Nearby Italy Privacy Policy


Nearby Italy: Your adventure begins, your privacy is safe.

Welcome to Nearby Italy, the partner that makes your trip to Italy an unforgettable experience, right "around the corner." To offer you our services and help you discover the wonders of our country, we need to collect and process some of your personal data. Your privacy is fundamental to us, which is why we are committed to processing your data with the utmost transparency, fairness, and security, in full compliance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and current Italian legislation.



1. Data Controller


The Data Controller for your personal data is: Serendipity di Sarinelli Jessica Registered Office: Strada Maggiore 5a, 40125 Bologna VAT Number: 04282741208 Fiscal Code: SRNJSC93P68A785G Email: info@nearbyitaly.com

You can contact us at any time for any questions or requests regarding the processing of your personal data, including the exercise of your rights as described below.



2. Data Collected


Nearby Italy collects different categories of personal data depending on the purposes and services you request or that are commissioned to us by other tour operators. Data may be provided directly by you (e.g., via online forms, email, phone) or by third parties (e.g., tour operators, travel agencies) acting as your representatives or as co-controllers/processors.

The categories of data we may collect include, but are not limited to:

  • Identification and contact data: name, surname, date of birth, nationality, email address, phone number, residential/domicile address. This data is essential to identify you and to communicate with you regarding your booking and requested services.
  • Travel and booking data: specific details of the chosen tour or package (e.g., destination, travel dates, number and names of participants, arrival/departure times), accommodation and transport preferences, special requests. We may request travel document details (e.g., passport/ID card) only if strictly necessary for travel organization and the fulfillment of specific legal obligations (such as visas, border controls, or for issuing nominative tickets). We also collect emergency contact details to ensure your safety during the trip.
  • Data relating to particular preferences or needs (special/sensitive data): To ensure a safe and comfortable travel experience, we may need to collect information about allergies, food intolerances, special dietary needs, medical conditions, or disabilities. These are considered "special categories of data" under the GDPR and will be processed only to the extent strictly necessary for the safe and adequate provision of the tourist service and after obtaining your specific explicit consent.
  • Payment data: information related to the payment method used (e.g., type of credit card). Please note that full details of financial transactions (such as the full credit card number) are usually managed directly by specialized and certified third-party payment security providers (Payment Gateway Providers), and we do not store such sensitive data on our systems.
  • Tax data: fiscal code or VAT number (for billing purposes, where applicable).
  • Browse data: information collected automatically when you visit our website. This data includes IP address, browser type and operating system used, pages visited, time spent on the site, and other details about your interaction with our portal. For more details on this category of data and the technologies used (such as cookies), please consult our dedicated Cookie Policy.



3. Purposes of Processing


We process your personal data for the following specific purposes, ensuring that each processing is legitimate and proportionate:


  • a) Provision of tourism services and contractual management: This is the primary purpose of processing. Your data is essential to manage your quote requests, process and confirm bookings, organize and provide you with the requested tourism services (e.g., hotel bookings, flights, excursions, guide services, transportation), manage payments and related transactions, provide customer assistance before, during, and after the trip, and fulfill all obligations arising from the tourism services contract we enter into with you.


  • b) Fulfillment of legal obligations: Your data is processed to fulfill obligations required by laws, regulations, EU legislation (such as tax, accounting, anti-money laundering), or binding provisions of competent public authorities. This includes invoicing services and retaining documentation required by law.


  • c) Promotional communications and direct marketing: Subject to your specific and optional consent, we may use your contact data to send newsletters, advertising and promotional material, commercial communications related to our products and services, opinion surveys, or market research. Such communications may be carried out both through automated tools (email, SMS, push notifications) and through traditional channels (phone calls with an operator, postal mail). You are free not to give consent for this purpose, without prejudice to the provision of tourism services.


  • d) Service analysis and improvement: To optimize the quality of our services and personalize the user experience, we may perform statistical and market analyses. This may include analyzing booking trends, customer preferences, and interactions with our website. In some cases, subject to specific consent, we may also carry out profiling activities, i.e., the analysis of your preferences and habits to offer you tours and services that are even more personalized and in line with your interests.


  • e) Protection of rights: Your data may be used for the establishment, exercise, or defense of our rights in judicial or extrajudicial proceedings (e.g., in case of disputes related to contract execution or fraud prevention).



