top of page

Privacy Policy

In accordance with and for the purposes of EU Regulation 2016/679

In accordance with the current legislation on the processing of personal data, defined in accordance with the provisions contained in EU Regulation 2016/679 of 27 April 2016 (hereinafter “GDPR”), we inform you that the processing of data provided or otherwise acquired will take place in full respect of the fundamental freedoms, always adopting principles inspired by correctness, lawfulness and transparency, and for purposes not exceeding the purposes of collection, in order to guarantee the protection and confidentiality of the data.


1 – Purposes of data processing

Your personal data, communicated by you or collected by us in compliance with the current legal provisions, will be used:

for the execution of contracts with you in place or, before their conclusion, as well as for operational management needs.

Legal basis: Execution of a contract.

for the operational management strictly functional to the possible conclusion of contracts, as well as to fulfill your specific requests prior to the possible conclusion of contracts.

Legal basis: Execution of pre-contractual measures

to comply with obligations under laws or regulations in force, including community ones.

Legal basis: Legal obligation.

contract management, for example relations with agents, representatives, clients and/or contractors;

Legal basis: Legal obligation.

for any external professional collaborations for the fulfillment of legal obligations;

Legal basis: Legal obligation.

for the management of litigation related to contractual breaches, transactions, credit recovery, judicial disputes.

Legal basis: Processing in court.

For service evaluation purposes;

Legal basis: Legitimate interest of the Data Controller

For communications to institutions (Municipality, health authorities, Coast Guard, Region, State Police, Civil Protection, others)

Legal basis: Legal obligation.

2 – Methods of data processing

The processing of personal data will be carried out with the aid of paper, computerized, telematic or automated tools, also with the entrustment to third parties specifically appointed, and will be carried out with logic strictly related to the purposes indicated, according to principles of lawfulness and transparency and, in any case, in order to protect the confidentiality and rights of the data subject, in compliance with the current legislation.

3 – Provision of data

Without prejudice to the personal autonomy of the data subject, the provision of personal data is mandatory for the purposes referred to in point 1 above and therefore any refusal to provide them may make it impossible for Visit Onifai to carry out the aforementioned relations.

4 – Persons authorized to process data and Subjects or categories of subjects to whom the data may be communicated

Without prejudice to the communications made in execution of legal obligations, your personal data may be communicated for the purposes referred to in paragraph 1, to:

banks and credit institutions; professional, consulting and auditing firms; intermediaries.

The personal data collected are also processed by the staff in charge, duly instructed, who need to have knowledge of them in carrying out their activities, as well as by subjects appointed as external managers of the Company. The data will not be disclosed or communicated to any third party except for the ordinary management of the company supported by external suppliers (banks and credit institutions, professional, consulting and auditing firms, maritime agencies, intermediaries, etc.) in compliance with confidentiality and security and only if it is not possible to manage the same data internally or anonymously;

The updated list of any managers to whom the data are communicated is at your disposal, upon request. Personal data will not be subject to disclosure except in cases provided for by law.

5 - Categories of data processed

User’s personal data necessary for the identification of the contracting party of the service contract;

Personal data of the subject who makes the payment and billing data for the purpose of completing the monetary transaction and in order to fulfill the tax obligations of invoicing and internal management of closing accounts and deadlines;

6 – Duration of processing and retention period of data

The processing and retention of your personal data will take place, in accordance with the current legislation on the subject, for a period of time not exceeding that necessary to achieve the purposes referred to in point 1 above for which they are processed, without prejudice to the ten-year term for the retention of only civil law data and the fulfillment of any other legal obligation.

7 – Rights of the data subject

According to the European Regulation, the subject to whom the personal data refer has the right at any time to obtain confirmation of whether or not there is a processing of his/her data and to obtain access to the data as well as precise and detailed information (art. 15 right of access to data);

the right to verify their accuracy or request their integration and updating by rectification (art. 16 right of rectification); to request cancellation (art. 17 right to be forgotten);

to limit (for legitimate reasons and provided for by the Regulation) their processing (art. 18 right to limitation of processing);

to receive in a structured format the data concerning him/her and transmit them to another controller (art. 20 right to data portability);

the right to object for reasons related to his/her particular situation to the processing of data (art. 21 right of opposition);

the right not to be subject to a decision based solely on automated processing, without prejudice to the exceptions (art. 22 Automated decision-making process relating to natural persons, including profiling).

The data subject has the right to revoke his/her consent at any time, limited to the cases where the processing is based on his/her consent for one or more specific purposes and concerns common personal data (art. 7 Conditions for consent).

The requests in question must be addressed in writing to the data controller. It is specified that the data subject also has the right to lodge a complaint with a supervisory authority (Data Protection Authority -

8 – Data Controller

The processing of data by Visit Onifai is carried out after identification of the subjects on whom specific duties and responsibilities lie.

Data Controller: Comune di Onifai,

with headquarters in Onifai, 08020, Via Municipio n.17 (NU)


Tel: to whom you can contact to

exercise the rights provided by the GDPR.

bottom of page