Privacy policy

INFORMATION ON THE PROSSESSING OF PERSONAL DATA 
Pertaining to users of this website under article 13 of the Regulation (UE) 2016/679

Under Regulation (EU) 2016/679 (hereafter “Regulation”), this page describes how personal data is processed when users visit the website of the company Ducale S.r.l. (hereafter Company), accessible online at the following address: https://ducalevenezia.it

The information presented below does not apply to other websites, pages or online services that can be reached via links published on the website but referring to resources external to the Company.

SECTION 1 – IDENTITY AND CONTACT INFORMATION OF THE DATA CONTROLLER

After visiting the above-stated website certain information pertaining to identified or identifiable individuals might be processed. The data controller is Ducale S.r.l. Isola Nuova del Tronchetto 14, 30135 Venezia, VAT and tax code 03093840274, Phone 0415227255, Fax. 0415285723, acting through its pro tempore representative.

SECTION 2 – CONTACT INFORMATION OF THE DATA PROTECTION OFFICER

The Company has decided, under art. 37 of the Reg. (EU) 2016/679, not to nominate a data protection officer (DPO – Data Protection Officer) because it is not a public body and does not regularly or systematically monitor data on large scale, not even the data under articles 9 and 10. 

SECTION 3 – PERSONAL DATA CATEGORIES AND PROCESSING PURPOSES

Internet data

Computer programs and software procedures responsible for the functioning of this website acquire, in the course of their normal operations, certain personal data, which is transmitted implicitly during the use of internet communication protocols. This data category includes IP addresses or computer domain names and terminals used by individuals, URI/URL (Uniform Resource Identifier/locator) addresses of the requested resources, the time of request, the method used to make the request to the server, the file size obtained in response, the numeric code indicating the state of the response from the server (successful, error, etc..) and other parameters related to the operative system and the user’s computing environment. 
The data, necessary for the fruition of the website services, is treated in order to:

  • obtain statistical information on the use of the services (most visited pages, number of visitors by hour or daily, geographical area of origin, etc.);
  • monitor the correct functioning of the services offered.

The navigational data does not exist for more than 60 days and is erased immediately after its aggregation (except for when the judicial authorities request to check for crimes or offences.) 
 
Data provided by the user 
The optional, explicit and voluntary delivery of messages to the Company’s contact addresses, as well as the action of filling out and forwarding forms on the Company’s website, entail the acquisition of the sender’s contact information, necessary for replying, as well as personal information included in written communications.

Specific information will be published on the Company’s web pages set up for the provision of certain services.

Contact forms

The User, by filling out contact forms with personal Data, authorizes the website to use it to respond to requests for information, quotes, or any other indicated by the form.

Personal Data collected: last name; email; name; various types of Data. 

Cookies and other tracking systems

Technical session Cookies (not persistent) are used restrictedly to what is necessary for online safety and efficiency of the website. The storage of the session cookies in the terminals o in the browsers is under the control of the user, wherever on the servers, at the end of HTTP sessions, cookie information remains registered on service logs, with storage times lasting no more than seven days along with other online information.

Additionally, tracking cookies are used for anonymous statistical purposes.

Google Analytics with IP anonymized (Google LLC)

Google Analytics is an online analysis service provided by Google LLC (“Google”). Google uses Personal Data collected in order to track and examine the use of ducalevenezia.it, fill out reports and share them with other services developed by Google.

Google might use Personal Data to contextualize and personalize the ads of an individual’s advertising network.

This integration by Google Analytics anonymizes your IP address. The anonymization works by shortening the User’s IP address within the boundaries of the EU member states or other countries that adhere to the European Economic Area agreement. Only in exceptional cases, the IP address will be sent to Google’s servers and shortened in the United States.

Personal Data collected: Cookies; usage data.

Processing location: United States – Privacy Policy https://policies.google.com/privacy – Opt Out https://tools.google.com/dlpage/gaoptout?hl=en . Entity adherent to the Privacy Shield. 
 
Google Tag Manager (Google LLC)

Google Tag Manager is a tag management service provided by Google LLC.

Personal Data collected: Cookies; usage data.

Processing location: United States – Privacy Policy. Subject adherent to the Privacy Shield.

Viewing content from external platforms

This type of service enables to view and interact with content hosted on external platforms directly from the Company’s web pages. If this kind of service is installed, even if the Users don’t use the service, it is possible that it will collect traffic data from the pages where it is installed.

Widget Google Maps (Google LLC)

Google Maps is a map viewing service provided by Google LLC, which allows ducalevenezia.it to incorporate the content on its own pages.

Personal Data collected: Cookies; Usage data.

Processing location: United States – Privacy Policy https://policies.google.com/privacy. Subject adherent to the Privacy Shield.

Google Fonts (Google LLC)

Google Fonts is a font style viewing service run by Google LLC, which allows ducalevenezia.it to incorporate content on its own pages.

Personal data collected: Usage data; various types of Data as specified by the service privacy policy.

Processing location: United States – Privacy Policy https://policies.google.com/privacy. Subject adherent to the Privacy Shield.

Purpose

Apart from what was specified for online data and for technical cookies, the user is free to provide personal information through the use of appropriate forms present on the website in order to request a newsletter, informational material or other communications and, generally, for reasons indicated in the specific and corresponding forms. Failure to provide this information might result in not obtaining what is requested.

Processing of data occurs:

  • for purposes strictly connected and instrumental to the activity of Ducale S.r.l. and to the management of relations with customers, suppliers, individual users of vehicles and/or boats: namely, for example, acquisition of preliminary information upon the conclusion of a contract, performance of a service or one or more operations contractually agreed upon, payment operations or collection systems, debt or asset recovery, risk management, provision of ancillary services, etc;
  • for purposes connected to legal obligations, regulations, community legislation and instructions received from legitimate authorities.

