Privacy Disclaimer

PRIVACY POLICY

This privacy notice, together with our general booking terms and conditions, forms the basis for the processing of all personal data collected in connection with your use and interaction with this website; a separate notice regarding components generating online identifiers is available on the specific cookie policy page. We therefore invite you, before providing us with any personal data, to carefully read this page: it contains important information about the processing of your Personal Data.

Any changes we make will be published on this page, so we recommend revisiting it to stay updated; last revised: January 24, 2025.

LEGAL REFERENCES

● Legislative Decree 30 June 2003, No. 196 – "Italian Personal Data Protection Code" as amended by Legislative Decree No. 101/2018.

● Regulation (EU) 2016/679 – "General Data Protection Regulation" (GDPR).

PERSONAL DATA COLLECTED, PURPOSES OF PROCESSING, AND THEIR LEGAL BASIS

Data Generated by Browsing

Browsing this website results in the collection of IT data automatically generated by various ICT devices, such as the IP address, certain browser identifiers, language settings, and other technical data inherent in communication protocols, IT services, and software, hardware, or telecommunication components. These data are collected to ensure the proper functioning of the website, to prevent attacks and fraudulent activities, and to ensure the secure operation of ICT infrastructures. The legal basis adopted is the legitimate interest of the Data Controller.

Data Necessary to Provide the Requested Service

In order to provide the requested service, namely the booking of the maritime transport service, we require certain personal data from you (e.g., your name, surname, email address, phone number, personal information contained in the message text, travel data such as routes, departure/return dates, vehicle licence plate, passenger details). These data may be received via direct email or entered into the forms of our travel search engine. Regarding passenger data, we kindly ask you to share this privacy notice with them and obtain their consent, if necessary. The legal basis for processing these common types of personal data is the performance of pre-contractual or contractual measures. Generally, we do not process sensitive or judicial data, but should this become necessary, we will ensure to obtain your specific consent. Our service consists of the primary activity of acting as an intermediary on behalf of the consumer for the booking of maritime transport, which is finalized with the issuance of the ticket/transport document through the booking systems of the maritime companies chosen by

the user. The legal basis for processing the personal data necessary to carry out the primary service is the performance of pre-contractual or contractual measures.

In relation to the primary service, your data will be processed for the following purposes:

1.a) In execution of contractual or pre-contractual obligations, where the processing of data is necessary for the definition of the contractual agreement and its subsequent execution: failure to provide the selected maritime company with the required data, even partially, will result in the inability to perform the requested service. In relation to the execution of the booking or its implementation, the collected data may be used to send service communications (via telephone, SMS, email, or other communication methods you have provided) for reasons related to after-sales support (e.g., in case of changes or cancellations by the company). Another processing activity necessary for the execution of the service is the management of payments, including through third-party banking and/or financial entities (e.g., Unicredit, Braintree, PayPal, Klarna, Scalapay, Banca Sella, Heylight, Satispay, Mooney), as well as invoicing, if requested; such data are processed by our authorized personnel and are disclosed externally only for the execution of the primary service or to comply with legal obligations.

1.b) In compliance with legal obligations; in this case, the processing of data is related to the fulfilment of requirements imposed by laws and regulation issued by competent autorithies (e.g., accounting and tax obligations).

1.c) To establish, exercise, or defend a legal claim, in accordance with Articles 6.1.f) and 9.2.f) of the GDPR.

2. Internal business analysis activities; This purpose includes all activities aimed at monitoring the quality of the products and services offered, with the goal of continuously improving them. The legal basis adopted is our legitimate interest, connected to the need to verify the services provided. For the execution of these activities, we will process only minimally necessary personal data, and, where possible, data that is anonymized or pseudo-anonymized.

Our services also include a range of ancillary services, which cannot exist without the primary service. For these services, the data requested is the same as for the primary service; however, your consent to data processing may be requested, if additional data are needed to deliver the ancillary service or if such data must be processed under a different legal basis from that of the primary service.

In relation to ancillary services, your data may be processed for the following purposes:

3. Commercial and marketing purposes: with your prior consent, in accordance with Article 6.1.a) of the GDPR, for the purpose of conducting direct marketing activities, as well as sending and promoting informational and advertising material about products, services, or initiatives by Prenotazioni24, or carrying out market research. This communication may take place via email, newsletter subscription, or automated and non-automated distance communication techniques, such as instant messaging platforms, social networks, or other channels. With your explicit consent, in compliance with Article 6.1.a) of the GDPR, your data may also be shared with partner companies for the purpose of sending informational and promotional material directly from them to the email address you provided after the conclusion of the contract. The purpose of this processing is the performance of indirect marketing activities by our partner companies.

