Confidentialité : traitement des données personnelles

SNAV S.p.A. processes the personal data of users who visit its own website www.snav.it  (« webSite »),its own Customers and Passengers (hereinafter, also the « Data subject ») in compliance with Regulation (EU) 2016 / 679 (GDPR) and the Legislative Decree of 30 June 2003 n. 196, as amended by Legislative Decree 101/2018, and subsequent amendments (Privacy Code) as well as the principles of confidentiality which inspired the Company’s activity.

The following policy is provided only for the website indicated above and not for other websites that may be consulted by the user through links.

In accordance with artt. 13 and 14 of GDPR, SNAV must provide certain information regarding the use of personal data collected when the user visits our website and our social media, purchases tickets to travel on board of our ships, contacts our Contact center, sends us emails or messages.

1. Data Controller

The Data Controller is SNAV S.p.A. with registred office in Stazione Marittima – Molo Angioino, 80133 Napoli privacy@snav.it

2. Data Protection Officer

The Data Protection Officer can be contacted  to the following email  protezionedati@marinvest.it

3. Categories of acquired data

3.1 Navigation data

During normal operation the IT systems and software procedures used to operate this Website acquire some personal data which are then implicitly transmitted in the use of internet communication protocols. This is information that is not collected to be associated with identified Data subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified (e.g. IP addresses, domain names of the computers used by users who connect to the website, request time, numerical code indicating the status of the response given by the server; the addresses in URI – Uniform Resource Identifier – of the requested resources) and other parameters relating to the operating system and the IT environment of the user.

Personal data, not associated with directly identifiable users, will be processed, for the time strictly necessary, for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its regular functioning.

Personal data will be processed mainly in an automated form, or manually with paper supports, with logic strictly related to the aforementioned purposes and for the time strictly necessary to achieve the same purposes, and in any case through the use of suitable tools to guarantee their safety and confidentiality and in compliance with current regulatory provisions.

3.2 Cookies

For the processing of data through cookies, please read the relative policy, available at the following link: https://www.snav.it/cookie

3.3 Data provided voluntarily and / or communicated by third parties

The personal data being processed, carried out for the purposes indicated in paragraph 4 below, is collected directly from SNAV directly to the Data Subject and / or third parties (Customer) and belong to the following categories:

• personal data necessary for issuing the invoice (name and surname, gender, age or date of birth, nationality, tax code or VAT number, billing address and location, etc.), as well as data relating to belonging to professional categories or registration in loyalty or membership programs signed with third-party companies;
• contact details (telephone number, e-mail);
• bank data (IBAN, bank / postal data, and credit cards);
• possibly, data relating to the state of health of the passenger (falling into the « particular categories of data » referred to in art. 9 of the GDPR);
• information that the Data Subject provides by communicating by telephone to our Contact center, by e-mail or through the Site;
• data entered by means of the messaging functionality, publication of messages;
• further data provided by the Customer according.

3.4 Third party data

SNAV S.p.a. provides the following information with reference to the processing of personal data of third parties, or of the Passengers on whose behalf the Customer makes a reservation, buys a ticket or makes a complaint.

The data of third parties that SNAV S.p.a. acquires for the aforementioned purposes will be:

• personal data (name and surname, gender, age or date of birth, nationality, tax code or VAT number, etc. …);
• copy of a valid identity document;
• possibly, data relating to the state of health of the passenger (falling into the « particular categories of data » referred to in art. 9 of the GDPR);

The provision of data is optional, however the failure to provide data required may preclude the conclusion of the proceeding for which such data have been required (e.g. purchase of ticket).

In the event that the Customer provides data for children under the age of fourteen, the same guarantees SNAV S.p.A. to be the owner of parental responsibility.

The customer guarantees SNAV S.p.A. to have the right to communicate such data and will take care to inform third parties about the processing of his own personal data, with particular reference to the type of data processed, the purposes and the storage times of the data, to the subjects who have access to this information and to the exercise of the rights provided by the GDPR, also by delivering a copy of this information to the third parties or indicating the web page where this information is available.

4. Purpose and legal basis of the processing and data retention

The processing of the personal data acquired takes place for the following distinct purposes and based on the various relative legal bases of treatment:

• (a) booking and purchasing of the ticket, as well as for all the purposes related to the obligations deriving from the maritime transport contract (supply of products and services on board the ship, sending logistical communications, organization of events on board the ship, etc …). Legal basis of treatment: fulfillment of contractual obligations or execution of pre-contractual activities requested by the Data Subject. In the absence of such data it will be impossible to execute the contract or provide what requested by the Customer and / or the Passenger. Data retention: duration of the contractual relationship with the Customer and / or the Passenger;
• (b) acceptance of the Passenger on board. Legal basis of treatment: fulfillment of the obligations under the Directive – 18/06/1998, n. 41 acknowledged by DM 10/13/1999, n. 1112300 for registering passenger information. Data retention: corresponds to the duration imposed by the legislation;
• (c) activities required by applicable legislation, including tax, workplace safety, environmental, anti-money laundering, banking and public safety legislation. Legal basis of treatment: need to comply with legal obligations. Data retention: corresponds to the duration imposed by the legislation;
• (d) administrative management of Customers and / or Passengers. Legal basis of treatment: legitimate interest of the data controller in the correct corporate management, also for the purpose of compliance with the law. Data retention: corresponds to the duration imposed by the legislation;
• (e) management of a possibly complaint. Legal basis of treatment: fulfillment of obligations in compliance with Regulation (EU) no. 1177/2010 of the European Parliament and of the Council of 24 November 2010 concerning the rights of passengers when travelling by sea and inland waterway. Data retention: corresponds to the duration imposed by the legislation;
• (f) management of a suggestion possibly proposed by the Customer and / or the Passenger. Legal basis of treatment: legitimate interest of the data controller in correct business management for the purpose of improving the services offered. Data retention: one year after receiving the suggestion;
• (g) purposes of judicial protection, to prevent or prosecute offenses. Legal basis of treatment: the legitimate interest in order to protect his own rights and preventing wrongdoing. Data retention: the period is equal to the time reasonably necessary to assert our rights from the moment we become aware of the offense or its potential commission;
• (h) ending marketing communications relating to the activity of the Data Controller. Legal basis of treatment: the consent of the Data Subject. Data retention: maximum 24 months.

The provision of data referred to in the previous points a), b), c), d), e), f) e g) is optional. However the failure to provide data required may preclude the impossibility for the Data Subject  to communicate with the Data Controller, as well as for the latter, to execute the existing contract with the same and / or to process his requests.

The provision of data referred to in the previous point h) is optional and free, as well as subject to the explicit consent of the the Data Subject. Any refusal will not entail any consequence except for the impossibility for the Owner to carry out the activities indicated therein. The Data Subject may revoke their consent at any time, without this in any way affecting the processing carried out by the Data Controller before such revocation, in the manner indicated in paragraph 8 below.

5. How data is processed

In relation to the aforementioned purposes, the data may be subject to manual processing, with the use of IT, telematic and paper media and may be filed in a specific database.

All data processing operations are carried out in such a way as to guarantee the integrity, confidentiality and availability of personal data

6. Disclosure of data outside

In the context of the aforementioned purposes personal data may be disclosed:

• to our collaborators and employees in order to the tasks assigned and on the basis of the consent specifically issued by the candidate, in line with the treatment itself;
• to all natural and / or legal persons entitled to receive the personal data of the Data Subject as Data Processors pursuant to art. 28 of the GDPR or independent owners, when the communication is necessary or functional for the execution of the pre-contractual measures and / or the contract, in the ways and for the purposes described above (e.g., consultancy company in charge of the management and maintenance of the website, supplier of the Contact Center and online payment, external consultants, shipping agencies, terminals and port authorities, etc. ..);
• companies belonging to the same business group

The information submitted to us will be limited to the data necessary for the recipients to carry out the tasks and /or for the purposes related to the communication itself.

The complete list of data processors can be found at the owner’s data controller, or can be requested via email at the email address

7. Transfers of personal data to a third country

SNAV S.p.A. does not transfer passenger data outside the European Union.

8. Data subject rights

Pursuant to  Articles from 15 to 20 GDPR the data subject has the following rights:

• confirmation of the existence or not of a processing that concerns you and access to your data, including information regarding:
  • purpose of the processing;
  • categories of acquired data subject of the processing;
  • the recipients to whom the data are or will be communicated;
  • the possible transfer of data outside the European Union and the existence of the related guarantees;
  • data retention period or the criterion for determining it;
  • any right to rectification and deletion of data, to limitation and opposition to processing;
  • the right to lodge a complaint with the supervisory authority;
  • the origin of the data;
  • the existence of an automated decision-making process;
• a copy of the personal data being processed if this does not infringe the rights and freedoms of others;
• the correction of inaccurate personal data;
• the cancellation of personal data concerning them;
• the revocation of the given consent;
• the limitation of the processing of your personal data;
• a copy of the personal data being processed, a structured format commonly used and readable by an electronic device, also for the purpose of transmission to another owner.

In accordance with Articles 21 and 22 GDPR and the corresponding articles of the Privacy Code, the Data subject may exercise the following rights:

• to object, at any time, for legitimate reasons related to your situation, the processing of data concerning them and necessary for the execution of tasks of public interest or for the pursuit of the legitimate interest of the owner
• not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or which similarly significantly affects you.

To exercise own rights, or to obtain information regarding the processing of data concerning them, the Data subjct can contact SNAV S.p.A. in one of the following ways:

• postal service to the following address: SNAV S.p.A. Stazione Marittima Molo Angioino CAP 80133 Napoli
• privacy@snav.it
• by contacting the Data Protection Officer at this mail protezionedati@marinvest.it

In particular, the Data subject  can at any time oppose the sending of communications related to commercial and marketing activities by selecting the option « If you prefer not to receive our communications anymore, click here » at the bottom of the email containing the newsletter.

9. Right to lodge a complaint with the Competent Authorities

Pursuant to art. 77 GDPR., the Data subject has the right to lodge a complaint with the Competent Authorities if he believes that a treatment that concerns him violates one of the provisions of the GDPR or the Privacy Code.