Skip links

Privacy Policy Shop English

Information on the processing of personal data Customers and Users

Art. 13 and 14 of the New European Regulation 2016/679 concerning the protection of natural persons with regard to the processing of personal data (GDPR)

Marty & Nelly S.r.l. (owner of the Wave Italy logo), with registered office in Via Fleming, 4 – San Martino Buon Albergo 37036 (VR), (VAT number: 04047380235), as Data Controller of personal data, pursuant to Article 13 of the Regulation General on the Protection of Personal Data of the EU n. 679/2016 (hereafter Regulation or GDPR), invites you to read carefully the following information on the processing of your personal data provided to Marty & Nelly S.r.l.
We wish to inform you that your personal data, which we have been given, are subject to our processing in both paper and electronic form for the purposes indicated below, and we submit to you the privacy policy prepared by the Company. This information may be supplemented by the Data Controller if any additional services requested by you may result in further processing.

1) Data controller and responsible within the processing of personal data

The Data Controller of your data is Marty & Nelly S.r.l. (hereinafter referred to as “Company”, “Wave Italy”), with registered office at Via Fleming, 4 – San Martino Buon Albergo 37036 (VR), (VAT number: 04047380235), (telephone contacts: +39 045 879.84.14, email: ).
In this capacity it is responsible for ensuring the application of organizational and technical measures necessary and adequate for the protection of your data. The Company has identified a Privacy Focal Point, a person appointed who collaborates with the Data Controller in applying the protection measures identified.
This subject may be contacted for questions concerning the processing of his data, at the following address:

2) Treatment information

a. Source of personal data

Your personal data (such as, for example, name, surname, residence, tax code, landline and mobile phone number, e-mail address, IP internet address, location of the device that connects to the network and to the Company’s website ) are collected by Marty & Nelly S.r.l.

b. Purpose and Legal Basis of Treatment

The processing of your personal data will take place, for the purposes described below, in accordance with current legislation on Privacy, therefore the Company undertakes to treat them according to principles of correctness, lawfulness, transparency, in compliance with the purposes set out below, collecting them to the extent necessary and exact for the treatment.

3) Treatment: Use of the service

The processing of your personal data is necessary for the acquisition of preliminary information to the conclusion of the contracts that will stipulate with the Data Controller, for the improvement and execution of the contract that provides for the provision of the service.

Nature of the transfer: Mandatory

Consequences rejection of data: failure to provide data will make it impossible for the company to follow up on your pre-contractual / contractual requests and to execute the contract.

Minimum data protection measures: data on paper documents are protected against the risk of intrusion and kept in an environment with limited access to authorized personnel only. The digitized data are protected from the risk of dispersion and / or intrusion through the use of suitable electronic instruments and software to guarantee their integrity.

Personal data retention period: your personal data will be processed actively for the time necessary to manage the existing relationship and / or the execution of the contract. The information collected for the evaluation of the conclusion of the contract, in case of non-completion, will be canceled within 12 months.

4) Treatment: legal obligations

Fulfill the obligations established by law, regulations, community legislation (eg anti-money laundering and anti-terrorism legislation, supervisory provisions for financial intermediaries, etc.). The provision of personal data for these purposes is mandatory and the related processing, including communication, does not require the consent of the customer. Any refusal to supply them would result in the impossibility of management, execution and / or conclusion of the contract for Wave Italy;
Purposes strictly related and instrumental to the management and execution of obligations arising from contractual and pre-contractual relationships established with Wave Italy, including the necessary preliminary checks on the data communicated. The provision of personal data for these purposes is mandatory and the related processing, including communication, does not require the consent of the Customer. An eventual refusal to supply them would mean for Wave Italy the impossibility to conclude and execute the Contract.
The treatment will be in paper and using IT tools with security and confidentiality profiles suitable to guarantee security and confidentiality and to prevent unauthorized access to personal data. The processing of personal data for the purpose of the above purposes will be carried out in compliance with the provisions of the aforementioned Regulation .

