Privacy Policy

Home » Privacy Policy

PRIVACY POLICY AND DATA PROTECTION

PRIVACY AND DATA PROTECTION POLICY DATA COLLECTED FROM THE DATA SUBJECT (pursuant to Art. 13 GDPR 2016/679)

Information concerning the processing of personal data drafted and provided by Morfimare s.r.l. as Data Controller, pursuant to art. 13 of EU Regulation 2016/679 on the protection of personal data of natural persons (hereinafter also “Regulation” or “GDPR”) and pursuant to Legislative Decree 196/2003 “Code regarding the protection of personal data containing provisions for the adaptation of the national legal system to Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC’ (hereinafter also ”Code“). .

Personal and special data are processed in accordance with the principles of fairness, lawfulness, and transparency, both in paper and electronic format. The availability, management, access, storage, and usability of data are guaranteed by the adoption of technical and organisational measures deemed adequate by the Data Controller to ensure appropriate levels of security pursuant to Articles 25 and 32 of the GDPR.

With reference to the personal and special data that will be processed, the Data Controller provides the Data Subjects with the following information:

I. General details of the Data Controller and contact information.

The controller of your personal data is Morfimare Ltd, responsible to you for the legitimate and correct use of your personal data and who you can contact for any information or request at the following contact details:

Data Controller: Morfimare srl
Registered office: Corso De Tullio, 40 – 70122 Bari BA, IT

Contact details:

PEC: morfimare@pec.it
Website: http://www.morfimare.it
Telephone: +390805789811

II. Categories and content of data.

The processing concerns the personal data provided by the data subject to the Data Controller, with particular reference to:

Third-party cookies;
Profiling cookies;
Tax code and other personal identification numbers;
Name, address or other personal identifying information;
Contact details (phone number, email, etc.);
Health status;
Images;
Bank details;
Sex m/f;
Technical cookies

III. Purposes of processing.

Personal data is collected and processed for the purposes set out below, together with the relevant legal basis:

Purpose	Data processed	Legal Basis
Distance selling (online, app, web, etc.)	Third-party cookies; Profiling cookies; Tax code and other personal identification numbers; Name, address or other personal identifying elements; Contact details (phone number, email, etc.); Health status; Images; Bank details; Sex m/f; Technical cookies	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract – EU Regulation (GDPR 2016/679)
Sale by intermediaries	Third-party cookies; Profiling cookies; Tax code and other personal identification numbers; Name, address, or other personal identifying details; Contact details (phone number, email, etc.); Health status; Images; Bank details; Sex m/f; Technical cookies	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract – EU Regulation (GDPR 2016/679)
Brokerage services	Fiscal code and other personal identification numbers; Name, address or other personal identification details; Contact details (phone number, email, etc.); Health status; Images; Bank details; Sex m/f	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract – EU Regulation (GDPR 2016/679)
Complaint Handling	Fiscal code and other personal identification numbers; Name, address or other personal identification elements; Contact details (phone number, email, etc.); Health status; Images; Bank details	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract – EU Regulation (GDPR 2016/679)
Contract terms	Tax code and other personal identification numbers; Name, address or other personal identification details; Contact details (telephone number, email, etc.)	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract – EU Regulation (GDPR 2016/679)
Debt recovery	Tax code and other personal identification numbers; Name, address or other personal identification details; Contact details (phone number, email, etc.); Images; Bank details; Sex m/f	The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party - European Union Regulation (GDPR 2016/679)
Fulfilment of tax and accounting obligations	Tax code and other personal identification numbers; Name, address or other personal identification details; Contact details (telephone number, e-mail, etc.); Bank details	The processing is necessary to comply with a legal obligation to which the controller is subject – European Union Regulation (GDPR 2016/679)
Customer support	Name, address or other personal identification elements; Contact details (phone number, email, etc.); Sex m/f; Bank details	The data subject must give consent to the processing of their personal data for the specific purpose – European Union Regulation (GDPR 2016/679)
Customer satisfaction survey	Name, address or other personal identifying elements; Contact details (phone number, email, etc.); Sex m/f	The data subject must give consent to the processing of their personal data for the specific purpose – European Union Regulation (GDPR 2016/679)
Customer information on new services/products	Name, address or other personal identification details; Contact details (telephone number, email, etc.)	The data subject must give consent to the processing of their personal data for the specific purpose – European Union Regulation (GDPR 2016/679)

The processing of your data is based on the legitimate interests of the data controller recognised by law, in particular:

Purpose	Legitimate Interest of the Controller
Debt recovery	The activity pertains to the management, detection, and recovery of debts, and the management of cases relating to the non-payment of travel tickets.

In relation to the processing of personal data, specifically sensitive data, genetic data, biometric data, and data concerning health (Article 9 of EU Regulation 2016/679), the processing concerns, among others, the following types of data:

Health status (Health data)

The processing of personal data belonging to these special categories is possible as it is based on the following conditions:

It is possible because the data subject intends to give their explicit consent to the processing of such personal data for one or more specific purposes. Consent is necessary to obtain dedicated services (for disabled individuals, allergies, food intolerances, etc.).

IV. Duration of Treatment.

The duration of the treatment is determined as follows:

5 years from the date of contract termination (Article 2948 of the Civil Code, which provides for a 5-year statute of limitations);
10 years for tax, accounting, and legal defence purposes

Treatment start date: 01/01/2018

V. Communication of data and recipients.

The data may be processed by internal and external data controllers or by parties authorised to process data by the Data Controller. The complete and updated list of data controllers and authorised parties is available at the Data Controller's registered office.
Your data may be sent to the recipients or categories of recipients listed below:

Consultants and freelance professionals, whether acting individually or in association (accountants, tax consultants, auditors)
Banks and credit institutions (Receipt and payment management)
Companies and Businesses (Retailers and Intermediaries)

In no other case will the data subject's data be communicated or disseminated to third parties.

VI. Rights of the data subject.

The data subject has the right to the portability of their personal data. The data subject may exercise, at any time, the rights recognised by the GDPR. These are:

the right of access;
the right to rectification of data;
the right to erasure and to be forgotten;
the right to restriction of processing;
The right to data portability.

The data subject may exercise their rights by submitting an informal request to the Data Controller, who will respond within thirty (30) days of receipt. This period may be extended by a further sixty (60) days if fulfilling the request is particularly burdensome for the Data Controller.
Interested parties are hereby informed that, should they not receive a reply within the indicated timeframe, or if the reply is unsatisfactory, or if they believe their rights have been violated, they may lodge a complaint with the Personal Data Protection Authority in accordance with the procedures indicated on the Authority's website, accessible at: http://www.gpdp.it.

The exercise of the data subject's rights is free of charge, unless the Controller has to bear excessive costs.

Online Ferry Ticketing

Privacy Policy

PRIVACY POLICY AND DATA PROTECTION

Share

Recent articles

Grimaldi Discounts for European Disability Card holders

SuperFast Early Summer Offer per i Traghetti Grecia

GNV DAYS La tua estate al 40% di sconto

Grimaldi Lines Mother's Day Offer

GNV Continuity of services throughout the summer season

Grimaldi Lines Service Regularity

Ventouris Ferries Early Booking Italy Greece Lines