Confidentialité : traitement des données personnelles

Information statement on the processing of personal data

Pursuant to Article 13 and 14 of Regulation (EU) 679/2016 (‘GDPR’), this privacy policy is provided to users who access the www.snav.it (the ‘Site’), interact with the related social networks (Facebook, Instagram, Twitter, LinkedIn, Pinterest, TikTok), with the contact center or with other SNAV S.p.A services, including for sending messages, emails or complaints, as well as to all passengers and customers and those who sign up for the SNAV Easy Life program.

This privacy policy does not refer to other external websites that may be accessed through links.

Data Controller: the data controller is SNAV S.p.A., with registered office in Naples, Stazione Marittima Molo Angioino, tax and V.A.T. number 00081630832, privacy@snav.it (hereinafter « SNAV » or « Controller« ).

Data Protection Officer: the Controller has appointed a Data Protection Officer (D.P.O.). The Controller may be contacted by writing to: protezionedati@marinvest.it.

Categories of data: Data Controller shall process the following data:

1. Browsing data: there are data that the computer systems and software procedures used to operate the Site acquire in normal operation and that are then implicitly transmitted in the use of Internet communication protocols. This information is not collected to be associated with identified data subject, but by its very nature could, through processing and association with data held by third parties, allow users to be identify (e.g. IP addresses, domain names of computers used by users who connect to the Site, time of the request, numeric code indicating the status of the response given by the server; the addresses in URI notation – Uniform Resource Identifier – of the requested resources) and other parameters related to the user’s operating system and computer environment. These data, which are not associated with directly identifiable users, are processed, for the time strictly necessary, for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its regular functioning.
2. Cookies: For the processing of data though cookies, please read the relevant policy, available at the following link: https://www.snav.it/cookie
3. Data voluntarily provided by the user and/or communicated by third parties: Data provided directly by the data subject and/or by third parties (such as travel agencies) when purchasing a ticket, requesting a service or enrolling in the SNAV Easy Life program, and include:
   1. name, surname, gender, age and date of birth, nationality, details of ID, fiscal code or VAT number, billing address and location, copy of ID, etc;
   2. information contained in the self-certifications issued pursuant to Italian Presidential Decree no. 445/2000 that are collected to enable interested parties to take advantage ore receiving discount dedicates to residents;
   3. Data related to the vehicle boarded (e.g., license plate number, vehicle make and model);
   4. Data related to membership in professional categories or loyalty programs signed with third-party companies;
   5. Contact information (phone number, e-mail).
   6. bank data (IBAN, bank/postal data, and credit cards details);
   7. data relating to the passenger’s health status (falling under the « special categories of data » referred to in Article 9 of the GDPR);
   8. information that the data subject provides by communicating by telephone to our contact center, by e-mail, or through the Site;
   9. data entered by means of messaging functionality, posting of messages and information transmitted through such channels;
   10. Wi-Fi network connection IP address.

4. Third-party data: through the Site, SNAV may also collect and process personal data belonging to third parties. For this reason, the Data Controller provides the following information with reference to the processing of the data of these subjects, or of passengers on whose behalf the customer makes a reservation, purchases a ticket, or submits a complaint, or those exercising parental responsibility for passengers under the age of 14.

These data include:

• • personal data (name, surname, gender, age or date of birth, nationality, fiscal code or vat number, etc.);
  • e-mail address;
  • copy of a valid identity document;
  • if applicable, data relating to the Passenger’s state of health (falling within the « special categories of data » referred to in Art. 9 of the GDPR);
  • in the case of passengers under the age of 14, personal data (name, surname, gender, date of birth, nationality, etc.) and a copy of an identity document of the person exercising parental responsibility.

The provision of third party data is optional; however, in the case that the third party’s personal data is not provided, SNAV may not be able to guarantee the performance of the provision or service (e.g., ticket purchase, complaint handling).

In the event that the customer provides data of minor under the age of fourteen, the same guarantees SNAV that, he/she is exercise of parental responsibility (it being understood that SNAV may take the measures it deems reasonable in order to verify the age of fourteen).

The customer guarantees SNAV that he/she has the right to communicate such data and will take care to inform third party about the processing of his/her personal data, with particular reference to the type of data processed, the purposes and the time of storage of data, the subjects who have access to such information, and the exercise of the rights provided for the GDPR, also by providing the third party with a copy of this policy or an indication of the web page where this policy is made available.

In the case of passengers with reduced mobility or special dietary requirements, the customer guarantees to SNAV that he/she has obtained express consent from passengers to the processing of personal data relating to his/her state of health necessary for the provision of any on-board assistance or a specific service. In any case, SNAV reserves the right to request proof of the consent given, even by requesting it directly from the passenger.

Purposes, legal bases of processing and duration of storage: The processing of the data takes place for the purposes and based of the assumptions indicated below.

