Privacy GDPR privacy policy

Effective date: November 1, 2019

This statement illustrates who we are, for what purposes we may use your data, how we manage it, to whom it may be communicated (for example user companies, bus companies, ticket issuing companies, other companies of the Srl Group, Entities Publics, etc.), to where they could be transferred and what your rights are.

We collect, use, share and process information in various ways relies on a series of legal bases for the collection, use, sharing and other processing of information about users in its possession, for the purposes described in this privacy policy, including:

• To the extent necessary, to provide the services and fulfil our obligations under the Terms of Service. For example, we are unable to provide the services without collecting and using information about the user’s position.

• Where necessary to comply with a legal proceeding or court order, or to exercise and defend legal rights.

• To protect the vital interests of the user, or others, such as in an emergency.

• When the user has made the information public.

• If necessary for public interest (e.g. indirect verification of DASPO measures, access to countries outside the EU).

• Where required for legitimate interests of or third parties, such as that of visitors, members, partners, or temporary agencies.


Legitimate interests of processes information about users to pursue their legitimate interests, including:

• Provide and improve the services, including any customized services. In this case, the processing of information is necessary because it is the legitimate interest of to continuously produce and develop innovative and customised offers for its customers.

• Guarantee the security and protection of the services. In this case, the processing of information is necessary because it is the legitimate interest of and its members to ensure that the services are secure and to protect them, for example, from fraud, unwanted access and improper use.


Why do you need my data?

For the activity carried out by, it is necessary to collect some data aimed at providing the service correctly, communicating with you before and during the trip, knowing your opinion and learning from your experience after the trip. will use your data exclusively for the following purposes:

Purposes related to the management of the contractual relationship and the provision of services. will carry out the treatment:

• based on your consent;

• because it is necessary for the contractual obligations referred to in point 1 (e.g. preparation and execution of the parking contract, purchase of specific tickets, hotel reservations);

• because it is necessary to fulfil the legal obligations, indicated in point 1, to which we are subject (e.g. accounting, remuneration, social security, counter-terrorism checks);

• because the treatment is necessary to pursue a legitimate interest (e.g. protection and safety of company assets, fraud prevention, safeguarding of corporate strategic interests and related commercial relationships, protection of corporate assets of client companies).

It follows that the provision of personal data is obligatory for the purposes indicated in point 1. Purposes 2 do not derive from a legal obligation, and the confirmation of the relative consents is optional.


Point 1

Purposes related to the services carried out by the market̀ activity, to purchase admission tickets to events, to check your presence on board vehicles, to contact you in the event of advances/delays during the trip and activities̀ related to disbursement, support, updating and information regarding the services and features available, as well as activation of online services (e.g. access to the private area of ​​the site, job interviews, and the selection of collaborators.


Point 2

Purposes related to marketing activities. With your specific consent, your common personal data will be processed for market research, economic analysis and statistics (for example, telephone interviews related to the trips made), social, cultural and solidarity initiatives, commercial information, updates on training initiatives, marketing, sending advertising/informative/promotional material and updates on initiatives, promotions and offers of the group, and/or third-party companies that work together as Srl, as well as those in relation to programs and promotions, including online, aimed at rewarding or retaining customers, and communications and information on the group's activities and on the events in which the group companies participate.

Attention to the need for some data
Any partial or total failure to provide the data will result in the partial or total impossibility of achieving the aforementioned purposes.

The extent and adequacy of the data provided will be evaluated from time to time, in order to determine the consequent decisions and to avoid the processing of data in excess of the aims pursued.

We will not use your personal data for purposes other than those described in this statement, without informing you in advance and, where necessary, obtaining your consent.


Will you treat particular data?

In the event that you have decided to apply for a particular job offer and/or if you have decided to give us specific data, will have to deal with and collect data for which the law requires your consent. In some cases, such data may be strictly necessary for the purposes of selection. In this case, we inform you that they will be processed exclusively for the purposes indicated in point 1.


Who will process my data?

Your data will be processed, as Data Controllers, by the company S.r.l. in Italy, with headquarters in Via Bottenigo, 217 | 30175 | Venice, which also serves as the headquarters for the site (Via Bottenigo, 217 | 30175 | Venice) is responsible for data processing in relation to the management of the contractual relationship with customers in multiple jurisdictions and controls for the purposes of compliance with international regulations (for example, journeys involving several EU and non-EU countries).


