Privacy policy

The European Legislation No. 2016/679 concerning the protection of personal data (hereinafter "Privacy Regulation or EU Regulation") and the Legislative Decree 30th June 2003 No. 196 "Code regarding the protection of personal data" (hereinafter the "Code") provide for the right to the protection of personal data and ensure its processing in compliance with fundamental rights and freedoms, as well as the integrity of the person in question, with particular focus on confidentiality and security, personal identity and the right to protect personal data.

“Processing” of personal data is understood as, pursuant to article 4, paragraph 1, No. 2 of the Privacy Regulation, any operation or set of operations, performed with or without the aid of automated processes applied to Personal Data or sets of Personal Data, including collection, registration, organisation, structuring, storage, adaptation or the modification, extraction, consultation, use, communication by transmission, diffusion or any other form of provision, comparison or interconnection, limitation, cancellation or destruction.

The San Lorenzo S.p.a, located in Ameglia (SP) - Via Armezzone No. 3, 19031, VAT Number 01109160117, in its capacity as Data Controller (hereinafter the "Data Controller"), in the person of the legal representative pro tempore, pursuant to and by effect of article 13 of Privacy Legislation No. 2016/679, we hereby

The user/visitor of the site, subsequently referred to as the interested party, in relation to using the website www.sanlorenzoyacht.com (the "Site") and the potential communication of personal data and contact details through forms present on the same, that personal data provided shall be treated in accordance with what is outlined in the following report:

The Data Controller may gather information on the Interested party when they are browsing the Site, in the following ways:

a) Browsing data

During their normal operation, the computer systems and software procedures used to operate this website gather various personal data whose transmission is implicit in use of Internet communication protocols. This data category includes: the IP addresses, the browser type used, the operating system, the domain name and the website addresses it was accessed from, information on pages visited by users within the site, the access time, the period stayed on each single page, the internal path analysis and other parameters related to the operating system and the user's computer environment. This also includes, where accepted by the visitor, the cookies (for see the specific section 5 of this report).

b) Data provided by the visitor/user

This is all the personal data provided by the user on the Website: (1) by filling out the contact form provided therein and/or by telephoning/sending e-mail to the addresses indicated by the Data Controller in the "contacts" and/or (2) filling out the form for job applications, available via the following link https://www.sanlorenzoyacht.com/it/opportunita-di-lavoro/lavora-con-noi-1.asp, where the applicant can enter information in the appropriate spaces for personal data, along with their CV, photo and a short cover letter.

The processing of personal data, which is collected through the Site and provided voluntarily by the Data Subject and bound by this report, shall be managed on the principles of correctness, lawfulness and transparency, protecting your privacy and the rights of the data subjects in accordance with the procedures established by the company's Data Controller to guarantee the safety of all processing.

a) Main purpose:

The processing of personal data gathered and/or communicated by the Interested parties shall be mainly for the following basic purposes, pursuant to and for the purposes of Article 6, paragraph 1, letter b), c) and f) of the Privacy Regulations:

• provide the interested parties with the functionalities and information present on the Website in a format suited to their needs and/or to the specifications of the respective internet browsers;
• provide the interested parties with support and information on the services of the Data Controller;
• keep information in the company files up-to-date, and available to the Company employees responsible for the processing;
• provide interested parties with the opportunity to apply for any "open positions" featured by the company

b) Additional purposes - marketing:

The data collected may also be processed by the company, subject to the explicit and free consent of the interested party pursuant to Article 6, paragraph 1, letter a) of the Privacy Regulation, for the following additional aims:

• the sending of promotional communications and advertising material, the offer of products and/or services or those of third parties, the carrying out of surveys and market research, by any means including in particular use of telephone operators and/or automated systems (e.g. SMS, MMS, fax, autoresponder, push notifications, social media);
• for profiling purposes, to allow the processing and completion of studies and statistical and market research, to enable the creation/defining of the profile, as well as analyse: the preferences, habits, needs and/or consumption habits of the Interested party, to offer a more personal service tailored to their needs, as well as personalised promotions and discounts;
• the transfer of personal data to other companies, distinct from the San Lorenzo company, holding commercial partnership contracts, with the aim sending promotional communications and advertising material, offering products and/or services or those of third parties, the completion of surveys and market research, by any means including in particular using telephone operators and/or automated systems (e.g. SMS, MMS, fax, autoresponder, push notifications, social media)

 

Personal data may be processed either in hardcopy or using IT tools in compliance with the provisions outlined on the protection of personal data. In particular regarding the security measures, pursuant to article 32 of the Privacy Regulation and by complying with all precautionary measures that can meet the required level of confidentiality and security.

