Privacy Policy

Information pursuant to art. 13 of the European Regulation (EU) 2016/679 regarding the user's personal data processing.

The firm GEC S.r.l. with registered office in Viareggio (LU) Via Monte Matanna 1/C, VAT number 02412390466, in the person of its pro-tempore legal representative, Claudio Bo, in quality of Data controller (hereinafter "Controller") informs You, pursuant to art.13 of the regulation (EU) 2016/679 (hereinafter "GDPR"), that Your data will be processed pursuant to the princIPles of lawfulness and transparency, protecting Your privacy and Your rights, with the following procedures and purposes.

1. Object of the processing

Controller will process Your personal data communicated by You in occasion of the use of the services offered by GEC S.r.l. through the official websites ( and including the respective subdomains and any other website through which the Firm operates) or through the application for mobile devices, tablets and similar.

2. Lawfulness of the processing and purposes of the processing

The legal basis of the processing is constituted by:

  1. fulfillment of contractual obligations:
    1. In order to provide the services and/or performances and/or product requested or provided for in Your favour, included therein the registration and the access to the service through Your personal account within which You can archive, consult, organize and share all the files concerning routs, tracks and GPS markers;
  2. consent:
    1. In order to track, store and share Your routs or the data inherent to Your routs (management of activity data, interaction with social networks and/or external platforms, interactions based on position, permissions for the access to " personal data" present on Your device - mobile devices, tablets and similar-, real time sharing with other users of the services offered by the Controller inherent to one's boat, routs, position, direction, speed, wind conditions and water depth detected by sensors, phone number if explicitly entered by the user. Position data and sensor data will be used and stored anonymously by GEC S.r.l. with the purpose of building a database of location-based information; such database will be exclusive property of GEC S.r.l.);
  3. legitimate interest of the Processer or of third parties:
    1. for technical and service purposes (conservation of data inherent to date, time, IP address, registration of Your consent affixed by checking the boxes in the form - conservation of the present data will be performed with the purpose of demonstrating the provision of the policy and of the registration of the respective consent -);
    2. for operations of maintenance of the portal that could involve the temporary processing of Your personal data also by our technical service in charge;
    3. for cybersecurity and prevention of cybercrimes;
    4. for the management of a possible legal dispute;
    5. for soft-spam action (use of the the email coordinates provided by You at the moment of the activation of Your account in order to forward a limited number of commercial communication that may be appropriate and inherent to the contractual relationship in place and/or to suggest products, services and performances similar to the ones purchased by You);
    6. for the analysis of the site traffic (statistic)

3. Procedure of the processing

Processing of Your personal data is performed by means of the operations indicated at art.4 Privacy Code and at art. 4, n. 2), GDPR and precisely: collection, registration, organisation, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, block, communication, cancellation and destruction of data. Your personal data undergo a processing both on paper and electronic and/or automatized.

The processing will be performed pursuant to the safety measures indicated by the Code and the others identified pursuant to the Regulation; the data will be stored for a period of time strictly necessary for pursuing the goals for which the data are collected and, in any case, with the adoption of specific safety measures that shall allow to avoid whichever violation of personal data, such as data loss, unlawful or incorrect use and unauthorised access.

However, such measures, in case of use of the application, given the nature of the means of online transmission, cannot limitate or totally exclude the risk of unauthorised access or data dispersion. For this purpose we suggest to verify periodically that Your device - mobile device, tablet and similar - is equipped with software adequate to the protection of online data transmission, both outgoing and incoming (such as updated anti-virus systems) and that Your internet provider has adopted appropriate measures for the safety of online data transmission (such as, for example, firewall and anti-spamming filters).

We also remind You that, in accordance with current legislation, the Controller shall be able to the email address provided by You in occasion of the use and/or the purchase of one of our services through the creation of an account but, in case You should not wish to receive such communication, You can inform the firm at any time, using the addresses included at point n.10. of the present policy. The Controller, in such case, shall interrupt such activity without delay.

4. Typology of data

The personal data processed vary in relation to their different legal base:

  1. fulfillment of contractual obligations
    1. Identification data (name, surname, email address - username included - );
  2. consent:
    1. data regarding movement activity collected by Your device (geo-localisation/ position, moving in altitude or other data related to what surrounds You).
    2. data present on Your device (social media account - for example, Facebook or Twitter -, data collectible thanks to the interaction with platforms/ external services - for example Bing Maps, access to the video camera to capture images and videos, access to the photo gallery, "Like" buttons or social widgets, cookies). It should be noted that in this case the information collected by the Controller depends on the privacy settings chosen by the user, who is required to verify them;
    3. data inherent to the payment (notification of successful payment received by the external suppliers of the service - for example, PayPal - ) ;
  3. legitimate interest of the Controller or third parties:
    1. log data (IP address, Internet Protocol -, device ID, address both of the page visited and of the previous page, detail of the used service, type of browser or device and settings, date and time in which the services are used, information about browser or device configuration, language, cookie data), email address. It should be noted that the collection of data for statistical purposes will exclusively take place in united and anonymous form, with the purpose of verifying the correct operation of the site. None of this information is related to the physical person - user of the site, and do not allow in any form their identification.

