The following information in this Privacy Policy is intended to give you an overview of the nature, scope, and purpose of the collection and processing of your personal data by WONDER YACHTS SRL and its subsidiaries (OI) as well as third parties, and your rights under data protection law.

Which data is processed and how it is used depends upon the requested or agreed services.

Contact details of WONDER YACHTS

Should you have any notes, comments, or questions regarding this Privacy Policy or the processing of your personal data, please contact us at:

Wonder Yachts srl
Via larga 6
20122 Milano
info@wonder-yachts.com

EU Representative in accordance with Article 27 GDPR

Wonder Yachts srl
Via larga 6
20122 Milano
info@wonder-yachts.com

General Data Use

We process your personal data which we have received directly from you or from third parties (e.g. brokers etc.) as part of our business relationship with you. In addition to data that we receive directly from you, we also obtain and process data about you that is available in the public domain or that was provided to us by other companies within the Wonder Yachts or by third parties, in order to properly and adequately fulfil our regulatory and contractual obligations as well as to improve, expand and market our service offering.

The following personal information is processed:

  • personal details (name, address, further contact details, date and place of birth, and citizenship);
  • identification data (e.g. details of your identification document) and authentication data;
  • order data (e.g. payment);
  • data stemming from the fulfilment of our contractual obligations;
  • advertising and sales data;
  • record-keeping data (e.g. minutes of consultation)
  • other data related or comparable to the above categories (e.g. Email).

Webpage and Cookies

In order to provide the services on our website we use a number of cookies and other technologies. These are described hereafter in detail and where applicable opt-out options are provided.

Necessary Functionality Cookies

In order to provide you with the website and its content we must use some cookies. We use a last viewed yacht cookie to remember your most recently viewed yachts and present these to you when you return to the site.

Performance Cookies

Hotjar

We use Hotjar in order to better understand our users’ behaviour and to optimize the online experience. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.

You can opt-out of the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

Our legal basis for processing is our legitimate interest in optimizing the user experience and making your visit to our website enjoyable.

Google Analytics

Based on our legitimate interests in analysis, optimization, and economic operation of our online offer, we integrate Google Analytics, a web analytics service provided by Google Ireland Ltd. (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google uses cookies. The information generated by the cookie about the use of our website are usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement, which allows for a data transfer to the USA.

Google will use this information on our behalf to evaluate the use of our website, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. We do not have access to the IP Addresses submitted to Google.

The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly. Users may also prevent the collection of the data generated by the Google cookie and related to its use of the online offer and the processing of such data by Google by downloading and installing the browser plug-in available at here. You can also prevent tracking by using this Opt-Out Link.

For more information about Google’s data usage please read Google’s Privacy Policy and Google’s Ads Settings.

Our legal basis for the use of Google Analytics is our legitimate interest in measuring the performance of our website and statistical analysis for market research purposes.

The personal data of users will be deleted or anonymized after 14 months.

Marketing Cookies

Google Campaign Manager (formerly DoubleClick)

This website uses Google’s online marketing tool Campaign Manager (provided by Google Ireland Ltd., see above). Campaign Manager uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to determine which ads are shown in which browser and can prevent them from being displayed multiple times. In addition, Campaign Manager can use cookie IDs to track conversions related to ad requests. For example, if a user sees a Campaign Manager ad and later goes to the advertiser’s website with the same browser and buys something there, we as an advertiser can see the performance of our ad. According to Google, Campaign Manager cookies do not contain personally identifiable information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. By integrating Campaign Manager Google receives information that you have visited part of our website or clicked on an ad from us. If you’re registered with a service provided by Google, Google may associate the visit with your account.

In addition, the Campaign Manager (DoubleClick Floodlight) cookies we use enable us to understand if you are performing certain actions on our website after you have viewed or clicked one of our display/video ads on Google or on another platform through Campaign Manager (Conversion tracking). Campaign Manager uses this cookie to understand the content that you have interacted with on our web sites so that you can later send you targeted advertising.

Our legal basis for the use of Google Campaign Manager is our legitimate interest in marketing our services to interested visitors and optimizing the user experience by minimizing the number of irrelevant ads.

For more information about Campaign Manager, visit this link and Google Privacy Policy in general.

You can also prevent Google Campaign Manager tracking on our website using this Opt-Out Link.

Google Ads (formerly Google AdWords)

On our website we use Google Ads by Google (see above). This service allows us to show ads in Google’s search results as well as Google AdSense and Publishing Partner’s display networks. The aim is to publish our advertising materials (so-called Google Ads) on external websites to draw attention to our offers. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. We are interested in showing you advertisements that are of interest to you, to make our site more interesting to you and to allow us to calculate advertising costs.