All the data subject of this information shall be processed and stored by the Data Controller and by those appointed as Data Processors, and/or expressly authorised for processing by the Data Controller, in compliance with the principle of proportionality, for the time period strictly necessary for each purpose identified, which is deemed to be a maximum of 24 months from the last contact, always subject to the storage/archiving criteria for additional periods if foreseen by the current legislation regarding criminal, fiscal and financial matters (which envisage a maximum time of 10 years from their gathering and/or ending of the relative aim) and/or if requested by the relevant Authorities concerned. This specific processing is based on the meeting of legal obligations and on the legitimate interest of the Owner to exercise their rights (Article 6, paragraph 1, letter c) and f) of the EU Regulation).

The provision of data for the purposes referred to in Article 2, lett. a) of this information is mandatory for the proper functioning of the Site, as it required to meet the legal obligations in place, as well as by the Owner, in exercising their legitimate interests (Article 6, paragraph 1, lett. c) and f) of the EU Regulation). However, the Site user has the choice of denying consent to the installation of cookies in the manner outlined in the relevant article 5 of this report.

The provision of data for the purposes referred to in art. 2, lett. b) of this information is completely voluntary and not mandatory, and requires consent from the interested parties with explicit acceptance of this information for the processing. Failure to provide the data accompanied by the relative consent to the processing shall mean the Owner is unable to respond/manage any potential requests for support and/or contact.

The data collected shall also be processed by the Company so as to exercise its legitimate interests, pursuant to Article 6, paragraph 1, letter f) of the Privacy Regulation, to promote its services to users who have already used it, through the sending of periodic informative and/or commercial communications, without prejudice to the users' right to oppose the processing at any time, pursuant to article 18 of the Privacy Regulation. It is understood that this processing is carried out in compliance with the provisions of article 130, paragraph 4 of the Privacy Code

If the Data Subject does not provide consent and/or provides only part of the data requested or provides inaccurate and/or incomplete data, it shall not be possible for the Data Controller to carry out any processing. Therefore, no responses can be provided and the interested party shall not be contacted by the owner.

Strictly in relation to the purposes indicated above and for the consents provided the personal data collected may be communicated to the following subjects or subject categories:

• to consultants (both natural and legal persons) or suppliers to whom the Data Controller may delegate tasks for the carrying out of various outsourced activities;
• to potential other users, to whom the current legal and/or contractual regulations outlines the duty to notify, in compliance with the provisions under the current legislation.

Personal data may be disclosed to company employees and/or collaborators specifically authorised for processing in accordance with Article 29 of the EU Regulation.

All the processing carried out by third parties with respect to the Owner who are employed by the organisation shall be duly authorised by the Owner itself, after delegating the third party as Data Processor, pursuant to article 28 of the EU Regulation. All processing shall be carried out in compliance with the regulations on security and privacy. Personal data collected will not be released, unless this is required by a legal provision or regulation or by EU legislation.

The Provision of the Guarantor for personal data protection No. 229 of 8th May 2014, published in the G.U. No. 126 of 3rd June 2014, requires all website operators that use cookies or other monitoring technologies to inform users about the cookie types used by the site. Cookies have been defined into two macro-categories: "technical" cookies and "profiling" cookies.

• Technical Cookies.
  
  Technical cookies are those used for the sole purpose of carrying out the sending of communications over an electronic network, or as strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide the service (see article 122, paragraph 1 of the Code).
  

  
  They are not used for other purposes and are normally installed directly by the website's Controller or operator. They can be divided into browser or session cookies, which guarantee the normal browsing and use of the website (for example, allowing purchases to be made or obtaining authentication to access restricted areas); analytics cookies can be defined as technical cookies in being used directly by the site operator to collect information on the number of users and how they visit the site in aggregate form. Functional cookies instead enable the user to browse based on a set of selected criteria (for example, the language, products selected for purchase) so as to improve the quality of the service provided.
  
  For installation of said cookies prior consent of users is not required. However, users must be granted the option of not saving them.

• Profiling cookies
  
  Profiling cookies are designed to create profiles relative to the user and are used to send advertising messages tailored to the preferences shown by the user when online. Given that such devices can be particularly invasive in terms of user privacy, Italian and European legislation requires users to be properly informed about use of the same. This is why their valid consent is required before being saved. 
  
  This is referred to in article 122 of the Code, which outlines "the storage of information in the terminal equipment of a contractor or a user or the access to information already stored is only permitted on the condition that the contractor or the user has given consent, after having been informed using the simplified procedures of art. 13, paragraph 3" (art. 122, paragraph 1 of the Code).

In the same Provision 229/2014, the Guarantor has also categorised cookies depending on the subject acting as the owner of the personal data processing collected by the cookie, with a distinction between first-party cookies and third-party cookies.

