PRIVACY POLICY
GDPR PRIVACY POLICY
Information provided pursuant to Art.13 of Reg. EU 2016/679 (hereinafter GDPR)
General information
Users (data subjects, as GDPR, Art.4, c1) are informed of the following general profiles, valid for all areas of processing:
● all personal data are processed in compliance with the applicable privacy regulations in force (EU Reg. 2016/679 and Legislative Decree
196/2003, as amended by Legislative Decree 101/2018);
● all User data are processed in a lawful, correct and transparent manner, in compliance with the general principles set out in Article 5 of the
GDPR;
● specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access, pursuant to Article 32 of the
GDPR.
Titolare del trattamento
The Data Controller is the undersigned Company (in the person of its pro-tempore legal representative) who can be contacted for any request regarding
privacy or to exercise the rights listed below, at the following addresses:
DATA CONTROLLER:
Name: Cantiere del Pardo Spa
Email: info@cantieredelpardo.com
DATA PROTECTION OFFICER (DPO):
Name: Sistema Privacy
Email: info@sistema-privacy.com
Data subject’s rights
● right to request the presence and access to personal data concerning him (Article 15 “Right of access”);
● right to obtain the rectification / integration of inaccurate or incomplete data (Article 16 “Right to rectification”);
● the right to obtain, if there are justified reasons, the cancellation of data (Article 17 “Right to erasure”);
● right to obtain the limitation of processing (Article 18 “Right to restriction”);
● right to receive the data concerning him in a structured format (Article 20 “Right to portability”);
● right to object to the processing and to automated decision-making processes, including profiling (Articles 21, 22 “Right to object”);
● right to revoke a previously given consent;
● the right to submit, in the event of non-response, a complaint to the Data Protection Authority.
The following specific information is provided below, referring to:
1) data processing connected to the functioning of this website
2) data processing of customers / suppliers
1) DATA PROCESSING CONNECTED TO THE FUNCTIONING OF THIS WEBSITE
1.1 Navigation data
The IT systems and the software procedures used in the operation of this web site acquire, in the course of their normal processing, some personal data,
the transmission of which is necessary in the use of the Internet communication protocols. These deal with information that is not gathered to be associated
to identified parties, but which by their nature could, through processing and associations with data held by third parties, allow the identification of the users.
Under this category of data we find the IP addresses or the computer domain names used by the users that connect to the site, the addresses in URI
(Uniform Resource Identifier), notation of the resources requested,the time of the request, the method used in submitting the server request, the dimension
of the file received, the numeric code indicating the status of the answer given by the server (successful, error, etc.) and other parameters related to the
operating system and the user’s IT environment.
| Purpose and legal basis of the processing (GDPR-Art.13, paragraph 1, letter c) | This data is used only for the purpose of receiving anonymous statistical information on the use of the site and to control its correct functioning. The data could moreover be used to ascertain the responsibility in case of presumed IT crimes to the damage of the site (legitimate interests of the owner). |
| Scope of knowledge (GDPR-Art.13, paragraph 1, letter e,f) | The data is processed exclusively by in-house staff, duly authorised and trained in data processing (GDPR-Art.29) and shall not be disclosed to external parties, diffused, or transferred to countries outside the EU. Only in cases of investigation, this data may be placed at the disposal of the competent authorities. |
| Data retention (GDPR-Art.13, paragraph 2, letter a) | This data is usually kept for brief periods, with the exception of possible prolonged connections related to investigation activities. |
| Data provision (GDPR-Art.13, paragraph 2, letter f) | The data is not submitted by the party involved but acquired automatically by the site’s technological systems. |
1.2 Cookies
The management of cookies is aligned with the relevant regulatory requirements:
● “Guidelines for cookies and other tracking tools” of 10 June 2021 (Published in the Official Gazette no. 163 of 9 July 2021);
● “Guidelines 5/2020 on consent” pursuant to regulation (EU) 2016/679, adopted by the European Data Protection Board.
Users can check the types of cookies and set their preferences through the appropriate banner (if provided), as well as through the appropriate tools
provided by the main navigation browsers. Some general information about cookies and similar technologies is provided below.
What cookies are Cookies are brief fragments of texts (letters and/or numbers) that allow the web server to memorise on the client browser information to
be reused in the course of the same visit to the site (session cookies) or subsequently, also after days (persistent cookies). The cookies are memories,
according to the user’s preferences, by the single browser on the specific device used (computer, tablet, smartphone). Similar technologies like for
example, web beacons, transparent GIFs and all the types of local storage introduced with HTML5, can be used to gather information on the user’s
behavior and the use of the services. After this circular letter we shall refer to the cookies and all the similar technologies by using only the term “cookie.”
