Skip to content Skip to footer
BOOK NOW
BOOK NOW
BOOK NOW
Close

Privacy Policy

This privacy policy is drafted pursuant to Article 13 of EU Regulation 2016/679 (hereinafter: “Regulation” or “GDPR”) and aims to communicate our privacy policy and explain how we handle your personal information when you use our website https://cpcharter.com/ (hereinafter the “Website”). The information and data you provide or that we acquire while using the Website’s services will be processed in compliance with the Regulation and the principles of lawfulness, fairness, transparency, purpose limitation and storage limitation, data minimization, accuracy, integrity, and confidentiality.

INDEX

  • Data Controller
  • Personal Data Subject to Processing
  • Browsing Data
  • Cookies
  • Purpose of Processing
  • Legal Basis and Mandatory or Optional Nature of Processing
  • Recipients of Personal Data
  • Transfers of Personal Data
  • Retention of Personal Data
  • Data Subject Rights
  • Changes

1. Data Controller

The data controller for the data processing carried out through the Website is the company Capri & Positano Life Charter, located at Corso Alcide de Gasperi, 249/b, 80053 Castellammare di Stabia, VAT IT08501411212, reachable at the email address info@cpcharter.com (hereinafter also the “Controller”).

2. Personal Data Subject to Processing

While browsing the Website, we inform you that the Controller will process personal data as defined by Article 4(1)(a) of the Regulation (hereinafter “Personal Data”). These data include:

a. IP Address

The IP address is acquired during the normal use of the Website through Internet communication protocols. This data is used solely to obtain anonymous statistical information on the use of the Website, ensure its proper functioning, and identify possible anomalies or abuses. The IP address may be used to ascertain responsibility in case of cyber crimes or to confirm the acceptance of policies: except for these cases, the IP address is not stored for more than seven days.

b. Other Browsing Data and Cookies

Other browsing information includes the type and version of the browser used, the operating system of the device, access date and time, Internet service provider, and other similar data. Cookies are small text files sent and stored on your computer or mobile device, which are transmitted back to the visited websites during subsequent visits. The cookies on our Website include:

  • Technical browsing or session cookies, necessary for the functioning of the Website or to enable you to use the requested content and services, activate specific Website functions, and enhance the provided service.
  • Analytical or statistical cookies, which allow us to understand how the Website is used.
  • Marketing cookies, used to send advertising messages in line with your preferences expressed during online browsing. See, for example, Google’s privacy policy: https://policies.google.com/technologies/partner-sites.

For more information on cookies, please consult the Cookie Policy.

3. Purpose of Processing

The processing that we intend to carry out, subject to your consent where necessary, has the following purposes:

  • Allow browsing on our Website and activate requested functionalities, including assistance and information about the services offered on the Website (“Service Execution Purpose”).
  • Collection of job applications.
  • Statistical analysis of aggregated data to assess Website performance, measure traffic, and evaluate usability and interest (“Aggregated Data Statistical Analysis Purpose”).
  • Newsletter subscription, marketing purposes, and online profiling through cookies (“Marketing and Online Profiling Purpose”).
  • Compliance with legal, accounting, and tax obligations (“Compliance Purpose”).
  • Defensive purposes necessary for the Controller (“Defensive Purpose”).

4. Legal Basis and Mandatory or Optional Nature of Processing

The legal basis for the purposes stated in letters a) and b) is the execution of a contract or pre-contractual measures pursuant to Article 6(1)(b) of the Regulation. Providing Personal Data for these purposes is optional, but failure to provide it would make it impossible to browse the Website and activate the requested functionalities.

The purpose under letter c) is based on legitimate interest pursuant to Article 6(1)(f) of the Regulation. This purpose does not involve any processing of Personal Data.

The purposes under letter d) are based on consent pursuant to Article 6(1)(a) of the Regulation. You can withdraw consent at any time according to Article 7 of the Regulation. Providing Personal Data for this purpose is optional and failure to provide it does not result in any consequences.

The purpose under letter e) represents a legitimate processing of Personal Data pursuant to Article 6(1)(c) of the Regulation. Once Personal Data has been provided, the processing is necessary to comply with a legal obligation to which the Controller is subject.

The legal basis for the purpose under letter f) is the legitimate interest of the Controller pursuant to Articles 6(1)(f) and 9(2)(f) of the Regulation. Once Personal Data has been provided, processing may become necessary to address the Controller’s defensive needs.

5. Recipients of Personal Data

Your Personal Data may be shared for the purposes stated in Section 3 with:

  • Entities acting as data processors, such as those necessary for service provision (e.g., hosting providers, service management companies, marketing consultants, technical maintenance providers, etc.).
  • Autonomous entities, authorities, or independent controllers to whom disclosure of your data is required by law or authority orders.
  • Authorized personnel who process personal data under strict confidentiality obligations.

6. Transfers of Personal Data

Some of your Personal Data may be shared with recipients outside the European Economic Area. In this case, the Controller ensures that your Personal Data is processed in compliance with the Regulation. Transfers may be based on the European Commission’s adequacy decision, Standard Contractual Clauses, or another appropriate legal basis. For more information, please contact the Controller.

7. Retention of Personal Data

Personal Data will be retained for the time strictly necessary to achieve the purposes outlined in Section 3, respecting the data minimization principle of Article 5(1)(c) of the GDPR.

  • Data for service execution and job applications will be kept until the contractual or pre-contractual relationship ends.
  • Marketing data will be retained until consent is withdrawn or for a maximum of 10 years.
  • Compliance data will be retained as required by law.

8. Data Subject Rights

You have the right to access your Personal Data at any time (Articles 15-22 of the Regulation). You can request rectification (Article 16), deletion (Article 17), restriction of processing (Article 18), and data portability (Article 20). You can revoke consent at any time (Article 7.3) and object to processing (Article 21). To exercise these rights, contact info@cpcharter.com or send a registered letter to the Controller’s address.

If you believe your data processing violates the Regulation, you have the right to lodge a complaint with the Data Protection Authority (Article 77) or take legal action (Article 79).

9. Changes

The Controller reserves the right to modify or update this policy due to regulatory changes or service updates. You will be notified of any changes, and we encourage you to check this section regularly for the latest version.