This document provides full transparency about the information gathered via the Riva website (the Website) and how this information is handled. Details obtained by other means are not covered.
1. DATA CONTROLLER
The data controller is: Ferretti S.p.A. (the Data Controller) of Via Irma Bandiera 62, Cattolica (RN), Italy.
2. DATA PROTECTION OFFICER
The Data Protection Officer (DPO) can be contacted via email at email@example.com.
3. THE TYPES OF PERSONAL DATA WE PROCESS
We process the personal data that you disclose to us or that the Data Controller legitimately obtains. This is how the various types of data are processed via the Website:
Website use data. The data-transmission and information systems and the software procedures deployed to operate the Website gather some personal-data items during normal usage. These items are sent to us as an inevitable result of communicating via the internet.
Website use data includes: IP addresses; the access date and time; the pages visited (URIs/URLs); the method of sending the request to the server; the server response status (numeric code); the names of the devices used to access the Website; and other parameters about your operating system and computing environment.
Data you provide voluntarily. Some sections of the Website require items of personal information, e.g. your forename, surname, contact details, town and/or country of residence, username and password.
Tracking data (cookies). Tracking entails using code executed inside the Website on both the server (e.g. services and procedures) and the client (e.g. tags and pixels), also using code installed on your browser (e.g. cookies).
Location data. With your specific permission, the Website may collect the approximate location data provided by your IP address.
Data on content sharing on social media. The Website may include plugins and/or buttons for you to share the content on your social networks (Facebook, Twitter, LinkedIn, YouTube, Instagram, etc.).
4. PROVIDING YOUR DATA
Further to the Website use data section above, you are not obliged to provide your data for any other purposes. But if you choose not to, you may be unable to use the Website for the other purposes described below.
5. LAWFUL BASIS – WHY WE PROCESS YOUR DATA AND HOW LONG WE KEEP IT
The Data Controller processes your personal data for specific purposes and only when a specific lawful basis applies, as laid down in current data protection and privacy law. The list below covers all the processing that Ferretti Group performs to enable you to use our digital channels and to allow the Data Controller to keep those channels operating correctly and ensure that data is lawfully processed.
The Data Controller processes your personal data for the following purposes, with the lawful bases and retention times stated:
to operate the Website, to supply the associated services (e.g. replying to messages received via the Website contact form), to sell products and services (e.g. a boat) and to monitor Website operation:
lawful basis: fulfilling a contract to which you are a party;
retention: personal data is kept for as long as is necessary to provide the digital services and is then deleted or anonymised; data transmitted during goods or service purchases will be kept for a further 10 years after the purchase is completed, as permitted by law;
to register users, clients and prospects in connection with products and services offered (e.g. providing information about selling a yacht, registering on the e-commerce site):
lawful basis: fulfilling a contract and precontractual steps at your request. The data needed to manage the contractual relationship is covered in the Notice for Clients and Prospects;
retention: for as long as your account is active and, for the contractual data, in accordance with the timescales stated in the Notice for Clients and Prospects.
to send sales information:
lawful basis: your consent, which is optional and freely given and you may withdraw at any time;
retention: personal data is kept until you withdraw consent;
for profiling and profiled advertising:
retention: as stated in the above policy;
to prevent and stamp out any fraudulent use or abuse of the Website:
to establish, exercise or defend one of the Data Controller’s rights in a court of law:
lawful basis: the Data Controller’s legitimate interest;
retention: the personal data is kept throughout the complaint process and/or the out-of-court or judicial proceedings until the legal safeguards and/or remedies have been exhausted.
6. PARTIES AUTHORISED TO PROCESS THE DATA
Your personal data is processed by the Data Controller’s employees and contract workers who have been expressly authorised to do so and who have been suitably trained as required under articles 29 of the GDPR and 2-quaterdecies of Legislative Decree 196/2003, as amended in line with the GDPR under Legislative Decree 101/2018.
7. WHO PROCESSES THE DATA
Your personal data may be processed by third parties operating as data controllers – such as authorities and supervisory bodies, including private ones – and in general by parties, including private individuals, entitled to request the data under current national and European law.
Your personal data may also be processed on the Data Controller’s behalf by suitably trained third parties appointed as data processors.
8. TRANSFERRING PERSONAL DATA OUTSIDE THE EU
Your data may be sent to third parties outside the EU that are part of Ferretti Group. The data may also be transferred to countries for which an adequacy decision has not been issued under GDPR article 45.3 or adequate safeguards under GDPR article 46 have not been adopted; therefore your consent is requested under GDPR article 49.
For a copy of the safeguards under GDPR article 46, please write to firstname.lastname@example.org.
9. YOUR RIGHTS
You may exercise your rights under articles 15–22 of the GDPR by emailing the Data Controller at email@example.com. In particular, you may ask to access any data we hold about you, to have it deleted, to have it corrected if inaccurate, to add to it if incomplete, to obtain a portable extract of it, to restrict processing of it under GDPR article 18, and to object to processing in the Data Controller’s legitimate interest.
In the event of an alleged breach, you may complain to the competent supervisory authority in the EU member state where you live or work or in the state where the breach allegedly occurred.
Last updated on: 6/12/2021