NOTICE FOR CUSTOMERS AND PROSPECTS

under articles 13 and 14 of the GDPR (Regulation (EU) 2016/679)

ABOUT US

Ferretti SpA, with registered office at Via Irma Bandiera 62, 47841 Cattolica (RN), Italy (Data Controller), is responsible in its capacity as data controller for keeping your personal data confidential and protecting it from any potential data breach.

The Data Controller has appointed a Data Protection Officer (DPO), whom you can contact if you have any queries about our data protection policies and practices.

You can contact the DPO via email at the following address: dpo@ferrettigroup.com.

WHICH PERSONAL DATA DOES THE DATA CONTROLLER COLLECT AND WHERE IS IT COLLECTED?

The Data Controller collects and/or receives certain information about you – such as your forename, surname, contact details (telephone number and email address), date of birth, payment details and purchase data (Personal Data).

Personal Data is also collected from third parties, such as dealers and brokers that work with the Data Controller.

FOR WHAT PURPOSES DOES THE DATA CONTROLLER COLLECT AND PROCESS YOUR PERSONAL DATA?

1. To establish and manage the contractual relationship

Your Personal Data will be processed to enact pre-contractual measures to which you are party or to manage the contractual relationship at your request.

We shall process Personal Data for this purpose to enact pre-contractual measures adopted at your request or to execute the contract to which you are party, in accordance with GDPR Article 6.1(b).

The Personal Data will be kept for the duration of the contract and for up to 10 years after it ends, unless the Data needs to be retained for other purposes and unless other retention periods mandated by law or sector-specific regulations apply.

2. To fulfil legal obligations

Your Personal Data will be processed to meet the obligations set out in domestic and supranational regulations as well as to meet tax and accounting obligations under GDPR Article 6.1(c).

The Personal Data will be kept for as long as the law requires.

3. To prevent and combat fraud and abuse

Your Personal Data will be processed to prevent and combat fraud and abuse. The lawful basis for this processing is the Data Controller’s legitimate interest under GDPR Article 6.1(f).

The Personal Data will be kept for up to 5 years.

4. To establish, defend and/or exercise rights in case of complaints and/or judicial and/or out-of-court settlements

Your Personal Data may be processed, when necessary, to establish, defend and/or exercise the Data Controller’s rights in case of complaints and/or judicial and/or out-of-court settlements. The lawful basis for this processing is the Data Controller’s legitimate interest under GDPR Article 6.1(f).

The Personal Data will be kept throughout the complaint process and/or the judicial and/or out-of-court procedures until the legal safeguards and/or remedies have been exhausted.

5. To assure safe access to the Data Controller’s offices, shipyards, stands, yachts and/or premises by monitoring physical entry (excluding video surveillance)

Your Personal Data will be processed to monitor physical entry to the Data Controller’s offices, shipyards, stands, yachts and/or premises in order to assure the safety of people there and to protect company assets. The lawful basis for this processing is the Data Controller’s legitimate interest under GDPR Article 6.1(f).

The Personal Data will be kept for up to 7 days.

6. To send invitations to events, to carry out market research and statistical analyses, and to send commercial and/or promotional messages about the Data Controller’s and Ferretti Group’s products and services

Your Personal Data may be processed to perform market research and statistical analyses, to send you promotional newsletters, to invite you to events, trade fairs and/or boat shows, and to send you commercial and/or promotional messages and/or information about products and services from the Data Controller on its own behalf, for Ferretti Group companies or commercial partners, or on behalf of third parties (without disclosure of data).

With your consent, the Data Controller may send you those communications by automated means (e.g. email, text message and instant messaging) and traditionally (e.g. by post or telephone calls from an operative).

We shall not process your Personal Data for this purpose without your consent, which is optional, freely given and you may withdraw at any time under GDPR Article 6.1(a).

Personal Data relating to campaigns will be kept for up to 24 months and/or until you withdraw consent.

7. To send messages about products and services similar to those sold under a purchase order, for direct sales of the Data Controller’s products or services

Unless you object, your Personal Data may be processed to send you direct-sales emails about products or services similar to those you have bought under a purchase order.