1. Management and operation of the Site. The browsing data are collected and processed to allow the operation of the Site. Legal basis of the processing: the legitimate interest of the Data Controller. Data retention period: browsing data will be stored in accordance with the Cookie Policy available at www.snav.it/cookie.
2. Booking and ticket purchase, as well as for all purposes related to the obligations arising from the maritime transport contract (supply of products and services on board the ship, sending logistical communications, organization of events on board the ship, use of any discounted rates, etc…). The telephone number will be used exclusively for service communications relating to the ticket purchased and/or booked trip, in accordance with applicable regulations. Legal basis of the processing: fulfillment of contractual obligations or execution of pre-contractual activities requested by the data subject. In absence of such data, it will be impossible to execute the contract or provide what the customer/passenger requires. Data retention period: duration of the contractual relationship with the customer and/or passenger, subject to storage for further purposes as set out below.
3. Passenger acceptance on board. The data provided for the purchase of the ticket, including those related on health status, will also be used in order to allow the passenger to be accepted on board. Legal basis for processing: fulfillment of obligations set out in Directive – 18/06/1998, No. 41 transposed by Ministerial Decree 13/10/1999, No. 1112300 registration of passenger information. Data retention period: duration imposed by law.
4. Management of special food requests. In the case of passengers with special dietary requirements (e.g., those who select the gluten-free menu). Legal basis of the processing:  express consent of the data subject. This consent can be expressed at the time of booking by ticking the box « passengers with reduced mode » or by selecting the option « Gluten-free menu » (which could also only indirectly, reveal data relating to your health status) or by directly communicating such information to the Controller by e-mail or call center. In the event of communication of such data by e-mail or call center, the interested party is aware and expressly accepts that his/her data, including those belonging to special categories, if communicated, will be subject to processing. Data retention period: time necessary to process the request, without prejudice to storage for further legal protection purpose.
5. Management of requests for special care and/or assistance and processing of health-related The data acquired at the time of booking or during the trip will be processed to provide requested assistance and to comply with laws and regulations and for communication to the Unique National Interface or Automatic Identification System (« AIS »). Legal basis for the processing: important public interest as well as for health care purposes, pursuant to Article 9 paragraph 1 letter (g) and (h) GDPR, in accordance with Legislative Decree No. 38 of 11 may, 2020, which implements Directive (EU) 2017/2109 in Italy. On the basis of the same regulations, the data acquired will also communicated- by entering them into the Unique National Interface or through AIS – to the General Command of the Port Authority Corps-Coast Guard, which will process such data as data controller pursuant to Article 4 of the Decree of the Ministry of Infrastructure and Sustainable Mobility dated September 28, 2022. Retention period: the data will be kept for the time strictly necessary and, in any case, until the end of the journey and the inclusion of the same into the Unique National Interface or AIS in accordance with the provisions of Article 12 of Legislative Decree No. 38 of May 11, 2020.
6. Fulfillment of legal obligations including tax, workplace safety, environmental, anti-money laundering, banking and public safety. Legal basis of the processing:  the need to comply with legal obligations incumbent on the Controller. Data retention period: duration imposed by law.
7. Administrative management of customers and/or passengers, including management of any suggestions, messages and/or e-mails received through the communication channels and contacts made available on the Site. Legal basis of the processing: The processing is based on the fulfillment of contractual obligations or the execution of pre-contractual activities requested by the data subject, as well as the legitimate interest of the Data Controller in the correct business management of the Company, also  for the purpose of improving the services offered. Data retention period: Time necessary to process the request or to respond to any suggestions/messages, without prejudice to storage for further legal protection.
8. Management of any emergencies on board one of our ships: In particular these data will be stored pursuant to Article 12 of Legislative Decree 38/2020, as amended, until the voyage of the vessel in question is safely completed and the data have been declared in the Single National Interface or in the event of an emergency or following an accident, until the completion of an investigation or judicial proceeding. Legal basis of the processing: fulfillment of the specific applicable legal obligations. Retention period: duration imposed to the applicable law.
9. Management of any complaints sent by customers or passengers. Legal basis of the processing: fulfillment of obligations imposed by Regulation (EU) 1177/2010 on the rights of passengers traveling by sea and inland waterway. Data retention period: duration imposed by the same regulation.
10. Enrollment to the SNAV Easylife program: the data will be processed to allow to use the service. Legal basis of the processing: the processing is based on the fulfillment of contractual obligations or execution of pre-contractual activities requested by the data subject. Data retention period: the data will be kept for the duration of enrollment in the SNAV Easy life program.
11. Judicial protection purposes, including the purpose of verifying the truthfulness of information contained in the self-certifications pursuant to Italian Presidential Decree 445/2000, to prevent or prosecute offences. Legal basis of the processing: legitimate interest of the Data Controller to protect its rights. Data retention period: equal to the time necessary to assert the rights of the Controller. In the case of self-certifications pursuant to Italian Presidential Decree no. 445/2000, these will be kept for the time strictly necessary to verify the veracity of the information and, in any case, for a maximum period of 6 months. This is without prejudice to further storage in the event of false declarations to prevent or persecute deceitful use.
12. Sending communications and updates on the services and activities of the Data Controller. Legal basis of the processing: legitimate interest of the Data Controller to send updates and stay in touch with the  customers. Data retention period: 24 months from acquisition.
13. Newsletter subscription: your e-mail address, first and last name and telephone number may be processed for sending newsletters. Legal basis of the processing: the processing is based on the express consent of the data subject. Data retention period: the data will be processed until the consent is revoked.
14. Section “ Call me back”: the first name, last name, and phone number may be processed to get back in touch with the user that fills out the form. Legal basis for processing: the processing is based on the performance of pre-contractual activities requested by the data subject. Data Retention period: the time required to process the request.
15. Access to the Wi-Fi network: the Data Controller shall process the IP address of the connection to the Wi-Fi network if the customer requests to use the service.
    Legal basis for processing: fulfillment of contractual obligations or execution of pre-contractual activities requested by the data subject. Furthermore, the Data Controller may process the acquired data if necessary to comply with a legal obligation, as well as – based on its legitimate interest – in order to monitor and ensure the security of the IT infrastructure or to defend its rights.
    Data retention period: the data shall be retained for 7 days and, where required by law and/or to pursue the legitimate interest of the Data Controller in safeguarding its rights, for a maximum period of 10 years.

