Privacy Policy

Last updated: February 16, 2026

1. Data Controller

The Data Controller is:

Dalmar Bike Tours
Owner: Bozzo Dalmar
Registered office: Via Enrico Toti n. 13, 37045 Legnago (VR), Italy
Tax Code: BZZDMR91E09E512F
VAT Number: 05168550233
Email: info@dalmarbiketours.com
Phone: +39 351 433 4316

2. Introduction

This Privacy Policy describes how we process the personal data of users who visit the website dalmarbiketours.com (hereinafter "Website").

Personal data processing is carried out in compliance with Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 (Privacy Code) as amended by Legislative Decree 101/2018.

3. Data Collected

During browsing on the Website, the following data may be collected:

3.1 Browsing Data

The computer systems used to operate the Website acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could allow users to be identified.

This category includes: IP addresses, browser type, operating system, domain name and addresses of websites from which access or exit was made, information about pages visited.

This data is used solely for the purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning.

3.2 Data Provided Voluntarily

The optional, explicit and voluntary sending of messages to the Website's contact addresses entails the acquisition of the sender's contact data (name, email, phone number), necessary to respond to requests.

Nature of data provision: Providing contact data is optional. Failure to provide data will prevent the Controller from responding to information or quote requests.

4. Purpose and Legal Basis of Processing

Personal data is processed for the following purposes:

  • Provision of requested services: response to information and quote requests (Legal basis: execution of pre-contractual measures pursuant to Art. 6, para. 1, lett. b GDPR)
  • Website operation: technical management of the website and IT security (Legal basis: legitimate interest of the controller in ensuring IT security and the proper technical functioning of the website, pursuant to Art. 6, para. 1, lett. f GDPR)

4.1 Automated Decision-Making

The Controller does not carry out any automated decision-making process, including profiling as referred to in Art. 22, paragraphs 1 and 4, of the GDPR.

5. Cookies and Similar Technologies

The Website uses technical cookies necessary for operation. For detailed information on the cookies used and preference management, please refer to the Cookie Policy.

The Website also uses:

  • Fancybox: We use Fancybox, an open-source JavaScript library, to display images in lightbox format. Fancybox works exclusively on the client side (in the user's browser) and does not send any data to external servers. More information: Fancybox.

6. Processing Methods and Retention

Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected.

Specific security measures are observed to prevent data loss, illicit or improper use, and unauthorized access.

Retention Periods

  • Browsing data (logs): retained for 2 weeks, except when needed to investigate crimes
  • Contact data: retained for the time necessary to fulfill the request and for any subsequent contractual purposes
  • Cookie preferences: stored locally on the user's device for 12 months

7. Data Communication and Disclosure

Personal data is not disclosed. It may be communicated to:

  • Entities providing services for the management of the IT system and for the technical management of the Website
  • Competent authorities in case of legitimate requests

Hosting and Infrastructure

The Website is hosted on Amazon Web Services (AWS) servers located in the EU-South-1 region (Milan, Italy). AWS acts as a Data Processor according to its Data Processing Addendum. Access logs are retained for 2 weeks. More information: AWS Privacy Policy.

8. Extra-EU Data Transfer

Data processing takes place mainly within the European Union. Any transfer of data to non-EU countries occurs only with the user's consent and in compliance with the appropriate safeguards provided by the GDPR (standard contractual clauses approved by the European Commission).

9. Data Subject Rights

Users can exercise the following rights pursuant to Articles 15-22 of the GDPR:

  • Right of access (Art. 15): obtain confirmation of the existence of personal data and receive a copy
  • Right to rectification (Art. 16): correct inaccurate or incomplete data
  • Right to erasure (Art. 17): obtain the deletion of data (right to be forgotten)
  • Right to restriction (Art. 18): restrict processing in certain circumstances
  • Right to data portability (Art. 20): receive data in a structured format and transmit it to another controller
  • Right to object (Art. 21): object to processing for legitimate reasons
  • Withdrawal of consent: withdraw consent at any time (without prejudice to the lawfulness of processing based on consent before withdrawal)
Right to object to processing based on legitimate interests (Art. 21 GDPR)

Where your personal data is processed on the basis of the controller's legitimate interests (e.g. technical operation and security of the website), you have the right to object at any time on grounds relating to your particular situation. The controller shall no longer process your personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

To exercise these rights, contact the Controller at: info@dalmarbiketours.com

10. Right to Lodge a Complaint

Data subjects who believe that the processing of personal data violates the GDPR have the right to lodge a complaint with the Italian Data Protection Authority:

Garante per la protezione dei dati personali
Piazza Venezia, 11 - 00187 Rome, Italy
Tel: (+39) 06.696771
Fax: (+39) 06.69677.3785
Email: garante@gpdp.it
PEC: protocollo@pec.gpdp.it
Web: www.garanteprivacy.it

11. Changes to the Privacy Policy

This Privacy Policy may be modified over time to comply with regulations or changes in the services offered. Changes will be published on this page with an update to the "Last updated" date at the top.

We recommend checking this page periodically to stay informed of any changes.

12. Contact

For any questions regarding this Privacy Policy or the processing of personal data, you can contact the Controller:

Email: info@dalmarbiketours.com
Phone: +39 351 433 4316