Company Information and Privacy Policy

PRIVACY POLICY

This privacy policy describes how this website is managed with reference to the processing of personal data of users who consult it, as well as the data processing practices transmitted by the data subject to the Data Controller through this site.

In compliance with articles 13 (for data collected from the data subject) and 14 (for data not collected from the data subject) of Regulation (EU) 2016/679 (GDPR), the following information is provided to Users of this Website, which refers exclusively to processing carried out through this Website and not through other websites possibly visited via links from this one, for which we suggest viewing the relevant information provided by the respective Data Controllers.

This Website and the services possibly offered through the Website are reserved for subjects who have reached the age of eighteen. The Data Controller therefore does not collect personal data relating to subjects under 18 years of age. Upon request from such Users, the Data Controller will promptly delete all personal data inadvertently collected.

1. Data Controller

Yacht Play S.r.l with registered office in Via Mercè, 53 91100 Trapani VAT 12056531002 (hereinafter "Data Controller"), as data controller of the personal data of users of the site cortilemerce.it (hereinafter, "Users") provides the following privacy policy pursuant to art. 13 of Legislative Decree 196/2003 (hereinafter, the "Privacy Code") and pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter "Regulation", the Regulation and the Privacy Code are together defined as "Applicable Legislation").

The Data Controller reserves the right to appoint as Data Processor of personal data managed for technical assistance, maintenance, technical management and similar purposes of this Site a web agency or consultant, whose details may be communicated upon request to the addresses indicated above. The Data Controller and the Data Processor process Users' data also through their internal Appointees, specifically designated and equipped with instructions for the correct processing of personal data, including verbally.

The Data Protection Officer can be contacted by email: cortilemerce@gmail.com 

2. Purpose of processing

The personal data of Website Users, as described above, will be processed in the ways and forms prescribed by the GDPR, for the performance of the functions of the Website, with particular, but not exclusive, reference to the data collection procedures described therein, contact forms, any registration/access to reserved area procedures, newsletter subscription and similar.

In particular, the personal data provided to the Data Controller will be processed for the following purposes:

• browsing this website
• for the management and processing of statistical surveys on the use of the Site;
• to carry out the maintenance and technical assistance necessary to ensure the correct functioning of the Site and related services;
• to improve the quality and structure of the Site, as well as to create new services, functions and/or features of the same;
• to process any contact request submitted by the User through the completion of the appropriate form or by email;
• to comply with legal or regulatory obligations.

The data held by the site owner (emails and names of any contacts) are kept in computers and are accessible only to the owner and protected by access passwords and antivirus and external intrusion systems.

3. Methods of processing

The processing of Your personal data is carried out through the operations indicated in art. 4 paragraph 2 of the Regulation and specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data is subject to both paper and electronic and/or automated processing.
The Data Controller will process personal data for the time necessary to fulfill the above purposes until Your request for cancellation from the lists, which You can make freely at any time.

4. Legal basis of processing

The processing of personal data is based on the right to information, on the fulfillment of contractual obligations or social contact, or where necessary on consent through the free and informed completion of the appropriate information fields in the dedicated form.

5. Legitimate interest of the Data Controller

The processing of personal data is also based on the legitimate interest of the Data Controller, such as the exercise of its rights in the context of the information society, the performance of contractual services and the implementation of direct marketing operations.

6. Access to data

Data may be made accessible exclusively for the above purposes to the following parties:

• Data Controller (site owner) in his capacity as internal appointee/authorized person and/or internal data processor and/or system administrator and any additional internal appointees/authorized persons specifically indicated by the Data Controller.
• Third-party companies or other subjects who carry out outsourcing activities on behalf of the data controller (e.g. email service provider, web agency, advertising agency, webmaster) in their capacity as external data processors pursuant to article 29 of the Code on the protection of personal data.

7. Communication of data

Without the express consent of the User (pursuant to art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate the User's data for the Service purposes referred to in art. II.1) to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom communication is mandatory by law for the performance of said purposes, as autonomous data controllers.
Users' data will not be disseminated.

8. Data transfer

Personal data is stored on servers located within the European Union. However, it is understood that the Data Controller, if necessary, will have the right to move servers outside the EU as well. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with applicable legal provisions, following the stipulation of the standard contractual clauses provided by the European Commission.

9. Third-party websites

Please note that, should the Site contain links to third-party websites, the Data Controller cannot exercise any control over the content of such websites nor has any access to the personal data of users visiting them.
The owners of the aforementioned websites will therefore remain the sole and exclusive controllers and processors of their users' personal data, with the Data Controller remaining extraneous to such activity as well as to any possible liability, damage, cost that may arise from its failure or incorrect performance.