Sensitive data (that is, those which reveal racial or ethnic roots, political opinions, philosophical or religious beliefs, trade union memberships, and also genetic data, biometric data meant to uniquely identify a physical person, data relating to health or to the sexual life or the sexual orientation of a person) indicated by art. 9 of GDPR, and also judicial data (concerning criminal conviction or offence) indicated by art. 10 of GDPR, will not be subject to processing.

5.Data Communication

The data object of the processing will be communicated, only and exclusively, to perform the activities inherent to the aforementioned purposes, to third parties and/or employed personnel, in particular:

  • personnel specifically authorized for such processing
  • subjects who provide services for the management of the informatic system used by the Controller and of the communication network and who manage the maintenance of the technological aspect (included therein webmail);
  • subjects who can access Your data in accordance with provisions of law or secondary or Communitary legislation;
  • competent authorities who enforce the law and/or regulations promulgated by public bodies, upon request of the interested party.

All the subjects belonging to the aforementioned categories have presented sufficient guarantees in order to implement proper technical and organizational measures and, when not identifiable as independent data controllers, have been appointed as responsible for the data processing with a formal and written legal act, agreeing to process the data only upon documented instructions by the Controller. The list of the subjects in charge of the processing is constantly updated and available, upon request, at the registered office of the Controller.

The Controller guarantees maximum care so that the communication of Your personal data to the aforementioned recipients shall exclusively concern the data required only to pursue the specific purposes to which they are destined.

The undersigned, in quality of Controller, has formed the authorized personnel in accordance to the rules provided for by the current regulation concerning personal data.

Your data will not be disclosed.

6.Data Transfer

Data are stored on servers located within the European Union. It is understood, in any case, that the Controller, where it should be necessary, will have the right to move the servers outside the EU. In such case, the Controller hereby guarantees that transfers of data outside the EU will be performed in accordance with the applicable laws, upon the signing of the standard contract terms indicated by the European Commission.

7.Nature of data provision and consequences of failed acceptance

Data provision for purposes provided for in art.2 point 1) and point 3) (except subparagraph e.) is compulsory. In case they are not provided, the services requested shall not be guaranteed.

Data provision for purposes provided for in art.2 point 2) and point 3) subparagraph e. is optional. You can therefore decide to not provide any data or to subsequently withdraw Your consent to the processing of the data already provided: in this case, You will not be able to receive the services offered by the Controller.

You shall nevertheless continue to have the right to the services provided for at art. 2 point 1) and point 3).

8.Rights of the data subject

In relation to the processing described in the present policy, pursuant to art.7 Privacy Code and art. 15 GDPR, in quality of interested party, You have the right to:

  1. to obtain confirmation of the existence or not of any personal information related to You, even if not registered yet, and also to receive communication thereof in a comprehensive form.
  2. to receive information on a) the origin of these personal data; b) purpose and procedure of processing; the logic applied in case of processing performed with the aid of electronic instruments; d) the identification data concerning the Controller and the subject in charge of data protection; e) the subjects or subject categories to whom personal data may be communicated, or may have access, in quality of designated representatives in the State territory, of people in charge or employees.

In addition, You have the right to:

  1. the updating, rectification or, in case You have interest, the integration of data;
  2. the cancellation, block or transformation in anonymous form of data processed in violation of the law, , including the ones which do not need to be stored in relation to the purposes they have been collected and processed for.
  3. certification that all operations relating to letters a) and b) where brought to the attention, also regarding their content, of the subjects to whom the data have been communicated or disclosed, except for the case in which such fulfilment should be impossible or involves a manifestly disproportionate effort compared to the right to be protected.

You have also the right to oppose in whole or in part:

  1. to data processing, for legitimate reasons,
  2. to personal data processing that regard You for the purpose of advertising, direct sale, scientific research, market research or commercial communications, by means of automated calling systems without human intervention, by means of e-mail and/or by means of traditional marketing methods, by means of phone and/or paper mail.

Where applicable, You also have other rights provided for in articles 16-21 GDPR (right to rectification, right to be forgotten, right to limitation of processing, right to data portability, right to opposition), and the right to complaint to the Data Protection Authority.

9.How to exercise Your rights

You may exercise at any time the aforementioned rights by contacting the Controller at the addresses indicated at point 10. The Controller shall process Your request and provide You, without unjustified delay, and in any case, no later than 30 days after receiving Your request, the information concerning the action taken as a consequence of Your application. Pursuant to art. 12 GDPR, the exercise of rights in quality of interested party is free of charge. However, in case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Controller, in light of the administrative costs incurred to manage Your request, may charge a reasonable fee for the costs, or deny the satisfaction of Your request. We also inform You that, in case of an application, the Controller may ask further information to confirm the identity of the interested party.

10.Identity and contact info of the Controller

The Controller is GEC S.r.l. firm, in the person of its pro-tempore legal representative, Claudio Bo, with registered office in Viareggio (LU) Via Monte Matanna 1/C, VAT number 02412390466, e-mail

Viareggio, 18.05.2021


Copyright 2022 © GEC
All rights reserved.
P.IVA 02412390466