Information on the processing of personal data Customers and Users
Art. 13 and 14 of the New European Regulation 2016/679 concerning the protection of natural persons with regard to the processing of personal data (GDPR)
Marty & Nelly S.r.l. (owner of the Wave Italy logo), with registered office in Via Fleming, 4 – San Martino Buon Albergo 37036 (VR), (VAT number: 04047380235), as Data Controller of personal data, pursuant to Article 13 of the Regulation General on the Protection of Personal Data of the EU n. 679/2016 (hereafter Regulation or GDPR), invites you to read carefully the following information on the processing of your personal data provided to Marty & Nelly S.r.l.
We wish to inform you that your personal data, which we have been given, are subject to our processing in both paper and electronic form for the purposes indicated below, and we submit to you the privacy policy prepared by the Company. This information may be supplemented by the Data Controller if any additional services requested by you may result in further processing.
1) Data controller and responsible within the processing of personal data
The Data Controller of your data is Marty & Nelly S.r.l. (hereinafter referred to as “Company”, “Wave Italy”), with registered office at Via Fleming, 4 – San Martino Buon Albergo 37036 (VR), (VAT number: 04047380235), (telephone contacts: +39 045 879.84.14, email: info@waveitaly.com ).
In this capacity it is responsible for ensuring the application of organizational and technical measures necessary and adequate for the protection of your data. The Company has identified a Privacy Focal Point, a person appointed who collaborates with the Data Controller in applying the protection measures identified.
This subject may be contacted for questions concerning the processing of his data, at the following address: info@waveitaly.com
2) Treatment information
a. Source of personal data
Your personal data (such as, for example, name, surname, residence, tax code, landline and mobile phone number, e-mail address, IP internet address, location of the device that connects to the network and to the Company’s website ) are collected by Marty & Nelly S.r.l.
b. Purpose and Legal Basis of Treatment
The processing of your personal data will take place, for the purposes described below, in accordance with current legislation on Privacy, therefore the Company undertakes to treat them according to principles of correctness, lawfulness, transparency, in compliance with the purposes set out below, collecting them to the extent necessary and exact for the treatment.
3) Treatment: Use of the service
The processing of your personal data is necessary for the acquisition of preliminary information to the conclusion of the contracts that will stipulate with the Data Controller, for the improvement and execution of the contract that provides for the provision of the service.
Nature of the transfer: Mandatory
Consequences rejection of data: failure to provide data will make it impossible for the company to follow up on your pre-contractual / contractual requests and to execute the contract.
Minimum data protection measures: data on paper documents are protected against the risk of intrusion and kept in an environment with limited access to authorized personnel only. The digitized data are protected from the risk of dispersion and / or intrusion through the use of suitable electronic instruments and software to guarantee their integrity.
Personal data retention period: your personal data will be processed actively for the time necessary to manage the existing relationship and / or the execution of the contract. The information collected for the evaluation of the conclusion of the contract, in case of non-completion, will be canceled within 12 months.
4) Treatment: legal obligations
Fulfill the obligations established by law, regulations, community legislation (eg anti-money laundering and anti-terrorism legislation, supervisory provisions for financial intermediaries, etc.). The provision of personal data for these purposes is mandatory and the related processing, including communication, does not require the consent of the customer. Any refusal to supply them would result in the impossibility of management, execution and / or conclusion of the contract for Wave Italy;
Purposes strictly related and instrumental to the management and execution of obligations arising from contractual and pre-contractual relationships established with Wave Italy, including the necessary preliminary checks on the data communicated. The provision of personal data for these purposes is mandatory and the related processing, including communication, does not require the consent of the Customer. An eventual refusal to supply them would mean for Wave Italy the impossibility to conclude and execute the Contract.
The treatment will be in paper and using IT tools with security and confidentiality profiles suitable to guarantee security and confidentiality and to prevent unauthorized access to personal data. The processing of personal data for the purpose of the above purposes will be carried out in compliance with the provisions of the aforementioned Regulation .