4. Legal Basis for Processing


The processing of your personal data is based on the following legal bases, in relation to the specific purposes indicated above, ensuring that each processing operation is legitimate and compliant with the GDPR:


  • Performance of a contract (Art. 6, par. 1, letter b) GDPR): This is the main legal basis for processing data necessary for the provision of tourism services (Purpose 3.a). Processing is essential to execute the tourism services contract to which you are a party (e.g., when you book a tour or a travel package) or for the execution of pre-contractual measures taken at your request (such as sending quotes or detailed information about our services). Without the processing of this data, we would not be able to provide you with the requested services.


  • Fulfillment of a legal obligation (Art. 6, par. 1, letter c) GDPR): The processing of your data is necessary to comply with legal obligations to which we are subject as a tour operator (Purpose 3.b). These include, for example, tax, accounting, administrative obligations, obligations related to public safety, anti-money laundering regulations, or in response to binding requests from judicial or administrative authorities.


  • Consent of the data subject (Art. 6, par. 1, letter a) GDPR): The processing of your data for sending promotional and direct marketing communications (Purpose 3.c) and, if applicable, for profiling (Purpose 3.d), takes place exclusively on the basis of your specific, optional, free, and informed consent. The same explicit consent is required for the processing of special categories of data (e.g., health, allergies), where strictly necessary for the safe and adequate provision of the tourism service and not covered by other legal bases. You are entirely free not to give such consent or to withdraw it at any time, without affecting the provision of already requested tourism services or the lawfulness of processing based on consent before its withdrawal.


  • Legitimate interest of the Controller (Art. 6, par. 1, letter f) GDPR): Processing may be necessary for the pursuit of our legitimate interest or that of third parties, provided that your interests or your fundamental rights and freedoms which require the protection of personal data do not override. Examples of legitimate interest include the internal and administrative management of the company, fraud prevention, aggregated analysis for the improvement of our services and personalization of the offer (Purpose 3.d), the management and protection of our rights in judicial proceedings (Purpose 3.e) or in relation to extrajudicial proceedings. We always carry out a careful assessment of the balance between our legitimate interests and your fundamental rights and freedoms.



5. Data Retention


Personal data will be stored for the time strictly necessary to achieve the purposes for which they were collected and processed, or based on legal obligations. Specifically:


  • Data processed for contractual purposes (provision of services, Purpose 3.a) will be retained for the entire duration of the contractual relationship and, subsequently, for a period of 10 years from the termination of the relationship. This period is required for the fulfillment of legal and tax obligations (e.g., civil, tax legislation) and for the management of any legal or administrative disputes.


  • Data processed for direct marketing purposes based on consent (Purpose 3.c) will be retained until the data subject withdraws consent. In the absence of withdrawal, the maximum retention period for contact data used for marketing purposes is 24 months from the last contact or from the date of the last transaction/interaction with us, unless your further and subsequent consent is acquired. This limitation aims to ensure that communications are always relevant and desired.


  • Data collected via cookies will be retained according to the terms specified in our Cookie Policy, whose duration may vary depending on the type of cookie (session or persistent).



6. Data Subject Rights


At any time, as a data subject, you have the right to exercise the rights provided by Articles 15 to 22 of the GDPR. In particular, you can:


  • Right of access: Obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information regarding the processing.


  • Right to rectification: Obtain the rectification of inaccurate personal data concerning you without undue delay, or the completion of incomplete personal data.


  • Right to erasure ("right to be forgotten"): Obtain the erasure of your personal data without undue delay, if the conditions provided by the GDPR exist (e.g., the data are no longer necessary for the purposes for which they were collected).


  • Right to restriction of processing: Obtain restriction of processing where one of the conditions provided by the GDPR applies (e.g., you contest the accuracy of the personal data, for a period enabling the Controller to verify the accuracy).


  • Right to data portability: Receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance.


  • Right to object: Object at any time, on grounds relating to your particular situation, to the processing of your personal data, in particular to processing for direct marketing purposes, including profiling related to it.


  • Right to withdraw consent: Withdraw consent at any time for purposes where the legal basis is consent, without affecting the lawfulness of processing based on consent before its withdrawal.