The legal basis for this is our legitimate interest in the efficient marketing of our services.

Our website uses the features of Google Analytics in conjunction with the cross-device capabilities of Google Ads. This feature allows the Google Analytics generated ad groups to be linked to the cross-device capabilities of Google Ads. In this way, interest-based personalized advertising messages customized to you based on your previous usage and browsing behaviour on one end device (e.g., cell phone) may also be displayed on another of your end devices (e.g., tablet or PC).

For this purpose, a cookie is set by means of a remarketing tag, which includes every visitor to the website (pseudonymised) in a list.

If you access our website through a Google Ad, Google Ads will store a cookie on your computer. The unique cookie ID, the number of ad impressions per placement (Frequency), the last impression (relevant to post-view conversions) and opt-out information (flag that the user does not want to be addressed) is stored.

These cookies allow Google to recognize your internet browser. If a user visits certain pages on a Google Ads customer’s site (such as our OI website) and the cookie stored on their computer has not expired, Google and we will be able to detect that the user clicked on the ad and was redirected to that page.

You can prevent participation in this tracking process in several ways:

  • by setting your browser software accordingly – the suppression of third-party cookies means that you will not receive any third-party ads.
  • by disabling the cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com (see https://www.google.com/settings/ads) which will be deleted, if you delete your cookies
  • by deactivating the interest-based ads of the providers that are part of the “About Ads” self-regulation campaign via the https://www.aboutads.info/choices link, which will be deleted when you delete your cookies;
  • by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under this link. We point out that in this case you may not be able to use all features of this offer in full.
Google Maps

Our website uses the map service “Google Maps”, which allows the display of interactive maps and the use of the map feature directly on our website. The Google Maps service uses persistent cookies. When visiting our pages which integrate the Google Map, Google will receive a notification that you have accessed the page. In addition, information such as:

  • Volume of data transferred
  • IP address of the device you are using
  • Access status (successful/unsuccessful)
  • Name of the accessed file (specific page)
  • URL of the previously visited page (so-called “referrer URL”)
  • Date and time of access
  • Browser type and version as well as which operating system you use

will be transmitted to Google. This takes place regardless of whether you are logged in to a Google user account. If you are logged in to Google, your data will be assigned to your user account. If you do not want the data to be assigned to your account, you will need to log out before accessing the map feature.

The legal basis is our legitimate interest in optimizing the functionality of our website.

If you do not agree with this processing, you have the option to prevent the installation of cookies through the corresponding settings in your Internet browser.

For more information regarding the purpose and extent to which Google collects, processes and uses data  as well as your rights in this regard and the settings available to protect your privacy, please see Google’s privacy policy. Google also processes your information in the USA and does so within the framework of the EU-US Privacy Shield.

Microsoft Advertising (formerly Bing Ads)

We use the conversion and tracking tool “Bing Ads” from Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521) within our online offer. Microsoft stores cookies on your device in order to enable an analysis of your use of our online offer if you have reached us via a Microsoft Bing ad (so-called “conversion tracking”). This way, Microsoft and we can recognize that someone clicked on an ad, was forwarded to our online offer and reached a previously determined target page (so-called “conversion page”). Microsoft tells us the total number of users who clicked on a Bing Ad and were then redirected to the conversion page. With the help of remarketing lists that we create based on the activity of visitors to our website, Microsoft can segment target groups and then optimize our Bing advertising campaigns on the basis of these segments.

The legal basis for data processing is Article 6 (1) (f) GDPR. Our legitimate interest lies in the marketing of our products and the measurement of the performance of our advertising.

If you do not want to participate in the Bing Ads tracking process, you can deactivate the required setting of a cookie in your browser settings or use the Microsoft opt-out page: http://choice.microsoft.com/de-DE/opt-out. You can also prevent Bing Ads from collecting and processing your data by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find this for example at https://www.noscript.net or https://www.ghostery.com).

Further information on data protection and the cookies used by Microsoft Bing Ads can be found in Microsoft’s data protection statement: https://privacy.microsoft.com/de-de/privacystatement.

LinkedIn Insights Tag

On our website we use the LinkedIn Insights Tag provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

The LinkedIn Insight Tag enables the collection of data when a visitor visits our website. This data  includes URL, referrer URL, IP address, device and browser properties (user agent) and time stamp. The IP addresses are shortened or (if they are used to reach members across devices) hashed. The direct IDs of the members are removed within seven days in order to pseudonymize the data. This remaining pseudonymised data will then be deleted within 180 days.

LinkedIn does not share any personal data with us, it only provides reports and communications (in which you are not identified) about website target audience and ad performance. LinkedIn also offers retargeting for website visitors so that we can use this data to display targeted advertising outside of our website without the member being identified. We also use data that does not identify you to improve the relevance of ads and reach members across devices.

