Pursuant to Regulation (EU) 2016/679 (hereinafter “Regulation”), this page describes the methods of processing the personal data of users who consult this website.

This information does not concern other sites, pages or online services that can be reached via hypertext links that may be published on the site but refer to resources external to the owner’s domain.

It should be noted that the Privacy policy could be modified from time to time according to the activation of new services or as a result of legal updates, therefore it is advisable to periodically check for any news on the subject by consulting this policy.

1. OWNER OF THE TREATMENT

The personal data controller is Riccardo Jermi., with registered office in 22O42 San Fermo della Battaglia  (CO), Via San Fermo 51  – E-mail address: info@boatlakexperience.it

2. LEGAL BASIS OF THE TREATMENT

Consent of the interested party, fulfillment of a contract of which the interested party is a party / execution of pre-contractual measures activated at the request of the interested party as well as the pursuit of a legitimate interest are the legal bases which, depending on the data processing carried out on the site, will be applicable.

3. PLACE OF DATA PROCESSING

The treatments connected to the web services of this site are based in Italy, and are managed at the headquarters of the Data Controller by internal authorized personnel of the Data Controller. No data deriving from the web service is disclosed.

4. TYPES OF DATA PROCESSED AND PURPOSE OF PROCESSING

Navigation data

The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes:

– the IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources,

– the time of the request;

– the method used in submitting the request to the server;

– the size of the file obtained in response;

– the numerical code indicating the status of the response given by the server;

– and other parameters relating to the operating system and the user’s IT environment.

These data, necessary for the use of web services, are also processed for the purpose of:

– obtain statistical information on the use of the services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.);

– to ascertain responsibility in the event of hypothetical computer crimes against the site, for statistical purposes,

– to improve navigation and site content.

Data communicated by the user

1) The optional, explicit and voluntary sending of messages to the contact addresses of the Data Controller, as well as,

2) filling in and submitting the forms on the site,

involve the acquisition of the sender’s contact details, as well as all personal data included in the communications necessary to respond to any requests or perform the service/performance requested.

Cookies and other tracking systems

Any data acquired through cookies, and the methods for managing them, are fully described in the “cookie policy” document, which we recommend checking.

1. DATA RETENTION PERIOD

In compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of the GDPR, the retention period of personal data is established for a period of time not exceeding the achievement of the purposes for which they are collected and processed and in compliance with the times for the correct provision of the necessary services. The data will, however, be deleted from the server at the end of the tenth year.

2. OPTIONAL PROVISION OF DATA

Apart from that specified for navigation data, the user is free to provide the personal data contained in the request forms. If the data are acquired through consent, the user has the right to revoke it at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.

3. METHOD OF TREATMENT

Personal data is processed with automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

4. RECIPIENTS OF THE DATA

The recipients of the data collected following consultation of the site are: internal authorized personnel of the Data Controller, who act on the basis of specific instructions provided in relation to the purposes and methods of the processing itself.

5. TRANSFER OF DATA ABROAD

The data is not communicated to third countries or international organizations outside the European Union.

6. RIGHTS OF INTERESTED PARTIES

The subjects to whom the personal data refer, pursuant to articles 15-22 of the GDPR, have the right to:

ask for confirmation of the existence or otherwise of your personal data;

obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated, and when possible, the retention period;

obtain the rectification and cancellation of data

obtain the limitation of the treatment;

obtain data portability, i.e. receive them from a data controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without impediments;

oppose the treatment at any time and also in the case of treatment for direct marketing purposes;

oppose an automated decision-making process relating to natural persons, including profiling.

The data subject also has the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR.

To exercise their rights, interested parties can direct a request to the contact details of the Data Controller indicated in this policy. Requests are made free of charge and processed by the Data Controller as soon as possible, in any case within 30 days.