Privacy Policy by Oceanservice sas

Loc The Port Punta Ala

58040 Castiglione della Pescaia


Information pursuant to art. 13 of Regulation (EU) no. 679/2016 ("GDPR")

Oceanservice sas (hereinafter "Oceanservice"), owner of the site, protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of violation. As required by the European Union Regulation n. 679/2016 ("GDPR"), and in particular to art. 13, the user ("user") is provided below with the information required by law relating to the processing of his / her personal data.


Who we are and what data we process (art.13, 1st comma letter a, art.15, letter b GDPR)

Oceanservice sas, in the person of its legal representative pt, based in Punta Ala, Località il Porto, Castiglione della Pescaia operates as Data Controller and can be contacted at [email protected] and collects and / or receives information concerning the user, such as:

• Personal data name, surname, physical address, nationality, province and municipality of

residence, landline and / or mobile phone, fax, tax code, e-mail address (s)

• IBAN bank details and bank / postal details (except for the credit card number)

• Log traffic data, IP address of origin.

Oceanservice does not require the user to provide "special" sensitive data, or, according to the provisions of the GDPR (art. 9), personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person.

The Data Controller has appointed a Data Protection Officer -DPO who can be contacted for any information and request:

e-mail: [email protected]

Telephone: 0564 923264

For any information or request the user can contact the address

[email protected]

Telephone: 0564 923264


For what purposes we need user data (art.13, 1st paragraph GDPR)

The data are used by the Data Controller to follow up on the registration request and the supply contract for the purchased Product and / or the chosen Service, manage and execute the contact requests sent by the user, provide assistance, fulfill legal and regulatory obligations. which the Data Controller is required to work on. In no case Oceanservice resells

do not use the user's personal data to third parties for undeclared purposes.

In particular, user data will be processed for:

a) personal registration and requests for contact and / or information material

The processing of the user's personal data takes place to carry out the preliminary and consequent activities to the registration request, to the management of requests for information and contact and / or sending information material, as well as for the fulfillment of any other obligation arising.

The legal basis for these treatments is the fulfillment of the services inherent in the request for registration, information and contact and / or sending information material and compliance with legal obligations.

b) the management of the contractual relationship

The processing of the user's personal data takes place to carry out the preliminary and consequent activities for the purchase of a Product and / or Service, the management of the related order, the provision of the Service itself and / or the production and / or shipment of the purchased Product, the related billing and payment management, the handling of complaints and / or reports

to the assistance service and the provision of the assistance itself, the prevention of fraud and the fulfillment of any other obligation deriving from the contract.

The legal basis for these treatments is the fulfillment of the services inherent in the contractual relationship and compliance with legal obligations.

c) promotional activities on Services / Products similar to those purchased by the user (Recital 47 GDPR)

The data controller, even without your explicit consent, may use the contact data communicated by the user, for the purpose of direct sale of its Services / Products, limited to the case in which it concerns Services / Products similar to those covered by the sale, unless the user explicitly opposes it.

d) commercial promotion activities on Services / Products different from those purchased by the user

The user's personal data may also be processed for commercial promotion purposes, for surveys and market research with regard to Services / Products that the Owner offers only if the user has authorized the treatment and does not object to this.

This treatment can take place, automatically, in the following ways:

- email;

- sms;

- telephone contact

and can be done:

1. if the user has not revoked his consent for the use of the data;

2. if, in the event that the processing takes place by contacting the telephone operator, the user is not registered in the register of oppositions as per Presidential Decree no. 178/2010;

The legal basis of these treatments is the consent given by the user prior to the treatment itself, which can be revoked by the user freely and at any time (see Section III).

e) computer security

The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its suppliers (third parties and / or recipients), the User's personal data relating to traffic to a strictly necessary and proportionate extent to ensure the safety of the networks and information, i.e. the ability of a network or information system to withstand, at a given level of security, unexpected events or illegal or malicious acts that compromise availability, authenticity, integrity and confidentiality of personal data stored or transmitted.

The Data Controller will promptly inform the interested parties, if there is a particular risk of violation of their data without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relating to personal data breach notifications.

The legal basis for these treatments is compliance with legal obligations and the legitimate interest of the Data Controller to carry out treatments relating to the purpose of protecting the corporate assets and security of the offices and systems of the company Oceanservice sas.

f) profiling

The User's personal data may also be processed for profiling purposes (such as analysis of the data transmitted and the chosen Services / Products, to propose advertising messages and / or commercial proposals in line with the choices expressed by the users themselves) only in the event that the User has provided explicit and informed consent. The legal basis of these treatments is the consent given by the User prior to the treatment itself, which can be revoked by the User freely and at any time (see Section III).

g) Fraud prevention (recital 47 and art.22 GDPR)

 the User's personal data, with the exception of particular (Art 9 GDPR) or judicial (Art 10 GDPR) data, will be processed to allow checks for the purpose of monitoring and preventing fraudulent payments, by software systems that carry out a verification in automated way prior to the negotiation of Services / Products;

• passing these checks with a negative result will make it impossible to carry out the transaction; in any case, the User can express his opinion, obtain an explanation or contest the decision by motivating his reasons at the Customer Support service or by contacting [email protected];

 the personal data collected for anti-fraud purposes only, unlike the data necessary for the correct execution of the requested service, will be immediately deleted at the end of the control phases.

h) the protection of minors

The Services / Products offered by the Data Controller are reserved for subjects legally capable, on the basis of the national reference legislation, to conclude contractual obligations.

