Privacy & Cookie Policy

Last updated: 12 June 2026 · Versione italiana

1. Data controller

Ocean S.r.l. Unipersonale — Via Monte Napoleone 8, 20121 Milano (MI), Italy · VAT/Tax code 12685270964 · REA MI-2678028
Email: reservations@ocean-group.it · Certified email (PEC): ocean-srl-milano@pec.it · Phone: +39 351 776 2020

2. What data we process

• Browsing data: the systems hosting this website (Cloudflare, Inc.) collect, solely for technical operation and security, data whose transmission is implicit in internet protocols: IP addresses, access times, requested pages, browser user-agent. We do not use this data to identify visitors.
• Data you provide voluntarily: if you contact us by email, phone or WhatsApp, we process the data you share (name, contact details, content of your request) solely to respond and manage any contractual relationship.

3. Purposes and legal bases

• Website operation and security — legitimate interest (Art. 6.1.f GDPR);
• Replying to enquiries and pre-contractual/contractual management — Art. 6.1.b GDPR;
• Legal obligations (tax, accounting) — Art. 6.1.c GDPR.

We carry out no profiling and no automated decision-making. We never sell or share data with third parties for marketing purposes.

4. Cookies and similar technologies

This website uses no profiling, analytics or third-party cookies. It only uses:

• a technical local-storage item (localStorage key “og-cc”) to remember that you dismissed the information banner — it is not a cookie, does not track you and never leaves your device;
• strictly technical cookies that may be set by the Cloudflare infrastructure for security and performance (e.g. bot mitigation), classified as necessary.

Typefaces are self-hosted on our servers: no data is transmitted to Google Fonts. Technical cookies do not require consent under the Italian Data Protection Authority guidelines (10 June 2021).

5. Recipients and transfers

Browsing data is processed by Cloudflare, Inc. (hosting and CDN) as data processor; any transfers outside the EU rely on the EU-US Data Privacy Framework and standard contractual clauses. Email data is processed on the systems of our mail provider (Proton AG, Switzerland — a country covered by an adequacy decision).

6. Retention

Browsing data is kept for the technical time strictly necessary. Contact-request data is kept for as long as needed to handle the request and, where a contract follows, for the statutory terms (10 years for tax documents).

7. Your rights

Under Arts. 15-22 GDPR you may at any time request access, rectification, erasure, restriction, portability of your data, and object to processing, by writing to reservations@ocean-group.it. You also have the right to lodge a complaint with the Italian supervisory authority, the Garante per la protezione dei dati personali (www.garanteprivacy.it), or your local authority.

8. Updates

This notice may be updated: the version published on this page is the one in force.