Registered office in Viadana (MANTOVA) – Italy, via delle Querce 1/3

As Data Controller of personal data, in accordance with EU Regulation 2016/679 “European Regulation”, we inform you that at the company headquarters and at branch offices (local offices), the processing of your personal data is carried out in full compliance with the aforementioned regulations, guaranteeing respect for fundamental freedoms and the dignity of the data subject, in particular protecting privacy and data protection. Please note that the information relates to personal data provided by the data subject or his delegates, and any data requested in the future, compatibly with the purposes indicated below, obtained directly from them or through computerized systems in the public domain where the data subject has released his own information to be subsequently contacted by potential customers.

In accordance with article13 of the Code and the Regulations, we provide the following information:

  • Processing modalities

Data processing can be carried out with the aid of paper and / or through the use of computer systems and related electronic equipment (even remote with appropriate protection and security systems), by persons in charge and specifically trained in security and data processing, for the purposes described below. Additional processing for different purposes will be subject to appropriate information with relative consent if due in relation to mandatory standards.

  • Purposes
  1. Administrative, accounting and fiscal management of the company (invoicing, work organization, etc.)
  2. Operational and logistics management, internal and external. (delivery and/or collection of products, communications on the status of work)
  3. Supply of services, materials, manufacturing, specialized services (incomplete list: consulting, supply of materials, facilities, professional services, technical, logistics, training, etc.)
  4. Management of any disagreements between parties (complaints, contractual breaches between parties)
  5. Storage of technical/administrative documentation (related to legal commitment, fiscal and contractual documentation, contractual and warranty communications on the supplied)
  6. sending regular promotional sales commissions
  7. send birthday wishes and / or wishes for holidays and / or celebrations
  • Personal Data Communication

The data in our possession will be processed by authorized personnel, assigned to these functions, in order to pursue the purposes listed above, based on the relationships between the parties. The organization also ask to other personnel (external to the company) for specific activities related to particular professional and/or technical roles, involving data processing. They are appointed as external managers of the treatment and therefore subject to the legal obligations that the current legislation places on this figure.

The target groups are:


Employees of the company or partners under different contractual form, under the direct control of the Owner.


Tax consultancy studies (accountants, tax consultants, etc.), Consultancy studies in general.
Authorized workshops (for maintenance, warranty interventions, etc.), Insurance companies.
Financial companies (loans, financing, leasing, long-term rental).
Equipment manufacturing companies.
Consultancy company for special benefits (tax break check).
Communication to external parties of the company will be carried out within the strict limits of the need to respond to customer requests and the correct achievement of company purposes. Clearly, remaining subject to legal obligations. Therefore, not all the subjects of the above categories may process the data, but only the internal or external figures appointed to perform a compulsory treatment.

  • Data transfer to a third country or international organizations

Normally, for the purposes described above, the data controller does not transfer data to a third country or to an international organization. Except for the exhibition of non-sensitive information during auditing carried out by customers or certification bodies on behalf of the same organization, bound to the secrecy and strict security protocols of data and information, in accordance with Italian and European Union cogent regulations.

  • Obligation (or not) of contribution

The processing of personal data is allowable only after the transfer of data by the interested party.

This transfer can be optional or mandatory under the laws that are applicable in relation to the objectives pursued.

Due to the principle of the “necessity” of the data (thus excluding the request for data not strictly necessary), the interested party is informed that, for the purposes indicated, his refusal to provide the data will in fact prevent to carry out the planned treatments. Making the services provided for in the relationship between the parties or the fulfillment of legal obligations impracticable.

  • Data retention

The preservation of the collected data, considering the rights of the interested party as indicated below, is extended to the time necessary to complete the order, assignment or service requested, as well as any preservation of data provided for guarantees and finally by state or European regulations (eg retention of tax documents). Information that are no longer necessaries or to be kept, by virtue of regulations or to protect the interested party, will be destroyed or returned if these are original documents, without storing copies. Further information on the retention periods can be requested from the data controller and its contacts through the communication channels indicated in this statement.

  • Profiling and automated processes

Personal data processing is carried out without the intervention of systems or automated processes that can affect data processing and on the rights of the interested party, nor is the profiling of the interested party needed.

  1. Data Controller

The figure identified under the Code and the EU Regulation as Data Controller to whom it is possible to forward any requests and exercise the rights guaranteed to the interested party pursuant to article 15 to 22 of EU Regulation 2016/679 is HS.MARINE, via delle Querce 1/3 – 46019 Viadana (MANTOVA) – Italy

  • Data Protection Manager (DPM)

The figure identified under the Code and the EU Regulation as Data Controller to whom it is possible to forward any requests and exercise the rights guaranteed to the interested party pursuant to article 15 to 22 of EU Regulation 2016/679 is Stefano Forni email: privacy@hsmarine.net.

Rights of the interested party (art. 7 rule and art. da 15 a 22 Reg. UE)

The interested party may exercise the following rights, considering any particular obligation to which the organization is subjected to comply pursuant to the EU Code and Regulation and other laws regulating the management of particular personal data:

  1. The interested party has the right to obtain confirmation of the existence or not of personal data concerning its, even if not yet registered, and their communication in an intelligible form.
  2. The interested party has the right to obtain the indication of:
    • the origin of personal data and categories;
    • the purposes and methods of the processing, as well as the duration of the conservation
    • the logic applied in case of treatment carried out with the aid of electronic instruments;
    • the identification details of the holder, managers and designated representative;
    • subjects or categories of subjects to whom personal data may be communicated or who may become aware of them in the territory of the State, European Union or third countries, and to receive information about adequate guarantees on the transfer and treatment
  3. The interested party has the right to obtain:
    • updating and correction. That is, when interested, integration of data;
    • cancellation (right to be forgotten), transformation into anonymous form or blocking of processed data. Including those that do not need to be kept for the purposes for which the data were collected or subsequently processed, with the exception of legal obligations or the protection of the data subject and in particular in the case of illegal processing;
    • certification that the operations in letters a) and b) have been brought to the attention of those to whom the data have been communicated or disseminated. Except in the event that such an operation is impossible or involves a use of means clearly disproportionate to the protected right.
  1. The interested party has the right to oppose or to limit, totally or partially:
    • for legitimate reasons, to the processing of personal data concerning him
    • to the processing of personal data concerning him, referring to automated processes or deriving from profiling (contractual obligations stipulated between the parties), with regard to marketing purposes and the like.
  2. The interested party also has the right to:
    • make a formal complaint to a supervisory authority (more information on www.garanteprivacy.com);
    • if not collected directly from the data subject, any available information about their sources;
    • receive a copy of the data stored within the limits of the protection of the rights and freedoms of others;
    • request data portability, where the nature of the processing makes it technically feasible. Further information can be obtained from the data controller or by consulting the articles of the above reference standards.