Privacy Policy

This Privacy Policy describes how Controvento - Italy Cycling and Hiking Tours (hereinafter "we", "us", "the Company" or "Controvento") collects, uses and protects personal data of visitors and users of the website controventotours.com, in compliance with Regulation (EU) 2016/679 ("GDPR") and applicable national legislation.

1. Data Controller

Data Controller: Controvento - Italy Cycling and Hiking Tours.
Contact email: info@controventotours.com
For any request relating to your personal data, including the exercise of the rights set out below, please use the email address above.

2. Types of data collected

We process the following categories of personal data:

a) Data provided voluntarily by the user - name, surname, email address, phone number, country of residence and any additional information included in the contact form, in the newsletter subscription form or in direct email communications.

b) Navigation data - IP address, browser and device information, pages visited, date and time of visits, referral URL and similar technical data automatically collected by our hosting infrastructure and by analytics services.

c) Cookies and similar technologies - see our Cookie Policy for full details.

3. Purposes and legal basis

Personal data are processed for the following purposes:

- Providing the requested service (Art. 6(1)(b) GDPR - performance of a contract / pre-contractual measures): replying to booking requests, quotes and information inquiries.

- Legal obligations (Art. 6(1)(c) GDPR): fulfilment of accounting, tax and administrative obligations.

- Newsletter and marketing communications (Art. 6(1)(a) GDPR - consent): sending commercial communications about our tours and initiatives. Consent can be withdrawn at any time.

- Statistics and traffic analysis (Art. 6(1)(a) GDPR - consent): analytical cookies and similar technologies, activated only after your consent.

- Personalized advertising (Art. 6(1)(a) GDPR - consent): Google Ads, Meta Pixel and similar services, activated only after your consent.

4. Data retention

Personal data are retained for the time strictly necessary to achieve the purposes for which they have been collected:

- Booking and contact data: for the duration of the contractual relationship and up to 10 years thereafter, in accordance with tax and civil law obligations.
- Newsletter data: until the user unsubscribes or withdraws consent.
- Navigation and analytics data: according to the retention periods declared in the Cookie Policy.

5. Data sharing and recipients

Your data may be shared with the following categories of recipients, each acting either as autonomous controller or as data processor pursuant to Art. 28 GDPR:

- Hosting and IT services providers.
- Form management services (Web3Forms) used for contact submissions.
- Newsletter service providers (Brevo / Sendinblue) for the management of subscriptions and mailings.
- Analytics providers (Google Analytics 4, Google Tag Manager).
- Advertising providers (Google Ads, Meta Platforms).
- Professionals (accountants, lawyers) and competent authorities where required by law.

Some of these providers may be located outside the European Economic Area. In such cases transfers are carried out on the basis of Standard Contractual Clauses approved by the European Commission or other adequate safeguards provided for by the GDPR.

6. Your rights

Under Articles 15 to 22 of the GDPR you have the right to:

- access your personal data and obtain a copy;
- rectify inaccurate or incomplete data;
- request erasure of your data ("right to be forgotten");
- restrict processing in specific cases;
- receive your data in a structured, commonly used and machine-readable format (data portability);
- object to the processing, in particular for direct marketing purposes;
- withdraw any consent previously given, without affecting the lawfulness of processing carried out before the withdrawal;
- lodge a complaint with the competent supervisory authority (in Italy: Garante per la Protezione dei Dati Personali, garanteprivacy.it).

To exercise your rights please write to info@controventotours.com. We will reply within the timeframes provided by applicable law.

7. Cookies

This website uses technical cookies (strictly necessary) and, subject to your consent, analytical and marketing cookies. You can review and update your preferences at any time through the dedicated cookie settings panel. For a complete list please consult the Cookie Policy.

8. Security

We adopt appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration or disclosure, in line with the principle of accountability (Art. 5(2) GDPR).

9. Changes to this Policy

This Privacy Policy may be updated from time to time to reflect changes in our services or in applicable legislation. The current version is always available on this page, with the date of last update shown at the top.