5) Nature of the Treatment
We remind you, that the processing of your data, for the purposes referred to in points 4 and 5 of the “main purpose of treatment” is mandatory for the performance of the respective processing purpose; its possible refusal to supply them or the incorrect communication of one of the necessary information has the following consequences: a) in the case of the establishment of a contractual relationship, the impossibility for the Controller to guarantee the adequacy of the treatment to the contract, whether written or oral, in connection or during which the data are provided; b) the possible mismatch of the treatment results to the obligations imposed by the fiscal, administrative, or labor to which it is addressed. The provision of additional personal data not required by law or other legislation may still be necessary if such data personnel are connected or instrumental to the establishment, implementation or continuation of the contract; in this case, the refusal to supply them could make it impossible to correctly execute the existing relationship.
6) Processing Mode & Data Retention Period
Data will be processed using manual, computerized and telematic tools, including automated ones, with logic strictly related to the purposes and in order to guarantee their security and confidentiality, with particular regard to the use of techniques of distance communication. The treatment will take place with appropriate tools to ensure the security and confidentiality of data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data controller and controller) of the Regulation. it may also be carried out through automated tools designed to store, manage or transmit the data and, in any case, will be executed in compliance with the provisions of the Regulations.
- 1. Minimum data protection measures: Data on paper documents are protected against the risk of intrusion and kept in an environment with limited access to authorized personnel only. The digitized data are protected from the risk of dispersion and / or intrusion through the use of suitable electronic instruments and software to guarantee their integrity.
- 2. Personal data retention period: Your personal data will be processed for this purpose for the time necessary to fulfill the legal obligations required by current legislation. In this regard, your personal data will be stored for 10 years from the termination of the contract or, if subsequent, by a binding decision issued by a competent authority (for example, court ruling), without prejudice to any conservation related to particular categories of data, for longer periods of time, prescribed by the legal system.
In particular, as regards the acquisition of photos and videos on ride:
- They can reside in local servers present in the stores within the attraction parks. Each photo taken and not purchased is automatically deleted by an automated process the day after its acquisition
- For photos purchased with augmented reality, their availability is 60 (sixty) days on a server managed by a temporary storage platform. This server is reserved for Wave Italy and its management is compliant with the regulations of this document
- For photos purchased with “web show” service, then photos that guarantee the downloadable multimedia content, data are stored in a server managed by a dedicated company based in Italy. The data retention period is 30 (thirty) days, the server is reserved for Wave Italy and management through a dedicated platform.
- For video via server managed via a web server platform. Purchased videos reside for 30 (thirty) days before their cancellation. Those acquired and not sold are automatically deleted after 24 hours.
- At the end of this period, all data will be deleted automatically (under applicable legislation) or rendered completely anonymously in a permanent manner.
It is also necessary to specify we endorse the collaboration third-party cloud service providers to provide hosting, data storage, and other services under standard terms and conditions that may not be negotiable. These service providers have confirmed that they are operating by applying all the security measures they deem appropriate to protect information contained in its system or in general enjoy a good reputation regarding the application of these measures. In any case, we decline any liability (to the maximum extent permitted by applicable law) for any damage that may result from the misuse of any information, including personal data, by these companies. To ensure safety it is possible that Wave Italy uses geolocation features to trace the location of an IP address and the location from which a computer connects to the network and to the Wave Italy site.
7) App of Wave Italy
With the use of the Wave Italy application, the user accepts all the conditions and terms present here and that apply to his use of the App. the user also accepts that the app can send him push notifications if he activates the receipt of notifications and / or signs the receipt. The user allows the app to use the location services, this app may suggest information gathering other based on its geographical location.
8) Data processing related to the operation of this site
Dati di navigazione
Navigation data The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of communication protocols of Internet. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
Purpose and legal basis of processing (GDPR-Art.13, paragraph 1, letter c) | These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in case of hypothetical computer crimes to the detriment of the site (legitimate interests of the owner). |
Communication area (GDPR-Art.13, paragraph 1, letter e, f) | Data they may only be handled by internal personnel, duly authorized and trained for processing (GDPR-Art.29) or by any persons responsible for maintaining the web platform (appointed in this case external managers) and will not be disclosed to other parties, disseminated or transferred in non-EU countries. Only in case of an investigation can they be made available to the competent authorities. |
Data retention period (GDPR-Art.13, paragraph 2, letter a) | Data are normally kept for short periods of time, with the exception of possible extensions related to investigative activities. |
Conference (GDPR-Art.13, paragraph 2, letter a) | The data are not conferred by the interested party but acquired automatically by the technological systems of the site. |