The legal basis for data processing is Article 6 (1) (f) GDPR. Our legitimate interest lies in the marketing of our products and the measurement of the success of our advertising on LinkedIn.

If you do not want to participate in the LinkedIn tracking process, you can deactivate the required setting of a cookie in your browser setting or opt-out here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Facebook-Pixel, Custom Audiences, Retargeting & Facebook-Conversion

We use the Remarketing feature “Custom Audiences” on our website and the Facebook Pixel of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. Facebook is certified under the EU-US Privacy Shield and ensures adequate data protection when transmitting data to the United States.

Facebook Remarketing, Facebook Pixel & Custom Audience features are designed to target visitors to the site with interest-based advertising on Facebook’s social network. With the help of the Facebook pixel Facebook can identify you as a visitor to our online offer and can select you and other persons with similar characteristics as a target group for the display of advertisements (so-called “Facebook ads”).

In order to display Facebook Ads only to Facebook users who have shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products that are determined by the websites visited), we add the Facebook pixel cookie. The transmitted information enables us to commission Facebook to form so-called “Custom Audiences” as target groups.

Furthermore, the Facebook Pixel allows us to ensure that our Facebook Ads are in line with the potential interest of users and are not annoying. The Facebook Pixel allows us to understand the effectiveness of the Facebook ads for statistical and market research purposes, by seeing if groups of users were redirected to our website after clicking on a Facebook ad or using our app (so-called “conversion”). At the same time, Facebook does not give us any insight on a user level, but only aggregated statistics.

The above-mentioned processing by Facebook takes place based on our legitimate interest in a targeted marketing of potential and existing customers as well as the statistical analysis for market research purposes.

You can disable the Remarketing & Pixel function here.

Information on our Facebook pages

As controllers within the meaning of the EU General Data Protection Regulation, we and:

Facebook Ireland Ltd. (hereinafter “Facebook”)

4 Grand Canal Square

Grand Canal Harbor Dublin 2

Ireland

operate webpages to draw attention to our products and services and to contact you as a visitor and user of our Facebook page and our website.

As the operator of the Facebook pages, we have no interest in the collection and further processing of your individual personal data for analysis or marketing purposes. The operation of the Facebook page, including the processing of personal data of the users is based on our legitimate interests in an efficient information and interaction with our visitors (Art. 6 para. 1 lit. f. GDPR).

Processing of personal data by Facebook

According to Facebook, your data will be used for the following purposes:

  • Advertising (analysis, creation of personalized advertising)
  • Creation of user profiles
  • Market Research

Facebook uses cookies for storage and further processing of this information, which is stored on the various user terminals. The storage and analysis are also cross-device.

The Facebook privacy policy contains more information about data processing.

Opt-Out options can be found here and here https://www.youronlinechoices.com

Facebook Inc., the US parent company of Facebook Ireland Ltd. is certified under the EU-US. Privacy Shield. For more information, see here.

As the person responsible, Facebook is not bound by our instructions, but processes your personal data independently. Due to the continuous change of the Facebook platform, we ask you to consult the current Facebook privacy policy (see link above).

Our use of statistical data

Statistic data are available to us via the so-called “Insights” of the Facebook pages. These statistics are generated and provided by Facebook. We have no influence on the production and presentation as operator of the site. We cannot disable this feature or prevent the generation and processing of the data. For a selectable period, as well as for the categories including fans, subscribers, reached persons and interacting persons, we will be provided with the following data on our Facebook page:

Total number of page views, likes, page activity, post interactions, reach, video views, post coverage, comments, shared content, answers, percentage of men and women, country and city origin, language, views, and clicks in the shop, clicks on route planner, clicks on phone numbers. Likewise, data is provided in this way for the Facebook groups linked to our Facebook pages.

We use this aggregated data to make our posts and activities on our Facebook pages more attractive to users. According to the Facebook Terms of Service, we can identify the subscribers and fans of the site and view their profiles and other shared information.

Rights of the user

Since only Facebook has full access to the user data, we recommend that you contact Facebook directly if you would like to request information or to ask other questions about your rights as a user (for example, the right to delete). If you need assistance or have any other questions, feel free to contact us at the contact details provided in this privacy policy.

If you no longer want your data to be processed as described here, please use the “I do not like this page” function to unlink your user profile from our site.

Purpose and legal basis for our data processing

For the fulfilment of contractual obligations

Your data will be processed to provide brokering and yacht services and related ancillary services as part of the execution of our contracts with you. The purposes of data processing are based primarily on the specific service requested.