5) Nature of the Treatment

We remind you, that the processing of your data, for the purposes referred to in points 4 and 5 of the “main purpose of treatment” is mandatory for the performance of the respective processing purpose; its possible refusal to supply them or the incorrect communication of one of the necessary information has the following consequences: a) in the case of the establishment of a contractual relationship, the impossibility for the Controller to guarantee the adequacy of the treatment to the contract, whether written or oral, in connection or during which the data are provided; b) the possible mismatch of the treatment results to the obligations imposed by the fiscal, administrative, or labor to which it is addressed. The provision of additional personal data not required by law or other legislation may still be necessary if such data personnel are connected or instrumental to the establishment, implementation or continuation of the contract; in this case, the refusal to supply them could make it impossible to correctly execute the existing relationship.

6) Processing Mode & Data Retention Period

Data will be processed using manual, computerized and telematic tools, including automated ones, with logic strictly related to the purposes and in order to guarantee their security and confidentiality, with particular regard to the use of techniques of distance communication. The treatment will take place with appropriate tools to ensure the security and confidentiality of data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data controller and controller) of the Regulation. it may also be carried out through automated tools designed to store, manage or transmit the data and, in any case, will be executed in compliance with the provisions of the Regulations.

  • 1. Minimum data protection measures: Data on paper documents are protected against the risk of intrusion and kept in an environment with limited access to authorized personnel only. The digitized data are protected from the risk of dispersion and / or intrusion through the use of suitable electronic instruments and software to guarantee their integrity.
  • 2. Personal data retention period: Your personal data will be processed for this purpose for the time necessary to fulfill the legal obligations required by current legislation. In this regard, your personal data will be stored for 10 years from the termination of the contract or, if subsequent, by a binding decision issued by a competent authority (for example, court ruling), without prejudice to any conservation related to particular categories of data, for longer periods of time, prescribed by the legal system.

In particular, as regards the acquisition of photos and videos on ride:

  • They can reside in local servers present in the stores within the attraction parks. Each photo taken and not purchased is automatically deleted by an automated process the day after its acquisition
  • For photos purchased with augmented reality, their availability is 60 (sixty) days on a server managed by a temporary storage platform. This server is reserved for Wave Italy and its management is compliant with the regulations of this document
  • For photos purchased with “web show” service, then photos that guarantee the downloadable multimedia content, data are stored in a server managed by a dedicated company based in Italy. The data retention period is 30 (thirty) days, the server is reserved for Wave Italy and management through a dedicated platform.
  • For video via server managed via a web server platform. Purchased videos reside for 30 (thirty) days before their cancellation. Those acquired and not sold are automatically deleted after 24 hours.
  • At the end of this period, all data will be deleted automatically (under applicable legislation) or rendered completely anonymously in a permanent manner.

It is also necessary to specify we endorse the collaboration third-party cloud service providers to provide hosting, data storage, and other services under standard terms and conditions that may not be negotiable. These service providers have confirmed that they are operating by applying all the security measures they deem appropriate to protect information contained in its system or in general enjoy a good reputation regarding the application of these measures. In any case, we decline any liability (to the maximum extent permitted by applicable law) for any damage that may result from the misuse of any information, including personal data, by these companies. To ensure safety it is possible that Wave Italy uses geolocation features to trace the location of an IP address and the location from which a computer connects to the network and to the Wave Italy site.

7) App of Wave Italy

With the use of the Wave Italy application, the user accepts all the conditions and terms present here and that apply to his use of the App. the user also accepts that the app can send him push notifications if he activates the receipt of notifications and / or signs the receipt. The user allows the app to use the location services, this app may suggest information gathering other based on its geographical location.

8) Data processing related to the operation of this site

Dati di navigazione

Navigation data The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of communication protocols of Internet. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.