How will this data be shared?

Service Providers may share user information with third parties that provide services for, such as support and improvement of services, promotion of services, payment processing or order fulfilment. These service providers will only have access to the information strictly necessary to perform these limited functions on behalf of and are required to protect users' information. could also use service providers to collect, over time, information on the use of the services by users on behalf of, so that or the suppliers can promote or view the services or in other sites or services relevant information based on user interests.


Third-party activities via API or other additions

If the user uses third-party apps, plug-ins or websites that integrate with the services, third parties may receive user information and content, including personal data, photos and activity data (including private ones). Information collected by third parties is subject to their terms and policies. is not responsible for the terms or policies of third parties.


Affiliates and buyers of the business or resources may share user information with affiliates controlled by These are required to comply with the terms of this privacy statement regarding user information. If is involved in business combinations, securities offers, bankruptcy, reorganisation, dissolution or other similar transactions, it may share or transfer user information in relation to the aforementioned transaction.


Legal requirements    may store and share user information with third parties, including law enforcement agencies, public or government agencies or private disputes, inside or outside the country of residence of both the user and, if it decides that such disclosure is reasonably necessary to comply with the law, for example to respond to ordinances, subpoena or other legal or regulatory processes. may also store or disclose user information if it believes that such disclosure is reasonably necessary or appropriate to prevent deaths or personal injury, to resolve national security issues or other issues of public importance, to prevent or detect violations of our Terms of Service or fraud or abuse of or its members, or protect the operations or property of or other legal rights, including by disclosure to the legal adviser and other consultants and third parties in relation to actual or potential disputes.


How to protect information

The services use extensive SSL (Secure Sockets Layer) technology, the highest standard in the industry to allow encryption of personal data and credit card numbers, but no system is completely and certainly secure forever.


Limitation of liability

We take various measures to protect the collection, transmission and storage of data, trying to minimise their presence to the level at which it is strictly necessary. employs the services of an industry leader in online protection and verification of services to strengthen the security of services.

Although we strive, so far as is reasonably possible, to protect the user's data based on their confidentiality, we do not guarantee the security of the information shared by the user and we are not responsible for the theft, destruction, loss or involuntary disclosure of information or content as a result of criminal activites (eg hacking, theft, etc.) even against our partners.

The services are registered with the authorities responsible for the identification of the sites so that the browser can confirm the identity of before sending personal information. Furthermore, the secure servers of protect this data with the use of advanced firewall technology.

In order for these measures to contribute effectively to prevent unauthorised access to personal data, the user must know the security features available through the browser. The user must use a browser with security enabled to send their credit card and other personal data to the services. If the user does NOT use an SSL-compatible browser, there is a risk that the data will be intercepted.

Most browsers are able to inform you if you change from secure to unsafe communications, if you receive invalid service identification information for the services with which you are communicating, or if you send information through an unsecured connection. recommends enabling these browser features to ensure that communications are protected.

The user can also monitor the URL of the services they are visiting (secure URLs start with https:// instead of http://), along with the browser protection symbol to determine if they are communicating with a protected server. The user can also view the details of the security certificate of the services to which they are connected. Check the validity of all of the services to which you are connecting using secure communications.



Although continues to work hard to protect users' personal information, it cannot be guaranteed that any data transmission on the internet is absolutely secure; cannot guarantee the security of any information transmitted to Sending personal information is at your own risk.


Cookies and similar technologies

When the user visits the services, a cookie will be stored on his computer. Generally, cookies and similar technologies assign the browser or device a unique number that has no meaning outside of uses these technologies to personalise the user's experience and to provide specific content based on the user's interests. Furthermore, after entering the ID and password of the member during a session on the services, saves the information so as not to have to re-enter the credentials during the session.

Most browsers automatically accept cookies. To manage the information collected through cookies or other equivalent technologies, it is possible to use the browser or portable device settings. offers the user the choice of managing privacy and sharing. However, does not recognise or respond to Do Not Track signals initiated by the browser, as the internet industry has not fully developed Do Not Track standards, implementations and solutions.

More information on Do Not Track signals is available at Failure to accept cookies may make certain features of the services unavailable. may also use the IP address to identify the user, to provide the services and to assist in diagnosing problems with servers.  


