2) Privacy Policy — Lascatutto

Last updated: 23 November 2025

1) Who we are (Data Controller)

Controller: LASCATUTTO BOATING CONSULTING SRL SOCIETA’ BENEFIT
Address: Via Cala 52, 90133 Palermo – Italy
Email: info@lascatutto.com | Tel.: +39 3669532212

This notice explains how we collect and process personal data when you use our website, request information, book services (charter, moorings, boatyard), subscribe to the newsletter, or interact with us via email, phone, WhatsApp, or social media.

2) Types of data processed

• Browsing data: IP address, technical logs, device identifiers, session/traffic data (see Cookie Policy).
• Data provided by the user: name, surname, email, phone, company (if any), message/form content, service preferences, documents required for bookings/contracts (e.g., boating license for bareboat).
• Contract/billing data: address, tax/VAT ID, payment methods (token/transaction result – we do not store full card numbers).
• Job applications (optional): CV and professional information if you apply.
• Data from third-party channels: messaging or social (e.g., WhatsApp/Instagram/Facebook), processed under those platforms’ policies.

3) Purposes and legal bases

• a) Respond to contact/quote/site-inspection requests — Performance of pre-contractual measures.
• b) Manage bookings and contracts (charter, moorings, boatyard), customer care, after-sales — Contract performance.
• c) Legal, tax, accounting, insurance compliance — Legal obligation.
• d) Website security, fraud/abuse prevention, legal defence — Controller’s legitimate interest.
• e) Send newsletters/marketing communications — Consent; soft-spam for similar services to existing customers with opt-out (Italian law).
• f) Aggregate statistics on site usage — Legitimate interest or consent depending on cookie/analytics setup.
• g) Recruitment (spontaneous applications) — Pre-contractual measures; consent for any special categories of data in the CV.
  We may send essential service updates required for contract execution without consent.

4) Processing methods and security

Data are processed using IT tools and adequate technical/organizational measures (access controls, backups, encryption in transit, minimization). We do not use fully automated decision-making producing legal effects.

5) Data provision

Providing mandatory data in forms is necessary to receive the requested service (e.g., quote, booking). Failure to provide such data may prevent handling your request. Marketing/newsletter data are optional.

6) Data retention

• Contacts/quotes: up to 24 months from the last meaningful contact.
• Contract/billing data: up to 10 years (legal obligations).
• Customer care/after-sales: up to 24 months from ticket closure.
• Newsletter/marketing: until consent is withdrawn or opt-out; review every 24 months.
• Applications: up to 12 months (unless otherwise agreed).
• Technical/security logs: up to 12 months, unless security events require longer storage.
  Retention may be extended for legal defence.

7) Disclosure and categories of recipients

We may disclose data to:

• Processors/providers (hosting, IT maintenance, CRM/emailing, payment platforms, admin/accounting consultants, insurance services).
• Authorities legally entitled to access.
• Captains/skippers and operational partners, limited to information necessary to deliver the service (e.g., crew lists, contacts).

Specific providers used:

• Google Ireland Limited (Google Analytics 4) — stats/traffic/performance; data: cookies/IDs, IP (with anonymization), user agent, events; legal basis: consent (or legitimate interest only if strictly anonymized and without enrichment); extra-EU transfers to USA under SCCs; opt-out: https://tools.google.com/dlpage/gaoptout ; privacy: https://policies.google.com/privacy
  
• Meta Platforms Ireland Ltd. (Meta Pixel) — marketing/remarketing, conversion measurement; data: cookies/IDs, browsing/conversion events, device/browser data, IP; legal basis: consent; transfers to USA under SCCs; ad preferences: https://www.facebook.com/adpreferences ; privacy: https://www.facebook.com/policy.php
  
• Intuit Inc. – The Rocket Science Group LLC d/b/a Mailchimp — email newsletters, list management, automations, campaign stats (opens, clicks, bounces); data: name, email, preferences, metrics, IP and user agent; legal basis: consent (newsletter signup) or soft-spam for existing customers (opt-out available); transfers to USA under SCCs; privacy: https://www.intuit.com/privacy/statement/ and https://mailchimp.com/legal/privacy/
  

The up-to-date list of processors is available on request at info@lascatutto.com.

8) Extra-EU data transfers

Some providers may process data outside the EEA. Transfers occur under GDPR arts. 44 et seq., typically via Standard Contractual Clauses (SCCs) and supplementary measures. Use of GA4, Meta Pixel, and Mailchimp may involve transfers to the USA.

9) Cookies, trackers, and third-party tools

See our Cookie Policy for categories, purposes, retention, and consent management. Via the cookie banner you can accept/refuse and later change your choices through the “Cookie settings” link in the footer.

10) Newsletter and marketing communications

Campaigns are managed via Mailchimp. We collect statistics (opens, clicks, unsubscribes) to improve content. You may withdraw consent or object at any time using the unsubscribe link or by contacting info@lascatutto.com. If you are already a customer, we may send you communications about similar services (soft-spam); you can object at any time.

11) WhatsApp, social media and external channels

If you contact us via WhatsApp or social media, some data will also be processed according to those platforms’ policies. We will use such channels solely to handle your request/service.

12) Data subjects’ rights

• Access, rectification, erasure, restriction, portability, objection.
• Withdraw consent at any time (without affecting prior lawful processing).
• Lodge a complaint with the Italian Data Protection Authority (Garante).
  To exercise your rights, email info@lascatutto.com or call +39 3669532212. We may request information to verify your identity.

13) Minors

The website and services are not intended for children under 14. If you believe we collected data from minors without proper consent, please contact us for removal.

14) Recruitment (if you send a CV)

CV data are processed to evaluate your application and arrange interviews. Do not include unnecessary special categories of data. If present, such data will be processed only with your explicit consent and solely for recruitment purposes.

15) Changes to this notice

We may update this Privacy Policy to reflect legal or technical developments. We will publish the updated version with the effective date. Please review it periodically.