Privacy Policy

This Privacy Policy explains how Tolomazia collects and processes your personal data when you use this website (tolomazia.com), submit a booking, or contact us. We process your data in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable Italian law (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018).

1. Data Controller

Johannes Dalla Francesca Damiani
Trading as VNC di Dalla Francesca Damiani Johannes ("Tolomazia")
P.IVA: 04908600275
Email: info@tolomazia.com
Phone: +39 393 358 1133

2. What data we collect

We only collect the data you provide to us, plus basic technical data needed to run the website:

• Booking data: first and last name, email address, phone number, country of residence, selected tour, preferred date, time and number of participants.
• Contact form data: name, email address, phone number (optional) and the content of your message.
• Technical data: server logs (IP address, browser type, timestamps) generated automatically by our hosting provider for security and to deliver the site.

We do not collect or store any payment card data. Payment is made directly to the guide at the start of the tour.

3. Why we use your data and legal basis

• To manage your booking and provide the tour service — performance of a contract (GDPR Art. 6(1)(b)).
• To reply to your enquiries sent via the contact form or WhatsApp — pre-contractual measures / legitimate interest (Art. 6(1)(b) and (f)).
• To send service communications (booking confirmation, meeting-point details, reminders) — performance of a contract.
• To comply with legal and tax obligations under Italian law — legal obligation (Art. 6(1)(c)).
• Site security and proper functioning — legitimate interest (Art. 6(1)(f)).
• Aggregate analytics to understand how visitors use the site and improve it — consent (Art. 6(1)(a)), only if you accept analytics cookies.

4. Who we share your data with

We do not sell your data. We share it only with the service providers ("data processors") listed below, and only to the extent necessary:

• Brevo (Sendinblue SAS, France) — transactional and notification emails.
• Hostinger (Hostinger International Ltd) — website hosting and storage of booking and enquiry records.
• Google Ireland Ltd — Google Analytics 4, to measure aggregate site usage, only if you consent to analytics cookies. IP addresses are anonymised before any data is stored. See our Cookie Policy.

These providers process data within the European Union / European Economic Area or under adequate safeguards (EU Standard Contractual Clauses).

5. Cookies

This site uses only strictly necessary technical storage by default. Analytics cookies are loaded only after you give explicit consent. See our Cookie Policy for full details, or adjust your choices at any time via the Cookie preferences panel.

6. How long we keep your data

Booking records are retained for the period required to deliver the service and to meet accounting and tax obligations under Italian law (generally 10 years from the date of the transaction). Contact-form enquiries are kept only as long as necessary to handle your request and for a reasonable follow-up period, after which they are deleted. Server logs are typically retained for up to 12 months by the hosting provider.

7. Your rights

Under the GDPR you have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate data;
• Erase your data ("right to be forgotten"), subject to legal retention obligations;
• Restrict or object to processing;
• Data portability in a structured, machine-readable format;
• Withdraw consent at any time (for consent-based processing such as analytics cookies), without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at info@tolomazia.com. We will respond within 30 days. You also have the right to lodge a complaint with the Italian Data Protection Authority: Garante per la protezione dei dati personali — garanteprivacy.it.

8. Data security

We apply reasonable technical and organisational measures to protect your personal data against loss, unauthorised access, disclosure or alteration. The website is served exclusively over an encrypted HTTPS connection. Access to booking records is protected by authentication.

9. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always available on this page, with the "last updated" date shown above. For material changes we will update that date prominently.

10. Contact

For any privacy-related question or request:
Email: info@tolomazia.com
Phone: +39 393 358 1133