Privacy Policy

Bella Italia Gateway is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the EU General Data Protection Regulation (GDPR) and Italian data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

2. What Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, postal address
• Booking Information: Travel preferences, tour selections, dates, number of travelers, special requirements
• Payment Information: Billing address (payment card details are processed securely by our payment processor and not stored by us)
• Communication Data: Content of your messages, inquiries, and correspondence with us
• Marketing Preferences: Your consent to receive marketing communications

2.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, device type, operating system
• Usage Data: Pages visited, time spent on pages, links clicked, referring website
• Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

3. How We Use Your Personal Data

We process your personal data for the following purposes:

3.1 To Provide Our Services (Legal Basis: Contract Performance)

• Processing and managing your tour bookings and reservations
• Communicating with you about your travel arrangements
• Providing customer support and responding to your inquiries
• Sending booking confirmations, itineraries, and travel documents

3.2 For Marketing (Legal Basis: Consent)

• Sending you promotional emails about new tours, special offers, and travel inspiration (only with your explicit consent)
• Personalizing marketing content based on your interests

3.3 For Legal Compliance (Legal Basis: Legal Obligation)

• Complying with tax, accounting, and regulatory requirements
• Responding to legal requests from authorities
• Maintaining records as required by Italian law

3.4 For Legitimate Interests (Legal Basis: Legitimate Interest)

• Improving our website and services
• Analyzing website usage to enhance user experience
• Preventing fraud and ensuring website security
• Managing our business operations

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Booking Data: 10 years (Italian tax and accounting requirements)
• Marketing Consent: Until you withdraw consent or 3 years of inactivity
• Website Analytics: 26 months (Google Analytics default)
• Contact Form Inquiries: 2 years from last contact

5. Who We Share Your Data With

We may share your personal data with the following third parties:

5.1 Service Providers

• Hosting Provider: (servers located in EU)
• Email Service: (for sending communications)
• Payment Processor: (PCI-DSS compliant)
• Analytics: Google Analytics (with IP anonymization enabled)

5.2 Travel Partners

• Hotels, tour operators, and transportation providers necessary to fulfill your booking
• Local guides and activity providers

5.3 Legal Requirements

• Law enforcement, regulatory authorities, or courts when required by law

International Transfers: If we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

6. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data in certain circumstances
• Right to Restriction: Request limitation of processing in certain situations
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
• Right to Lodge a Complaint: File a complaint with the Italian Data Protection Authority (Garante)

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• SSL/TLS encryption for data transmission
• Secure server infrastructure with regular security updates
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Staff training on data protection and security

9. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification if you have an active booking or subscription
• Requesting renewed consent if required by law

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

12. Supervisory Authority

You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) if you believe we have not handled your personal data in accordance with the law: