Edesia Cruise

Privacy Policy

Privacy Policy

This page describes how the site is managed with regard to the processing of personal data of users who consult it.

  • The “Owner” of the processing(who decides why, how and to whom to have the data processed)
  • Rights of data subjects
  • Navigation Data– Data processed in connection with the site visit
  • Data voluntarily provided by the user
  • Treatments resulting from a contact request
  • Data retention
  • User rights – in-depth

THE “OWNER” OF THE TREATMENT

(who decides why, how and to whom to have data processed)

As a result of consulting this site and using the services it offers, data relating to identified or identifiable persons may be processed .
In addition to browsing data, information may, for example, be collected on occasion:

  • Of the request for a reservation;
  • Of the use of other services through the Platforms;
  • Of subsequent phone calls with our operators.

Data controller (i.e., the person who determines the purposes and means of personal data processing and assumes responsibility for processing and having personal data processed properly) is
C.T.A. Spa– Via L. Alamanni, 3 – 50123 Firenze (FI) P.IVA C.F. 03262740404
Email address: hello@edesiacruise.com

RIGHTS OF INTERESTED PARTIES

With reference to the processing referred to in this document, the data subjects (users of the site) have the right:

  • to request from the data controller access to and rectification or erasure of personal data or restriction of the processing of personal data concerning him or her and to object to their processing,
  • if the processing is carried out by automated (computerized) means and on the basis of his or her consent, to receive in a structured, commonly used and machine-readable format the personal data concerning him or her and/or to obtain their direct transmission to another data controller, if technically feasible
  • to revoke their consent at any time (without affecting the lawfulness of the processing based on the consent before revocation), of course this is for processing carried out on the basis of this assumption
  • to submit a complaint to a supervisory authority: Garante per la protezione dei dati personali – Piazza di Monte Citorio n. 121 00186 ROMA – Fax: (+39) 06.69677.3785 – Telephone switchboard: (+39) 06.696771 – E-mail: garante@gpdp.it – certified mail protocollo@pec.gpdp.it

More information at the end of this policy

Requests should be addressed to the Holder – including through the contact area or other contact details on the site bearing in mind that it will not be possible to respond to requests received by telephone where there is no certainty about the identity of the requester.

NAVIGATION DATA

data processed in connection with the site visit

Computer systems and proceduressoftwareresponsible for the operation of thiswebacquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes, for example, IP addresses or domain names of computers used by users connecting to the site, addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to your operating system and computer environment, such as the type and version of your browser, the types and versions of browser plug-ins, the mobile device identifier (IDFA or AndroidID), and other parameters related to your operating system and computer environment,

These data, in the absence of specific consent to processing for further purposes, are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to monitor its proper functioning.

The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site, and only in that case can specific procedures aimed at identifying the author be activated.

The LEGAL BASIS OF THE PROCESSING of these data is the legitimate interest of the owners consisting of the protection of data security, smooth operation of the site and improvement of service standards.

METHODS AND PERSONS IN CHARGE OF PROCESSING

Personal data are processed by automated means for the time strictly necessary to achieve the purposes for which they were collected. Processing at the services webof this site are handled by personnel appointed by the Data Controller as well as by external parties, appointed as data processors, who are entrusted with the technical management and maintenance of the site and its computer systems. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

No data derived from thewebis disseminated.

The personal data provided by users who forward requests for the sending of informative material are used for the sole purpose of performing the service or provision requested and are communicated to third parties only if this is necessary for that purpose.

DATA VOLUNTARILY PROVIDED BY THE USER

Apart from what has been specified for navigation data, the user is free to provide the personal data requested in the course of navigation to solicit the sending of informative material or other communications. Failure to provide them may result in the impossibility of obtaining what has been requested.

When the user visits a part of the Site that requires the collection of personal data, he or she is presented with a link back to this information document and, if necessary, asked for consent

The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the missive which, unless otherwise duly communicated, will be kept for the time necessary to fulfill the requests

Below are made available specific disclosures referring to pages of the site set up for particular on-demand services or through which additional personal data may be acquired.