Data is processed by Ducale S.r.l. employees as well as by external entities either in charge with the provision of such services or that carry out such tasks as “Processing officers,” as specified in a special register stored at the Company’s registered address.

SECTION 4 – GROUPS OF RECIPIENTS TO WHOM PERSONAL DATA MIGHT BE DISCLOSED

Ducale S.r.l. uses external entities to carry out its activity and provide certain services such as, for instance: insurance companies, car agencies, telecommunications companies, storage companies, consulting firms and market research companies, collection agencies, companies that provide services under the long-term lease agreement of vehicles without driver. Data collected can also be disclosed to the parent company or other companies connected to Ducale S.r.l. .

SECTION 5 – TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANIZATION OUTSIDE OF THE EUROPEAN UNION.

Personal data is processed by the Company within the European Union and is not disclosed and/or disseminated, except as otherwise required by law.

SECTION 6 – METHODS OF PROCESSING AND STORAGE TIMES OF PERSONAL DATA

Processing operations connected to web services on this website are treated only by technical staff in charge of processing. No data resulting from the web service is disclosed or disseminated. Personal data provided by the users that request information material is used only in order to perform the requested service and is disclosed to third parties only if necessary.

Personal data is processed with automated equipment for the time that is strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent loss of data, unlawful or incorrect uses and unauthorized access.

It should be mentioned that operating systems can acquire, in the course of their normal operations, certain data pertaining to the user, which transmission is implicit in the use of internet communications protocols, on smartphones and other devices used.

The information is not collected to be associated with identified individuals, but by its own nature can allow to identify users through calculations and associations with data managed by third parties. Data that falls under this category includes IP addresses or internet domain names of the computers used to visit the website, URI (Uniform Resource Identifier) addresses of the requested resources, time of request, method utilized in making the request to the server, the size of the file obtained, the numeric code indicating the status of the response generated by the server (successful, error, etc.) and other parameters related to the operating system and to the user’s IT environment.

This data category can be used:

  • to fulfil requirements dictated by national and community legislation, as well as instructions given by Control and Surveillance Bodies.
  • to ascertain responsibility in the case of hypothetical cybercrimes that could be harmful to the website or for assessment in case of any dispute.

Apart from these possibilities, data collected through the website persists on the servers for a maximum period of 12 months.

Furthermore, data is used to obtain anonymous statistical information on the use of the website and to monitor its proper functioning.

SEZIONE 7 – RIGHTS OF THE DATA SUBJECT

The interested party can exercise at any time the below-mentioned rights under the Regulation and contact the Data Controller by sending a request in writing to the certified email address ducalevenezia@pec.it

1. Access right

The interested party can obtain a confirmation from the Company if personal data is being processed or not and, in that case, obtain the access to the personal data and other information required under Article 15 of the Regulation, such as, for instance: purpose of the processing, the categories of Personal Data processed etc.

If requested, the Company can provide a copy of personal data that is being processed. For additional copies the Company can charge a reasonable fee based on administrative costs. If the request is presented by electronic means, and unless otherwise specified, the information will be provided by the Company in a commonly used electronic format.

2. Right to rectification

The interested party can ask the Company to rectify inaccurate personal data, as well as, taken into account the processing purpose, to add information if personal data is incomplete, providing a supplementary statement.

3. Right to erasure

The interested party can ask the Data Controller to erase personal data, for reasons laid down in Article 17 of the Regulation, such as, for instance, if personal data is not necessary anymore for what it was gathered or processed in the first place, or whenever the consent of data processing was withdrawn and there are no legitimate grounds for the processing.

The Company cannot proceed with the deletion of personal data of the interested party: if the processing is necessary to fulfil a legal obligation, to establish, exercise or defend legal claims.

4. Right to restriction of processing

The interested party can obtain the restriction of processing personal data in any of the circumstances laid down in Article 18 of the Regulation, such as, for example:

  • Dispute regarding the accuracy of one’s own personal data, for the time necessary for the Data Controller to carry out verifications;
  • Objection to data processing, pending necessary verifications by the Data Controller with regard to legitimate grounds for processing such data.

5. Right to data portability

If the processing of data is based on consent or is necessary for the execution of a contract or precontractual measures and the processing is carried out by automated means, the interested party can:

  • Request to receive personal data provided in a structured format, commonly used and legible by automated devices (such as: computer and/or tablet);
  • Transmit personal data to another subject Data Controller unhindered by the Company.

The interested party can also request that personal data be directly transmitted by the Company to another subject data controller. In this case, the interested party must provide accurate contact details of the new data controller that will receive such personal data, as well as a written approval.

6. Right to opposition

The interested party can oppose the processing of personal data at any time if the processing is carried out for public interest activities or for the pursuit of a legitimate interest by the Data Controller.

If the interested party decides to exercise the right to opposition described here, the Company will refrain from   processing such personal data any further, unless there are overriding legitimate grounds to proceed with the processing (overriding the interested party’s interests, rights and liberties), or unless the processing is necessary to establish, exercise or defend legal claims.

7. Automated decision-making procedure referring to individuals, including proliferation

The Company shall not adopt any automated decision-making procedures and shall not carry out any proliferation.

8. Right to lodge a complaint to the Guarantor Authority for personal data protection

Apart from the right to seek another administrative office or court, if the interested party believes that the processing of personal data by the Company is in violation of the Regulation and/or the applicable law, they can lodge a complaint to the Guarantor Authority for personal data Protection.


Each update of this Regulation will be announced promptly by electronic means and processing of the interested party’s data carried out by the Data Controller for purposes other than the ones specified in this document will also be announced before proceeding and carried out only after the consent of the Interested party when necessary.