Information on personal data protection
The table below gives a brief summary of the content of the information notice subsequently provided.
|Data Controller||Grimaldi Group S.p.A. (hereafter, “Data Controller” or “Company”)|
|Data transfer||Possible, with adequate guarantees in place to protect the data subject’s rights|
|Data subject’s rights||a. to access personal data;
b. to obtain the rectification or deletion of data or to limit the processing thereof;
c. to object to the processing of personal data;
d. to obtain the portability of such data;
e. to lodge a complaint with the competent supervisory authority (e.g. Data Protection Authority).
The rights as per letters a) to e) can be exercised by writing to: firstname.lastname@example.org.
The processing operations concern:
- the applicant’s contact details;
- any personal data spontaneously provided by the applicant when completing the “notes” section of the form.
- information regarding mobility restrictions;
- information regarding your disabilities
- data provided by you, if any, about special needs related to your state of health.
- to manage requests for quotes.
- processed according to the principles of lawfulness, transparency and fairness;
- collected and recorded for specific, explicit and legitimate purposes (“purpose limitation”);
- adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
- accurate and kept up to date (“accuracy”);
- kept for no longer than is necessary for the purposes for which the personal data are processed (“storage limitation”);
- processed using instruments that ensure the security and confidentiality of the personal data, including protection against unauthorised or unlawful processing and against loss, destruction or damage, or accidental damage (“integrity and confidentiality”).
|Data||Storage times||Purpose of storage|
Data belonging to special categories
|10 years from issue of the quote||For legal defence purposes in the case of possible disputes raised by the applicants|
The legal basis for the processing of data belonging to special categories lies in the data subject’s consent (Art. 9, section 1, GDPR), provided by the data subject at the moment of freely and spontaneously communicating such data to the Data Controller, so that the latter might take such into consideration when preparing the quote.
With reference to EU countries, your data may be disclosed to the port authorities, judicial authorities, and police forces, shipping agents and terminals situated in Spain, Greece, Germany, Belgium, Ireland, Portugal, Cyprus, Sweden and Denmark.
As regards extra EU countries, data may be transferred to said addressees operating in Great Britain, Tunisia, Morocco, Turkey, Israel, Brazil, Uruguay, Argentina, Senegal, Benin, Nigeria, Ghana, Ivory Coast, the USA and Canada.
In particular, the communication of your data to shipping agents is envisaged since the same act as representatives of the shipowner in forwarding data to the Authorities.
With reference to the terminals, however, there is an obligation under which the same must carry out particular checks on persons and things intended for boarding or disembarking. This means that the shipowner is obliged to communicate passenger data to the terminal in advance, which in compliance with the security procedures is required to communicate the data received to the Competent Authorities (e.g. Port Authorities, Financial Police Force and Customs).
In addition, Grimaldi Group S.p.A. may communicate the passenger data to the Authorities mentioned above directly.
With reference to transfers that may take place in countries like Israel, Uruguay, Argentina, the USA and Canada, the European Commission has ruled that the transfer shall be legitimate by specific decision of adequacy in accordance with Article 25, paragraph 6 of Directive 95/46/EC.
In other countries, however, where the GDPR applies, data transfer will be regulated in accordance with the principles established by the Regulation in the contractual relations carried out by the Company.
- Law firms, if disputes should arise.
- Companies, including those belonging to the Grimaldi Group, providers of other audit services, data analysis, market research and customer satisfaction surveys.
We may also disclose your personal data if we establish in good faith that said disclosure is reasonably necessary in order to enforce and protect our rights and activate available remedies.
- to access personal data, requiring that such data be made available to you in an intelligible form, as well as the purposes of the processing (former Art. 15);
- to obtain the rectification (former Article 16) or the erasure (former Art. 17) of the same or the limitation of processing (former Art. 18);
- to data portability (pursuant to Art. 20);
- to object to data processing (pursuant to Art. 21);
- to lodge a complaint with the competent supervisory authority.
In this regard, please also note that the Data Protection Officer appointed by the Company can be contacted by e-mail at DPO@grimaldi.napoli.it
The provision of data belonging to special categories is optional. However, if such data is provided, the Company can: better satisfy your requirements and provide the assistance needed; apply the special discounts, where pertinent- in the cases and in the manner foreseen.
Regarding such matter, we remind you that, without prejudice to the lawfulness of processing based on consent before withdrawal, you may at any time withdraw the consent given by sending a request to the e-mail address: email@example.com or by using the channel indicated in the communications you receive, i.e. by clicking on the relevant link in the e-mails sent to you.