Privacy Policy

Last edited: April 30, 2026

Introduction

This Privacy Policy explains how we collect, use, and protect your information when you visit our website and use our services. The data controller is identified at the top of this page. For any privacy enquiry, contact us at the email shown above or through our contact form.

Information We Collect

Information You Provide

When you use our services, we may collect the following personal information:

Contact Forms:

  • First name and last name
  • Email address
  • Phone number (optional)
  • Company name (for corporate enquiries)
  • Message content

Booking Requests:

  • First name and last name
  • Email address
  • Phone number (optional)
  • Company name (optional)
  • Number of participants
  • Preferred date
  • Tour or activity selection
  • Additional message or special requests

Reviews:

  • First name and last name
  • Email address
  • Country of residence
  • Rating and review text

Information Collected Automatically

We use Umami, a privacy-friendly analytics service operated by Umami Software, Inc. (United States). Umami does not set any cookies and does not track users across websites. It collects aggregated, non-identifying information including:

  • Approximate country (derived from the IP address, which is not stored)
  • Browser and operating system
  • Pages visited and time spent
  • Referring website
  • Language preferences

This data is used solely to understand overall website usage and improve our services. Because Umami is cookieless and does not allow user identification, no consent is required under the ePrivacy Directive and applicable national rules on audience-measurement tools.

In addition, our hosting and security provider may automatically log technical data such as IP address and request metadata for security and abuse-prevention purposes. See our Cookie Policy for the related cookies.

We process your personal data on the following legal bases under GDPR Article 6:

  • Performance of a contract or pre-contractual measures — booking requests, contact enquiries, customer support, and confirmation emails.
  • Consent — publishing reviews you submit; any optional marketing communications.
  • Legitimate interest — website security, fraud prevention, and aggregated audience measurement.
  • Legal obligation — tax, accounting, and other obligations imposed by applicable law.

How We Use Your Information

We use the information we collect to:

  • Process your booking requests and enquiries
  • Respond to your questions and provide customer support
  • Send confirmation and operational emails
  • Publish reviews you have explicitly submitted
  • Operate, secure, and improve our website and services
  • Comply with legal, tax, and accounting obligations

Data Retention

We retain personal data only for as long as necessary for the purposes described above:

  • Contact-form data: up to 24 months after the last interaction.
  • Booking and transaction records: up to 10 years, as required by Italian tax and accounting law.
  • Published reviews: until you request their removal.
  • Analytics data: aggregated indefinitely; raw event data up to 12 months.

After these periods, data is deleted or fully anonymized.

Recipients of Your Data

We do not sell or rent your personal data. We share it only with the following categories of recipients, each acting under a written data processing agreement:

  • IT infrastructure, hosting, and database providers
  • Email delivery providers
  • Privacy-friendly analytics provider (Umami)
  • Security and content-delivery providers (Cloudflare)
  • Payment service providers, where applicable to a booking
  • Public authorities, where required by law

A list of named processors is available on request via the contact details above.

International Data Transfers

Some of our processors are located outside the European Economic Area, including in the United States. When personal data is transferred outside the EEA, the transfer is protected by appropriate safeguards under GDPR Articles 44–49, such as the European Commission’s Standard Contractual Clauses and, where available, the EU–US Data Privacy Framework.

Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Restrict or object to processing
  • Withdraw consent at any time (where processing is based on consent), without affecting the lawfulness of processing carried out before withdrawal
  • Data portability
  • Lodge a complaint with the competent supervisory authority — for Italy, the Garante per la Protezione dei Dati Personali (www.garanteprivacy.it)

To exercise these rights, contact us using the details at the top of this page.

Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

Data Security

We implement industry-standard technical and organizational measures to protect your personal data, including encryption in transit, access controls, and contractual safeguards with all processors handling your information.

Children’s Privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under that age. If you believe we may have collected such information, please contact us so that we can delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will post any changes on this page and update the “last edited” date.

Contact

For any privacy-related question or to exercise your rights, contact us using the details at the top of this page or through our contact form.

137 reviews(4.9)83 reviews(5.0)
TripAdvisor Certificate of ExcellenceTripAdvisor Travelers' Choice

Cookie notice

This site uses only strictly necessary technical cookies and cookieless analytics. No consent is required. Learn more in our Privacy Policy.