PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA OF USERS CONSULTING THE WEBSITES OF SEA-S S.r.l.

Pursuant to Articles 13 and 14 of EU Regulation 2016/679 and the Personal Data Protection Code (Legislative Decree No. 196/2003) as supplemented with the amendments of Legislative Decree No. 101/2018

This information is provided to users interacting with the web services of SEA-S S.r.l. accessible by electronic means from the following addresses: www.sea-s.it. The processing, in accordance with EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, in short GDPR), is based on the principles of correctness, lawfulness, transparency and protection of the confidentiality and rights of the user.

1. Data controller

The data controller is SEA-S S.r.l, hereinafter also referred to as “Data Controller”, with registered office in
Via Caravaggio, 13 - 17100 Savona.
The Holder may be contacted:
Tel.: 019.23.02.546
Mail: info@sea-s.it
PEC: sea-s.srl@pec.it

2. Data Protection Officer

The Data Protection Officer can be contacted by e-mail: sea-s.srl@pec.it

3. Type of data processed, purpose and legal basis for processing

The Data Controller shall process personal data for the purposes set out in Regulation (EU) 2016/679 (GDPR), in particular for the performance of its tasks, whether of public interest or otherwise connected with the exercise of its public powers, including the purposes of archiving, historical research and analysis for statistical purposes, and for the fulfilment of obligations laid down by law or regulation.
The Data Controller manages and provides numerous services, in various ways, and for each of them the type of data requested and the purposes of collection vary.
The legal bases of the processing operations are:
- Article 6(1)(e), EU Reg. No. 2016/679, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
- Art. 6 para. 1, lett. c, EU Reg. No. 2016/679, for the performance of processing operations necessary to comply with the legal obligations to which the Controller is subject;
- Art. 6 para. 1 lit. b, EU Reg. No. 2016/679, for the performance of a contract to which the data subject is a party or of pre-contractual measures.

4. Provision of data

Personal data are processed exclusively for the purposes that fall within the scope of SEA-S S.r.l.'s tasks, in accordance with Article 2 of the Articles of Association.
The computer systems and applications dedicated to the operation of this website detect, in the course of their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) not associated with directly identifiable users.
The data collected include the IP addresses and domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters concerning the operating system and the computer environment used by the user.
The provision of data may be compulsory, in which case failure to provide it will make it impossible to obtain the service or what has been requested.
In other cases, the provision of data is optional and the user is free to provide the personal data indicated in the request forms or in any case indicated in communications with SEA-S S.r.l. or in contacts with the offices.
Within the scope of these purposes, processing may concern data necessary for the management of relations with SEA-S S.r.l. as well as to enable effective communication or to fulfil any legal, regulatory or contractual obligations

5. Modalities of processing

The personal data provided are processed in accordance with the principles of lawfulness, purpose limitation and data minimisation, pursuant to Article 5 of the GDPR, mainly with the help of computerised and telematic tools to store and manage the data.
Data are collected in accordance with the principles of relevance, completeness and non-excessiveness in relation to the purposes for which they are processed.

6. Data retention

The data will be processed for as long as necessary for the provision of the performance or service and, after the conclusion of the procedure or service provided, the data will be retained in accordance with the rules on the retention of administrative documents

7. Disclosure of data - recipients

Within the scope of the above-mentioned purposes, the personal data processed may be disclosed to the Data Processors and Internal Data Processors, appointed by the Data Controller and duly instructed by him.
The data may be disclosed to third parties only in the cases provided for by the general or sector regulations in force, and indicated in the detailed information of each service.
Apart from the aforementioned cases, personal data are in no way and for no reason communicated or disclosed to third parties.

8. Rights of the data subject’

Regulation, EU, No. 679/2016, gives Data Subjects the possibility to exercise specific rights:- the right of access (Article 15), i.e. the right to receive a copy of the personal data being processed;
- the right of rectification (Article 16), i.e. the right to have inaccurate personal data concerning him/her corrected without undue delay;
- the right to erasure - to be forgotten (Article 17), i.e. the possibility to delete personal data concerning the direct data subject;
- the right to restriction of processing (Article 18);
- the right to data portability (Article 20), i.e. the possibility to transfer one's personal data to another data controller without hindrance;
- the right to withdraw consent at any time (Article 7(3));
- the right to lodge a complaint with the supervisory authority (Garante per la Protezione dei Dati Personali) in the event of a data processing breach (Article 77);
- the right to a judicial remedy in case of unlawful data processing (Article 78).
The Data Subject may exercise his or her rights at any time by sending a registered letter with advice of receipt to the address of the Data Controller indicated in point 1, or by contacting the Data Protection Officer (D.P.O.) indicated in point 2.