The following table shows the main types of cookies.
| TYPE | PURPOSE | PREFERENCE MANAGEMENT |
|---|---|---|
| Technical session cookies |
Ensure normal navigation and use of the site |
Through the main browsers it is possible to: • Block the reception of all (or some) types of cookies by default • View the analytical list of cookies used • Remove all or some of the cookies installed. For information on the settings of individual browsers, see the specific paragraph. It should be noted that blocking or deleting cookies could compromise the navigability of the site. |
| Analytical cookies | Collect information on the number of visitors and pages viewed |
|
| Functional technical cookies |
Allow navigation according to a series of selected criteria |
|
| Profiling cookies | Create user profiles in order to send advertising messages in line with preferences |
| TYPE | PURPOSE | PREFERENCE MANAGEMENT |
|---|---|---|
| Technical session cookies |
Ensure normal navigation and use of the site |
Through the main browsers it is possible to: • Block the reception of all (or some) types of cookies by default • View the analytical list of cookies used • Remove all or some of the cookies installed. For information on the settings of individual browsers, see the specific paragraph. It should be noted that blocking or deleting cookies could compromise the navigability of the site. |
| Analytical cookies | Collect information on the number of visitors and pages viewed |
|
| Functional technical cookies |
Allow navigation according to a series of selected criteria |
|
| Profiling cookies | Create user profiles in order to send advertising messages in line with preferences |
The site may contain links to third-party sites and third-party cookies; for more information, we invite you to view the privacy policy of any linked sites.
Management of the preferences through the main navigation browsers The user may declare whether or not he accepts the cookies by using the
settings of his own browser (note that as a default, almost all the web browsers are set to automatically accept the cookies). The settings may be modified
and defined in a specific way for the various web sites and applications. Furthermore the best browser allows different settings to be defined for the
“proprietor” cookies and for those of “third parties.” Usually the configuration of the cookies is done by the menus, “Preferences,” “Instruments” or “Options.”
Here below is a list of links to the guides for the management of cookies of the main browsers:
● Internet Explorer: http://support.microsoft.com/kb/278835
● Internet Explorer [mobile version]: http://www.windowsphone.com/en-us/how-to/wp7/web/changing-privacy-and-other-browser-settings
● Chrome: http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647
● Safari: https://www.apple.com/legal/privacy/it/cookies/
● Safari [mobile version]: http://support.apple.com/kb/HT1677
● Firefox: http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies
● Android: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DAndroid&hl=it
● Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Further information
● www.allaboutcookies.org (for more information on the cookie technology and their functions)
● www.youronlinechoices.com/it/a-proposito (allows users to oppose the installation of the main profiling cookies)
● www.garanteprivacy.it/cookie (set of main norm interventions on matters by the Italian Supervisory Authorities).
1.3 Web-Site specific features
Some pages of the site could involve a request for information from the navigator in relation to specific services (eg:
request information, user registration, work with us, etc.).
| Purpose and legal basis of the processing (GDPR-Art.13, paragraph 1, letter c) | Only the data necessary for the correct provision of the service and necessary to give a correct and exhaustive response to the interested parties will be requested. The treatment is subject to the acceptance of specific, free and informed consent (GDPR-Art.6, comma1, lett.a) |
| Scope of knowledge (GDPR-Art.13, paragraph 1, letter e,f) | The data is processed exclusively by duly authorized and trained personnel (GDPR-Art.29) or by any persons in charge of maintaining the web platform (appointed in this case as external managers). The data will not be disclosed or transferred to non-EU countries (unless subject to compliance with the provisions of chapter V of the GDPR). |
| Data retention (GDPR-Art.13, paragraph 2, letter a) | The data is kept for times compatible with the purpose of the collection |
| Data provision (GDPR-Art.13, paragraph 2, letter f) | The provision of data referring to the mandatory fields is necessary in order to obtain an answer, while the optional fields are aimed at providing the staff with further elements useful for facilitating contact. |
1.4 Data provided voluntarily by Users
The optional, explicit and voluntary sending of messages to contact addresses, private messages sent by users to institutional profiles/pages on social
media (where this possibility is provided), as well as the compilation and forwarding of any forms/modules present , involve the acquisition of the sender’s
contact details, necessary to reply, as well as all personal data included in the communications. The sender therefore remains personally responsible for the
accuracy of the data provided, as well as their pertinence and non-excess with respect to the requests in question.
For further information on the data processing connected to the website and cookies, it is possible to consult the specific information:
● Web policy https://www.iubenda.com/privacy-policy/10015257
● Cookie policy https://www.iubenda.com/privacy-policy/10015257/cookie-policy
2) DATA PROCESSING OF CUSTOMERS / SUPPLIERS
2.1 Object of the processing
The company processes personal identification data of customers/suppliers (for example, name, surname, company name, personal/fiscal data, address,
telephone, e-mail, bank and payment references) and their operational contacts (name, surname and data contact details) acquired and used in the context
of the provision of the products/services supplied.
