Privacy Policy – Rome and You
Information pursuant to EU Regulation 2016/679 on the protection of personal data (“GDPR”)
With this document (“Information”) I intend to provide you with information regarding the processing of information, as specified below, which will be provided by you or otherwise available at my office. The Information, in particular, is provided pursuant to EU Regulation no. 679/2016 (“GDPR”) and subsequent national compliance regulations (together with the GDPR hereinafter “Applicable Regulations”).
Last updated: October 2025
1. Data Controller
Laura Patara
Via Monte Bianco 93 – 01100 Viterbo, Italy
Email: info@romeandyou.com
Website: https://romeandyou.com
No Data Protection Officer (DPO) has been appointed, as it is not required by the nature of the processing.
2. Purpose and Legal Basis of Data Processing
Your personal data are collected and processed for the following purposes:
| Purpose | Legal Basis | Retention |
|---|---|---|
| Responding to contact or booking inquiries | Contractual / pre-contractual measures (Art. 6(1)(b) GDPR) | Until request is processed |
| Managing bookings through Bokun | Performance of contract | Duration of the booking + 2 years |
| Managing newsletter subscriptions | Consent (Art. 6(1)(a) GDPR) | Until consent withdrawal |
| Statistical analysis (Google Analytics 4) | Consent via cookie banner | 26 months |
| Remarketing and personalized ads (Google Ads) | Consent via cookie banner | Until consent withdrawal |
3. Categories of Personal Data Collected
- Browsing data: IP address, browser type, device, country, pages visited, time on site.
- Contact data: name, email, message (via contact form).
- Booking data: data submitted through Bokun (dates, participants, payments handled directly by Bokun).
- Newsletter data: email address (via MailerLite).
- Cookies and analytics identifiers: GA4, Tag Manager, and Ads tags.
4. Third-Party Tools and Services
Google Analytics 4 (GA4)
Used to analyze anonymized browsing behavior and improve website performance.
IP anonymization is enabled.
Provider: Google Ireland Ltd.
Legal basis: Consent.
Data transfer: May occur to the U.S. under Standard Contractual Clauses.
Google Privacy Policy
Google Tag Manager (GTM)
Used to manage and load marketing and analytics scripts. GTM itself does not collect personal data.
Provider: Google Ireland Ltd.
Google Ads & Remarketing
Used for ad measurement and personalized marketing, only after cookie consent.
You can opt out anytime via Google Ads Settings.
Bokun (Booking Platform)
Bookings are managed through Bokun, part of Tripadvisor Group.
Personal and payment details are processed directly by Bokun, not by Rome and You.
Provider: Bokun ehf, Iceland – Bokun Privacy Policy
Rome and You receives only essential booking data for confirmation and service delivery.
MailerLite (Newsletter Management)
Used to send newsletters and updates to subscribers.
Provider: MailerLite UAB, Lithuania
Data stored: email address only.
You can unsubscribe at any time via the “Unsubscribe” link in any email.
Legal basis: Consent.
5. Data Recipients
Your data may be accessed by:
- The Data Controller (Laura Patara)
- Hosting and technical service providers (Xlogic, Google, Bokun, MailerLite)
- Public authorities if legally required
Rome and You does not sell or share personal data for commercial purposes.
6. Data Retention
| Purpose | Retention period |
|---|---|
| Contact requests | Up to 12 months |
| Bookings | Duration of contract + 2 years |
| Newsletter | Until consent is withdrawn |
| Analytics (GA4) | 26 months |
| Marketing (Ads) | Until consent is withdrawn |
7. Data Processing Methods
Data are processed electronically and securely.
Appropriate technical and organizational measures are applied to prevent unauthorized access, alteration, or disclosure.
8. Transfer of Data Outside the EU
Where required, data may be transferred outside the EU (e.g., Google, Bokun, MailerLite) based on:
- Adequacy decisions by the European Commission, or
- Standard Contractual Clauses ensuring adequate protection.
9. Your Rights
Under Articles 15–22 of the GDPR, you may:
- Request access, rectification, or erasure of your data (“right to be forgotten”)
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time (without affecting prior processing)
- Lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it)
To exercise these rights, contact info@romeandyou.com.
10. External Links and Third-Party Websites
This site may contain links to external pages or booking platforms (e.g., Bokun).
Rome and You is not responsible for third-party privacy practices.
11. Update
This policy may be amended to reflect changes in legal requirements or technology.
Last update: October 2025