Purpose and legal basis of processing (GDPR-Art.13, paragraph 1, letter c) These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in case of hypothetical computer crimes to the detriment of the site (legitimate interests of the owner).
Communication area (GDPR-Art.13, paragraph 1, letter e, f) Data they may only be handled by internal personnel, duly authorized and trained for processing (GDPR-Art.29) or by any persons responsible for maintaining the web platform (appointed in this case external managers) and will not be disclosed to other parties, disseminated or transferred in non-EU countries. Only in case of an investigation can they be made available to the competent authorities.
Data retention period (GDPR-Art.13, paragraph 2, letter a) Data are normally kept for short periods of time, with the exception of possible extensions related to investigative activities.
Conference (GDPR-Art.13, paragraph 2, letter a) The data are not conferred by the interested party but acquired automatically by the technological systems of the site.


In some cases, Wave Italy uses cookies. A cookie is a unique text file that can be sent to your browser from a website. The Marty & Nelly S.r.l. server. uses the ‘cookies’ mechanism to store temporary information on the visitor’s client in order to avoid repeating the access procedure to any request for services reserved for users. Some elements of connection with Social Network may use cookies: also in In this case any information managed by these cookies is not in any way known to the Data Controller. The pages of the Wave Italy websites use the Google Analytics service to obtain aggregate statistical data on the traffic generated by visitors. It is free for the user to decide not to allow the storage of data relating to their visits using the deactivation functions that Google makes available.

Newsletter subscription

On Wave Italy sites you can provide a newsletter service, which provides interested parties with useful information related to the topics covered.

Purpose and legal basis of the processing (GDPR-Art.13, paragraph 1, letter c) Only the e-mail address is requested, for the sole purpose of sending the newsletter.
Registration is subject to acceptance of specific, free and informed consent (GDPR-Art.6, comma1, lett.a) Scope of communication (GDPR-Art.13, paragraph 1, lett.e, f) The data are treated exclusively by authorized and trained personnel (GDPR-Art.29) or by any persons responsible for maintaining the web platform or sending newsletters (appointed in this case external managers). The data will not be disseminated or transferred to non-EU countries. Data retention period (GDPR-Art.13, paragraph 2, letter a) Data are kept until any “dis-enrollment”, freely available in any moment through the link contained at the bottom of every message sent.
Transfer (GDPR-Art.13, paragraph 2, letter f) Failure to provide the email address and consent will make it impossible to obtain the newsletter service. User registration Some Wave Italy sites provide the possibility of registration, to allow users to access reserved sections to take advantage of specific services. Purpose and legal basis of the processing (GDPRArt.13, paragraph 1, lett.c) The data necessary for the creation of the profile and the administrative / operational management carried out are requested. The treatment is carried out for the fulfillment with the customer and related legal obligations (GDPR-Art.6, paragraph 1, letter b, c). It is also required a specific, free and informed consent (GDPR-Art.6, comma1, lett.a), documented through a special check-box (GDPR-Art.7, comma1). Communication area (GDPR-Art.13, paragraph 1, lett.e, f) The data are processed exclusively by authorized and trained personnel (GDPR-Art.29). The data will not be disclosed or transferred to non-EU countries. Data retention period (GDPR-Art.13, paragraph 2, letter a) Data are kept for times compatible with the purpose of the collection and in any case up to the eventuality request of cancellation by the user.
Conferimento (GDPR-Art.13, comma 2, lett.f) Failure to provide data will make it impossible to complete the registration or access to restricted areas. Data provided voluntarily by the user The optional, explicit and voluntary sending of e-mail and / or ordinary mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered in the missive. If the sender sends his / her curriculum to submit his / her professional application, he / she remains solely responsible for the relevance and accuracy of the data sent. It should be noted that any curriculum without the authorization to process data will be immediately deleted. It should be recalled that the information sent to a discussion group or forum will be considered as public and non-confidential information. In this type of communication there is the possibility that such information will be detected and used by others. Please therefore pay attention during the online sessions.