Nature of the provision of personal data.

The provision of data for the purposes referred to points a), b), c), e), f), g), h), i), n), o), above is necessary to allow us to follow up the execution of the contract and/or your requests and/or to provide the requested service. Any refusal, however, would make it impossible for the data subject to communicate with the Data Controller as well as, to execute the contract in place with the Data Controller and/or to process your requests and/or to provide the requested service and/or to update you in relation to its services.

The provision of data for the purpose referred to the point d) above is optional and free, as well as conditioned to the explicit consent of the interested party. Any refusal, however, will made it impossible for the Data controller to follow up on the request for assistance on board the ships and/or the request regarding specific dietary needs of passengers.

The provision of data for the purpose referred to the point j) above is optional and free. The interested party may object to such processing at any time, without prejudice in any way to the processing carried out by the Data Controller prior to such opposition.

The provision of data for the purpose referred to the point l) above is optional and free, as well as conditioned to the explicit consent of the interested party. Any refusal, however, will not have any consequence for the execution of the contract and/or for providing the requested service.

Disclosure of data: within the scope of  the aforementioned purposes, the data may be communicated to our collaborators and employees, within the scope of the assigned duties and on the basis of specific authorization for the processing of  data, in line with the purpose of the processing itself, as well as to all those natural and/or legal persons entitled to receive the personal data of the data subjects as Data Processors pursuant to art. 28 of the GDPR or independent Date Controller when the communication is necessary or functional for the execution of pre-contractual measures and/or the contract, in the manner and for the purposes illustrated above (e.g., consulting company in charge of the management and maintenance of the website, provider of contact center and online payment service, external consultants, maritime agencies, terminals and port authorities, or required from law or regulation etc.).

In addition, the data may be communicated to commercial partners with whom SNAV has entered into an agreement, in order to recognize or have granted benefits to customers and/or passengers and to other companies of the MSC Group. These parties will process any data acquired as independent data controllers.

In case of ticket purchase through the Trenitalia’s ticketing platform, the personal data provided therein will be received by SNAV in order to issue the relevant ticket and processed in accordance with this policy. In such cases, it will be possible to consult the information on the processing of personal data on the Site, as well as by clicking on the link made available by Trenitalia in its privacy policy. The information will also be available at ticket offices and on board the ships.

Rights of Data Subjects

We would like to inform you that, as a interested party, you can exercise the rights referred to in Articles 15-22 GDPR, including access to personal data, rectification, erasure of personal data or restriction of processing, opposition to processing as well as request for data portability; for processing based on consent, it will be possible to revoke the consent given at any time (this will not affect the lawfulness of the processing based on the consent given before the withdrawal). The exercise of these rights can be carried out  by sending an e-mail to the e-mail addresses privacy@snav.it and/or protezionedati@marinvest.it or by sending a registered letter with acknowledgement of receipt to the registered office of the Controller at « Stazione Marittima Molo Angioino CAP 80133 Naples ».

A complete and up to date list of data processor can be obtained from the same above addresses.

At the same addresses, you may request the complete and updated list of the data processors.

The interested party may at any time get opposition to the sending of communications related to commercial and marketing activities by selecting the option « If you prefer not to receive any more of our communications, click here » at the bottom of the e-mail containing the newsletter.

In addition, you can exercise your rights, in relation to the processing of personal data carried out through our social pages, by contacting each of these social pages in accordance with the provisions of their respective privacy policies.

We also inform you that if you believe that the processing violates your rights, you can file a complaint with the Data Protection Authority – www.garanteprivacy.it.

Updated version dated December 13^rd 2024