2.2 Purpose and legal basis of the processing
The data is processed for:
● conclude contractual/professional relationships and provide related services;
● fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications
connected to them;
● fulfill the obligations established by law, by a regulation, by community legislation or by an order from the Authority;
● exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection of credit positions;
ordinary internal operational, managerial and accounting needs).
Failure to provide the aforementioned data will make it impossible to establish the relationship with the Data Controller. The aforementioned purposes
represent, pursuant to Article 6, paragraphs b, c, f, suitable legal bases for the lawfulness of the processing. If you intend to carry out treatments for
different purposes (eg: marketing communications, production of photo/video content, etc.) a specific consent will be requested from the interested parties.
2.3 Processing methods and storage time
The processing of personal data is carried out by means of the operations indicated in the Art. 4 no. 2) GDPR and precisely: collection, registration,
organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation
and destruction of data. Personal data is subjected to both paper and electronic processing. The Data Controller will process the personal data for the time
necessary to fulfill the purposes for which they were collected and related legal obligations (usually coinciding with the relationship with the interested party,
without prejudice to the extension with reference to the obligations to keep administrative documentation and of business correspondence).
2.4 Scope of processing
The data is processed by duly authorized and trained internal subjects pursuant to Article 29 of the GDPR. It is also possible to request the scope of
communication of personal data, obtaining precise indications on any external subjects who operate as independent data processors or data controllers
(eg: consultants, technicians, banks, carriers, etc.). The data may be communicated to any subsidiary/associated company for various reasons. The data
are not subject to dissemination or transfer outside the EU (they may be transferred outside the EU only in compliance with the conditions set out in
Chapter V of the GDPR, aimed at ensuring that the level of protection of the data subjects is not compromised “Art.45 Transfer on the basis of an adequacy
decision, Art.46 Transfer subject to adequate guarantees, Art.47 Binding corporate rules, Art.49 Specific exceptions”). The data are not subject to
automated processes that produce significant consequences for the data subject.
3) POLICY UPDATE
It should be noted that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence. In the event of
significant changes, appropriate evidence will be given on the home page of the site for a reasonable time. In any case, the interested party is invited to
periodically consult this policy.
Welcome to Grand Soleil Yachts: this Privacy Policy describes the personal data collected through our website, the purposes for which the data is processed and your rights as data subject.
In order to always be up-to-date on any changes made to this page, we encourage you to consult it regularly.
DATA CONTROLLER
The Data Controller is Cantiere del Pardo S.p.A., with registered office in Via F.lli Lumière 34, Forlì (FC). You can contact the Data Controller by writing to the e-mail address privacy@cantieredelpardo.com.
PURPOSE OF PROCESSING, CATEGORIES OF DATA, LEGAL BASIS, RETENTION PERIOD AND COMMUNICATION OF DATA
Browsing of the website
Purpose: ensure the proper functioning of the website, perform aggregate statistical analyses aimed at evaluating the website’s performance and, in the event of any computer crimes, ascertain any liability.
Categories of data: IP addresses, domain names and URIs.
Legal basis: the data processing is based on the need to provide the services required to ensure the browsing of this website. Moreover, the data processing is based on our legitimate interest in ensuring the proper functioning of our IT systems and in proceeding with the investigation of possible crimes (also based on the existence of a legal obligation).
Retention period: the data will be retained for 30 days, unless legal provisions or provisions of public authorities impose a different retention time in relation to investigations regarding to possible computer crimes.
Request for information
Purpose: follow up on your requests for information.
Categories of data: the data requested in the dedicated online form. The data marked with an asterisk are mandatory.
Legal basis: the data processing is based on the fulfilment of pre-contractual measures adopted at your request.
Retention period: the data will be retained for the time required to provide you with the requested information or to put you in contact with our specialised retailers.
Communication of data: for the sale of our boats, we rely on a network of specialised retailers (dealer) to whom we may need to disclose your data if you have requested to be put in contact with them or if your request also includes information relating to the purchase of a specific boat. The dealer act as independent data controllers.
Book an appointment
Purpose: enable you to book an appointment at fairs and events attended by Grand Soleil Yachts.
Categories of data: the data requested in the dedicated online form. The data marked with an asterisk are mandatory.
Legal basis: the data processing is based on the fulfilment of pre-contractual measures adopted at your request.
Retention period: the data will be retained for the time necessary to follow up on your request.
Communication of data: for the sale of our boats, we rely on a network of specialised retailers (dealer). Therefore, if our retailers are involved in organizing the event you have requested to attend, or if during your appointment request you have also communicated your intention to purchase a specific boat, we may need to share your data with our dealers, who act as independent data controllers.
Partnership
Purpose: reply to your collaboration request and evaluate the opportunity to establish a partnership.
