Buy tickets for

All destinations Strait of Messina
Where do you want to start from?
Departure Select your departure port Departure
Where do you want to go?
Destination Select your destination Destination
Search Close Close

Caronte & Tourist Group

Complaints Privacy Policy

You are here

Information pursuant to and for the purposes of the New European Regulation - GDPR 2016/679 - (personal data protection)

Dear Sir/Madam,
Below we provide some information about the processing of your personal data.

The personal data controller is Caronte & Tourist S.p.A., which can be contacted at:

The company has appointed a Data Protection Officer, pursuant to Art. 39 Regulation (EU) 2016/679, who can be contacted at the data controller's office or via the e-mail address

Type of data collected

The processing concerns the following personal data pursuant to Article 4, No. 1, GDPR:

  • personal and identification data (full name);
  • contact data (phone number, e-mail address).

Purposes and legal bases of processing

Your data is processed for the following purposes:



Legal basis for data processing


Managing complaints received via the web

Processing based on the legitimate interest of the data controller (Article 6, paragraph 1, letter f, GDPR)


Necessity or Optionality of the Processing

The provision of personal data for the purposes indicated above is necessary in order to proceed with the proper handling of the complaint.

Recipients of personal data

Personal data may be communicated, strictly related to the purposes indicated above, to the following entities or categories of entities:

  1. Individuals authorised in writing by the Company/data controller pursuant to Article 29 of the Regulation due to the performance of their work duties (e.g. employees in the General Secretariat, Administration, IT);
  2. entities in relation to which the current legislation (for example tax and accounting) involves the obligation of communication, including, by way of example, public bodies (e.g. conciliation bodies);
  3. entities that provide management services for the company's IT infrastructure;
  4. Law firms, in the event that the Data Controller is to be assisted in managing the dispute.

Processing methods

The personal data is collected electronically when the complaint is made via the web on the data controller's website. The processing is carried out with paper methods and IT tools in compliance with the provisions regarding the protection of personal data and, in particular, the appropriate technical and organisational measures pursuant to Article 32.1 of the Regulation, and with the observance of every precautionary measure that guarantees its integrity, confidentiality and availability.

Personal data stored on a computer database is accessible only to the individuals identified (the manager and their appointees), through personal access keys.

Data retention period

Your data will be kept for 10 years from the date the complaint is resolved, that is until the expiry of the ordinarily prescribed term.

Rights of the data subject pursuant to Articles 15-22 of EU Regulation - GDPR 2016/679

Pursuant to the relevant legislation, your rights and the way these are exercised are listed below.

  • Right of access - The data subject can ask at any time what kind of data the data controller possesses; the origin, the purposes, the categories of data; the recipients; the existence of a profiling process; the retention period.
  • Right of rectification - The data subject may request the rectification and/or integration of their data at any time, and the data controller will be obliged to communicate these changes to third parties to whom the data has been transmitted.
  • Right to be forgotten - The data subject may request the deletion of data at any time if: the purpose of the processing has been concluded; consent has been revoked; there has been opposition to the processing; it has been processed in violation of the law. The data controller will be obliged to communicate these changes to third parties to whom the data has been transmitted.
  • Right to limitation of processing - The data subject may at any time request limitation of the processing: in the case of inaccurate data until rectification; in the case of dispute until clarification; on request, as an alternative to deletion.
  • Right of objection - The data subject has the right to object to the use of personal data for automated processing.
  • Right of portability - The data subject can exercise this right only regarding data processed for contractual purposes and with automated means, and except when it damages the rights and freedoms of others.

Data subject request procedures

The data subject may exercise the above rights at any time by sending an e-mail to:

The data subject has the right to complain to the Data Protection Authority on the basis of the indications referred to in the link or to any other supervisory authority.