Privacy Policy

For Taoticket, the protection of your personal data is a principle that goes beyond legal obligations.

The commercial offers we propose are designed to meet your needs and offer the best and most convenient service for you.

Taoticket S.r.l., Data Controller in compliance with Italian laws (art. 13 D. lgs. 30.06.2003, n. 196 - Personal Data Protection Code) and EU laws (art. 13 of EU Regulation n. 679/2016 - procedures for managing the site with reference to the processing of personal data of users who consult it), is committed to protecting, in a clear and transparent manner, the privacy of users and declares itself responsible for the security of customer data.

This policy establishes the following: what personal data of the user is collected and processed in relation to the relationship with us as a customer and through the use of our websites, smartphone apps, and web services.

What personal data we collect

Personal data means any information relating to you that allows us to identify you, such as your name, contact details, booking reference number, payment details, and information about your access to our website.

Specifically, we may collect the following categories of information:

  • First and last name, residential address, email address, telephone number, passport number or ID card details, credit/debit card, or other payment details;
  • API (Advance Passenger Information), which includes name, nationality, date of birth, gender, passport or ID card number, expiration date, and country of issue;
  • Medical conditions for passengers who have special medical requirements and/or dietary needs;
  • Travel history, including information relating to booked ferries and services;
  • Information provided about your travel preferences;
  • Information about purchases of products and services from our trusted partners;
  • Information on the use of our website and/or app;
  • Communications exchanged with us or addressed to us via letters, emails, chat services, phone calls, and social media;
  • Location, including the real-time geographic location of your computer or device via GPS, Bluetooth, and IP address, along with crowd-sourced Wi-Fi hotspots and cell tower locations, if you use location-based features and turn on location services on your device and computer;
  • Browsing data aimed at profiling, i.e., data collected through tools used for browsing, subject to the consent of the interested party, which allow us to offer advertisements of greater interest to the user.

Personal details about your physical or mental health, alleged commission of crimes, or criminal convictions are considered "sensitive" personal data under applicable data protection laws. We will process such data only if you have given explicit consent, or if it is necessary (for example, if you request special assistance), or if you have deliberately made it public.

What we use personal data for, why, and for how long

Your data may be used for the following purposes:

  • To provide requested products and services: we use the information you provide to perform the requested services relating to ferries, including requests to change cruises and/or flights;
  • To contact you in case of a flight schedule change or cancellation: we send you communications about the services you have requested and any changes to those services. These communications do not have marketing purposes and cannot be opted out of;
  • Credit card or other payment card verification/screening: we use payment information for accounting, billing, and audit purposes and to detect and/or prevent fraudulent activities;
  • Administrative or legal purposes: we use your data for statistical and marketing analysis, system testing, customer surveys, maintenance, and development, or to deal with a dispute or claim. We may perform data profiling based on the information we collect from you in order to use it in statistical and marketing analysis. Any profiling activity will be carried out only with your prior consent and making every effort to ensure that all data it relies on is accurate. By providing any personal data you explicitly agree that we may use it to carry out profiling activities in accordance with this privacy policy;
  • Immigration/customs controls: we may be obliged to provide your information to border control agencies;
  • Security, health, administrative purposes, crime prevention/detection: we may also pass your details to government authorities or enforcement bodies in accordance with legal requirements;
  • Customer service communications: we use your data to manage our relationship as our customer and to improve our services and your experience with us;
  • Providing tailor-made services: we use your data to provide information we believe is of interest to you, prior to, during, and after traveling with us, and to personalize the services we offer you, such as special offers to your favorite destinations or Family Plus deals;
  • Marketing: from time to time we will contact you with information regarding ferry promotions and ancillary products via electronic communications. However, you will have the choice to opt in or opt out of receiving such communications by indicating your preference at the booking stage. You will also be given the opportunity on every electronic communication that we send to indicate that you no longer wish to receive our direct marketing material.

We will only process your personal data if we have a legal basis to do so. The legal basis will depend on the reasons we have collected and need to use your personal data.