The lawful basis is the Data Controller’s legitimate interest under GDPR Article 6.1(f) and Article 130.4 of Italian Legislative Decree no. 196 of 30 June 2003 (the Privacy Code). You may exercise your right to object by writing to dpo@ferrettigroup.com.

8. To send you marketing messages from the Data Controller on its own behalf or for Ferretti Group companies within or outside the EU or commercial partners, with disclosure of data

With your consent, which is optional, freely given and may be withdrawn at any time, your Personal Data may be processed to send you promotional newsletters, to invite you to events, trade fairs and/or boat shows, or to send you commercial and/or promotional messages and/or information about products and services from the Data Controller on its own behalf, for Ferretti Group companies within or outside the EU (e.g. Allied Marine) or commercial partners, or on behalf of third parties (with disclosure of data).

With your consent, the Data Controller may send you those communications by automated means (e.g. email, text message or instant messaging) and traditionally (e.g. by post or telephone calls from an operative).

We shall not process your Personal Data for this purpose without your consent, which is optional, freely given and you may withdraw at any time under GDPR Article 6.1(a).

Personal Data relating to campaigns will be kept for up to 24 months and/or until you withdraw consent.

9. To create a personalised profile to send you personalised commercial messages

Your Personal Data may be processed to send you personalised commercial messages based on your preferences, habits, interests, behaviour and purchase history.

We shall not process your Personal Data for this purpose without your consent, which is optional, freely given and you may withdraw at any time under GDPR Article 6.1(a).

Personal Data about purchase details will be kept for up to 24 months and/or until you withdraw consent.

WHERE WILL YOUR PERSONAL DATA BE SENT?

Your Personal Data may be transferred to the non-EU countries below, subject to the full guarantees provided under EU regulations. In particular, we may share your Personal Data with Ferretti Group companies outside the European Economic Area (EEA), specifically in:

  • the USA, based on the standard contracts in place between the Ferretti Group companies and subject to additional safeguards in compliance with personal data protection law;
  • HONG KONG, based on the standard contracts in place between the Ferretti Group companies, in compliance with personal data protection law.

If you have bought a boat and require assistance, support or after-sales services, the Data Controller may transfer your identification data to suppliers in any foreign country, according to where your boat is moored, in order to respond to your request.

These data transfers comply with the data-transfer legislation outside the EEA.

For more details on the standard contractual conditions and the safeguards adopted, please write to privacy@ferrettigroup.com.

WHO MAY RECEIVE YOUR PERSONAL DATA?

Your Personal Data may be sent to parties operating as data controllers, e.g. any legitimate public body, such as the judicial and/or public-safety authorities.

The Data Controller may disclose your data to third parties suitably selected and appointed as Data Processors under GDPR Article 28 for marketing purposes by Ferretti Group companies for intragroup services and companies providing IT services (maintenance, hosting and mailing).

For the list of appointed Data Processors, please email us at privacy@ferrettigroup.com.

WHOM DO WE AUTHORISE TO PROCESS YOUR PERSONAL DATA?

The Personal Data will be processed exclusively by employees of the company bodies responsible for the above purposes, who have been expressly authorised and suitably trained to process data.

WHAT ARE YOUR RIGHTS?

You may ask the Data Controller for access to your Personal Data, to correct or delete it, to add to it if incomplete, and to restrict processing of it in the circumstances set out GDPR Article 181.

Where processing is automated and based on consent or a contract, you may exercise your right to data portability – i.e. to receive your Personal Data in a structured, commonly used, machine-readable format – and, if technically feasible, to send it to another data controller without hindrance.

You may freely request to withdraw your consent at any time.

You may complain to the data protection authority at any time and use any other legal safeguard open to you.

You may exercise your rights by writing to dpo@ferrettigroup.com.

The right to restrict processing means temporarily restricting the data processing to retention only, in the following cases under GDPR Article 18:
a) if the data subject disputes the accuracy of their personal data, to provide time for the data controller to check it for accuracy;
b) if the processing is unlawful and the data subject objects to their data being deleted but requests that its use be restricted;
c) if the data controller no longer needs the data, but the data subject still needs it to establish, exercise or defend their legal rights;
d) if the data subject has objected to processing under GDPR Article 21.1, pending verification of whether the data controller’s legitimate grounds override those of the data subject.