Privacy Policy

3. Nature of the provision of data

The provision of personal data automatically provided by the User occurs by merely browsing the Website. Therefore, whether the User does not intend to provide any personal browsing data, he should not visit or otherwise use the Website or send requests or communications through the Website or give his consent when the option is proposed to him in accordance with the Privacy Legislation.

The provision of personal data voluntarily provided by the User is optional. However, failure to provide such data may result in the impossibility to receive replies to communications sent by any means to the Company through the Website.

4. Methods of data processing

The processing of Users’ personal data is carried out by means of the operations set out in article 4 GDPR and, in particular: the collection, recording, storage, retrieval, consultation, use, disclosure by transmission, restriction, erasure of data.

We also inform you that User’s personal data:

• will be processed in accordance with the principles of lawfulness, fairness and transparency;
• will be collected only for the legitimate purposes referred to in § 2;
• will be adequate, relevant and limited to what is necessary for the purposes for which they are processed;
• will be kept in a form that allows the identification of the User for a period of time not exceeding the achievement of the purposes and better defined under § 8 below;
• will be processed in such a way as to ensure adequate security from the risk of destruction, loss, alteration, disclosure or unauthorized access by means of technical and organizational security measures.

User’s personal data are processed by means of paper, automated or information technology tools as well as by adopting organizational methods and logic which are strictly related to the purposes of the processing.

The Company uses the most appropriate technological and security measures (information technology, physical, organizational and procedural) to ensure the security and confidentiality of the data processed.

The User acknowledges, however, that the disclosure of personal data by means of websites presents risks associated with the communication of such data and that no system is totally secure or tamper-proof or immune to information theft.

5. Access to data

The User’s personal data may be made accessible only for the purposes referred to in § 2 to the following authorized subjects: employees and collaborators of the Company or of its associated companies, subsidiaries and affiliates duly authorized by the Company.

6. Disclosure of data

The Company may, even without the express consent of the User and for the purposes referred to in § 2, disclose the User’s personal data to: supervisory and/or control bodies of the Company, judicial authorities and all other persons to whom disclosure of data is required by law for the achievement of the abovementioned purposes, as independent data controllers.

In addition, the Company may entrust certain personal data processing operations – carried out for the purposes referred to in § 2 above – to categories of third parties, specifically appointed, if necessary, as data processor by the Company, including, but not limited to:

• providers of the technical services of the Website;
• providers of the hosting service of the Website;
• IT companies responsible for the maintenance and management of the Website;
• communication agencies involved in any market research carried out by the Company using the anonymised browsing data of the Users;
• the companies which form part of the Smeralda Holding Group, to which the Company belongs (for management, statistical and data consolidation needs).

The User’s personal data will not be transferred to third parties other than those indicated in this Privacy Policy.

The User’s personal data will not be disseminated to the public or to indeterminate subjects.

7. Transfer of data outside the EU

User’s personal data will be handled and stored using Company’s or third party’s servers located within the European Union. In case the Company uses third party’s servers to handle and store data the third party will be appointed as data processor.

The User’s personal data will not be transferred to non-EU countries or international organisations.

Any transfer of the User’s personal data to non-EU countries or international organisations may only take place under the terms and with the safeguards provided by the Privacy Legislation.

8. Period of data storage

User’s personal data will be stored and processed until the end of the browsing session. After the end of the browsing session, personal data will not be stored and/or processed, for any reason whatsoever, for a period exceeding 24 months (the “Storage Period”), unless a different storage period is provided for under the applicable law.

At the end of the Storage Period your personal data will be deleted, unless there are further Company’s legitimate interests and/or legal obligations for which – following their prior minimisation -this storage of personal data is mandatory.

9. User’s Rights

Pursuant to the Privacy Legislation, the User shall always be granted the right to withdraw his consent, and may at any time exercise the following rights:

a) the “right of access” and specifically of obtaining confirmation as to whether or not personal data concerning the User are being processed, the communication of such data in an intelligible form as well as the following information:

1. 1. the purposes and methods of the processing of User’s personal data (including the existence of an automated decision-making, including profiling, referred to in article 22 par. 1 and 4 GDPR and, at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the User), the categories of personal data processed, the origin of the personal data, the period for which the personal data will be stored (where possible), or the criteria used to determine such period;
   2. the identification details of the Data Controller, the data processors and the representative designated pursuant to article 27 GDPR, of all subjects or categories of subjects to whom the personal data have been or will be disclosed on Italian territory, particularly if data will be disclosed to recipients from third countries or international organizations (in this case, the User is also entitled to be informed of the existence of adequate safeguards pursuant to article 46 GDPR);
   3. the existence of the right of the User to obtain from the Data Controller the rectification, erasure or restriction of the processing of personal data or to object to their processing;
   4. the existence of the right to lodge a complaint with the Italian Data Protection Authority (the “Garante Privacy”);

b) the “right to rectification”, which means the right to obtain the rectification of inaccurate personal data concerning the User or, if it is in his interest, the integration of personal data, from the Data Controller;

c) the “right to erasure” (or “right to be forgotten”), which means the right to request the erasure or the anonymization of personal data that were or have been processed unlawfully, including data whose storage is unnecessary for the purposes for which they were collected or further processed;

d) the “right of restriction of processing”, that is the right to obtain – from the Data Controller – the restriction of processing in certain cases provided for by the Privacy Legislation;

e) the right to request from the Data Controller the identification of the recipients to whom the Data Controller has notified any rectification, erasure, or restriction to the processing (carried out pursuant to articles 16, 17 and 18 GDPR, in compliance with the obligation to notify, unless it proves to be impossible or would involve a disproportionate effort);

f) the “right to data portability”, i.e. the right to receive (or transmit directly to another controller) personal data in a structured, commonly used and machine-readable format;

g) the “right to object”, which means the right to object, in whole or in part:

1. the processing of personal data carried out by the Data Controller for his own legitimate interest;
2. the processing of personal data by the Data Controller for the purposes of direct marketing or profiling.

In the above cases, where necessary, the Data Controller will inform the third parties to whom the User’s personal data were disclosed of any exercise of Users’ rights, unless it proves to be impossible or unduly burdensome.

10. Exercise of User’s rights and complaint to the Garante Privacy

Sending an e-mail at the following address: garante@gpdp.it, 

For further information, please visit the website of the Garante Privacy: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.

11. Data Controller and data protection officer

The Data Controller of the personal data collected and processed through this Website is CONSORZIO TRANSFERS IN VENICE , with registered office VENEZIA (VE) VIA PAOLO RENIER 5 CAP 30126

The Data Controller can be contacted by e-mail at the following address: [privacy@smeraldaholding.com].

The data protection officer is Data Protection Advisory S.r.l., domiciled for the assignments at the registered office of the Company (the “DPO”). The DPO can be contacted at the following e-mail address: dpo@DP-Advisory.eu.

12. Updates to the Privacy Policy

We inform you that this Privacy Policy will be subject to periodic updates which will be published on the Website.

Last Update: 2022