TREATMENTS RESULTING FROM A CONTACT REQUEST

Personal data voluntarily provided by the data subject through the CONTACTS area or e-mail addresses made available on the site:

  1. Are processed with mostly automated tools to:
    1. Ensure a certain and timely response and meet the data subject’s own requests
    2. Fulfillment of obligations arising from EU laws, rules and regulations; fulfillment of provisions issued by the Judicial Authority,
    3. To feed the public’s knowledge acquisition system through statistical analysis, carried out through anonymized and aggregated data, useful for verification, improvement and then design of a service that is increasingly efficient and adapted to demand,
  2. With the consent of the data subject addresses, postal and e-mail addresses provided may be used to send courtesy communications and/or informational material/offerings regarding proposed products and services provided by the Owner, this of course with the consent of the data subject.
  3. may be processed by salespeople, computer systems maintenance personnel whose task is to ensure the functionality of the systems, data security and backup operations, other designated personnel within the limits of their assigned duties and the provisions of company procedures, and other individuals who provide services for purposes auxiliary to the fulfillment of the data subject’s requests, also within the limits strictly necessary to carry out their tasks;
  4. may be disclosed or made available:
    • to subjects who can access the data by virtue of a provision of the law, regulation or EU legislation, within the limits provided by these rules,
    • other related companies (subsidiaries – parent companies) always for current “administrative accounting purposes” related to the fulfillment of the requests of the person concerned
    • to other entities that provide services for purposes related to the fulfillment of the data subject’s requests, to the extent strictly necessary to perform their tasks – business partners, whose cooperation is necessary for the provision of the requested services Business Partners will operate as autonomous data controllers and in compliance with their respective privacy notices, which will be sent to you by them

Personal data will be transferred to entities located outside the European Union to the country where the data subject resides or is located only if necessary to fulfill his or her requests and in compliance with applicable regulations.

When filling out the forms, the fields whose completion is mandatory are indicated with an asterisk, in the absence of the other required data it will not be possible to fulfill the requests of the interested party.

If, at the time of the contact request, the data subject has to communicate special categories of data (such as: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as dealing with genetic data, biometric data intended to uniquely identify a natural person, data relating to the person’s health or sexual life or sexual orientation) a specific consent to their processing may be required, in the absence of which it may be impossible to process the data subject’s requests.

DATA RETENTION

The data disclosed, unless otherwise duly communicated by the data subject, will be kept for as long as necessary to fulfill the data subject’s requests and comply with legal requirements.

Where the data subject has a contractual relationship with the Data Controller, the data will be retained, if relevant to it, for the duration of the contract, after which retention will be continued only if required by law and in accordance with regulations on the retention of administrative records.

Contact information for which consent has been given to send commercial communications will be retained until 18 months after the last sending or until the data subject withdraws consent

USER RIGHTS – IN-DEPTH

Right of access
The data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data and the following information:

(a) the purposes of processing;
(b) the categories of personal data in question;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly if recipients in third countries or international organizations and, if so, the existence of appropriate safeguards;
(d) when possible, the intended retention period of personal data or, if not possible, the criteria used to determine this period;
(e) the existence of the data subject’s right to request from the data controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing;
(f) the right to file a complaint with a supervisory authority;
(g) if the data are not collected from the data subject, all available information on their origin;
(h) the existence of any automated decision-making process, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way, and, at least in such cases, meaningful information about the logic used, as well as the importance and expected consequences of such processing for the data subject.

Right of rectification
The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning him or her without undue delay.

Right to erasure
The data subject shall have the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller shall be obliged to erase the personal data without undue delay if one of the following grounds exists:

(a) personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
(c) the data subject objects to the processing, and there is no overriding legitimate ground for the processing;
(d) personal data have been processed unlawfully;
(e) the personal data must be erased in order to comply with a legal obligation under European Union law or the law the Member State to which the data controller is subject;

Rights to limitation of processing
The data subject has the right to obtain from the data controller the restriction of processing when one of the following cases occurs:

(a) the data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
(b) the processing is unlawful and the data subject objects to the deletion of personal data and instead requests that their use be restricted;
(c) although the data controller no longer needs them for the purposes of processing, the personal data are necessary for the data subject to establish, exercise or defend a right in court;
(d) the data subject has objected to the processing, pending verification as to whether the data controller’s legitimate reasons prevail over those of the data subject.

Right to object
The data subject has the right to object at any time to the processing of personal data concerning him or her carried out for direct marketing purposes, including profiling insofar as it is related to such direct marketing.

Right to data portability
The data subject has the right to receive in a structured, commonly used and machine-readable format personal data concerning him or her that has been provided to a data controller and has the right to transmit such data to another data controller without hindrance from the data controller to whom he or she has provided it if:

(a) the processing is based on consent or a contract; and
(b) the processing is carried out by automated means.

In exercising his or her rights with regard to data portability, the data subject has the right to obtain direct transmission of personal data from one data controller to another, if technically feasible.

Scroll to Top