Privacy Policy

1. Overview

What does this policy represent?

This policy describes the processing of personal data with reference to users consulting the website www.caa-mna.sm. This information does not concern other websites, pages or online services that can be reached through hypertext links that may be published on the site but refer to external resources.

Why do we provide this information?

Your privacy is very important to Civil Aviation Maritime Navigation and Homologation Authority (hereinafter referred to as Controller or Data Controller) and in order to best protect you, we provide you this policy in which you will find information about the type of personal we collect online and the various options you have to act on the collection and use of your personal data on the website.

What are the normative references?

  • Law No. 171 of December 21, 2018 of the Republic of San Marino.

2. Data Controller

The Data Controller is Civil Aviation Maritime Navigation and Homologation Authority in the person of its legal representative. The Data Controller is based in Via Consiglio dei Sessanta, 99 47891 - Republic of San Marino and can be contacted at the e-mail address info@caa-mna.sm or at the telephone number 0549- 882929 for any question concerning the processing of personal data carried out through this website.

3. Types of personal data

Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of computers used by users who connect to the website, URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user's operating system and computer environment.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website only at the request of the supervisory bodies in charge.

Data collected by cookies

A "cookie" is a small text file transferred from the Web server to the user's computer, the purpose of which is to inform the server about the user's accesses to that particular website, and any other news that it obtains from the system's readable parameters through functions contained in the website.

Cookies can be "temporary" (or session cookie, they are deleted when the connection is terminated) or "permanent" (they remain stored on the user's hard drive unless the user deletes them.

Persistent cookies can retain personal identification data only if the user has registered or consented to the retention of the personal identification data entered on the site itself. This data may be disclosed to third parties that own the services provided through cookies. The user has the option, depending on the browser in use, to disable or selectively accept the use of cookies.

The website only uses cookies that are necessary for the website to function.

Data voluntarily provided by the user

The optional, explicit and voluntary sending of messages to the e-mail addresses on the site or through the contact forms involves the subsequent processing of the data necessary to process the user's request for information. Users are encouraged not to send names or other personal data of third parties that are not strictly necessary, resorting instead, when possible, to fantasy names.

4. Purposes of personal data processing and legal basis

Personal data collected with reference to the user are processed for the following purposes and in accordance with the following legal basis:

5. Transfers of personal data and processing tools

Personal data are processed by automated means for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

Processing related to the services of this website is carried out at the headquarters of the Company that owns the servers in the name and on behalf of the Data Controller Company and is handled only by employees, authorized collaborators, as well as any persons in charge of occasional maintenance operations.  In addition to the Data Controller, in some cases, other parties involved in the organization of this Website or external parties (such as third party technical service providers, hosting providers, IT companies, communication agencies) may have access to the Data.

The updated list of these subjects can always be requested from the Data Controller.

6.  Personal data retention periods

Data are processed for the period strictly necessary to achieve the purposes for which they were collected:

- personal data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until the performance of that contract is completed.

- personal data collected for the purpose of fulfilling legal obligations will be retained within the time limits specified by applicable regulations.

- personal data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until such interest is satisfied.

- personal data collected on the basis of the user's consent shall be retained until such consent is revoked.

The Data Controller may be obliged to retain personal data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, the personal data will be deleted. Therefore, at the expiration of this period the right of access, deletion, rectification and the right to data portability can no longer be exercised.

7. Rights of data subjects

The subjects to whom the personal data refer (user) may exercise the following rights towards the Data Controller:

  • Obtain confirmation of the existence or otherwise of personal data processing, to know its content and origin.

  • Verify the accuracy of the data or request their integration, updating or rectification.

  • Oppose or request the limitation of the processing of personal data processed in violation of the law.

It is also guaranteed the right to propose reports or complaints to the relevant supervisory authority if processing is found to be in violation of the relevant regulations.

Anyone who should have any doubts regarding the compliance with the privacy policy adopted by Data Controller its application, the accuracy of their personal data or the use of the collected information may contact the Data Controller through written communication to the addresses indicated above.

8. Update

This policy is updated as of October 20,2022. Data Controller reserves the right to make changes in relation to regulatory developments or in the event that the methods and purposes of personal data processing change.