The purpose of this document is to inform the natural persons to whom the Personal Data subject to processing (hereinafter the “Interested”) concerning the Personal Data collected by the Data Controller, as subsequently identified.

The Data Controller may modify or simply update, in whole or in part, this Policy by giving information to the Data Subjects.


Data Controller

The Data Controller is NAVIGLIO & FIUME S.R.L., with registered office in Corso Roma 22 72100 Brindisi, Tax Code/ VAT number 01542470743,71046, e-mail address, address PEC, phone 0831523128.


We also inform you that your personal data will also be known by NAVIGLIO & FIUME employees S.R.L. that, for various reasons by virtue of specific appointment or authorization, will process your data for the purposes for which the data were collected in compliance with the provisions of GDPR 2016/679.


To have an updated list of Processors and Processors, please send an email to


Personal Data collected

The Data Controller collects the following types of Personal Data:

User identification data required at the time of registration to the site: such as name, surname, date of birth, city of origin, mail, phone number etc.

Navigation data:The computer systems and software procedures for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.This is information that is not collected to be associated with identified data subjects, but that by their very nature could, through processing and association with data held by third parties, allow to identify users.This data category includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) notation addresses of the requested resources, request time, method used in submitting the request to the server, file size obtained in response, the numeric code indicating the status of the response given by the server (fine forum, error, etc.) and other parameters related to the operating system.This data, on this site, is used only to obtain anonymous statistical information on the use of the site and to check its proper functioning.The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.For these data, and for the purposes mentioned above it is not necessary to request consent.

Data provided voluntarily by the user:The optional, explicit and voluntary sending of e-mail to the addresses indicated on this site or filling out the form of specific sections with mandatory and optional fields, involves the subsequent acquisition of the information and address of the sender, necessary to respond to requests for services and/or information.For these data, and for the purposes mentioned above it is not necessary to request consent.

Data relating to customer activities: such as tracking purchases, monitoring customer habits, etc.

Failure to provide the Data Subject, for which there is a legal, contractual obligation or if they constitute a necessary requirement for the use of the service or for the conclusion of the contract, will result in the impossibility of the Data Controller to provide its services in whole or in part.
The interested party who communicates to the Data Controller of third parties is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.


Purpose of Treatment

The collected Personal Data may be used for the performance of contractual and pre-contractual obligations, for legal obligations and for the following purposes:

  • follow the requests or reports of the data subject, offer services of commercial assistance and customer care;
  • give course to administrative and accounting management by communicating the Data to the Tax Consultant;
  • comply with the obligations lodged on the Data Controller and provided by current legislation;
  • Security of systems, goods and persons;
  • Supplier and partner management (administration suppliers, orders, payments, etc.);
  • User database management;
  • Management of payments by credit card, bank transfer or other tools;
  • Sending advertising or commercial communications by any appropriate means;
  • Commercial affiliation;
  • Comments and feedback.


Legal basis for processing

The legal basis of the processing for all the purposes mentioned above is the consent of the interested party.


Methods of Treatment

The processing of personal data is carried out by means of paper, computer and/or telematic tools, all in compliance with the provisions of the GDPR 2016/679, with organizational methods and logic strictly related to the purposes indicated.

In some cases, they may also have access to the Personal Data involved in the organization of the Data Controller (such as, for example, personnel management, business operators, system administrators, etc.) or external entities (such as computer companies, service providers, postal couriers, hosting providers, etc.).These subjects may be appointed as Data Processors by the Data Controller, access the Personal Data of the Data Subjects whenever necessary and will be contractually obliged to keep Personal Data confidential.

The updated list of Managers can be requested by email at

Place of treatment

The Personal Data are processed at the operational offices of the Data Controller and in any other place where the parties involved in the Processing are located.For further information, the Data Subject may contact the Data Controller at the following email address and at the postal address Corso Roma, 22, Brindisi.

Automated decision-making processes

All Data collected will not be subject to any automated decision-making process, including profiling, which can produce legal effects for the person or which can affect it significantly.


Transfer of personal data

Your data will not be transferred to non-EU Third Countries.


Safety measures

The processing is carried out in accordance with methods and with tools suitable to guarantee the safety and confidentiality of the Personal Data, having the Data Controller adopted appropriate technical and organizational measures that guarantee, and allow to demonstrate that the processing is carried out in accordance with the reference legislation.

Data retention period

The Data Controller will process the Personal Data for the time necessary to fulfill the purposes connected with the execution of the contract between the Data Controller and the Data Subject and not beyond the duration of 10 years from the termination of the relationship with the Data Subject and however until the completion of the term prescription provided by the norms in force.

When the Processing of Personal Data is necessary for the pursuit of a legitimate interest of the Data Controller, the Personal Data will be retained until the satisfaction of this interest.
If the processing of personal data is based on the consent of the Data Subject, the Data Controller may retain the Personal Data until the withdrawal by the Data Subject.

Personal Data may be stored for a longer period if necessary to comply with a legal obligation or by order of an authority.

All Personal Data will be deleted at the end of the retention period.

The right to access, erasure, rectification and the right to portability of Personal Data may no longer be exercised.


Rights of the interested party

Interested persons may exercise certain rights with reference to the Personal Data processed by the Data Controller.

In particular, the interested party has the right to:

  • revoke your consent at any time;
  • object to the processing of your Personal Data;
  • access to your Personal Data;
  • verify and ask for correction;
  • obtain restriction of processing;
  • obtain the cancellation of your Personal Data;
  • receive your Personal Data or transfer it to another owner;
  • lodge a complaint with the Data Protection Authority and/or act in court.

To exercise its rights, the interested parties may send a request to the contact details of the Data Controller indicated in this document (e-mail address, address PEC

Requests are made free of charge and evaded by the Owner as soon as possible, in any case within 30 days.

Last update: 6/04/2020

Naviglio and Rijeka S.r.l.