In most cases we will need to process your personal data to be able to process your booking, enter into the travel contract with you, and fulfill that contract. We may also process your personal data for one or more of the following reasons:

  • To comply with a legal obligation (e.g., immigration or customs requirements);
  • You have consented to the use of your personal data (e.g., for marketing purposes);
  • To protect your vital interests or those of another person (e.g., in a medical emergency).

Only people aged 16 or over can provide their consent. For children under this age, the consent of parents or legal guardians is required.

The duration of consent is evaluated in relation to the purpose of the processing, and however the revocation of the same by the interested party can be exercised at any time as indicated in the Data Subject's Rights.

We retain personal data for as long as necessary to achieve the purposes and carry out the activities described in this privacy policy, or as otherwise communicated to the User and/or Customer, or for the time permitted by applicable law.

Data retention periods

Data type Description Retention period Start date
Customer records Reserved area account information: login with Google sign-in, Apple sign-in, social sign-in, username, and password 10 years From the date of the last interaction
Data used for marketing purposes (CRM) Data subject to the user's consent and used for marketing activities to customers/users 5 years From the granting of consent by the interested party or from the renewal of consent through interaction with the marketing communication department
Technical cookies Data collected via tags Max. 3 years From the date of browsing on our website
Non-technical cookies Data collected via tags Max. 1 year From the date of the interested party's consent

Security of personal data

We follow strict security procedures in the storage and disclosure of your personal data, to protect it against accidental loss, destruction, or damage. The data that users provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the standard method of encrypting personal data and credit card numbers that enables them to be securely transferred over the Internet.

All payment details are transmitted over SSL and stored in compliance with Payment Card Industry Data Security Standards (PCI DSS) managed with a certified secure HTTPS connection across all our sites and apps.

We may disclose your information to trusted third parties for the purposes set out in this privacy policy. We require all third parties to have appropriate technical and operational security measures in place to protect personal data, in line with EU legislation on data protection rules.

Cookies and site tracking

This site uses cookies to enable us to improve our service and to provide you with useful features. Cookies are small text files that are transferred to your computer's hard drive through your web browser to enable us to recognize your browser and help us track visitors to our site; this enables us to better understand the products and services that will be most suitable to you.

A cookie contains your contact information and information to allow us to identify your computer when you travel around our site for the purpose of helping you accomplish your reservation. Most web browsers automatically accept cookies, but, if you wish, you can change these browser settings by accepting, rejecting, and deleting cookies.

The "help" menu on the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you choose to change these settings, you may find that certain functions and features will not work as intended. The cookies we use do not detect any information stored on your computer.

For more information about cookies and how to stop your browser from accepting them, please visit the following website: www.allaboutcookies.org.

Data Protection Officer

Taoticket S.r.l., Data Controller, has appointed an internal Data Protection Officer. The user has the right to lodge a complaint at any time.

Contacts:

Email: privacy@taoticket.com

Address: Taoticket S.r.l., Via Brigata Liguria 3/21 - 16121 Genoa IT

Data subject's rights

At any time, pursuant to articles 15 to 22 of the GDPR, you have the right, also in relation to the profiling activity, to:

  • Request the correction of your personal data;
  • Withdraw your consent to the use and disclosure of your personal data at any time;
  • Request the deletion of your personal data;
  • Receive your personal data in a structured, commonly used, and machine-readable format, as well as transmit your personal data to another data controller;
  • Object to the processing of your personal data even for marketing or profiling purposes;
  • Obtain the restriction of the processing of your personal data;
  • Lodge a complaint with a supervisory authority;
  • Receive communication if there is a personal data breach;
  • Request information regarding:
    • the purposes of the processing;
    • the categories of personal data;
    • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if the data is transferred to recipients in third countries or international organizations and the existence of adequate safeguards;
    • the retention period of the personal data;
    • if the data is not collected from the data subject, all available information about their source.

You may at any time object to the sending of communications related to marketing and profiling activities by clicking on "unsubscribe" at the bottom of the received e-mail or by forwarding a specific request to privacy@taoticket.com.