information, etc.

The Controller processes the following types of Personal Data collected in an automated manner:

Technical Data: Personal Data produced by devices, applications, tools, and protocols used, such as information about the device used, IP addresses, type of browser, type of Internet service provider (ISP). Such Personal Data may leave traces that, especially when combined with unique identifiers and other information received from servers, can be used to create profiles of individuals.

Browsing and Application Usage Data: such as pages visited, number of clicks, actions taken, session duration, etc.

The failure by the Data Subject to provide Personal Data for which there is a legal or contractual obligation, or if they constitute a necessary requirement for the conclusion of the contract with the Controller, will result in the Controller’s inability to establish or continue the relationship with the Data Subject.

The Data Subject who provides the Controller with Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication, or disclosure.

2. Cookies and similar technologies

The Application uses cookies, web beacons, unique identifiers, and similar technologies to collect Personal Data from the Data Subject on the pages, links visited, and other actions taken when the Data Subject uses the Application. They are stored to be transmitted during the Data Subject’s subsequent visit. You can review the Cookie Policy on the dedicated page.

3. Legal basis and purpose of processing

The processing of Personal Data is necessary:

• for the performance of the contract with the Data Subject, specifically:

1 fulfillment of any obligation arising from the pre-contractual or contractual relationship with the Data Subject

2 registration and authentication of the Data Subject: to allow the Data Subject to register on the Application, log in, and be identified, also through external platforms

3. support and contact with the Data Subject: to respond to the requests of the Data Subject

• due to a legal obligation, specifically:

1 the fulfillment of any obligation required by current laws, regulations, and rules, especially in tax and fiscal matters

• based on the legitimate interest of the Data Controller, for:

1 email marketing purposes of products and/or services of the Data Controller to directly sell the products or services of the Data Controller using the email provided by the Data Subject in the context of the sale of a product or service similar to that being sold

2 statistical analysis with anonymous data: to perform statistical analysis on aggregated and anonymous data to analyze the behaviors of the Data Subject, improve the products and/or services provided by the Data Controller, and better meet the expectations of the Data Subject

• based on the consent of the Data Subject, for:

1 retargeting and remarketing: to reach the Data Subject with a personalized advertising message who has already visited or shown interest in the products and/or services offered by the Application using their Personal Data. The Data Subject can opt-out by visiting the Network Advertising Initiative page.

2 marketing purposes of the products and/or services of the Data Controller: to send commercial and/or promotional information or materials, to carry out direct selling activities of products and/or services of the Data Controller, or to conduct market research through automated and traditional methods.

The Personal Data of the Data Subject may also be used by the Data Controller for legal protection before the competent judicial authorities.

The processing of Personal Data is carried out using both paper and electronic means, with organizational methods and logics strictly related to the specified purposes and by adopting appropriate security measures.

4 Processing methods and recipients of Personal Data

Personal Data is processed exclusively by:

• individuals authorized by the Data Controller who have committed to confidentiality or have an adequate legal obligation of confidentiality;
• subjects who operate independently as separate Data Controllers or by subjects designated as Data Processors by the Data Controller in order to carry out all the processing activities necessary to achieve the purposes outlined in this notice (e.g., business partners, consultants, IT companies, service providers, hosting providers);
• subjects or entities to whom it is mandatory to communicate Personal Data due to legal obligations or orders from authorities.

The subjects listed above are required to use appropriate safeguards to protect Personal Data and may only access data that is necessary to perform their assigned tasks. Personal Data will not be indiscriminately disclosed in any way.

5 Place

Personal Data will not be subject to any transfer outside the territory of the European Economic Area (EEA).

6 Personal Data retention period

Personal Data will be stored for the period of time necessary to fulfill the purposes for which they  were collected, specifically:

• for purposes related to the execution of the contract between the Data Controller and the Data Subject, they will be stored for the entire duration of the contractual relationship and, after its termination, for the ordinary prescription period of 10 years. In the case of legal disputes, they will be kept for the duration of the dispute, up to the expiration of the terms for challenging actions.
• for purposes related to the legitimate interest of the Data Controller, they will be stored until the completion of that interest.
• for compliance with a legal obligation, by order of an authority and for legal protection, they will be stored in accordance with the deadlines set by such obligations and regulations, and in any case, until the expiration of the statutory limitation period provided by applicable laws.
• for purposes based on the consent of the Data Subject, they will be stored until the consent is revoked.

At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.

7 Rights of the interested party

Data Subjects have the right to exercise specific rights regarding the Personal Data processed by the Data Controller. In particular, Data Subjects have the right to:

• Be informed about the processing of their Personal Data.
• Withdraw consent at any time.
• Restrict the processing of their Personal Data.
• Object to the processing of their Personal Data.
• Access their Personal Data.
• Verify and request the correction of their Personal Data.
• Obtain the limitation of the processing of their Personal Data.
• Obtain the deletion of their Personal Data.
• Transfer their Personal Data to another controller.

Lodge a complaint with the supervisory authority for the protection of their Personal Data and/or take legal action.

To exercise their rights, Data Subjects can send a request to the following email address: info@marinadirimini.it. The requests will be promptly handled by the Data Controller and processed as quickly as possible, in any case, within 30 days.

Last update: 11/12/2023.