menu
altlogo
Book a table
eng
Where we are
Telephone
Offers
GPS
Book
Call
Privacy Policy 1

Privacy Policy

Privacy Policy Information pursuant to EU Regulation 2016/679 (GDPR)

Article 1) Definitions.
Data Subject: is the individual, whether a natural person or a legal entity, whose Personal Data is processed.
Personal Data: information that identifies or makes identifiable, directly or indirectly, a natural person and that can provide information about their characteristics, habits, lifestyle, personal relationships, health status, economic situation, etc.
Processing: any operation or set of operations, performed with or without the aid of automated processes and applied to Personal Data or sets of Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination, or any other form of making available, comparison, or interconnection, restriction, erasure or destruction. Data Controller: the natural or legal person, public authority, service, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
Data Processor: a subject appointed by the Data Controller who, on behalf of the controller, processes Personal Data, ensuring the implementation of appropriate technical and organizational measures so that the processing meets the legally required standards and guarantees the protection of the rights of the Data Subject.

Article 2) Data Controller.
The Data Controller is Yacht Club Tevere S.r.l., with legal headquarters at via Costalunga n. 21/31, zip code 00054, Fiumicino (RM), Tax Code and VAT number 01206651000, email amministrazione@portoromano.com, PEC address yctsrl@pec.portoromano.com.


Article 3) Types of Personal Data, Purposes, and Legal Basis of Processing.
Yacht Club Tevere S.r.l. is the company managing the Porto Romano facility, offering mooring, maintenance, repair, and boat parking services, with customer reception and entertainment within its structures, comprised of the Yacht Club, restaurant, hotel, gym, and sauna. Additionally, Yacht Club Tevere S.r.l. manages the structure’s website (www.portoromano.com), through which users, upon registration, can book the company’s services and post commercial ads related to boats, items, and onboard personnel. Finally, registered users, upon specific and express consent, can subscribe to the newsletter to receive communications, updates, and offers related to goods and services provided by the company.
Therefore, Yacht Club Tevere S.r.l. acquires, stores, and uses Personal Data of Data Subjects to properly fulfill contractual obligations arising from its activities. In any case, Yacht Club Tevere S.r.l. primarily acquires, stores, and uses the following Personal Data:
• Name and surname or company name;
• Email address;
• Phone number;
• Tax code and/or VAT number.
Yacht Club Tevere S.r.l. may process sensitive data in order to correctly provide access to the gym and sauna facilities within the accommodation structure. In such cases, Yacht Club Tevere S.r.l. provides the customer with specific information and also obtains explicit consent for processing such data. Any sensitive data processed will be retained for a period not exceeding that necessary to manage and provide the requested service.
Regarding credit card numbers or access credentials to payment systems used by the customer, Yacht Club Tevere generally does not request, store, or process such data. They are not communicated to Yacht Club Tevere but directly to the payment service provider. In the exceptional event that the customer expressly requests Yacht Club Tevere to enter such data into the payment service on their behalf, once entered, this data will be immediately deleted.
Regarding the services offered by the website, the company processes related browsing data: the IT systems and software procedures used to operate the company’s website acquire, during their normal operation, certain Personal Data, the transmission of which is implicit in the use of internet communication protocols. These are pieces of information not collected to be associated with identified individuals, but which, by their very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment. This data is used solely to obtain anonymous statistical information about the site’s usage and to ensure its correct functioning and is deleted immediately after processing. The data may be used to ascertain liability in the event of hypothetical cybercrimes against the site.
The aforementioned Personal Data of the Data Subject is processed by the company for the following purposes based on the connected legal bases:
• Contractual purposes: execution of the contract of which the Data Subject is a part and their use of the services offered and requested from the company;
• Legal obligations and civil liability of the company: compliance with obligations provided by national and supranational regulations, especially in accounting, tax, and workplace safety (Legislative Decree no. 81/2008 and subsequent amendments), as well as the prevention of any form of civil liability on the part of the company for the activities performed;
• With express consent to send newsletters to update on our services and advertise the events we organize and/or to follow up on requests for information and/or contact;
• Owner’s rights: ascertain, exercise, or defend the company’s rights in judicial or extrajudicial proceedings if necessary;
• Website operation: the Personal Data of the Data Subject entered therein is necessary for its operation and for the use of services offered by the company through it.

Article 4) Methods of Data Acquisition and Storage.
Personal Data is processed lawfully and fairly and used only for the purposes stated in Article 3. The processing will take place using suitable tools to ensure the security and confidentiality of Personal Data, employing totally or partially automated tools designed to store, manage, and transmit the data, both in paper and electronic format. Specific security measures are adopted to prevent data loss and contain the risks of unauthorized or incorrect use and access.
Personal Data is obtained directly from the Data Subject, through the completion of specific online forms, direct contact, or phone communication. In the case of Personal Data not obtained directly from the Data Subject but through third parties, the Data Controller will inform the Data Subject of this through email or appropriate notice. The Controller will provide this information to the Data Subject no later than one month from obtaining the Personal Data or, if the data is intended for communication with the Data Subject, no later than at the time of the first communication with the Data Subject, or, in the case of communication to another recipient, no later than the first communication of the Personal Data.
The acquired data is electronically stored in a cloud owned by an external entity, falling under those mentioned in the subsequent Article 8), specifically appointed by Yacht Club Tevere.

Article 5) Obligation and Necessity of Data Provision.
The provision of Personal Data by the Data Subject is mandatory and necessary to fulfill contractual obligations and comply with mandatory legal requirements related to tax, fiscal, accounting, workplace safety obligations, and any other obligations prescribed by the law. In the event of refusal by the Data Subject to provide the required information, Yacht Club Tevere S.r.l. cannot accept any orders or execute any contracts.

Article 6) Optional Data Provision: Website Services.
Apart from what is specified for browsing data, the user is free to provide Personal Data to request services offered by the company through the website (booking services, ads, newsletter subscription, etc.). Failure to provide them may result in the inability to obtain the requested service.

Article 7) Data Retention Period.
The Personal Data of the Data Subject will be retained for the entire duration of the contract and, after its termination, for the period specified in Article 2220 of the civil code for the fulfillment of related tax and fiscal obligations.
In the case of judicial or extrajudicial disputes, even if only potential, Personal Data will be retained for the entire duration of the dispute and until the expiration of the terms for filing actions or, more generally, until the expiration of the limitation or prescription periods of rights or claims as prescribed by law.
Upon the expiration of the mentioned terms, the Personal Data of the Data Subject will be deleted, in accordance with the technical procedures established for this purpose.

Article 8) Independent Data Controllers, Data Processors, and Recipients of Personal Data.
In addition to the Data Controller and those formally appointed by the Data Controller under their authority, the Personal Data of the Data Subject may be processed by external entities acting as Independent Data Controllers.
Furthermore, Personal Data may be processed on behalf of the company by authorized external entities designated as Data Processors, to whom appropriate operational instructions are given.
Finally, recipients of the Personal Data of the Data Subject may include the Judicial or Administrative Authority, or other subjects specifically indicated and authorized by law, to whom the data must be communicated to fulfill specific legal obligations.
A complete and up-to-date list of Independent Data Controllers, Co-Controllers, appointed Data Processors, and Recipients of Personal Data can be obtained by contacting the company via PEC or registered mail to the addresses specified in Article 2, attaching a signed copy of an identification document in this case.

Article 9) Website Registration and Newsletter Service.
Personal Data provided for website registration and newsletter subscription will be stored and used until the Data Subject requests the deletion of their personal account. This request should be sent via email from the same address provided during registration to amministrazione@portoromano.com, or through PEC or registered mail to the addresses specified in Article 2, attaching a signed copy of an identification document.
Concerning the newsletter service, if the Data Subject has given specific and express consent, their Personal Data may be used to send communications about news, events, and offers related to goods and services provided by the company. The Personal Data provided for this purpose will be stored and used until the Data Subject revokes their consent. This revocation should be sent via email from the same address provided during website registration to amministrazione@portoromano.com, or through PEC or registered mail to the addresses specified in Article 2, attaching a signed copy of an identification document.

Article 10) Rights of the Data Subject and Complaint to the Supervisory Authority.
The Data Subject has the right:
- to access Personal Data concerning them;
- to obtain the rectification of such data or the restriction of Processing concerning them;
- to object to the Processing;
- to obtain the erasure of Personal Data concerning them;
- to withdraw consent at any time without affecting the lawfulness of Processing based on consent before its withdrawal;
- to receive, where the Processing is based on consent or a contract and is carried out by automated means, their Personal Data in a structured, commonly used, and machine-readable format, and, if technically feasible, to transmit it to another controller without hindrance.
To exercise these rights, the Data Subject can contact the company via PEC or registered mail to the addresses specified in Article 2, attaching a signed copy of an identification document. The Data Subject also has the right to lodge a complaint with the competent supervisory authority in the Member State where they habitually reside or work, or where the alleged violation occurred.

Article 11) Video Surveillance.
For security reasons and the prevention of crimes against the company, Yacht Club Tevere S.r.l. has set up a video surveillance system within the Porto Romano facility, fully complying with national primary and secondary regulations, acts of the Privacy Guarantor, and European regulations. Therefore, the areas under video surveillance are appropriately marked, and customers/visitors are duly informed.

Article 12) Changes to the Privacy Policy.
This Privacy Policy may be amended, including as a result of legislative or regulatory changes, technological developments, and the provision of new services or modification of existing ones. Therefore, users/visitors/customers are invited to periodically consult Yacht Club Tevere S.r.l.'s Privacy Policy.

Article 13) Security of Personal Data.
The Data Controller has implemented specific security measures to prevent the loss, unlawful or incorrect use, and unauthorized access to the Personal Data of the Data Subject. However, it is necessary for the Data Subject to use devices equipped with suitable tools for this purpose (such as updated antivirus and an internet connection that ensures data transmission through firewalls, anti-spam filters, etc.).