The Data Controller is TOURIST SPA – Via Tifernate – 06024 Gubbio (PG) Italia – Tel ++39 075 9234 – Fax ++39 075 9220323 – E-mail:, hereinafter also referred to as the “Company”.



  1. Personal data processed for Web site operation purposes

The computer systems and software procedures used to run the Web Site during standard operation, acquire some browsing data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, yet it could lead to the identification of Web Site users, through processing and association with data held by the Company or by third parties.

This category of Data includes IP addresses or the domain names of the computers used by the users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the response file, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.


  1. Data directly provided by the user

The optional, explicit and voluntary provision of data by the user, as requested by various sections in this Web site, is used by the Web site to follow up on the user’s requests (including but not limited to: information or explanations requested by calling the numbers indicated on the Web site or writing to the e-mail addresses therein). Specific information notices, including summary information, are usually on the bottom of the page or displayed on the pages of the Web site dedicated to on-request services, in order to draw the user’s attention to the processing of their personal data.

  1. Cookies

The Web site uses cookies and similar technologies to ensure the proper operation of procedures and to improve the online application user experience.

As for the use of cookies, please refer to our Cookie Policy by clicking here

  1. Geolocation data

This Web site may process data relating to the user’s geographical location, in order to provide location-based services. Most browsers and devices provide the user with tools to prevent geographical tracking by default. If the user has expressly authorized the geolocation service, this Web site may receive information on their actual geographical position.

When activated, the Application will acquire data relating to users’  geographical position via GPS, Wi-Fi and GSM network. Geolocation services can be deactivated at any time by accessing the specific location authorization section of the operating system on the user’s device (Android or IOS). From that moment on, the Application will no longer be able to collect geolocation data for the use of the services.

Should the user not have activated the geolocation services, or subsequently deactivated them, or have not given their consent to the processing of geolocation data, then they may have limited access to the  Application features.


– Browsing data

This category of Data includes: IP addresses, the type of browser used, the operating system, the domain name and addresses of the web sites from which access was made, information on the pages visited by users within the Web site, access time, the time spent on each page, internal path analysis and other parameters relating to the user’s operating system and computer environment.

At the end of the session, data collected during navigation is used to obtain anonymous statistical information on the use of the Web site and to check its proper operation.


Legal basis of data processing

Legitimate interest of the Data Controller

Personal data retention period

The entire duration of the browsing session on the Web site.

– subscribe to the web site

Should you be interested in allowing us to keep your data in our files with the aim of sending  you  some communications (also by e-mail), to inform you of our future offers and initiatives and make your subsequent contacts with us easier,  please subscribe to our  Web site and/or newsletters, upon providing us with explicit and specific consent, which is completely optional.

Legal basis of data processing

Consent by the data subject

Personal data retention period

10 years, subject to the possibility of early deletion of data upon the data subject ‘s request –

–Contractual/pre-contractual purposes

The optional, explicit and voluntary provision of data by the user, as requested by various sections in this Web site,  is used by the Web site to follow up on the user’s requests ( i.e. information or explanations requested by calling the numbers indicated on the Web site or writing to the e-mail addresses therein or filling out a request form).


Legal basis of data processing

Performance of a contract where the data subject is a party/Pre-contractual information notices to be activated upon the data subject’s request.




Personal data retention period:

  • Reply to a contact request

Should you be contacted by us for the purpose of providing you with some information following your express request, and should you not give your consent  to the processing of your personal data for an extended period of time, then your personal data will be stored only to respond to your occasional contact request, and subsequently destroyed.

Since we would appreciate contacting you over time, we hereby ask  you to provide  us with  your consent to the processing of your personal data, by subscribing to the website and/or newsletter; we hereby guarantee that your personal data will be processed by us exclusively for the above-mentioned purposes. Without your express authorization, we will not allow any third parties to use the information you provided us with,  for purposes other than those agreed upon, and we hereby engage to protect it with our utmost care.

  • If you have already been our Guest and have therefore concluded a previous contract with us

Any data provided by you will be processed for the duration of the contractual relationship existing  between us and will only be stored for the period necessary to fulfil legal obligations, unless it is required  to store it longer to defend or enforce a right, or to fulfil any further legal obligations or orders by the relevant Authorities.

After the expiry of the aforementioned retention periods, your personal data will be destroyed or rendered anonymous, subject to technical deletion and backup procedures.



With the exception of browsing data, which is necessary for computer and telematic protocols, the provision of personal data by users is free and optional. Nevertheless, failure to provide such data will make it impossible to follow up on  any request sent or that the user intends to send.



In compliance with specific regulatory obligations, your data may be communicated to subjects acting as Data Controllers (such as, including but not limited to: supervisory and control authorities and any public subject legitimately entitled to request such data) or processed, on behalf of the Company, by subjects appointed as Data Processors, upon receiving appropriate operating instructions.

In particular, your data may be communicated to the following categories of subjects:

  1. a) companies belonging to the Financo Group, acting as Data Processors for purposes related to the performance of internal organization activities ;
  2. b) natural and/or legal persons who provide services of various kinds to the Company (e.g. suppliers of services for Web site management, such as system outsourcers, companies dealing with internet network connectivity services, etc.).




Data will be processed by employees, collaborators of the Company or external subjects, appointed as  Data Processors, who perform  technical and organizational tasks on the Web site or internal organizational activities on behalf of the Company.



Data will not be transferred to extra-European Union countries .



By contacting the Company via e-mail at, data subjects may request the Data Controller to access any data concerning them, for the deletion, amendment of inaccurate data, integration of incomplete data, limitation of data processing in the cases provided for by Article 18 GDPR, as well as to oppose data processing in case of legitimate interest by the Data Controller.

Should  the processing of personal data be based on consent or contract and carried out by automated means, data subjects shall be entitled to receive such data in a structured, commonly used and machine-readable format, and also transmit it to another Data Controller without any hindrance, if technically feasible.

Data subjects, who consider their rights under the European Regulation 2016/679 or the Privacy Code as amended by Legislative Decree 101/18 violated, are entitled to lodge a complaint with the Italian Data Protection Authority or to undertake legal proceedings, as provided for in Article 77 of the GDPR and Articles 140-bis and 142 of the Italian Civil Code.