Privacy Policy

Privacy Policy

The European Union General Data Protection Regulation 2016/679 (GDPR) provides rules on the protection of individuals with regard to the processing of personal data and the free movement of such data. The purpose of the GDPR is to protect the fundamental rights and freedoms of natural persons, particularly, the right to the protection of their personal data. The free circulation of personal data within the EU should not be restricted or prohibited for reasons related to the protection of natural persons, with regard to the processing of personal data. According to the GDPR, the definition of “personal data” includes any information that allows a natural person to be identified, directly or indirectly.
In general, “personal data” includes any information used to identify a Data Subject, such as name, identification number, address, online identification, information (where required) physical, physiological, genetic, mental, economic, cultural, social. This document also provides details on how our website is managed with regard to the processing of user data.
Pursuant to art. 13 of the GDPR, this policy is made available to all those who interact with the web services of Demup Search SRL (the Data Controller), accessible online at the following address:

www.metasail.it

This document relates to the websites of the Data Controller, not to other third-party websites, which the user can – or could – access via links when accessing the Data Controller’s websites. Since, during and after the visit or voluntary access to the website, information relating to identified or identifiable persons may be processed, this policy is intended to clarify the purposes and methods of collecting the personal data of each Data Subject when accessing the Data Controller’s websites, regardless of the reason for which such access occurs.

1 – IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The identity and contact details of the Data Controller are the following:
DEMUP SEARCH Srl;
Address: Via Bartolomeo Colleoni, 59 – 63074 San Benedetto del Tronto;
Contacts: e-mail info@metasail.it – Phone number: +39 340 4240 685.

2 – PLACE AND PURPOSE OF THE PROCESSING
The processing of data relating to the services provided through this website takes place at the headquarters of the Data Controller.
The processing is managed only by authorized personnel or by persons in charge of occasional maintenance operations. The data acquired by virtue of the use of the services used will be used in compliance with this information and with the expressions of express consent possibly given by each Interested Party, expressions that are always revocable.
The data, identification, personal data provided by users to use the “Cronaca DIRETTA Metasail” service will be used to satisfy this request and may be communicated to third parties only when strictly necessary, if relevant and useful to satisfy such requests and, in any case, in compliance with the purposes specified herein and the will expressed by each Interested Party.
The collection and processing of the user’s personal data will be carried out in compliance with the general principles of necessity, correctness, relevance and non-excess of the purpose for which the data were collected. In particular, the processing of data will have, in relation to the sailing regattas of interest to the user, the purpose of:

1. answer questions, provide any information requested by the user (the optional, explicit and voluntary forwarding of email messages to the addresses provided on this website entails the subsequent acquisition of the sender’s address, necessary to respond, as well as any other personal data mentioned in the message), contact the user, where necessary, regarding the services provided by DEMUP search Srl;
2. provide a so-called “Cronaca DIRETTA ” service to which the user can freely and voluntarily subscribe. After the user has sent his/her mobile number, requesting to use the said service via Whatsapp, his/her data will be used exclusively for the provision of the requested service and will be disclosed to third parties within the limits of this policy and the consent freely and voluntarily expressed by each Interested Party, at the moment of actually activating the service;
3. manage the data of each Interested Party for operational purposes (for the provision of the requested service), administrative, accounting (where applicable) and to fulfil contractual and legal obligations;
4. carry out surveys, managed directly by the Data Controller – or its agents/data processors – to evaluate customer satisfaction with the service provided, through in-person or telephone interviews, in order to improve the same;
5. send advertising material, in compliance with the express consent given by the interested party with the activation of the service, to provide him/her with commercial/promotional information (including, but not limited to: updates on initiatives, offers and promotions relating to the services and products of the Data Controller, or of authorised third parties who collaborate with the same; promotional programmes and activities – including online – aimed at rewarding existing users and retaining new ones).

3 – LEGAL BASIS AND LEGITIMACY OF THE PROCESSING OF PERSONAL DATA
The legal basis for the processing of data is given pursuant to art. 6), co. 1, GDPR: lett. a) (consent of the interested party – when given); lett. b) (necessity of processing for the purposes of executing the contract); lett. c) (fulfilment of legal obligations); lett. f) (pursuit of the legitimate interest of the Data Controller), without prejudice to the provisions applicable to the relationship pursuant to the Civil Code and the Consumer Code.

4 – RECIPIENTS OF PERSONAL DATA
The interested party’s data will be transferred exclusively to those who are involved and have a role in achieving the purposes specified above, sub 2.
Therefore, the data collected and processed: a. may be used anonymously for statistical purposes; b. may be made available to the Data Controller’s collaborators, data processors or other persons
authorised to manage the data; c. may be communicated to third parties, natural or legal persons, public administrations, professionals, law enforcement agencies, government bodies, regulatory
authorities, courts or other public authorities authorised by law; d. may be communicated to commercial partners, only with the explicit consent of the Data Subject; e. if requested, may be
communicated to another Data Controller pursuant to the provisions of the GDPR, also with reference to data portability.
Each Data Subject may request a list of data processors at any time by sending a written request to the Data Controller. Only with the consent and/or specific indication of the Data Subject, some personal data may be shared with entities other than the Data Controller.

