On this site we use technical, analytics and, subject to your consent, third-party cookies from selected partners. By clicking " Agree" you consent to receive all marketing cookies. By clicking "Decline", we will not include any marketing cookies. If you would like more information on how active cookies work on the site click here.

Privacy Policy

 

Privacy Policy

This document aims to provide users of the website www.misterferry.co.uk with information regarding the processing of personal data.

LEGAL REFERENCES

  • Legislative Decree No. 196 of June 30, 2003- “Code on the Protection of Personal Data” as amended by Legislative Decree 101/2018.
  • Regulation (EU) 2016/679 – GDPR (General Data Protection Regulation).

DATA CONTROLLER AND DATA PROTECTION OFFICER

The Data Controller for personal data processing is Prenotazioni 24 S.r.l., with its registered office at Via Bonistallo, 50/b - 50052 Empoli (FI), and operational headquarters at Portoferraio, Casa del Duca 1 - 57037 (LI), Tax Code and VAT Number: 01512130491.

We inform you that your data will be processed while safeguarding your privacy and rights, in full compliance with current legislation on the protection of personal data. The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted for any information or requests at the following email address: dpo@prenotazioni24.it.

TYPES OF DATA PROCESSED

The personal data processed by Prenotazioni24 are limited to those necessary for booking services provided by ferry companies with whom it acts as a reseller. Examples of the types of information that may be processed include, but are not limited to: name, surname, address, phone number, tax identification number, email address, identification documents, vehicle license plate (if applicable) and bank or payment information.

Sensitive or judicial data is not generally processed; if necessary, it will only be carried out with prior consent (Art. 9 and 10 EU Regulation 2016/679).

PURPOSES OF DATA PROCESSING AND LEGAL BASIS

The Data Controller processes personal and identifying data solely for the purpose of providing the requested service, namely the booking of maritime transport services, and informs you about the processing of your personal data and your rights to ensure that you can knowingly give your consent, where required.

Our service consists of the primary activity, namely intermediation on behalf of the consumer to facilitate the booking of maritime transport services, which is completed upon the issuance of the ticket through the booking systems of the maritime companies chosen by the user. Regarding the primary service, your personal data may be processed without the need for consent based on the legal basis set forth in Article 6, paragraph 1, letter b) of Regulation (EU) 2016/679, as the absence of consent would prevent the execution of the requested service.

In relation to the primary service, your data will be processed for the following purposes:

1.a) Fulfillment of obligations: The processing of personal data is necessary for the definition and execution of the contractual agreement. Failure to provide the selected maritime company with the required data, even partially, will result in the inability to perform the requested service.

For the execution or implementation of the booking, the collected data may also be used to send service-related communications (by phone, SMS, email, or other instant messaging tools) for reasons related to post-sales assistance, such as in the case of changes or cancellations made by the maritime company.

Another necessary data processing activity for the execution of the service involves payment management, including through third-party banking/financial institutions (e.g., Unicredit, Braintree, PayPal, Klarna, Scalapay, Banca Sella, Heylight, Satispay, Mooney), as well as invoicing, if requested. Such data is processed by our authorized personnel and disclosed externally only to fulfill the primary service or comply with legal obligations.

1.b) Compliance with legal obligations: In this case, the processing of data is related to fulfilling requirements imposed by applicable laws, as well as provisions issued by competent authorities (e.g., accounting and tax obligations).

1.c) Legal defense: Based on the legal grounds set out in Articles 6.1.f) and 9.2.f) of the GDPR, data may be processed to establish, exercise, or defend a legal claim.

2) Internal business analysis: This purpose includes all processing activities aimed at monitoring the quality of the products and services provided, in order to enable their continuous improvement. The lawfulness of such processing is derived from Article 6.1.f) of the GDPR: the legitimate interest in conducting these analyses lies in the need to verify the services provided. For the purposes of such analyses, only the necessary personal data is processed and, where possible, anonymized.

Our services also include a range of ancillary services, which cannot exist without the primary service. For these services, the data requested is the same as that required for the primary service; however, your consent to data processing may be requested if additional data needs to be integrated to perform the ancillary service or if the data must be used or transmitted in a manner different from the processing required for the primary service.

With regard to ancillary services, your data will be processed for the following purposes:

3) Marketing and commercial purposes: with your consent (in accordance with Article 6.1.a) - 7 GDPR), your data may be processed for direct marketing purposes, including the sending and promotion of informational and advertising materials about Prenotazioni24's products, services, or initiatives, as well as for conducting market research. Communications may be carried out via email, newsletters, or other automated and non-automated methods, such as messaging platforms, social networks, or other similar channels. With your explicit consent, in accordance with Article 6.1.a) - 7 of Regulation (EU) 2016/679, your data may also be shared with partner companies for the purpose of directly sending advertising and promotional materials to the email address you have provided, following the conclusion of a contract. The purpose of this processing is to enable indirect marketing by partner entities.