In order to prevent illegitimate access to its services, the Data Controller implements preventive measures to protect his legitimate interest, such as checking the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the data. identification documents of identity documents issued by the competent authorities.

Communication to third parties and categories of recipients (Article 13, 1st paragraph of the GDPR)

The communication of the User's personal data takes place mainly towards third parties and / or recipients whose activity is necessary for the performance of the activities related to the relationship established and to respond to certain legal obligations, such as:

External professionals / consultants and consultancy companies

• Administrative, accounting and related obligations to

contractual performance

• Compliance with legal obligations, exercise of rights,

protection of contractual rights, credit recovery

Credit and digital payment institutions, Bank / postal institutions

• Management of collections, payments, reimbursements related to the contractual performance

Financial administration, public bodies, judicial authorities, supervisory and control authorities

• Fulfillment of legal obligations, defense of rights; lists and registers kept by public Authorities or similar bodies on the basis of specific legislation, in relation to the contractual performance

* The Data Controller imposes on third parties its suppliers and Data Processors to comply with security measures equal to those adopted towards the User, restricting the perimeter of action of the Data Processor to the processing connected to the requested service.

The Data Controller does not transfer your personal data to countries where the GDPR is not applied (non-EU countries) unless specific indications to the contrary for which you will be previously informed and if necessary your consent will be requested.


Case in which the User does not provide his data identified as necessary for the purpose of execution

of the requested service (Art. 13, 2nd paragraph, lett. and GDPR)

The collection and processing of personal data is necessary to follow up on the requested services as well as the provision of the Service and / or the supply of the requested Product. If the User does not provide the personal data expressly provided as necessary in the order form or in the registration form, the Data Controller will not be able to carry out the processing related to the management of the requested services and / or the contract and the Services / Products connected to it, nor to the obligations that depend on them.

Case in which the User does not consent to the processing of personal data for the activities of

commercial promotion on services / products different from those purchased

In the event that the User does not give his consent to the processing of personal data for these purposes, said treatment will not take place for the same purposes, without this having effects on the provision of the requested services, nor for those for which he already has given consent, if required.

In the event that the User has given consent and should subsequently revoke it or oppose the processing for commercial promotion activities, your data will no longer be processed for these activities, without this leading to consequences or detrimental effects for the User and for the performance required.

Data processing (art.32 GDPR)

The Owner arranges the use of adequate security measures in order to preserve the confidentiality, integrity and availability of the User's personal data and imposes similar security measures on third party suppliers and Managers.

Where the data is processed

The User's personal data are stored in paper, IT and telematic archives located in countries where it is applied

the GDPR (EU countries).

Data retention time (art.13, 2nd paragraph, letter to GDPR)

Unless they explicitly express their will to remove them, the User's personal data will be kept until they are necessary with respect to the legitimate purposes for which they were collected.

In particular, they will be kept for the entire duration of your personal registration and in any case no longer than a maximum period of 12 (twelve) months of inactivity, or if, within this term, there are no Associates of the Services and / or purchased of the Products through the the registry itself.

In the case of data provided to the Data Controller for commercial promotion purposes for services other than those already acquired by the User, for which he initially gave consent, these will be kept for 24 months, unless the consent given is revoked.

In the case of data provided to the Data Controller for profiling purposes, these will be kept for 12 months, unless always revocation of the consent given.

Regardless of the determination of the User to remove them, personal data will in any case be kept according to the terms established by current legislation and / or national regulations, for the exclusive purpose of guaranteeing specific obligations

Furthermore, personal data will in any case be kept for the fulfillment of the obligations (e.g. tax and accounting) that remain even after the termination of the contract (art. 2220 of the Italian Civil Code); for these purposes, the Data Controller will retain only the data necessary for the relative pursuit.

Without prejudice to cases in which the rights deriving from the contract and / or from the registration of the registry were to be enforced, in which case the User's personal data, exclusively those necessary for these purposes, will be processed for the time necessary for their pursuit.

User rights (articles 15 - 20 GDPR)

The User has the right to obtain the following from the data controller:

a) confirmation that personal data concerning him or her is being processed and in this case, to obtain access to personal data and to the following information:

1. the purposes of the treatment;

2. the categories of personal data in question;

3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;

4. when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;

5. the existence of the User's right to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;

6. the right to lodge a complaint with a supervisory authority;

In order to ensure that the rights mentioned above are exercised by the User and not by third parties, not

authorized, the Data Controller may request the same to provide any additional information necessary for the purpose.

How and when the User can object to the processing of their personal data (Art. 21 GDPR)

For reasons relating to the particular situation of the User, the same can oppose at any time the processing of their personal data if it is based on the legitimate interest or if it occurs for commercial promotion activities, by sending the

request to the Owner at [email protected]

The User has the right to delete his / her personal data if there is no prevailing legitimate reason for the Data Controller with respect to the one that gave rise to the request, and in any case in the event that the User has opposed the treatment for commercial promotion activities.

To whom can the User make a complaint (Art. 15 GDPR)

Without prejudice to any other administrative or judicial action, the User can lodge a complaint with the competent supervisory authority on the Italian territory (Guarantor Authority for the protection of personal data) or with the one that carries out its duties and exercises its powers in the Member State where the violation of the GDPR occurred.

Each update of this Information will be communicated promptly and by appropriate means and will also be communicated if the Data Controller processes the User data for purposes other than those referred to in this Information before proceeding and following the manifestation of the relative consent of the User if necessary.