Privacy Policy

1. Introduction

Rome Tour Operator ("we", "our", or "us") operates rometouroperator.it and provides luxury private tour services in Rome, Italy. We are committed to protecting your privacy and handling your personal data in an open and transparent manner.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, book our tours, or communicate with us. This policy complies with the EU General Data Protection Regulation (GDPR) and Italian data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Information You Provide

We collect personal information that you voluntarily provide when you:

• Book a tour or request information
• Contact us via email, phone, or WhatsApp
• Subscribe to our newsletter
• Fill out forms on our website
• Leave reviews or testimonials

This information may include:

• Full name
• Email address
• Phone number
• Billing and payment information
• Passport details (if required for tour bookings)
• Nationality and country of residence
• Special requirements (dietary restrictions, accessibility needs, language preferences)
• Hotel or accommodation details (for pickup services)
• Any other information you choose to provide

3.2 Automatically Collected Information

When you visit our website, we automatically collect certain technical information:

• IP address and approximate geographic location
• Browser type and version
• Device type and operating system
• Pages visited and time spent on each page
• Referring website or source
• Date and time of visit
• Cookies and similar tracking technologies (see Cookie Policy)

4. How We Use Your Information

We use your personal data for the following purposes, based on legitimate legal grounds:

4.1 Service Delivery (Contractual Necessity)

• Processing and confirming tour bookings
• Coordinating tour logistics and guide assignments
• Arranging skip-the-line tickets and special access
• Providing customer support and responding to inquiries
• Sending booking confirmations, reminders, and updates
• Processing payments and refunds

4.2 Legal Obligations

• Maintaining financial records as required by Italian tax law
• Complying with regulatory requirements for tour operators
• Responding to legal requests from authorities

4.3 Legitimate Business Interests

• Improving our services and customer experience
• Analyzing website usage and visitor behavior
• Preventing fraud and ensuring security
• Maintaining business records and communications
• Managing our relationship with you

4.4 With Your Consent

• Sending marketing communications and newsletters
• Using cookies for analytics and personalization
• Publishing testimonials and reviews (only with explicit permission)
• Contacting you about new tours and special offers

You may withdraw your consent at any time by contacting us or using the unsubscribe link in our emails.

5. How We Share Your Information

We do not sell your personal data. We share your information only with trusted third parties necessary to deliver our services:

5.1 Service Providers

• Tour Guides: Professional guides who conduct our tours
• Payment Processors: Secure payment platforms (Stripe, PayPal) to process transactions
• Ticketing Services: Vatican Museums, Colosseum, and other venues for advance reservations
• Transportation Providers: For golf cart tours and airport transfers
• Email Service Providers: For sending booking confirmations and newsletters
• Website Hosting: Vercel and cloud infrastructure providers
• Analytics Services: Google Analytics (anonymized data) for website improvement

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Respond to emergency situations

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure adequate protection through:

• EU Standard Contractual Clauses
• Adequacy decisions by the European Commission
• Privacy Shield certification (where applicable)
• Other approved transfer mechanisms under GDPR

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Booking Data: 10 years (Italian accounting and tax law requirement)
• Marketing Consent: Until you unsubscribe or withdraw consent
• Website Analytics: 26 months (Google Analytics default)
• Inquiry Data: 2 years after last contact
• Email Communications: Duration of business relationship plus 2 years

After these periods, we securely delete or anonymize your data unless longer retention is required by law.

8. Your Privacy Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, please contact us at rometouroperator@gmail.com. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• SSL/TLS encryption for data transmission
• Secure, encrypted storage of sensitive information
• Regular security assessments and updates
• Access controls limiting data access to authorized personnel only
• Secure payment processing through PCI-DSS compliant providers
• Regular backups and disaster recovery procedures
• Employee training on data protection and confidentiality

While we strive to protect your data, no internet transmission is 100% secure. Please contact us immediately if you suspect any unauthorized access to your information.

10. Cookies and Tracking

We use cookies and similar technologies to enhance your browsing experience. Cookies are small text files stored on your device that help us:

• Remember your preferences and settings
• Analyze website traffic and user behavior
• Improve website functionality and performance
• Provide personalized content and recommendations

Types of cookies we use:

• Essential Cookies: Required for website functionality
• Analytics Cookies: Google Analytics to understand user behavior (anonymized)
• Functional Cookies: Remember your preferences
• Marketing Cookies: Track conversions and campaign effectiveness (with consent)

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

11. Third-Party Websites

Our website may contain links to third-party websites (e.g., review platforms, social media, payment processors). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

12. Children's Privacy

Our services are designed for adults. We do not knowingly collect personal information from children under 16 without parental consent. If you believe we have inadvertently collected data from a child, please contact us immediately, and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. We will notify you of significant changes by posting a notice on our website or sending an email to registered users. The "Last Updated" date at the top of this page indicates when the policy was last revised. Continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: