Gestione Governativa Navigazione Laghi
In accordance with Article 13 of Regulation (EU) 2016/679 regarding the protection of personal data (GDPR).
Gestione Governativa Navigazione Laghi, headquartered in Milan, Via Lodovico Ariosto 21, VAT No. 00802050153, acting as the Data Controller (hereafter “GGNL” or “Controller”), processes personal data collected through its website https://www.navigazionelaghi.it/ (“Website”) and the “Dream Lake” Application (“App”), fully compliant with applicable data protection and privacy legislation.
GGNL has appointed a Data Protection Officer (hereafter “DPO”), who can be contacted via email at privacy@navigazionelaghi.it or preferably at dpo@navigazionelaghi.it.
Unless otherwise specified, the information within this policy pertains to personal data processed during the use of the Website and the App. Processing of personal data for purposes other than those listed below is governed by separate privacy notices relevant to each specific service.
-
Types of Personal Data
“Personal data” refers to any information relating to an identified or identifiable natural person (hereafter “Data Subject”). The personal data collected and processed include:
- Identification data: first name, surname, address.
- Contact data: telephone number, email address, workplace.
- Navigation data: implicit data from the use of the Website and App (e.g., IP address).
-
Purposes and Legal Basis for Processing
We process your personal data for the following purposes and under these legal bases:
- Fulfillment of contractual and pre-contractual obligations (Art. 6.1.b GDPR), specifically to:
- Create and manage the User’s account.
- Manage store purchases, especially tickets and subscriptions.
- Download files from the Website such as brochures, travel flyers, competition summaries, etc.
- Receive SMS notifications regarding potential service disruptions or updates.
- Handle User requests (e.g., manage general contact requests and/or information requests).
- Manage forms for feedback and complaints.
- Administer the electronic invoicing portal for travel documents.
- With explicit User consent (Art. 6.1.a GDPR), the Controller processes your data to:
- Send newsletters regarding GGNL’s activities, initiatives, projects, offers, and general marketing communications and related activities.
- Compliance with legal obligations (Art. 6.1.c GDPR), imposed by applicable national or EU regulations or competent authorities.
- Pursuit of the Controller’s legitimate interests (Art. 6.1.f GDPR), such as:
- Sending commercial information to the address provided during registration regarding similar products or services previously purchased by clients.
- Customer satisfaction, expressed through star ratings on the App (data is not combined with the user’s personal data).
- Defending a right before judicial or administrative authorities.
- Managing the Website and operational functions, monitoring correct operation, enhancing service quality, and optimizing Website functionality.
- Managing the App and its operational functions, monitoring correct operation, enhancing service quality, and optimizing App functionality.
- Ensuring the security of GGNL’s Website and App, including prevention and detection of fraudulent activities or harmful misuse; the Controller’s legitimate interest is real and current, aimed at preventing harm from unlawful actions.
- Managing responses and informational exchanges following social media interactions (Twitter, LinkedIn, Facebook, YouTube, etc.).
Providing personal data for the purposes listed under letter a) is mandatory; this data is necessary for establishing and maintaining relations with the Controller. Without this data, GGNL services described above cannot be provided.
Providing personal data for the purposes listed under letter b) is entirely optional; failing to provide this data does not prevent the use of the Controller’s services.
-
Methods of Processing
All data is stored on GGNL’s secure servers using automated, electronic, computerized, telematic, or non-automated methods, as well as on paper, or on servers of suppliers or business partners appointed as Data Processors. These are accessible and usable according to strict security standards and policies (or equivalent standards applied by our suppliers or business partners).
-
Data Retention Period
Personal data collected will be processed by GGNL for the time strictly necessary to achieve the purposes outlined in paragraph 2, with an additional retention period as required by specific legal provisions or to assert or defend a legal right. For instance, data may be retained for:
- 10 years from collection for contractual and pre-contractual obligations;
- The duration required by applicable regulatory provisions for compliance with the Controller’s legal obligations.
-
Data Sharing and Transfer
Personal data may be accessed by:
- Employees and collaborators of the Controller, properly instructed and authorized to process data according to articles 29 GDPR and 2-quaterdecies of Legislative Decree 196/2003;
- Third parties expressly appointed as Data Processors pursuant to article 28 GDPR for purposes strictly related to the execution of the contract or legal obligations (e.g., IT service providers, accountants, fiscal and legal consultants).
When located in third countries, these providers operate under standard contractual clauses or an adequacy decision pursuant to article 45 GDPR, or in compliance with the safeguards specified in Chapter V GDPR. Such entities receive only the personal data necessary to perform their duties and may use this data solely to provide these services on our behalf or to comply with legal provisions. For further information on transfers to third countries, contact us at privacy@navigazionelaghi.it.
