+393318605172
+17402004809
travel@20regionsofitaly.com

Privacy Policy

Privacy Policy

Last updated: November 11, 2025
Effective date: November 11, 2025

1. Data Controller Information

Data Controller: 20 Regions of Italy S.n.c.
Address: Via Fratelli Lumière 4, 20127 Milan (MI), Italy
Email: travel@20regionsofitaly.com
Website: https://20regionsofitaly.com

20 Regions of Italy S.n.c. (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your personal information when you visit our website or use our services.

2. Personal Data We Collect

2.1 Information You Provide Directly

We collect personal data that you voluntarily provide to us through:

Data Collection Method Types of Data Legal Basis
Contact Forms Name, email address, phone number, message content, travel preferences Legitimate interest (responding to inquiries)
Information Request Forms Name, email address, phone number, travel dates, destination preferences, special requirements Legitimate interest (providing travel information)
Newsletter Subscription Email address, name, surname (when provided) Consent (Article 6(1)(a) GDPR)
Newsletter Subscription (Offline) Email address, name, surname collected during tours or direct interactions Consent (Article 6(1)(a) GDPR) or Legitimate interest (Article 6(1)(f) GDPR) for existing customers
Booking Services Full name, address, phone number, email, payment details, passport information, dietary requirements Contract performance (Article 6(1)(b) GDPR)

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain information through:

  • Web Analytics (Matomo): IP address (anonymized), browser type, operating system, pages visited, time spent on site, referring websites
  • Server Logs: IP address, date and time of access, pages requested, browser information
  • Cookies: See Section 6 for detailed cookie information

3. How We Use Your Personal Data

We process your personal data for the following purposes:

3.1 Service Provision

  • Responding to your contact form inquiries
  • Providing travel information and recommendations
  • Processing and managing bookings
  • Communicating about your travel arrangements
  • Providing customer support

3.2 Marketing Communications

  • Sending newsletters (only with your explicit consent)
  • Sharing travel tips, destination guides, and special offers
  • Personalizing content based on your interests

3.3 Website Improvement

  • Analyzing website usage through Matomo analytics
  • Improving user experience and website functionality
  • Understanding visitor behavior and preferences

3.4 Legal Compliance

  • Complying with legal and regulatory obligations
  • Protecting our rights and interests
  • Preventing fraud and ensuring security

4. Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

4.1 Service Providers

Service Provider Purpose Data Transferred
Web Hosting Provider Website hosting and maintenance Website data, contact forms, server logs
Email Service Provider Newsletter delivery and email communications Email addresses, names, communication preferences
Payment Processors Processing payments for bookings Payment information, billing details
Travel Partners Booking accommodations and services Booking details, guest information

4.2 Legal Requirements

We may disclose your personal data to:

  • Law enforcement agencies
  • Government authorities
  • Consulates and embassies (when required for travel purposes)
  • Legal and fiscal advisors

5. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for specific countries
  • Certification schemes and codes of conduct

6. Cookies and Tracking Technologies

6.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better browsing experience.

6.2 Types of Cookies We Use

Cookie Type Purpose Duration Third Party
Essential Cookies Enable basic website functionality, session management Session/1 year No
Analytics Cookies (Matomo) Website usage statistics, visitor behavior analysis 13 months No (self-hosted)
Functional Cookies Remember preferences, language settings 1 year No
Marketing Cookies Track visitors for marketing purposes (only with consent) Varies Possible

6.3 Matomo Analytics

We use Matomo, a privacy-focused web analytics platform. Key features:

  • Data is processed on our own servers (no third-party data sharing)
  • IP addresses are anonymized
  • Respects “Do Not Track” browser settings
  • No personal identification of users
  • Data is used solely for improving our website
Cookie Consent: You can manage your cookie preferences through your browser settings or our cookie consent banner when you first visit our website.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Data Type Retention Period Legal Basis
Contact form inquiries 3 years from last contact Legitimate interest
Newsletter subscriptions Until unsubscription + 1 year Consent withdrawal
Booking information 10 years Legal obligation (tax/accounting)
Website analytics Indefinite (anonymized data) Legitimate interest
Marketing data 3 years from last interaction Legitimate interest

8. Your Rights Under GDPR

As a data subject, you have the following rights:

8.1 Access and Portability

  • Right of access: Request a copy of your personal data
  • Right to portability: Receive your data in a structured, machine-readable format

8.2 Correction and Deletion

  • Right to rectification: Correct inaccurate personal data
  • Right to erasure: Request deletion of your personal data

8.3 Processing Limitations

  • Right to restrict processing: Limit how we use your data
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent for marketing communications

8.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at travel@20regionsofitaly.com with:

  • Clear identification of yourself
  • Specific right you wish to exercise
  • Relevant details about your request

We will respond to your request within 30 days. There is no fee for most requests, unless they are clearly unfounded or excessive.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • SSL encryption for data transmission
  • Secure server hosting with regular security updates
  • Access controls and authentication procedures
  • Regular security assessments and monitoring
  • Staff training on data protection practices
  • Incident response procedures

10. Contact Information for Privacy Matters

For any questions about this privacy policy or our data processing practices, please contact us:

Email: travel@20regionsofitaly.com
Subject Line: “Privacy Policy Inquiry”
Response Time: Within 5 business days

11. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

  • Update the “Last updated” date at the top of this policy
  • Notify you via email if you have subscribed to our newsletter
  • Display a notice on our website
  • Request new consent where required by law

We encourage you to review this privacy policy periodically to stay informed about how we protect your personal data.

Questions? If you have any questions about this privacy policy or our privacy practices, please don’t hesitate to contact us at travel@20regionsofitaly.com