4) Refund Service: The purpose of the processing is to provide the refund for cancellation penalties in the event of an impediment preventing the journey, through the activation of the additional guarantee purchased with the booking. The data required to activate the guarantee are the same as those collected for the primary service; however, in order to verify compliance with the conditions of the guarantee, it is necessary to provide supporting documentation for the impediment. This documentation, depending on the circumstances, may fall into some of the categories outlined in Article 9 of the GDPR (special categories of data). In the cases described above, the voluntary submission of such documents, as part of the procedures required to handle the refund request, is unequivocally regarded as an expression of the data subject's consent (or that of the legal guardian, in the case of a data subject under the age of 18). Otherwise, specific consent for processing will be requested from the data subject in accordance with Article 6.1.a) of the GDPR. The individual requesting the activation of the refund service is responsible for submitting third-party data and for ensuring that this privacy notice is made available to them.

In addition to the purchase of the refund guarantee, it may also be necessary for the user to submit—through us—supporting documentation for the impediment in order to obtain a refund from the ferry company, for example in the application of the relevant legal framework. In such cases, special categories of personal data may also be required, which will be transmitted to the company only with your specific consent. Without such consent, we will not be able to proceed with the activities described.

ACCESS TO PERSONAL DATA AND TRANSFERS

Your data may be made accessible:

● To our employees or collaborators, specifically trained and authorized to process data;

● To qualified external collaborators, assigned to specific technical and/or managerial tasks;

● To the providers of the requested service (e.g., ferry company or maritime agent);

● To our partner companies, only if you have given your consent for the receipt of advertising and the performance of indirect marketing activities by third parties;

● More generally, to other external entities that—after being appointed as Data Processors—carry out outsourced processing activities, as outlined in the previous sections, necessary to pursue the indicated purposes.

Your personal data may also be communicated to companies within our group, exclusively for the purposes stated in this privacy policy, and will not be disclosed or transferred to third parties.

PROCESSING METHODS AND SECURITY MEASURES

Your data is processed lawfully, fairly, and transparently, adopting appropriate technical and organizational measures, including physical, logical, and IT security controls. These measures include protection rules, ICT security components, and encryption protocols aimed at preventing unauthorized access, disclosure, alteration, or destruction of information. Processing is carried out primarily using IT and telecommunication tools, following organizational methods strictly related to the purposes described in the privacy notice and in compliance with the principles of the General Data Protection Regulation (GDPR). The website uses the secure communication protocol HTTPS, which ensures data transfer through an encrypted connection to safeguard the confidentiality of the exchanged information. Email communications sent to the addresses indicated on the website (or submitted via the contact form) are transmitted through secure protocols (e.g., TLS - Transport Layer Security), ensuring data protection during transit.

DATA RETENTION AND DELETION

Your personal data will be retained for the minimum period necessary to achieve the purposes for which it was collected, subject to an additional retention period that is (or may be) required by legal regulations. Technical log data is retained for 30 days, unless ongoing inquiries or requests from Authorities require otherwise. With regard to data collected based solely on consent, it will be retained for no longer than the time necessary to achieve the respective purposes, or until consent is withdrawn, by simply submitting a request to our internal privacy function at: privacy@prenotazioni24.it.

RIGHTS OF DATA SUBJECTS

Regulation (EU) 2016/679 on the protection of personal data grants data subjects the following rights:

● The right to be informed;

● The right of access;

● The right to rectification;

● The right to data portability, where applicable;

● The right to erasure (‘right to be forgotten’), where applicable.

Further details about these rights are available in the specific section on data subject rights provided on the website of the Italian Data Protection Authority.

Requests to exercise these rights can be submitted to the Data Controller without specific formalities, by sending an email directly to the privacy contact at: privacy@prenotazioni24.it. Additionally, a specific form for exercising these rights is available on the website of the Data Protection Authority.

Regulation (EU) 2016/679 also grants data subjects the right to report any violations of data protection law to the Supervisory Authority through complaints and notifications.

DATA PROTECTION OFFICER

The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted for any clarification regarding the protection of your personal data or for support in exercising your rights. The DPO can be reached directly at the following email address: dpo@prenotazioni24.it, or by sending a registered letter to: Data Protection Officer – Prenotazioni 24srl – to the operational headquarters.

DATA CONTROLLER

The Data Controller is Prenotazioni24 srl - VAT number IT01512130491 - with its registered office at Via di Bonistallo 50/B, 50053 Empoli (FI), Italy and operational headquarters at Via Casa del Duca 1, 57037 Portoferraio (LI), Italy - Phone: +39 0565 912011 - Email: legal@prenotazioni24.it.

Privacy Disclaimer

We use technical cookies, our own or third-party ones, to analyze traffic on this website, improve your browsing experience, and show you personalized advertisements. You can accept all cookies, reject them, or manage your preferences. Learn more