Privacy Policy

1. Who We Are (Data Controller)

Business name: Private Rome Excursions
Address: Via Tunisi, 43, 00192 Rome RM, Italy
Email: info@privateromeexcursions.com
Phone: +39 351 419 9425

For all data protection enquiries or to exercise your rights, contact us at the email above.

2. What Data We Collect

We collect the following categories of personal data:

• Identity data: First name, last name
• Contact data: Email address, phone number
• Booking data: Tour selected, date, number of guests, special requests
• Payment data: Payment is processed by Stripe. We do not store card numbers — Stripe holds all payment data under their own PCI-DSS compliance.
• Technical data: IP address, browser type, pages visited, time on site (collected via Vercel Analytics only with your consent)
• Communications data: Messages sent via our contact form or email
• Newsletter data: Email address (only if you explicitly opt in)

We do not collect sensitive personal data (health, religion, ethnicity, etc.).

3. How We Use Your Data

4. Third-Party Data Processors

We share your data only with trusted processors who help us deliver our services:

SCCs = Standard Contractual Clauses approved by the European Commission for international transfers.

We do not sell your personal data to any third party.

5. Cookies

We use the following types of cookies:

You can manage your cookie preferences at any time using the cookie banner at the bottom of the page. You can also disable cookies in your browser settings, though this may affect site functionality.

6. Data Retention

• Booking data: Retained for 10 years to comply with Italian tax and accounting law
• Contact form messages: Retained for 2 years, then deleted
• Newsletter subscriptions: Retained until you unsubscribe
• Analytics data: Aggregated, anonymised — no personal retention

7. Your Rights Under GDPR

As an EU resident, you have the following rights:

• Right of access: Request a copy of all personal data we hold about you
• Right to rectification: Ask us to correct inaccurate data
• Right to erasure ("right to be forgotten"): Request deletion of your data
• Right to restriction: Ask us to limit how we use your data
• Right to data portability: Receive your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests or for marketing
• Right to withdraw consent: Withdraw consent at any time without affecting prior processing

To exercise any of these rights, email us at info@privateromeexcursions.com with the subject line "Data Request". We will respond within 30 days at no charge.

You also have the right to lodge a complaint with the Italian data protection authority (Garante): www.garanteprivacy.it

8. Data Security

• All data is transmitted over HTTPS (SSL/TLS encryption)
• Payment data is handled exclusively by Stripe (PCI-DSS Level 1 certified)
• Database access is protected by Row Level Security (RLS) policies
• Admin access requires authentication with secure session tokens
• We do not store credit card numbers or CVV codes

9. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last Updated" date at the top of this page. Continued use of our website after changes constitutes acceptance of the updated policy.