-
Rights of the Data Subject
The Controller informs you that, as a data subject, you can exercise your rights as per articles 15 to 22 of the GDPR by contacting privacy@navigazionelaghi.it or by registered letter addressed to the Controller. Specifically, you have the right to:
- Confirm whether your personal data exists and access it in a comprehensible form;
- Obtain information and, where applicable, copies of data regarding:
- Origin and category of personal data;
- Logic involved in automated processing;
- Purposes and methods of processing;
- Identification details of the Controller and processors;
- Subjects or categories to whom data may be communicated;
- Data retention periods or criteria;
- Automated decision-making processes, and their logic and consequences;
- Adequate safeguards in case of data transfers outside the EU;
- Request immediate updating, rectification, or completion of data;
- Withdraw previously granted consents at any time easily and without hindrance;
- Obtain deletion, anonymization, or blocking of data processed unlawfully or no longer necessary;
- Limit processing under specific conditions;
- Receive personal data in a structured, common, and machine-readable format for portability purposes;
- Object wholly or partially to processing for legitimate reasons;
- Lodge a complaint with the Data Protection Authority (Garante Privacy) if processing violates GDPR provisions (www.garanteprivacy.it).
COOKIE POLICY
pursuant to the EU Data Protection Regulation 2016/679 (“GDPR”)
1. Data controller and data protection officer
Your Data will be processed by Gestione Governativa Navigazione Laghi, VAT Number 00802050153, with registered office in Via Lodovico Ariosto 21, (20145) Milan, Italy, in the person of Mr. Pietro Marrapodi as legal representative (hereinafter “GGNL”, or “Data Controller”).
The Data Controller has a Data Protection Officer (DPO), appointed pursuant to Article 37 of the GDPR. The Data Protection Officer can be contacted at the following email address: privacy@navigazionelaghi.it
Your Data will be processed in full compliance with the provisions dictated by EU Regulation 2016/679 (hereinafter, the “GDPR”), the Italian Legislative Decree No. 196/2003, as last amended by Legislative Decree No. 101/2018 (the “Privacy Code”) and the provisions of the Data Protection Authority, in particular the Measure no. 229 of 8th May 2014 (jointly referred to as “Privacy Regulations”). The Processing shall be based on the principles of fairness, lawfulness, transparency, accuracy and protection of your privacy and your rights.
2. Cookie policy
Pursuant to and in accordance with articles 13 and 14 of the GDPR, we inform you that during your navigation on the website www.navigazionelaghi.it (hereinafter, the “Website”) personal data concerning you may be collected (hereinafter, the “Data”) through so-called cookies. Cookies are small text files that are sent to your browser and stored on your computer when you visit some websites. Cookies allow the efficient operation of the website and improve its performance. They also provide information to the owner of the website for statistical or advertising purposes, mainly to personalize your browsing experience by remembering your preferences. This Website uses its own and third-party technical cookies, which in turn are divided into:
- browsing, functionality and session cookies that are absolutely necessary for the operation of the Website. Without these cookies some parts of our Website will not work as they should. For example, they include cookies allowing to access to protected areas of the Website. These cookies do not collect information for marketing purposes and cannot be disabled, because necessary to guarantee the operation of the website;
- analytics cookies that improve the browsing quality and experience because used to recognize a user that is visiting again the Website. They allow to customize contents and remember preferences (e.g., language or region). These cookies do not collect information that can identify you. All information collected is anonymous.
Below is a list of the functionality cookies installed on the Website, together with a description of their purpose and how long they store the information they collect.
Functional cookies (installed by Gestione Governativa Navigazione Laghi) |
Name |
Installation author |
Type of cookie |
Purposes |
Data retention period |
ASP.NET_SessionId |
GGNL |
Technical |
It identifies the user’s browsing session, making it easier to navigate the website |
10 hours |
CurrentLanguage |
GGNL |
Technical |
Identifies the text display language for the website selected by the user |
14 days |
NEL_cookies_consent |
GGNL |
Technical |
Used to verify user acceptance of cookies |
30 days |
__AntiXsrfToken |
GGNL |
Technical |
Used to prevent cross-site requests |
14 days |
- third party cookies The Website uses third-party services that may, independently, install their own cookies. This Website has no control over these third party services and has no access to the information collected through these cookies. In this regard, we encourage you to read the privacy policy of the third parties listed in paragraph below, where you can give or reject your consent for the installation of their cookies.
- analytics cookies (technical cookies) These are cookies for statistical analysis of third-party companies used for statistical purposes in order to analyse how the users are browsing the website. The results of these analyses are used anonymously and exclusively for statistical purposes. Due to the fact that they are used anonymously, they are treated as technical cookies.
- profiling and marketing cookies (so-called targeting cookies) Targeting cookies are persistent and exclusively used by third parties, other than the owner of the Website, to collect information about users’ browsing behaviour, interests and consumption habits, including for the purpose of providing personalised advertising. GGNL uses targeting cookies to link to social networks, which may subsequently use information about your visits to tailor advertising on other websites to you. Below, for each third-party cookie on the Website, we list the name, purpose, the name of the third party storing the information and the relevant link to the third party’s website.
3. Duration of cookies
The data used by the Website cease to be valid at the end of the session or after a period of user inactivity set by the server.
4. Disabling cookies
Cookies can be disabled and/or deleted through your browser settings. All browsers allow you to change your cookie settings. Information about these settings can be found in the “options” or “preferences” menu of the browser you are using. To understand these settings, the following links may be helpful:
Alternatively, you can use the “Help” option in your browser for further information. If you block the use of cookies on your browser it may disrupt some services and some functions of the Website may not be available, thereby affecting your experience of using the website.
Data Controller
Gestione Governativa Navigazione Laghi