Privacy Policy


Terms and conditions

Disclaimer

The user acknowledges and accepts that the use of this site is at his own risk. The user accepts that the site and all its contents, including any services offered, are provided “as is” and “with all errors”.

Capri Sightseeing Srl, therefore, does not issue any kind of guarantee, explicit or implicit, regarding such contents, including, without limitation, lawfulness, right of ownership, convenience or suitability for particular purposes or uses.

Capri Sightseeing Srl does not guarantee that the site is compatible with the user’s equipment or that it is free of errors or viruses, bugs or “Trojan horses”. Capri Sightseeing Srl is not responsible for damages suffered by the user due to such destructive elements.

The user recognizes and accepts that Capri Sightseeing Srl, its collaborators or its suppliers are not responsible:

  1. for damages caused by negligence of Capri Sightseeing Srl, its collaborators, subcontractors, suppliers or for damages deriving from this site, as well as for lost profits, losses, incidental or consequential damages or any other partial damage or total, direct or indirect;
  2. for malfunctions in the use of materials or services of this site caused by the user’s computer or equipment.

Capri Sightseeing Srl is in no way responsible for the content and services on websites that you should access through this site.

When you access another website, remember that it is independent of this site and that it has no control over the content of the site in question. Furthermore, the existence of a hyperlink (link) to another site does not imply approval or acceptance of responsibility, even partial and / or indirect, by Capri Sightseeing Srl about the content or use of the site.

Furthermore, Capri Sightseeing Srl is not responsible in any way for the goodness of the connectivity services used by you to connect to the network and reach the site and make use of the services accessible in the same.

Capri Sightseeing Srl can not in any way be held responsible for the continuous availability of telephone lines and equipment that the user uses to access this site.

Capri Sightseeing Srl reserves the right to inhibit or prohibit or suspend access to this site and its services at any time without prior notice.

Limitation of liability

Under no circumstances, including, without limitation, negligence, Capri Sightseeing Srl, its suppliers or collaborators will be held responsible for any direct, indirect, incidental, consequential damage, related to the use of this website or other websites linked to it by a hypertext link, including without limitation, damages such as loss of profits or turnover, interruption of business or professional activity, loss of programs or other type of data located on the user’s computer system or another system, even if the department of general administration of personnel and services had been expressly informed of the possibility of the occurrence of such damage. This disclaimer clause is not intended to circumvent compliance with the requirements set by current legislation, nor to exclude liability for cases in which it can not be excluded under applicable law.

Copyright

The contents of the site – script code, graphics, texts, tables, images, sounds, and any other information available in any form – are protected under the law on intellectual property.

Each product or company mentioned on this site are trademarks of their respective owners or holders and may be protected by patents and / or copyrights granted or registered by the appropriate authorities.

For purposes of profit it is allowed to use, copy and distribute the documents and related images available on this site only with written permission (or equally valid for legal purposes) of Capri Sightseeing Srl, subject to any legal rights. The copyright notices, the authors where indicated or the source itself must in all cases be cited in publications in any form realized and disseminated.

Any form of link to this Site, if inserted by third parties, must not damage the image and activities of Capri Sightseeing Srl.

The cd is forbidden. deep linking or the non-transparent use of parts of the Site on third-party sites.

Any non-compliance with these provisions, unless explicitly authorized in writing, will be prosecuted in the relevant civil and criminal courts.

The personal data you provide in relation to the use of this site (hereafter the “Site”) and the related services (hereafter the “Services”) are processed in accordance with Legislative Decree no. n. 196/2003 containing the “Code regarding the protection of personal data”. Pursuant to article 13 of the aforementioned law, we inform you of the following information regarding the processing of your personal data.


Information pursuant to art. 13 of the Regulation (EU) n. 679/2016 (“GDPR”) and art. 13 of Legislative Decree. n. 196/2003

Capri Sightseeing Srl protects the confidentiality of personal data and guarantees to them the necessary protection from any event that could put them at risk of violation.

As required by the European Union Regulation no. 679/2016 (“GDPR”), and in particular to the art. 13, below we provide the user (“Concerned”) with the information required by law concerning the processing of their personal data.

This information is provided pursuant to art. 13 of Legislative Decree. n. 196/2003 containing the “Code regarding the protection of personal data” (hereinafter “Code”), with reference to the processing of personal data of users who access electronically to the site www.mef.gov.it and related services (hereinafter the “Services”).

Type of data processed

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes to the detriment of the site: apart from this possibility, the data will be kept for a period of time no longer than necessary for the purposes for which they were collected.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.