To exercise these rights, you can send a written request to the Data Controller via email at info@nearbyitaly.com. We will respond to your request as quickly as possible and, in any case, within the deadlines provided by the GDPR.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) (address: Piazza Venezia n. 11, 00187 Rome - PEC: protocollo@pec.gpdp.it - Website: www.garanteprivacy.it), if you believe that the processing of your data violates the provisions of the GDPR.



7. Disclosure to Third Parties and International Transfers


To offer you our tours and services in Italy, your personal data may be disclosed to third parties and/or categories of recipients to the extent strictly necessary for the provision of the requested services and for the fulfillment of legal obligations. Such parties include, by way of example, but not exhaustive:


  • Tourism service providers: accommodation facilities (hotels, B&Bs, farmhouses), transport companies (air, rail, bus, car rental with driver), tourist guides, tour leaders, local tour operators, partner travel agencies, activity and excursion providers, insurance companies (if the package includes insurance). These parties will only receive data strictly necessary for the provision of the specific service.


  • IT service providers: website hosting providers, website management and maintenance companies, cloud service providers, online booking platforms, email and email marketing management services, web analytics services.


  • Consultants and professionals: accountants, legal consultants, auditors, for legal compliance or dispute management.


  • Banks and payment processors: for the management of financial transactions and payments related to the services.


  • Public authorities: when required by law or judicial orders (e.g., for tax controls, public safety, or in case of investigations).


These parties will act, as the case may be, as Data Processors (appointed through a specific contract in accordance with Art. 28 GDPR, which obliges them to process data according to our instructions and to ensure adequate security measures) or as Autonomous Controllers, and are in any case obliged to comply with the provisions of the GDPR.


Transfer of data outside the EU/EEA: Please note that, given the international nature of our tourism services (for example, when we provide travel packages that include services in non-EU countries, or when we collaborate with tour operators and travel agencies based outside the European Union or the European Economic Area - EEA), some of your personal data may be transferred to recipients located in countries outside the EU/EEA (so-called Third Countries).

Such transfers will always take place in accordance with the provisions of the GDPR (Chapter V), ensuring an adequate level of data protection through:


  • Adequacy decisions by the European Commission (Art. 45 GDPR): The transfer will be to countries that the European Commission has recognized as offering a level of personal data protection equivalent to that of the EU.


  • Standard Contractual Clauses (SCC) adopted by the European Commission (Art. 46 GDPR): In the absence of an adequacy decision, the transfer will be based on standard contractual clauses approved by the European Commission, which impose contractual obligations on recipients for data protection.


  • Your explicit consent (Art. 49 GDPR): Where required for specific transfers, necessary for the execution of the travel contract requested by you (e.g., to book a hotel in a third country that is not covered by adequacy decisions and for which SCCs are not applicable). You will always be informed and will be able to express your specific consent.


  • Other safeguards provided by the GDPR: For example, binding corporate rules (BCR) approved for corporate groups.

We are committed to ensuring that every transfer of data outside the EU/EEA is accompanied by adequate data protection safeguards, in line with GDPR standards.



8. Cookies and Tracking Tools


Our website uses technical cookies (necessary for the functioning of the site and for the provision of our services, such as managing the Browse session or storing preferences). These cookies do not require your consent.

Only after obtaining your explicit and optional consent, we may also use profiling cookies and/or third-party cookies. These cookies are used for web traffic analysis purposes (to understand how users interact with the site), content personalization (to present you with more relevant information), preference management, and targeted advertising (to show you ads in line with your interests). Third-party cookies are set by domains other than our site and may be used by integrated external services (e.g., social networks, video platforms, analytics tools).



For more information on the cookies used, their nature, purposes, duration, and how to manage your preferences (including how to withdraw consent), please consult our dedicated Cookie Policy. We invite you to read it carefully to exercise your choices regarding the use of cookies.



9. Changes to this Privacy Policy

Nearby Italy reserves the right to modify or update this Privacy Policy at any time, including as a result of regulatory changes or changes in data processing methods. Changes will be effective as soon as they are published on the website. We invite you to periodically consult this page to always be informed about how your data is processed. Continued use of our services after such changes will indicate acceptance of the updated Privacy Policy