updated to EU Reg 2016/679

1) Introduction

SailingAndSea Ltd takes the user’s privacy seriously and is committed to respecting it. This privacy policy (“Privacy Policy”) describes the personal data processing activities carried out by SailingAndSea Ltd through the website and the related commitments undertaken by the Company.

SailingAndSea Ltd may process your personal data when you visit the Site and use the services and features on the Site. In the sections of the Website where the user’s personal data is collected, a specific information notice is normally published pursuant to art. 13 /15 of EU Reg. 2016/679.

If provided for by EU Reg. 2016/679 will be required the consent of the user before proceeding to the processing of your personal data. If the user provides personal data of third parties, he must ensure that the communication of data to SailingAndSea Ltd and the subsequent processing for the purposes specified in the applicable privacy policy is in accordance with EU Reg. 2016/679 and applicable legislation.

2. Identification details of the holder, responsible

Data controller:

SailingAndSea Ltd

Towngate House

2-8 Parkstone Road – Poole

BH15 2PW Dorset

United Kingdom

VAT GB218875866

Italian contact number +39 335 6559649

Franch contact number +330640629389

You can obtain information about the data stored by us at any time and free of charge, and exercise the right to correction, blocking or deletion of data by communicating via email or phone to the contact data mentioned above.

3. Type of data processed

Visiting and browsing the Site generally does not involve the collection and processing of your personal data except for browsing data and cookies as specified below. In addition to the so-called “navigation data” (see below), personal data may be processed voluntarily

provided by you when you interact with the functionality of the Site or request to use the services offered on the Site. In compliance with the Privacy Code, SailingAndSea Ltd may also collect the user’s personal data from third parties in the course of its business.

4. Storage of personal data

Personal data are stored and processed through computer systems owned by SailingAndSea Ltd and managed by SailingAndSea Ltd or third party providers of technical services, for more details please refer to the section on “Scope of accessibility of personal data” below. The data are processed exclusively by specifically authorised personnel, including personnel responsible for carrying out extraordinary maintenance operations.

5) Purposes and methods of data processing

SailingAndSea Ltd may process the user’s common and sensitive personal data for the following purposes: use by users of services and features on the Site, management of requests and reports by its users, sending newsletters, management of applications received through the Site, etc.. Furthermore, with the additional and specific optional consent of the user, SailingAndSea Ltd may process personal data for marketing purposes, i.e. to send the user promotional material and/or commercial communications relating to the Company’s services, at the addresses indicated, either through traditional methods and/or means of contact (such as, paper mail, telephone calls with operators, etc.) or automated (such as, communications via the Internet, fax, e-mail, SMS, applications for mobile devices such as smartphones and tablets – so-called “personal computers”). APPS, social network accounts – e.g. via Facebook or Twitter -, calls with an automatic operator, etc.).

Personal data are processed both in paper and electronic form and entered into the company information system in full compliance with EU Regulation 2016/679, including security and confidentiality profiles and inspired by the principles of fairness and lawfulness of treatment. In accordance with EU Reg. 2016/679, the data are stored and conserved for the period of time necessary for processing.

6. Security and quality of personal data

SailingAndSea Ltd is committed to protecting the security of the user’s personal data and complies with the security provisions set out in applicable legislation to prevent loss of data, unlawful or unlawful use of data and unauthorized access to them, with particular reference to the Technical Regulations on minimum security measures. In addition, the information systems and computer programs used by SailingAndSea Ltd are configured to minimize the use of personal data and identifiers, such data are processed only for the achievement of specific purposes pursued from time to time. SailingAndSea Ltd uses a variety of advanced security technologies and procedures to help protect your personal data; for example, your personal data is stored on secure servers located in places with protected and controlled access. The user can help SailingAndSea Ltd to update and keep correct their personal data by communicating any change related to their address, their qualification, contact information, etc.

7. Scope of communication and access to data

The user’s personal data may be communicated to:

all subjects whose right to access these data is recognized by regulatory measures;

our collaborators, employees, as part of their duties;

to all those natural persons and/or legal entities, public and/or private when the communication is necessary or functional to the carrying out of our activity and in the ways and for the purposes illustrated above.

8. Nature of conferment of personal data

The provision of certain personal data by the user is mandatory to allow the Company to handle communications, requests received from the user or to contact the user to respond to his request. This type of data is marked with an asterisk [*] and in this case the provision is mandatory to allow the Company to respond to the request that, in default, can not be processed. On the contrary, the collection of other data not marked with an asterisk is optional: failure to do so will not have any consequences for the user. The provision of personal data by the user for marketing purposes, as specified in the section “Purposes and methods of treatment” is optional and refusal to provide them will not have any effect. The consent given for marketing purposes is extended to the sending of communications through methods and / or means of contact both automated and traditional, as above exemplified.

9. Rights of the interested party

12.1 Art. 15 (Right of access), 16 (Right of rectification) of EU Reg. 2016/679

The interested party has the right to obtain from the owner of the treatment confirmation that or not is in progress a processing of personal data concerning him and in that case, to obtain access to personal data and the following information:

(a) the purposes of the processing;

(b) the categories of personal data concerned;

(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations;

(d) the envisaged period of retention of the personal data or, if that is not possible, the criteria used to determine that period;

(e) the existence of the right to require the data controller to correct or erase personal data or to limit the processing of personal data relating to him or her or to object to their processing;

(f) the right to lodge a complaint with a supervisory authority;

(h) the existence of an automated decision-making process, including profiling and, at least in such cases, meaningful information on the logic used, as well as the importance and the expected consequences of such processing for the data subject.

10. Right referred to in Article 1 17 of EU Reg. 2016/679 – right to cancellation (“right to be forgotten”)

The interested party has the right to obtain from the data controller the cancellation of personal data concerning him without undue delay and the data controller has the obligation to delete without undue delay personal data, if there is one of the following reasons:

(a) personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) the data subject withdraws the consent on which the processing is based in accordance with point (a) of Article 6(1) or point (a) of Article 9(2) and if there is no other legal basis for the processing;

(c) the data subject objects to the processing referred to in Article 21(1) and there is no overriding legitimate reason for the processing, or objects to the processing referred to in Article 21(2);

(d) the personal data have been processed unlawfully;

(e) personal data must be erased in order to comply with a legal obligation under Union law or the law of the Member State to which the data controller is subject;

(f) the personal data have been collected in relation to the offer of information society services as referred to in Article 8(1) of Regulation (EU) No 2016/679

11. Right under Article 18 Right to limitation of treatment

The interested party has the right to obtain from the holder of the treatment the limitation of the treatment when one of the following cases occurs:

a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;

(b) the processing is unlawful and the data subject objects to the erasure of personal data and requests instead that the use of such data be restricted;

c) although the data controller no longer needs them for the purposes of the processing, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court;

d) the data subject has opposed the processing pursuant to Article 21, paragraph 1, of EU Reg. 2016/679 pending verification of whether the legitimate reasons of the data controller prevail over those of the data subject.

12. right referred to in Article 20 right to data portability

The data subject has the right to receive in a structured format, in common use and readable by automatic means, personal data concerning him or her provided to a data controller and has the right to be informed of any changes to his or her personal data.