Privacy Policy

We inform you that, according to the art. 13 EU Regulation n. 2016/679 (from now on, “GDPR”), Your personal information will be processed in the following manner and for the following purposes:

1. Controller

The GDPR Controller is Daniele Vailati and can be contacted through email at the address daniele.vailati@seafoodbar.it

2. Purposes of the processing

Your personal information will be processed:
A) given your consent (art. 6 sec. a GDPR), for the following Service Purposes:
  • letting You purchase or download a voucher without prepayment (only in the case this option is enabled), entrances or extra services (from now on, "extras") through the electronic ticket platform "Ranatick"
  • sending You through email a confirmation of the purchase or the voucher download for the selected entrances or extras
  • only if the Controller activated the post stay email feature, letting You receive a thank you email the day after your visit
  • only if the Controller activated the yearly card, letting You receive, together with your ticket information, your yearly card
  • only if the Controller desires to activate this feature, contacting You to let you complete a transaction that didn't succeed, either manually by an operator or automatically
  • only in the case the purchase or the voucher download were done through an application, let you visualize the chosen entrances or extras within the application
  • letting you use the purchased or booked entrances or extras through the validation of your ticket or voucher
B) Only after Your specific consent (art. 7 GDPR) and only in case the Controller activated this feature, for the following Marketing Purposes:
  • send You via email newsletters, sales communications and/or advertisment about services and promotions offered by the Controller

3. Processing Activities

The Processing of Your Personal Information is performed though the operations indicated at the art. 4 n. 2) GDPR and in particular: collection, recording, organization, storage, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Your Personal Information are processes both on papers and electronic/automatic.

4. Data Storage

The Controller will store the Personal Information for all time needed to fulfill the Service Purposes indicated above and in particular:
  • in case of a successful order, up to 60 days adter the end of the validity of the entrance or voucher to let You validate the entrance and make use of the services. 30 days adter the end date of validity Your email address, as much as the name (real or fictional) that you provided at the moment of the data collection, will be deleted without any possibility to be recovered.
  • in case of a failed order, up to 15 days after the purchase or reservation attempt. 15 days after the date of failed purchase or reservation, Your email address, as much as the name (real or fictional) that you provided at the moment of the data collection, will be deleted without any possibility to be recovered.
  • in case of Personal Information collected for the Purposes at 2.B), your Email Address, as much as the name (real or fictional) that you provided at the moment of the data collection, will be held until differently indicated, to allow The Controller to send you email newsletters, sales communications and/or advertisment about services and promotions offered by the Controller, as much as unsubscribe you from the newsletters.

5. Information access

Your Personal Information will be made available for the Purposes described at 2.A) and 2.B):
  • to the supervisors of the platform "Ranatick", in their capacity of External GDPR Data Controllers
  • to employees and colloborators of the Controller, in their capacity of GDPR Data Controller and/or system administrators
  • to third parties (in particular other companies that provide application through which it's possible to purchase or make reservations of services and extras) that perform outsources activities on behalf of the Controller, in their capacity of External GDPR Data Controller.

6. Personal Information Disclosure

Without You specific consent (art. 6 lett. b) e c) GDPR), the Data Controller will be able to disclose your Personal Information for the Purposes at 2.A) to Supervisory bodies, judicial authorities and to all the other Subjects to which the disclosure is mandatory by law to Perform the indicated Purposes. Your Personal Information will not be otherwise disclosed.

7. Personal Information Transfer

The process and storage of your Personal Information will be on servers within the EU, belonging to the Controller or to Third Parties companies, entrusted and appointed as GDPR External Data Processors. At the present time the servers are located in Germany. Your Personal Information will not be subject to transfer outside the European Union.

8. Nature of Data Collection of Personal Information and consequences of denial of providing them

  • The collection of Personal Information for the Purposes at 2.A) is mandatory. Without it, we will not be able to grant you the access to the Services described at 2.A).
  • The collection of Personal Information for the Purposes at 2.B) is optional. You can decide not to disclose any data or deny at any time the possibility of processing the Personal Information that you provided: doing so, you will not be able to receive newsletters, sales communications and/or advertisment about services and promotions offered by the Controller. In any case, you will continue to have the right to access the Services at 2.A).

9. Rights of the Data Subject

In your capacity of Data Subject, you have all the rights described in art. 15 GDPR and more precisely the rights of:
  • obtain the confirmation of the existence of Personal Information concerning your person, and their communication in a open format
  • obtain the indication of:
    1. the origin of the Personal Information
    2. the Purposes and the modalities of the Processing
    3. the logic used in case the processing is performed though automatic tools
    4. the name of the Controller and the Processors according to the art. 3, section 1, GDPR;
    5. the Subjects or Categories of Subjects to which your Personal Information may be transferred and that could in capacity of Supervisory bodies, judicial authorities in the State Territory;
  • obtain:
    1. the update, the amendment or, in case you had the interest in doing it, the completion of your Personal Information;
    2. the erasure, the anonymization or the block of the processed Personal Information in case they violate the law, included the ones are not required for the Purposes they were collected;
    3. the attestation that the operations at the letter a) and b) were known, including what concerns their content, to the Third Parties that received the Personal Information, except the case in which this process would be impossible or required an effort manifestly disproportionate in comparison to the protected right;
  • oppose, completely or partially:
    1. for legittimate reasons to the Processing of Personal Information concerning Your person, although pertinent to the Purpose of the Collection;
    2. to the Processing of Personal Information concerning Your person with the purpose of advertisment or direct sale, or for the completion of Market Researches or sales communications, by using automatic call systems without the intervention of any operator, using email and/or employing traditional marketing techniques through phone or mail. Please note that the right to the opposition of the Data Subject, explained in the previous point b), for Purposes or Direct Marketing through automatic means, is considered an extension of the traditional ones, and that in any case the Data Subject still has the right to oppose to it even only partially. For this reason, the Data Subject can decide to receive decidere communications through traditional means only, or through automatic means only, or neither of the two ways.
  • Where applicable, You have the rights defined at the art. 16-21 GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), together with the right to lodge a complaint with a supervisory authority.

9. How to exercise your rights

You will be in any time able to exercise your rights sending:

10. Modifications to the present Informative

The present Informative can be subject to modifications. We suggest to check periodically this Informative and to refer to the most updated version.