1. First-party cookies.
   
   These cookies are managed by the site owner. For these cookies, the requirements outlined in the report are the responsibility of the site owner. The latter is also responsible for indicating the potential methods for blocking said cookies.
   
   
2. Third-party cookies
   
   These cookies are managed by a third-party not the site owner. For these cookies, he requirements outlined in the report and their potential blocking are the direct responsibility of the third party managing them. The site owner is instead obliged to display on their site a link to the site of said third party where these elements are available.

For both types of cookies (first-party or third-party) the required consent, necessary if the cookie is a profiling one, is executed via a specific banner on the home page of the site.

A list of all the cookies used by the Site is set out below this Cookie Policy.
The first group lists the so-called technical cookies, use of which, as mentioned above, does not require the user's consent.

If present on the Website, the profiling cookies are listed in the second group. For both groups, the following information is reported for each cookie type:

• Name of the cookie
• Function of cookies
• Notification if first-party or third-party cookies
• If the cookie is first-party, information on how to block it
• If the cookie is third party, information on the link through which you can reach the third party site displaying the third party information about the personal data processing collected through the cookie and an explanation on how to block the cookie.

It is reiterated that any blocking of technical cookies could compromise the correct functioning and use of the Website.

This website may contain links or references to access other websites. Since the Company does not control the cookies/monitoring technologies of other websites, this Cookie Policy shall not apply to them.


Technical cookies

Sanlorenzoyacht.com

Cookies necessary to allow browsing on the Site, for the purpose of internal security and system administration

Session and permanent Or session

It is also possible to change the browser settings to accept or reject this type of cookie. Please refer to the instructions provided by the specific browser used

Profile cookies

Doubleclick.net

Audience profiling

Permanent and profiling

It is also possible to change the browser settings to accept or reject this cookie type. Please refer to the instructions provided by the specific browser used

Third-Party Cookies

-  Google Analytics - permanent and profiling cookies, cookies for the Google Analytics service. Detailed information: google.com/policies/privacy - configuration tools: tools.google.com/dlpage/gaoptout?hl=it;

- Facebook.com - permanent cookies, installed to include the Social buttons on the Website pages. Detailed information: facebook.com/help/cookies; for the configuration tools, the user must log-in to their Facebook account;

- Twitter.com - permanent cookies, installed to include the Social buttons on the Website pages. Detailed information: support.twitter.com/articles/20170514 - configuration tools: twitter.com/settings/security;

- Google + - Permanent cookies, installed to include the Social buttons on the Website pages. Detailed information: google.it/intl/it/policies/technologies/cookies- configuration tools: google.it/intl/it/policies/technologies/managin;

- Linkedin.com- permanent cookies, installed to include on the Website pages the Social buttons. Detailed information: linkedin.com/legal/cookie-policy- configuration tools: linkedin.com/settings;

- Maps.google.com - permanent cookies, required for adding maps to the Site. Detailed information: google.com/policies/privacy/;

- Google.com/fonts - permanent cookies, required for importing fonts in the Website. Detailed information: google.com/policies/privacy/.

7. RIGHTS RECOGNIZED TO THE INTERESTED PARTY

At any time, the Data Subject may exercise their rights, vis-à-vis the Data Controller or the Data Processor, pursuant to Chapter III (articles 12-22) of the Regulation.

In particular, the Interested parties have:

1. the right to receive information regarding:
   1. the source of their personal data;
   2. processing aim and processing method;
   3. the logic applied when data is processed with use of electronic equipment;
   4. the owner's identification details, of the managers and the designated representative where the State has jurisdiction, where applicable;
   5. the subjects or subjects categories to whom the personal data may be communicated, or who can learn about them in their capacity as appointed State representatives, managers or data processors.
2. The right to access personal data in the form of paper files and/or electronic archives;
3. the right to request rectification, updating and cancellation, if the data is incomplete or erroneous, and to oppose their processing for legitimate and specific reasons;
4. the right to request correction of inaccurate personal data without undue delay. Taking into account the aim of the processing, including the right to obtain the integration of incomplete personal data, potentially issuing a specific supplementary declaration;
5. the right to obtain the cancellation of personal data pertinent to them without undue delay if there is one of the reasons set out in art. 17, paragraph 1 of the EU Regulation;
6. the right to oppose the processing and/or to seek limitation of the processing when one of the situations detailed under art. 18, paragraph 1, of the EU Regulation;
7. the right to issue a complaint to the supervisory authority for Italy, the Guarantor for the Protection of Personal Data, using the means outlined on the institutional website www.garanteprivacy.it;
8. the right to portability of data within the criteria and methods detailed by art. 20 of the EU Regulation.

The rights summarised above can be exercised with a written request to the addresses included in this report.