4) Donations to non-profits: Prenotazioni24 S.r.l. collaborates with five non-profit organizations, which rotate to propose fundraising initiatives to its customers. At the time of purchasing the ticket, a specific form will invite you to decide whether to contribute to the initiative promoted by the non-profit organizations currently in rotation, by donating €1.00 (one) in support. The purposes and methods of processing are specifically detailed on the webpage where the donation form is available. The data requested are the same as those required for the main service; however, with your consent, your name, surname, and email address will be shared with the non-profit organizations, which will send you a thank-you email.

5) Refund Service: The purpose of the processing is to facilitate the reimbursement of cancellation penalties in the event of an impediment preventing the journey, through the activation of the additional guarantee purchased with the booking. The data required to activate the guarantee are the same as those collected for the main service; however, in order to verify compliance with the conditions of the guarantee, it is necessary to provide supporting documentation for the impediment. This documentation, depending on the circumstances, may fall into some of the categories outlined in Article 9 of the GDPR (data related to health and/or employment).

In the cases described above, the voluntary submission of documents, as part of the procedures required to handle the refund request, is unequivocally regarded as an expression of the data subject's consent (or the consent of the legal guardian, in the case of a data subject under the age of 18). Otherwise, specific consent for processing will be requested from the data subject in accordance with Article 6.1.a) of the GDPR.

The individual requesting the activation of the refund service is responsible for the submission of the data provided when such data pertain to third parties.

In addition to the purchase of the refund guarantee, it may also be necessary for the user to submit documentation proving the impediment, in order to obtain a refund from the ferry company, for instance in the application of relevant legal provisions. In such cases, the data requested may fall within the categories specified in Article 9 of the GDPR, and will be transmitted to the company with the user's prior consent.

For the aforementioned purposes, where the provision of data is optional, any refusal to grant the necessary consent will result in the Data Controller being unable to proceed with the related activities.

DATA RECIPIENTS AND TRANSFERS

Personal data may be shared with:

  • The provider of the requested service (ferry company or maritime agent);
  • Personnel authorised to process the data pursuant to Article 29 of the GDPR;
  • Entities that may access the data in compliance with legal obligations, within the limits established by the applicable regulations;
  • Entities typically acting as Data Processors pursuant to Article 28 of the GDPR;
  • Regular collaborators, identified based on specific contractual agreements, and their expertise relevant to the services requested by you;
  • Public authorities or bodies, as necessary for various purposes;
  • Banks and/or other financial institutions, depending on the payment methods used;
  • Third parties acting as intermediaries or counterparts in the execution of contractual services;
  • Partner companies, in cases where consent has been provided for the receipt of advertising and the execution of indirect marketing activities by third parties.

In cases described under point C) Refund Service, any data falling within the category referred to in Article 9 of the GDPR will be processed exclusively by authorized personnel and, where necessary, by the involved shipping company.

In the event of any transfer of personal data to Third Countrie, the Company states that the processing will be carried out in accordance with one of the methods permitted by current law, in compliance with Articles 44 to 49 of the GDPR.

DATA RETENTION AND PROCESSING METHODS

Your data is processed by means of IT systems, through our website www.misterferry.co.uk or other electronic tools capable of ensuring high levels of security and confidentiality; it may also be processed in paper format or over the phone through our call center.

We ensure that all processing activities will comply with the principles set forth in Article 5 of the GDPR.

Your data will be retained for the period necessary to fulfill the purposes outlined in this privacy policy, as well as for the time required to comply with legal obligations and to enable the establishment, exercise, or defense of legal claims in the event of a dispute.

RIGHTS OF THE DATA SUBJECT

As a data subject, you are entitled to the rights provided under Articles 13/22 and 77/79 of Regulation (EU) 2016/679 (GDPR), and in particular the rights to:

  • withdraw previously given consent;
  • object to the processing of your personal data in the cases set out under Article 21 of Regulation (EU) 2016/679;
  • access your data, and therefore obtain information about the data processed by the Controller;
  • verify the accuracy of your data and request its updating or correction;
  • obtain the restriction of processing;
  • obtain the deletion or anonymization of your personal data;
  • receive your data in a structured, commonly used, and machine-readable format, and, where technically feasible, to request its transfer to another controller without hindrance;
  • lodge a complaint.

HOW TO EXERCISE YOUR RIGHTS

You may exercise your rights at any time by contacting the Data Controller at: privacy@prenotazioni24.it.

For questions related to the processing of your data and the exercise of your rights under the Regulation, you may contact the Data Protection Officer (DPO) at: dpo@prenotazioni24.it.