10. Retention period

Processing will be carried out in automated and/or manual form, with methods and tools aimed at guaranteeing maximum security and confidentiality, by subjects specifically appointed for this purpose. In compliance with the provisions of art. 5 paragraph 1 lett. e) of EU Reg. 2016/679, the personal data collected will be kept in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data is processed. The retention of personal data provided depends on the purpose of processing:

• browsing this website (session);
• for contact requests, information and bookings (maximum 1 year);
• receiving newsletters or promotional communications in general via email (criteria available in the data retention policy);
• fulfillment of contractual, legal and administrative-accounting obligations (maximum 10 years, except for longer or shorter terms established by law);

11. Users' rights

The User will have the right to exercise the rights referred to in art. 7 Privacy Code and art. 15 GDPR.

In particular, the User has the right at any time to obtain from the Data Controller confirmation of the existence or otherwise of personal data concerning him, even if not yet registered, and their communication in intelligible form.

In relation to the processing described in this Privacy Policy, the data subject may, under the conditions provided by the GDPR, exercise the rights established by articles 15 to 21 of the GDPR and, in particular, the following rights:

• right of access – article 15 GDPR: right to obtain confirmation that processing of personal data concerning him is or is not being carried out and, if so, obtain access to his personal data, including a copy thereof.
• right of rectification – article 16 GDPR: right to obtain, without undue delay, the rectification of inaccurate personal data concerning him and/or the integration of incomplete personal data;
• right to erasure (right to be forgotten) – article 17 GDPR: right to obtain, without undue delay, the erasure of personal data concerning him.
• right to restriction of processing – article 18 GDPR: right to obtain restriction of processing, when:

1. the data subject contests the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of such data;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use;
3. the personal data is necessary for the data subject for the establishment, exercise or defense of legal claims;
4. the data subject has objected to processing pursuant to art. 21 GDPR, pending verification of whether the controller's legitimate grounds override those of the data subject.

• right to data portability – article 20 GDPR: right to receive, in a structured, commonly used and machine-readable format, the personal data concerning him provided to the Data Controller and the right to transmit them to another controller without hindrance, where processing is based on consent and is carried out by automated means.
• right to object – article 21 GDPR: right to object, at any time, on grounds relating to his particular situation, to processing of personal data concerning him based on the lawfulness condition of legitimate interest or performance of a task in the public interest or exercise of official authority, including profiling, unless there are compelling legitimate grounds for the Data Controller to continue processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Furthermore, the right to object at any time to processing where personal data is processed for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing.

The above rights may be exercised, with respect to the Data Controller, by contacting the references described above.

The exercise of rights as a data subject is free pursuant to article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, including due to their repetitive nature, the Data Controller could charge you a reasonable fee, in light of the administrative costs incurred to manage the request, or refuse to satisfy your request.

12. Right to withdraw consent

It is possible to withdraw this consent at any time through

• sending an email to the Data Controller's address cortilemerce@gmail.com;
• express communication at the Data Controller's office.

13. Complaints

The data subject has the right to lodge a complaint with the Italian Data Protection Authority, Piazza di Montecitorio n. 121, 00186, Rome (RM)

Cookies are text files that contain information that is stored on your computer or mobile device every time you visit an online site through a browser. On each subsequent visit, the browser sends these cookies to the website that originated them or to another site. Cookies allow sites to remember certain information to allow you to browse online in a simple and fast way.

There are two main types of cookies: technical cookies and profiling cookies.

Technical cookies are used to improve the user experience of the site. These include: web analytics cookies that collect data in aggregate form; navigation or session cookies, which manage normal navigation and use of the website; functional cookies, which allow navigation based on criteria selected by the user in order to improve the service provided (such as language or recognition of access to the site following the first). In any case, navigation data (IP address) is anonymized.

Profiling cookies are aimed at creating profiles relating to the user and are used to send advertising messages in line with the preferences expressed by the user during online browsing.

The use of profiling cookies requires the consent of the data subject. In the case of third-party cookies, this site does not have direct control of individual cookies and cannot control them. However, you can manage these cookies through the instructions provided further on. Cookies have a duration dictated by the expiration date or by a specific action such as closing the browser.

Cookies can be:

• temporary: used to store temporary information, they allow actions performed during a specific session to be linked and are removed from the computer when the browser is closed;
• permanent: used to store information so that it is remembered in the user's subsequent sessions. These remain stored on the computer even after closing the browser.

• technical cookies, aimed at improving the functioning and your browsing experience of this site.
• analytics cookies, in particular Google Analytics to collect statistical information about the use of the website by users. The information generated relating to our website is used to create reports on the use of the site itself to improve its usability, functionality, interface, communication. Google's privacy policy is available at the following address: https://www.google.com/privacypolicy.html. 

• Google Privacy Policies and Principles
• Behavioral Advertising Opt-Out Policies
• Ads Preferences Management

• through the browser (from settings)
• by requesting opt-out from third parties

• Edit Cookies, a Google Chrome extension that allows you to verify, analyze, manage, enable, disable cookies used on the website
• Cookie Audit Tool, generate information about cookies and allows you to know if any third parties are inserting cookies on your site without you noticing
• Using the Chrome browser it is also possible to inspect the presence of cookies by selecting the option that appears by right-clicking on the portion of the site of interest ("inspect element">Audits).