Who we are and what data we process (article 13, paragraph 1 letter a, article 15, letter b GDPR)

Capri Sightseeing Srl, in the person of its legal representative pt, based in Capri, Via Palazzo a Mare, 29 (NA), operates as Data Controller and can be contacted at privacy@pompeisightseeing.com and collects and / or receives information concerning the interested party, such as:

Data category Exemplification of data types
Personal data name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile phone, fax, social security number, e-mail address
Banking data IBAN and bank / postal data (except credit card number)
Data of telematic traffic Log, IP address of origin.

Capri Sightseeing Srl does not require the Data Subject to provide data c.d. “Particulars”, that is, according to the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as genetic data, data biometrics designed to uniquely identify a natural person, data relating to a person’s health or sexual life or sexual orientation. In the event that the service requested to Capri Sightseeing Srl requires the processing of such data, the interested party will receive prior notice and will be required to give appropriate consent.

The Owner has appointed a Data Protection Officer (DPO) who can be contacted for any information and requests:

e-mail: dpo@pompeisightseeing.com

Telephone: +39 348 074 90 32

For any information or request, the interested party may contact the address privacy@pompeisightseeing.com

Telephone +39 348 074 90 32

For what purposes we need the data of the interested party (Article 13, paragraph 1 of the GDPR)

The data are used by the Data Controller to follow up the registration request and the contract for the supply of the selected Service and / or the purchased Product, manage and execute the contact requests sent by the Interested Party, provide assistance, comply with legal and regulatory obligations. which the holder is kept in function of the activity exercised. In no case shall Capri Sightseeing Srl resell the personal data of the interested party to third parties or use them for undeclared purposes.

In particular the data of the interested party will be processed for:

a) registration and contact requests and / or information material

The processing of personal data of the interested party takes place to carry out the preliminary activities and consequent to the registration request, to the management of requests for information and to contact and / or sending information material, as well as for the fulfillment of any other obligation arising.

The legal basis of these treatments is the fulfillment of the services inherent to the request for registration, information and contact and / or sending of informative material and compliance with legal obligations.

b) management of the contractual relationship

The processing of personal data of the interested party takes place to carry out preliminary activities and consequent to the purchase of a Service and / or a Product, the management of the related order, the provision of the Service itself and / or production and / or the shipment of the purchased Product, the related invoicing and management of the payment, the handling of complaints and / or reports to the assistance service and the provision of the assistance itself, the prevention of fraud and the fulfillment of any other obligation arising from the contract.

The legal basis of these treatments is the fulfillment of the services inherent in the contractual relationship and compliance with legal obligations.

c) promotional activities on Services / Products similar to those purchased by the Interested Party (Recital 47 GDPR)

The data controller, even without your explicit consent, may use the contact details provided by the Interested Party, for the purpose of direct sale of their Services / Products, limited to the case in which the Services / Products are similar to those object of the sale, unless the interested party explicitly objects.

d) the commercial promotion activities on Services / Products different from those purchased by the interested party

The personal data of the interested party may also be processed for purposes of commercial promotion, for surveys and market research with regard to Services / Products that the Holder offers only if the Data Subject has authorized the processing and does not object to this.

This treatment can be automated, in the following ways:

  • e-mail;
  • sms;
  • telephone contact and can be done:
  1. if the interested party has not revoked his consent for the use of the data;
  2. if, in the event that the processing takes place through contact with the telephone operator, the interested party is not registered in the register of oppositions referred to in the D.P.R. n. 178/2010;

The legal basis of such processing is the consent given by the Interested party prior to the processing itself, which can be revoked by the interested party freely and at any time (see Section III).

e) computer security

The Owner, in line with the provisions of Recital 49 of the GDPR, treats, also through its suppliers (third parties and / or recipients), the personal data of the interested party relating to traffic to a strictly necessary and proportionate extent to ensure the security of networks and information, ie the ability of a network or an information system to resist, at a given level of security, unforeseen events or illicit or malicious acts that compromise availability, authenticity, integrity and confidentiality of personal data stored or transmitted.

The Data Controller will promptly inform the Interested parties, if there is a particular risk of violation of their data without prejudice to the obligations arising from the provisions of art. 33 of the GDPR concerning notifications of violation of personal data.

