Privacy Policy

Battiloro Travel Group S.R.L. ("we", "us", "our") takes the protection of your personal data seriously. This privacy notice explains how we collect, use and protect your data when you visit battilorotravelgroup.com or interact with us, in accordance with EU Regulation 2016/679 ("GDPR") and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.

1. Data Controller

Battiloro Travel Group S.R.L.
Via Vegro 1 bis, 30032 Fiesso d'Artico (VE), Italy
VAT & Tax ID: 04980550273 · REA: VE-469618
Email: info@battilorotravelgroup.com
PEC: battilorotravelgroupsrl@pec.it

2. What data we collect

You provide directly

• Contact form: name, email, phone (optional), agency (optional), message, preferred contact method
• Itinerary brief: name, email, phone, travel preferences (occasion, dates, destination, budget range, accommodations, dietary needs)

Automatically collected

• IP address, browser type, device type — used solely for security (rate limiting, fraud prevention)
• Strictly necessary cookies for session management — see our Cookie Policy

3. Why we use it (legal basis)

• To respond to your inquiry and prepare a travel proposal — Art. 6(1)(b) GDPR (pre-contractual measures)
• To send service-related communications (proposal, booking updates) — Art. 6(1)(b) GDPR (contract performance)
• To prevent abuse of our forms (rate limiting, IP logging) — Art. 6(1)(f) GDPR (legitimate interest in network security)
• To comply with legal obligations (tax, anti-money-laundering for travel transactions) — Art. 6(1)(c) GDPR

We do not use your data for marketing communications without your explicit prior consent (Art. 6(1)(a) GDPR).

4. Who has access

Your data is processed by:

• Authorised Battiloro staff bound by confidentiality
• External processors strictly necessary for service delivery: hosting provider (Aruba S.p.A., Italy), email delivery (when configured), payment processors (when applicable)
• Tax and legal advisors when required by law

We do not sell your data and do not transfer it outside the EU/EEA without ensuring adequate safeguards (Standard Contractual Clauses or adequacy decisions per Art. 46 GDPR).

5. How long we keep it

• Inquiries that don't lead to a booking: 24 months from last contact, then deleted
• Confirmed bookings: 10 years from completion (tax law)
• Server logs: 30 days
• Email correspondence: until the relationship ends, then 24 months

6. Your rights

Under GDPR (Articles 15–22) you have the right to:

• Access your data and receive a copy (Art. 15)
• Rectify inaccurate or incomplete data (Art. 16)
• Erase your data when no longer necessary (Art. 17, "right to be forgotten")
• Restrict processing in specific cases (Art. 18)
• Receive your data in a portable format (Art. 20)
• Object to processing based on legitimate interest (Art. 21)
• Withdraw consent at any time, where processing is based on consent — this does not affect prior lawfulness

To exercise any of these rights, email info@battilorotravelgroup.com. We will respond within 30 days. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

7. Security

We use encrypted connections (HTTPS), strict access controls, rate limiting, and regular security updates. We notify you and the supervisory authority of any data breach within 72 hours where required by Art. 33–34 GDPR.

8. Changes to this notice

We may update this notice to reflect changes in our practices or legal requirements. Material changes will be communicated on our website at least 30 days before they take effect.

9. Contact

For any privacy-related question, write to info@battilorotravelgroup.com with the subject line "Privacy Inquiry".