Log file Services use log files.

The stored information includes IP addresses, browser type, ISPs, reference/exit pages, platform type, date and time stamp and number of clicks. This information allows you to analyse trends, administer and protect the services, monitor the movements of members as a whole and collect general demographic data for use as a whole in an anonymous and aggregate form. IP addresses, etc. can be linked to session IDs, passenger IDs and device IDs.


Rights of EU residents

Users with residence in the European Union have the right to access, correct, download and delete their information, as well as the right to place limitations and object to certain processing of such information. While some of these rights apply in general, others apply only in certain limited circumstances. These rights are shown below.

Access and portability, correction, restriction, limitation, and elimination

Much of the information can be accessed. Users who need more access or are not members of can contact us by e-mail at with the subject PRIVACY-PFF. To download a copy of your data, you can contact us by e-mail at with the subject PRIVACY-PFF. will generally respond to the request within 30 days.



You can object to the processing of your information based on our legitimate interests, as explained above, or in the public interest, under certain circumstances. In such cases, will stop processing user information unless there are valid legitimate reasons to continue the processing thereof, or when it is necessary for legal reasons.



If you wish to raise a concern about the use of your information (and without prejudice to any other user right), you have the right to do so by contacting us at with the subject PRIVACY-PFF.


Information storage

The information is stored as long as it is necessary to provide the services to the user and to others, unless any legal obligations require it to be kept longer in terms of content and time.

The information relating to the user's account is generally kept until it is no longer necessary to provide the services or until the user requests to delete them or the account is deleted, depending on which one occurs first.

Up to 30 working days from the deletion of the user's account may be requested before all records and personal data are completely deleted from our system.



Main normative reference

Customers and suppliers



5-10 years

Art. 2948 Civil Code, which provides for the 5-year prescription for periodic payments; art. 2220 Civil Code, which provides for the preservation of accounting entries for 10 years; art. 22 of the Presidential Decree of 29 September 1973, n. 600

Customers, prospect

In compliance with the terms prescribed by the law for the type of activity and in any case until the withdrawal of consent or until the exercise of the right of opposition



Art. 23 d.lgs. 196/03 general provision of 15/05/13 art. 21 Reg. UE 2016/679

data of candidates, tour leaders, customers, for marketing purposes


In compliance with the terms prescribed by the law for the type of activity and in any case until the withdrawal of consent or until the exercise of the right of opposition



Art. 23 d.lgs. 196/03  general provision of 15/05/13 art. 21 Reg. UE 2016/679

HR candidates

Maximum 24 months

Art. 11 lett. E) of D.Lgs 196/2003 and art 5 lett. E) of Reg UE 2016/679

employees and administrators



10 years


Art. 43 of Dpr 600/73; art 2946 civil code on ordinary prescription; title 1, chapter III



Information about closed accounts may also be stored to comply with the law, prevent fraud, collect quotas, resolve disputes, assist in legal investigations, enforce the Terms of Service and take other actions permitted by law.

The information we keep will be managed in compliance with this privacy policy.

User information that is no longer necessary and relevant for the provision of the services could be made anonymous and combined with other non-personal data to obtain commercially useful information for, such as statistics of use of the services or flows and loads on the servers.

Information about closed accounts may also be stored to comply with the law, prevent fraud, collect quotas, resolve disputes, assist in legal investigations, enforce the Terms of Service and take other actions permitted by law. The information we keep will be managed in compliance with this Privacy Policy. The user information that is no longer necessary and relevant for the provision of the Services could be anonymised and combined with other non-personal data to obtain commercially useful information for, such as statistics of use of the Services or flows and loads on the servers.


Other sites maintained by S.r.l. maintains some websites accessible outside of or, (the "Other sites").

Other sites maintain the appearance and usability of the services but are managed by external service providers with their own terms and privacy policies or with this document if so specified.


Information on the Privacy Policy reserves the right to change this Privacy Policy at any time. We, therefore, recommend that you review it occasionally. If makes changes to the Privacy Policy, the update will be published promptly in the Services and, in the event of substantial changes, the notice will be highlighted. If the user is against any changes made to the Privacy Policy, they must stop using the Services and eventually delete the account.

Follow Us

Subscribe to Our Newsletter

When you submit the form, check your inbox to confirm your subscription.