The legal basis of these treatments is compliance with legal obligations and the legitimate interest of the Data Controller to carry out processing relating to the protection of the company assets and the security of the offices and systems of Capri Sightseeing Srl.

f) profiling

The personal data of the interested party may also be processed for profiling purposes (such as analysis of the transmitted data and of the selected Services / Products, to propose advertising messages and / or commercial proposals in line with the choices expressed by the users themselves) only in the event that the interested party has provided an explicit and informed consent. The legal basis of such processing is the consent given by the interested party prior to the processing itself, which can be revoked by the interested party freely and at any time (see Section III).

g) fraud prevention (recital 47 and Article 22 of the GDPR)
  • the personal data of the interested party, with the exclusion of the particular (Art 9 GDPR) or judicial data (Art 10 GDPR) will be processed to allow controls for the purpose of monitoring and preventing fraudulent payments, by software systems that perform a verification in order automated and preliminary to the negotiation of

Services / Products;

  • exceeding these checks with a negative result will make it impossible to carry out the transaction; the interested party may in any case express his opinion, obtain an explanation or contest the decision motivating his reasons for Customer Service or contact privacy@pompeisightseeing.com;
  • personal data collected for the sole purpose of anti-fraud, unlike the data necessary for the correct execution of the requested service, will be immediately canceled at the end of the control phases.
h) the protection of minors

The Services / Products offered by the Data Controller are reserved to subjects legally able, on the basis of the national reference legislation, to conclude contractual obligations.

The Data Controller, in order to prevent illegal access to its services, implements prevention measures to protect its legitimate interest, such as the control of the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the data identification of identity documents issued by the competent authorities.

Communication to third parties and categories of recipients (Article 13, 1st paragraph GDPR)

The personal data will be communicated mainly to third parties and / or recipients whose activity is necessary for the performance of the activities related to the relationship established and to meet certain legal obligations, such as:

Recipient categories

Finality
Capri Sightseeing Srl Administrative, accounting and contractual obligations,
Third-party suppliers and companies of Capri Sightseeing Srl Provision of services (assistance, maintenance, delivery / delivery of products, provision of additional services, network providers and services

electronic communications) related to the requested service

Credit and digital payment institutions, banking / postal institutions Management of collections, payments, refunds related to the contractual performance
External professionals / consultants and consulting firms Fulfillment of legal obligations, exercise of rights, protection of contractual rights, recovery of credit
Financial administration, public bodies, authorities

Judicial, Supervisory and Control Authority

Compliance with legal obligations, defense of rights; lists and registers held by public authorities or similar bodies on the basis of specific legislation, in relation to the contractual performance
Formally delegated subjects or having a recognized legal title

Legal representatives, curators, tutors, etc.

  • The Data Controller imposes on the Third Party its suppliers and the Data Processors the respect of security measures equal to those adopted towards the interested party, restricting the perimeter of action of the Manager to the treatments related to the requested service.

The Data Controller does not transfer your personal data to countries where the GDPR (non-EU countries) is not applied, unless there are specific indications to the contrary for which you will be informed in advance and your consent will be requested if necessary.

The legal basis of these treatments is the fulfillment of the services inherent to the relationship established, compliance with legal obligations and the legitimate interest of Capri Sightseeing Srl to carry out the necessary treatments for these purposes.

What happens if the Data Subject does not provide his data identified as necessary for the execution of the requested service? (Article 13, paragraph 2, letter and GDPR)

The collection and processing of personal data is necessary to follow up the requested services as well as the provision of the Service and / or the supply of the requested Product. If the Data Subject does not provide the personal data expressly provided for as necessary in the order form or the registration form, the Data Controller will not be able to process the processing of the requested services and / or the contract and the Services / Products connected to it, or to the obligations that depend on them.

What happens if the Data Subject does not give consent to the processing of personal data for commercial promotion activities on Services / Products different from those purchased?

In the event that the interested party does not give his consent to the processing of personal data for such purposes, said processing will not take place for the same purposes, without this having effects on the provision of services requested, nor for those for which he has already consent if requested.

In the event that the interested party has given consent and should subsequently withdraw or oppose the treatment for commercial promotion activities, his data will no longer be processed for such activities, without this having consequences or detrimental effects for the interested party and for the requested services.

How we process the data of the interested party (Article 32 GDPR)

The Data Controller provides for the use of adequate security measures to preserve the confidentiality, integrity and availability of the personal data of the interested party and imposes similar security measures on third parties and on the Managers.

Where we process the data of the interested party

The personal data of the interested party are stored in paper, computer and electronic archives located in countries where the GDPR (EU countries) is applied.

How long are the data of the interested party stored? (Article 13, paragraph 2, letter to GDPR)

Unless he expressly expresses his will to remove them, the personal data of the interested party will be kept until they are necessary with respect to the legitimate purposes for which they were collected.

