Privacy Policy
PRIVACY NOTICE FOR THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 (GDPR)
1. Contact Details of the Data Controller and the Data Protection Officer
The Data Controller is SeaCorridor S.r.l. (hereinafter also referred to as the “Controller” or the “Company”), with its registered office in San Donato Milanese, Piazza Ezio Vanoni, 1 (MI). You may contact the Data Controller by email at gdpr@sea-corridor.com, or by regular mail at the above address.The Company has appointed a Data Protection Officer (the “DPO”), responsible for data protection matters, who can be contacted at the following email address: groupseacorridor_dpo@pglex.it.
2. Types of Personal Data Processed Through the Website
The Controller processes the following categories of personal data of users who browse and interact with the web services of the Website, in particular:
- Browsing data
The computer systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols or is used to improve the quality of the service provided. This information is not collected for the purpose of being associated with identified individuals; however, by its very nature, it could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.
These data are used solely to obtain anonymous statistical information on the use of the Website and to verify its correct operation. The data may also be used to ascertain responsibility in the event of alleged computer crimes or in the case of damages suffered by the Company or third parties. - Data voluntarily provided by the user
Users are not required to provide personal data to visit the Website. However, any contact between users and the Company - through the sending of emails, messages, or any other type of communication to the addresses indicated on the Website - entails the subsequent acquisition of common personal data, such as name, surname, and email address, as well as any other personal data that the user may voluntarily provide when interacting with the Company through the Website.
Therefore, if the user wishes to avoid the processing of their data by the Company, they are invited not to send any requests, or at least to provide the minimum amount of personal data necessary.
3. Purpose and Legal Basis of the Processing
Personal data may be collected and processed for the following purposes:
| Purpose of the Processing | Legal Basis of the Processing | Nature of the Provision |
|---|---|---|
a) To allow users to access and use the web services of the Website. | Article 6(1)(b) of the GDPR: performance of a contract to which the data subject is a party or to take steps at the data subject’s request prior to entering into a contract. | The provision of personal data is necessary and does not require your consent. Refusal to provide data may result in the Company being unable to provide the requested service, fulfill legal obligations, or respond to your requests. Providing data to handle information requests is not a legal or contractual requirement; however, it is necessary in order for the Company to respond to your inquiry. |
b) To manage user information requests. | Article 6(1)(b) of the GDPR: performance of a contract to which the data subject is a party or to take steps at the data subject’s request prior to entering into a contract. | |
c) To prevent the commission of unlawful acts through the Website. | Article 6(1)(f) of the GDPR: pursuit of the Controller’s legitimate interest. | |
d) To protect the Company’s rights in the event of potential legal disputes. | Article 6(1)(f) of the GDPR: pursuit of the Controller’s legitimate interest. | |
e) To pursue the Controller’s legitimate interests, such as, by way of example:
It is understood that only the data strictly necessary for these purposes, in the most aggregated/anonymous form possible, will be processed. | Article 6(1)(f) of the GDPR: pursuit of the Controller’s legitimate interest. | |
f) To comply with legal obligations to which the Company is subject. | Article 6(1)(c) of the GDPR: compliance with a legal obligation to which the Controller is subject. |
Should the Controller intend to use the personal data collected for any purpose incompatible with those for which they were originally collected or authorized, the Controller will inform the user in advance, and the user will have the right to refuse or withdraw their consent.
For any processing of personal data carried out through cookies, please refer to the specific Cookie Policy.
If the Controller intends to process the user’s personal data through cookies or similar tracking tools, the user will be duly informed, and consent will be obtained where required.
4. Methods of Processing
Within the Company’s organizational structure, personal data will be processed by individuals authorized to carry out the processing who act under the authority of the Data Controller and have been duly instructed by the Controller. The processing will mainly be carried out using electronic systems, in compliance with the principles applicable to personal data processing pursuant to Article 5 of the GDPR.
5. Criteria Used to Determine the Retention Periods for Personal Data
Your data will be retained for the period necessary to fulfill legal obligations.The retention period of the data depends on the purposes for which they are processed and may therefore vary. The criteria used to determine the applicable retention period are as follows: personal data covered by this Notice will be retained for the time necessary (i) to manage the contractual relationship with the user, (ii) to handle complaints or specific requests from the user, (iii) to assert rights in legal proceedings, and (iv) for the period required by applicable legal provisions.
6. Communication, Disclosure and Transfer of Personal Data
Personal data will not be disclosed and may be communicated to competent authorities or to public or private entities in order to fulfill legal obligations.The personal data collected may be processed by third-party providers acting as data processors in connection with the services provided on behalf of the Company, based on specific contractual agreements, including for occasional maintenance operations and as necessary to perform services upon specific requests.Your personal data will not be transferred outside the European Union and/or the European Economic Area (“EEA”).The complete list of such entities or categories of entities is available at the Controller’s registered office and may be requested by sending a communication to the contact details indicated in paragraph 1 of this Notice.
7. Rights of the Data Subject
Within the limits provided under Article 2-undecies of the Italian Privacy Code, you have the right to exercise at any time the rights granted by Articles 15 to 22 and 77 of the GDPR, which are briefly summarized below:
- Right of access: you may request information about the processing we carry out on your data or confirmation as to whether the Controller processes your personal data. In such cases, you may ask us to provide a copy of your data and verify which data we hold.
- Right to rectification: you have the right to request the correction of your personal data if they are inaccurate, including the right to request the completion of incomplete personal data.
- Right to erasure: you have the right to request the deletion of your data (or part of them) that you have provided to us, including those that are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- Right to restriction of processing: you may request that we restrict the processing of your personal data when the legal conditions are met.
- Right to object: you may object to the processing of your personal data, without prejudice to the existence of overriding legitimate grounds for continuing such processing.
- Right to data portability: you may obtain from the Company, in a structured, commonly used, and machine-readable format, the personal data you have provided, in order to transmit them to another entity. This right applies when the Company processes such data by automated means, based on consent or for the purpose of providing services.
- Withdrawal of consent: where processing is based on consent, you may withdraw it at any time, without prejudice to the lawfulness of processing carried out before such withdrawal.
- Right not to be subject to automated decision-making: you may request not to be subject to processing based solely on automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right may not be exercised if: (i) the processing is necessary for entering into or performing a contract between you and the Controller; (ii) the processing is authorized by law; or (iii) the processing is based on your consent.
- Right to lodge a complaint with the Supervisory Authority: without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent Supervisory Authority if you believe that the processing carried out violates the applicable data protection laws.