5 – CATEGORIES OF PERSONAL DATA
No “special” personal data will be processed (e.g. data revealing the racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, state of health, sexual life and sexual orientation of the interested party), nor data relating to minors, except in the case in which the participant in the regatta is the child or a close relative of the interested party; in this case, the system will process only the information relating to the name and surname of the regatta participant. The processing of personal data will be strictly limited to the essential data necessary to pursue the purposes referred to in point 2 above.

6 – DATA RETENTION
The data provided for the purposes specified in point 2 – the use of the “Cronaca DIRETTA METASAIL” service – will be retained as follows:

1.  The data processing is not limited, from a temporal point of view, to the sole event (regatta) in relation to which the interested party has requested to activate the service but – with a view to continuous improvement of the service – until the latter has revoked the consent given when activating the service, or has requested the cancellation/export of the data provided to the Data Controller;
2. for administrative/accounting purposes, for the entire time established by civil and tax law;
3. for direct marketing purposes and sending newsletters until the interested party’s consent is revoked, or until the right of opposition has been exercised and, in any case, no later than five years from the collection of the data.
   Personal data will be disclosed only within the limits of this policy and in compliance with any consent expressed, and will be destroyed as soon as they are no longer necessary or the Data Controller is no longer obliged to retain them.

7 – METHOD OF PROCESSING DATA ACQUIRED THROUGH THE SITE
The information systems and software procedures on which the Data Controller’s website platform is based acquire personal data – solely identifying – during their normal operation; the transmission of such data is an intrinsic characteristic of Internet communication protocols. They include: IP addresses (for user verification and security reasons) and/or domain names of computers used by each user who accesses the Data Controller’s websites, the URI (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to formulate the requests to the server, the size of the files obtained in response, the numeric code showing the response provided by the server (successful completion, error, etc.) and other parameters relating to the operating system and the user’s IT environment. The use of such data – different and distinct from that necessary for the provision of the “Cronaca DIRETTA METASAIL” service – is strictly limited to the objective of ensuring the correct functioning of the Data Controller’s sites and to obtain anonymous statistical information on their use. This data is deleted immediately after  processing and could be used to ascertain any liability in the event of computer crimes against the Data Controller. Unless such an event occurs, data on web contacts are currently not retained for more than seven days. Personal data will be processed manually and/or using electronic systems and will be stored in traditional and/or computer archives. Both paper and electronic files and
documents will be correctly stored and protected for the entire time necessary to carry out the data processing. Adequate security measures are adopted to minimize the risk of loss, destruction,
unauthorized access or improper use for purposes other than those for which the data were provided and collected. There is no automated decision-making process or profiling.

8 – COOKIE Policy
The Data Controller’s website uses so-called cookies, small files stored by the Data Subject’s device, to provide services and/or information. Most of them are “session cookies”, i.e. temporary cookies, which remain in the cookie file of the user’s browser only until the end of the browsing session. Such cookies may be present on some pages of the Data Controller’s website. By using session cookies, the parts of the website viewed during a visit can be monitored. This allows the Data Controller to better adjust the contents, advertisements and services for the Data Subjects,
evaluate their effectiveness, guarantee reliability and security. The so-called session cookies used on the site avoid the use of other information technologies that could potentially affect the confidentiality of the Data Subject’s browsing activities. Therefore, they do not allow the acquisition of personal data that can identify the individual Data Subject. The Data Controller’s cookie policy is published in the dedicated area of the site.

9 – SHARING OF PERSONAL DATA
Apart from what is specified for navigation data, users are free to decide whether or not to provide their personal data – when requested – in the appropriate forms on websites regarding services, products offered by the Data Controller, or by its commercial partners. The decision not to enter data when requested could make it impossible to provide the services and products of interest. It is reiterated that the Interested Parties are always allowed to revoke the consent given, by means of a written request addressed to the Data Controller.

10 – RIGHTS OF THE INTERESTED PARTY
Each Interested Party is entitled to exercise the faculties and rights referred to in Articles 15-16-17-18-20-21-22 of the GDPR.
All the rights provided by the GDPR in favour and for the protection of each Interested Party can be exercised without formal obligations, with a direct request to the Data Controller, at the following e-mail address: info@metasail.it
Each request can also be filed through a person formally delegated for such a purpose by the Interested Party. The Data Controller must process every request and instance of the Interested Parties promptly, without unjustified delay.

(rev. 01/07/2024)