In particular, they will be kept for the entire duration of their registration and in any case no longer than a maximum period of 12 (twelve) months of inactivity, or if, within this period, no Services and / or purchased Products are associated the registry itself.

In the case of data provided to the Owner for the purposes of commercial promotion for services other than those already acquired by the Data Subject, for which he initially consented, these will be retained for 24 months, subject to revocation of the consent given.

In the case of data provided to the Owner for the purposes of profiling, these will be retained for 12 months, unless revocation of consent given.

It should also be added that, in the event that a user sends to Capri Sightseeing Srl personal data not requested or not necessary for the execution of the requested service or for the provision of a service strictly connected to it, Capri Sightseeing Srl can not be considered holder of these data, and will delete them as soon as possible.

Regardless of the determination of the interested party to their removal, the personal data will in any case be kept according to the terms established by current legislation and / or national regulations, for the sole purpose of guaranteeing the specific requirements of some Services (by way of example) but not exhaustive, Certified Electronic Mail, Digital Signature, Substitutive Storage – in this regard see the relevant section).

Furthermore, personal data will in any case be kept for the fulfillment of the obligations (eg fiscal and accounting) that remain even after the termination of the contract (Article 2220 of the Civil Code); for these purposes the Data Controller will retain only the data necessary for the relative prosecution.

Except in cases where the rights deriving from the contract and / or registration, in which case the personal data of the interested party, exclusively those necessary for such purposes, will be processed for the time necessary to their pursuit.

What are the rights of the interested party? (Articles 15 – 20 GDPR)

The interested party has the right to obtain from the data controller the following:

  • the confirmation that personal data is being processed or not, and in this case, to obtain access to personal data and the following information:
    1. the purposes of the processing;
    2. the categories of personal data in question;
    3. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
    4. whenever possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
    5. the existence of the right of the data subject to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
    6. the right to lodge a complaint with a supervisory authority;
    7. if the data are not collected from the data subject, all information available on their origin;
    8. the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
    9. the appropriate guarantees provided by the third country (non-EU) or an international organization to protect any data transferred
  • the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others; In case of further copies requested by the interested party, the data controller may charge a reasonable fee contribution based on administrative costs.
  • the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay
  • the right to obtain from the data controller the cancellation of personal data concerning him without unjustified delay, if the reasons provided for by the GDPR in art. 17, among which, for example, in the case in which they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and the conditions provided for by law still exist; and in any case if the treatment is not justified by another equally legitimate reason;
  • the right to obtain from the data controller the limitation of processing, in the cases provided for by art. 18 of the GDPR, for example where you have challenged its accuracy, for the period necessary for the Data Controller to verify its accuracy. The interested party must be informed, in reasonable time, also of when the suspension period has been completed or the cause of the limitation of the treatment has ceased, and therefore the limitation itself revoked;
  • the right to obtain communication from the holder of the recipients to whom the requests for any corrections or cancellations or limitations of processing have been transmitted, unless this proves impossible or involves a disproportionate effort.
  • the right to receive, in a structured format, in common and automatic way, the personal data concerning him / her and the right to transmit such data to another data controller without impediments by the data controller who provided them, in the cases foreseen by the art. 20 of the GDPR, and the right to obtain direct transmission of personal data from one controller to another, if technically feasible.

For any further information and in any case to send your request you must contact the Owner at privacy@pompeisightseeing.com. In order to ensure that the rights mentioned above are exercised by the Data Subject and not by unauthorized third parties, the Data Controller may request the same to provide any additional information necessary for the purpose.

How and when can the data subject oppose the processing of personal data? (Article 21 GDPR)

For reasons relating to the particular situation of the interested party, the same may oppose at any time the processing of their personal data if it is based on legitimate interest or if it takes place for commercial promotion, sending the request to the Owner at privacy@pompeisightseeing.com.

The interested party has the right to cancel his / her personal data if there is no legitimate overriding reason for the Data Controller than the one giving rise to the request, and in any case in case the Data Subject opposes the processing for commercial promotion activities.

To whom can the interested party submit a complaint? (Article 15 GDPR)

Without prejudice to any other action in administrative or judicial, the interested party may lodge a complaint with the competent supervisory authority on the Italian territory (Authority for the protection of personal data) or the one carrying out its duties and exercising its powers in the Member State where the GDPR violation took place.

Each update of this Information will be promptly communicated and by means of reasonable means and will also be communicated if the Data Controller processes the data of the Data Subject for further purposes than those referred to in this Notice before proceeding and following the manifestation of the relative consent of the ‘Interested if necessary.