For the safeguarding of OI’s and third-party interests

In order to safeguard our legitimate interests and those of third parties, we also process your personal data for the following purposes:

  • to manage risks within the OI Group;
  • to assert legal claims and enable defence in legal disputes;
  • to prevent violations of the law;
  • to ensure IT security and IT operations;
  • to take measures to ensure the security of vessels, buildings and systems (e.g. entry controls); and
  • to take measures for business management purposes and for the development and marketing of services and products;
  • to provide tailored customer service

On the basis of your consent

Provided your consent has been given, we are legally permitted to process your personal data for specific purposes. You can withdraw this consent at any time. Please note that the withdrawal of consent has no retroactive effect on the use of your data.

Consent is also requirement for sending you Newsletters. This consent can be withdrawn at any time by clicking the unsubscribe link at the bottom of any newsletter.

On the basis of statutory requirements or in the public interest

We are subject to various national and international regulatory obligations under which we are required by law to carry out certain processing.

Access to personal data

Your personal data can be accessed by persons within the OI Group that need this access to adequately and appropriately carry out their functions. Furthermore, your data will be processed for the same purpose by service providers and subcontractors instructed by us, while taking into account the relevant data protection prerequisites and our instructions. These are companies that provide IT, communication, and advisory services, as well as distribution and marketing. In some instances, for example when you are dealing directly with a broker or agent these parties will gain access to your data and act as independent data controllers in the fulfilment of their services to you.

Data transmission

The transfer of personal data outside of the EU is only allowed under certain conditions. Primarily, the processing of data has to be lawful in the respective country where the data is being processed. Furthermore, a transfer of data may only take place if the recipient ensures an adequate level of protection. This decision is based primarily on the list of safe countries released and periodically adapted by the European Commission (Art. 45 GDPR), as well as on appropriate safeguards (Art. 46 GDPR), binding corporate rules (Art. 47 GDPR), or the codes of conduct (Art. 40 GDPR) and certification procedures.

The recipient must provide a guarantee that appropriate measures are in place to ensure that there is an adequate level of protection, that the data subjects will be able to exercise their rights in case of legal disputes, or that appropriate safeguards have been implemented in order to protect the personal data of the relevant persons.

Generally, OI seeks to avoid transferring personal data outside the EU. However, if a transfer takes place OI will adhere in all cases to the GDPR requirements.

Data storage

We collect and process your personal data only as long as this is necessary in order for us to fulfil any relevant legal or contractual obligations or legitimate business purpose. Based on the nature of the business we generally store your personal data for up to 5 years (depending on the nature of our engagement). Personal data related to tax and legal matters are generally stored for a minimum of 10 years based on legal requirements.

Should the data no longer be necessary for the aforementioned purposes, we are obligated to erase it in a lawful manner, unless further processing of this data, which is limited in time, is required in order to comply with mandatory retention periods.

Your rights under the GDPR

In certain circumstances, you have the following rights relating to your personal data (Art. 13-22 GDPR):

  • To request access to your personal data. This is to enable you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
  • To request correction (rectification) of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • To request erasure of your personal data. This enables you to ask us to delete or remove personal data in certain circumstances. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • To object to processing of your personal data where we are relying on the public interest or our legitimate interests (or those of a third party).
  • To request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you: for example, if you want us to establish its accuracy or that it is being properly used by us. This means that it can only be used for certain limited purposes, such as dealing with legal claims or exercising our legal rights. In this situation, we would not use or share your information in other ways while it is restricted.
  • To request the transfer of your personal data to another party where we process it based on your consent and the processing is carried out by automated means.
  • To withdraw any consent you have given, allowing us to send marketing communications to you or collect or use your personal data in any other way.

Please note that exercising some of these rights may mean that we are unable to provide our services to you because some of the information is necessary for some services. In other cases, it may mean that we are providing services based on incomplete information, which may result in those services not meeting your needs or expectations.

Furthermore, you have the right to lodge a complaint with the competent supervisory body (Art. 77 GDPR).

The Data Protection Authority responsible for OI is:

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter
Feldeggweg 1
CH – 3003 Bern
Switzerland

Automated Decision Making

OI does not carry out automated decision making.

Data Processors

In order to provide our wide array of services we utilize a number of Processors. Each Processors has been carefully chosen and Data Processing Agreements have been signed between OI and the data processors which contain the required technical and organizational measures.

In general, these processors include:

  • CRM and CMS Providers
  • Newsletter Service Providers
  • Design and Marketing Agencies
  • Server, Storage and other IT Providers
  • Event Management Service Providers
  • Logistics and Travel Service Providers

Updating this Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time. The most up to date version can be found on our website.

Thank you for acknowledging this information.