Privacy Policy of of www.italuxejourneys.it

This Privacy Policy describes how your personal data is collected, used, and protected when interacting with the website www.italuxejourneys.it in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).

Privacy Policy

Pursuant to Articles 13 and 14 of EU Regulation No. 679 of 2016, each data subject has the right to be informed about the purposes and methods with which the personal data provided will be processed.

Italuxe Journeys -as a luxury brand of Tomorrow Travel S.R.L.- in accordance with its privacy policy,
INFORMS as follows:

Data Controller

Tomorrow Travel S.R.L.
Via Luchino dal Verme 17/19 – 00176 Rome, Italy
Email: info@tomorrowtravel.it

Italuxe Journeys is a luxury brand of Tomorrow Travel S.R.L.

As Data Controller, and pursuant to Article 13 of Legislative Decree 196/2003 (the “Privacy Code”) and Article 13 of EU Regulation 2016/679 (“GDPR”), your data will be processed in the manner and for the purposes outlined below.

Types of Data Collected

Among the personal data collected independently or through third parties are:

  • Usage data
  • Name and surname
  • Telephone number and email address
  • Payment details
  • Economic and financial information

Personal data may be freely provided by the user or, in the case of usage data, collected automatically during the use of the website or related services. Unless otherwise specified, all requested data is mandatory. If the user refuses to provide it, the service may not be available.

Where data is marked as optional, users may choose not to provide it without affecting service availability. Users unsure about which data is required are encouraged to contact the Data Controller.

Purpose of Processing

A) Without your express consent (Art. 24 (a), (b), (c) of the Privacy Code and Art. 6 (b), (e) GDPR), your data may be processed for the following service purposes:

  • To enter into contracts and/or professional relationships with the Data Controller and to contact you;
  • To fulfill pre-contractual, contractual, and fiscal obligations arising from relationships with you;
  • To comply with legal obligations, regulations, EU legislation, or requests from authorities (e.g., anti-money laundering requirements);
  • To exercise the rights of the Data Controller (e.g., right to legal defense).

B) Only with your explicit consent (Articles 23 and 130 of the Privacy Code and Article 7 GDPR), your data may be used for marketing purposes:

  • To send newsletters, commercial communications, and promotional material by email, post, SMS, or phone regarding services or products offered by the Data Controller and to assess client satisfaction.
  • To send similar communications on behalf of third parties (e.g., partners or insurance companies).

If you are already a client, we may send you communications related to services or products similar to those you previously purchased, unless you object (Art. 130, paragraph 4 of the Privacy Code).

Methods and Place of Processing

Processing Methods

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of personal data. Processing is carried out using electronic and/or telematic tools, with organizational methods strictly related to the stated purposes.

In addition to the Data Controller, in some cases, other parties involved in the operation of this website or service (e.g. administration, sales, legal, marketing, IT) or external third-party service providers (e.g. hosting, IT, communication agencies) may access the data and, where necessary, act as Data Processors.

An updated list of Data Processors may be requested from the Data Controller at any time.

Data Sharing

Without your express consent (pursuant to Art. 24 (a), (b), (d) of the Privacy Code and Art. 6 (b) and (c) GDPR), your data may be shared for the above purposes with supervisory authorities (e.g., the Data Protection Authority), judicial bodies, insurance providers, and other entities when required by law. These entities will process your data as independent data controllers. Your data will not be disclosed publicly.

Legal Basis for Processing

The Data Controller may process your personal data if:

  • You have given explicit consent for one or more purposes;
  • Processing is necessary for the performance of a contract or pre-contractual measures;
  • It is required to comply with a legal obligation;
  • It is necessary for a task carried out in the public interest or the exercise of public authority;
  • It is necessary for the legitimate interest of the Data Controller or third parties.

You may contact the Data Controller for clarification on the legal basis applicable to a specific type of processing.

Place of Processing

Data is processed at the Data Controller’s offices and any other location where the parties involved in the processing are located. Data may be transferred outside the European Union, but only where appropriate safeguards exist.

You may request more information about data transfers and the specific legal safeguards in place by contacting the Data Controller.

Data Retention

Personal data will be stored only as long as necessary for the purposes for which it was collected. Specifically:

  • Data collected for contractual purposes will be retained until the contract is fulfilled;
  • Data collected under the Data Controller’s legitimate interest will be kept as long as that interest exists;
  • Data processed with your consent will be retained until you withdraw that consent;
  • In compliance with legal obligations, data may be retained for a longer period.

Once the retention period expires, your data will be deleted or anonymized. After this point, rights such as access, rectification, or portability can no longer be exercised.

User Rights

As a data subject, you have the rights under Article 7 of the Privacy Code and Articles 15–22 of the GDPR, including the right to:

  • Access and confirm the existence of personal data;
  • Know the origin, purposes, and methods of processing;
  • Request updates, rectification, or deletion of your data;
  • Object to the processing of personal data for legitimate reasons or for marketing purposes;
  • Request data portability;
  • Lodge a complaint with the competent Data Protection Authority.

You may also object, wholly or partially, to:

  • The processing of your personal data for marketing and profiling purposes (both traditional and automated).

How to Exercise Your Rights

To exercise your rights, please contact the Data Controller at: info@tomorrowtravel.it

Requests are handled free of charge and processed as soon as possible, and in any case within one month.

Legal Defense

Your personal data may be used for legal defense purposes in court or in the preparatory stages of a legal action in case of misuse of this site or related services. The Data Controller may also disclose data if required by public authorities.

Additional Information

Further details regarding the processing of personal data may be requested at any time by contacting the Data Controller.

Changes to This Privacy Policy

The Data Controller reserves the right to update this Privacy Policy at any time. Users will be notified via the website or through the contact details on file. Where the update concerns processing activities based on consent, new consent will be requested where legally required.

Torna in alto