Categories of data: i dati indicati nel form online dedicato. I dati contrassegnati con un asterisco sono obbligatori.
Legal basis: the data processing is based on the fulfilment of pre-contractual measures adopted at your request.
Retention period: the data will be retained for the period necessary to evaluate the collaboration proposal. If a partnership is established, the data will be retained for the entire duration of the partnership and, once it has ended, for the period necessary to fulfil legal obligations (as required, for example, by tax legislation).
Sending of commercial communications
Purpose: sending through e-mail, SMS, telephone and traditional paper mail of commercial communications concerning Grand Soleil Yachts and carrying out market research in order to estimate your level of satisfaction with our products and services.
Categories of data: the data requested in the dedicated online form. The data marked with an asterisk are mandatory.
Legal basis: the data processing is based on your consent, which you may withdraw at any time by clicking on the link at the bottom of our communications or by writing at privacy@cantieredelpardo.com.
Retention period: data will be retained until you withdraw your consent.
Profiling
Purpose: sending personalized commercial communications based on your preferences, purchasing choices, requests and interactions with us, and developing products and services aligned with your preferences.
Categories of data: the data regarding the Grand Soleil Yachts boats you have purchased or for which you have requested information, your country of origin, your anagraphical data, your interactions with us through our website, through the Apps – which may be developed by us or by third parties – and through our social channels. Moreover, your profile may be enriched with information lawfully acquired from third parties and made available to Cantiere del Pardo.
Legal basis: the data processing is based on your consent, which you may withdraw at any time by writing at privacy@cantieredelpardo.com.
Retention period: the data will be stored for five years from the date of their collection.
DATA RECIPIENTS AND TRANSFER
The processed data will not be disclosed.
In order to fulfil the purposes set out in this policy, we may communicate the data collected to our employees, who act as authorized persons for data processing, as well as to our suppliers and consultants (e.g. our service providers and IT platforms), who act as data processors. Moreover, if necessary and if required by law, the data will be communicated to public authorities upon their request.
For the sale of our boats, we rely on a network of specialised retailers (dealers) to whom we may need to communicate your data for certain purposes specifically indicated in this policy.
The data may be transferred outside the European Union, but only after signing the Standard Contractual Clauses approved by the EU Commission with Decision No. 2021/914/EU or to countries that can guarantee an adequate level of protection of personal data and are therefore recipients of an Adequacy Decision adopted by the EU Commission.
COOKIE
In some areas of our website we use cookies. To find out more please consult the Cookie Policy.
SOCIAL NETWORKS AND LINKS TO THIRD-PARTY WEBSITES
On this website there are social buttons/widgets, i.e. those special “buttons” depicting the icons of social networks (e.g. LinkedIn, Youtube, Facebook e Instagram) that allow you to interact with a click directly with the social network, which acquires the data concerning your visit.
Furthermore, there may also be links to third-party websites: by clicking on these links, you will be redirected to external web pages, which process data autonomously and independently of us. We therefore invite you to consult their respective Privacy and Cookie Policies.
PRIVACY RIGHTS
As a data subject, you can exercise the rights listed below by writing to the e-mail address privacy@cantieredelpardo.com. You will receive a response as soon as possible and, in any event, within 30 days. We may ask you for additional information if, in connection with your request, it is necessary to verify your identity.
- Right of access: you have the right to know whether your data is being processed and, if so, to obtain a copy of that data. You also have the right to be informed about: the origin of the data, the categories of personal data processed, the recipients of the data, the purposes of the processing, the existence of automated decision-making processes (including profiling), the data retention period and the rights recognised by the GDPR.
- Right to rectification and integration: You have the right to have your data corrected or integrated if they are inaccurate or incomplete.
- Right to erasure: you have the right to request the deletion of your data they are no longer necessary or if the Data Controller is no longer authorised to process them.
- Right to restriction of processing: you have the right to obtain the restriction of personal data concerning you in the following cases: i) if you have questioned the accuracy of your personal data; in this case you can request a restriction of the processing for the period necessary to verify the accuracy of the data; ii) if we are no longer authorized to process the data, and instead of deleting them, you can ask us to restrict their use; iii) if the personal data in our possession, despite being no longer necessary for the purposes for which they were collected, are necessary for you to ascertain, exercise or defend a right in court; vi) if you have objected to a processing based on one of our legitimate interests. In this case, pending the assessment of whether our legitimate grounds prevail over your interests, rights and freedoms, you may request the restriction of the processing.
- Right to data portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format; you also have the right to request the transfer of such data to another data controller.
- Right to withdraw the consent: you have the right to withdraw at any time the consent you have given for the processings that are based on it.
- Right to object: you have the right to object at any time to the processings of your personal data that are based on our legitimate interest.
Moreover, if you believe that the processing of your data conflicts with the data protection provisions, you also have the right to lodge a complaint with the Data protection authority.
Last update: February 2026