9) Data Transfer Abroad

The management and storage of personal data will take place on servers, located within the European Union, of the Owner and / or third-party companies appointed and duly appointed as Data Processors. Currently the servers are located in Europe. Our e-mail is served through the Aruba Web Service platform. Wave Italy keeps the security and it information confidential regarding the use of e-mail. Individual data will never be transmitted to third parties, unless it is necessary to resolve a specific request made by the interested party. In these circumstances, Wave Italy will be concerned with seeking explicit consent before taking any action. Wave Italy will not add any email address to any mailing list or subscription service, unless the individual concerned does not explicitly request it. The data will not be transferred outside the European Union. In any case it is understood that the Data Controller, where necessary, will have the right to move the location of the servers within the European Union and / or in non-EU countries. In this case, the Data Controller ensures that the transfer of Extra-EU data will take place in accordance with Articles 44 ss. of the Regulations and the applicable legal provisions stipulating, if necessary, agreements that guarantee an adequate level of protection.

10) What rights do you have as an interested party?

In relation to the treatments described in this Notice, as an interested party you can, as required by the European Regulation 679/2016, exercise the rights set out in Articles 15 to 21 and, in particular:

  • right of access- article 15 GDPR: the right to obtain confirmation that personal data processing concerning you is being processed and, in this case, to obtain access to your personal data, including a copy thereof.
  • right of rectification – article 16 GDPR: right to obtain, without undue delay, the correction of inaccurate personal data concerning you and / or the integration of incomplete personal data;
  • right to cancellation (right to be forgotten) – – Article 17 GDPR: right to obtain, without undue delay, the deletion of personal data concerning you.
  • right to limitation of processing – Article 18 GDPR: right to obtain limitation of treatment, when:
    1. the interested party disputes the accuracy of personal data, for the period necessary for the holder to verify the accuracy of such data;
    2. the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited;
    3. personal data are necessary for the interested party to ascertain, exercise or defend a right in court;
    4. the interested party opposed the treatment pursuant to art. 21 GDPR, during the period of awaiting verification of the possible prevalence of legitimate reasons of the data controller with respect to those of the data subject.
  • right to data portability – article 20 GDPR: right to receive, in a structured format, common use and readable by an automatic device, the personal data concerning you provided to the Owner and the right to transmit them to another holder without impediments, if the processing is based on consent and is carried out by automated means. In addition, the right to obtain that your personal data is transmitted directly from the Bank to another holder if this is technically feasible;
  • opposition right – Article 21 GDPR: right to object, at any time for reasons related to his particular situation, to the processing of personal data concerning you based on the lawfulness of legitimate interest or the execution of a task of public interest or the exercise of public authority, including profiling, unless there are legitimate reasons for the Data Controller to continue the processing that they prevail over the interests, on the rights and freedoms of the interested party or on the establishment, exercise or defence of a right in court; may object to processing at any time if personal data are processed for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing;

The above rights may be exercised against the Data Controller by contacting the above-mentioned references. The exercise of your rights as an interested party is free under Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Owner may charge a reasonable fee, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request.


The interested party has the right to withdraw his consent at any time. The withdrawal of consent does not affect the lawfulness of the treatment based on consent before revocation. Send a PEC or a simple email to:


The interested party has the right to lodge a complaint with the Guarantor for the protection of personal data, Piazza di Montecitorio n. 121, 00186, Rome (RM).

11) Notes

In no case, Wave Italy or its affiliates will respond to users about the incorrect use of the images or videos purchased by the users themselves. This limitation of liability applies to avoid the recovery of indirect and / or incidental damages, even in the event that Wave Italy or its affiliates are aware of the probability of such damages and despite the failure of the essential purpose of any remedy. This limitation of liability applies in the case of damages deriving from improper use of images and the reliance on them as well as damages caused by possible publications on other sites. The user’s relationship with Facebook, Google or any other site Third party web or social app is governed solely by the user’s agreement with such third party website or app.

Amendments to this information note

This information notice may change. It is therefore advisable to regularly check this information and refer to the latest version. For detailed privacy information see data processing information.

• Owner, manager and agents

The data controller is Marty & Nelly S.r.l. Via Fleming, 4 – San Martino Buon Albergo 37036 (VR), (VAT number: 04047380235)

Il titolare del trattamento è Marty & Nelly S.r.l. in Via Fleming, 4 – San Martino Buon Albergo 37036 (VR),
(partita IVA: 04047380235)