Book Now

Privacy Policy

Privacy Policy
Last updated: October 13, 2025

1. Introduction
Welcome to MTB Tours Finale. This Privacy Policy explains how Flow School mtb Guide Pietra Ligure (“we,” “our,” or “us”), as the Data Controller, collects, uses, shares, and protects your personal data when you use our website mtbtoursfinale.com (the “Site”) and our services.

We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR – EU Reg. 679/2016) and the Italian Privacy Code (D.Lgs 196/2003, as amended).

2. Data Controller
The Data Controller responsible for your personal data is:

Legal Name: [Seu Nome Legal Completo da Empresa]

Address: [Seu Endereço Completo, Itália]

Email: [Seu Email de Contato]

3. What Personal Data We Collect

We collect different types of personal data depending on how you interact with our Site:

a) Data You Provide Directly:

When Booking a Tour: We collect your full name, email address, phone number, country of residence, and any other information necessary to process your reservation, such as special requests or health information relevant to the activity (e.g., allergies).

When Making a Payment: Our payment services partners ([Ex: Stripe, PayPal, ou o gateway do seu banco]) will collect payment information, such as credit card details. We do not store your full credit card information on our servers.

When You Contact Us: If you contact us via our contact form or email, we collect your name, email address, and the content of your message.

b) Data Collected Automatically:

When You Browse Our Site: We automatically collect technical information, including your IP address, browser type, device information, and browsing behaviour (pages visited, time spent on site). This data is primarily collected through cookies. For full details, please see our [link para a sua página de Política de Cookies].

4. How and Why We Use Your Data (Purpose and Legal Basis)

We process your personal data only for specific purposes and on a valid legal basis as required by the GDPR.

Purpose of Processing: To Process and Manage Your Bookings | Type of Data Used: Name, email, phone, payment details, special requests | Legal Basis (GDPR)
: Performance of a Contract (to fulfill the service you purchased)

Purpose of Processing: To Communicate with You | Type of Data Used: Name, email, phone | Legal Basis (GDPR)
: Performance of a Contract (for service updates, confirmations) and Legitimate Interest (to respond to your inquiries)

Purpose of Processing: To Send Marketing Communications (e.g., Newsletters) | Type of Data Used: Name, email | Legal Basis (GDPR)
: Consent (we will only send you marketing materials if you explicitly opt-in)

Purpose of Processing: To Improve Our Website and Services | Type of Data Used: IP address, browsing data | Legal Basis (GDPR)
: Legitimate Interest (to understand how users interact with our site and improve their experience)

Purpose of Processing: To Comply with Legal Obligations | Type of Data Used: Booking and payment details | Legal Basis (GDPR)
: Legal Obligation (for invoicing, tax, and accounting purposes)

5. Who We Share Your Data With (Data Processors)

We do not sell your personal data. We may share your data with trusted third-party service providers who act as Data Processors on our behalf, including:

Booking Platform: [Nome da sua plataforma de reservas, ex: Beddy.io] to manage your reservations.

Payment Processors: [Ex: Stripe, PayPal] to securely process your payments.

Website Hosting Provider: GoDaddy, which hosts our website.

Analytics Providers: Google Analytics, to help us analyse website traffic.

Email Marketing Services: [Ex: Mailchimp, Sendinblue] if you consent to receive our newsletter.

These parties are contractually obligated to protect your data and use it only for the purposes we specify.

6. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Data related to bookings will be kept for [Ex: 10 anos] as required by Italian tax law.

Data from contact forms will be deleted after [Ex: 24 meses] of inactivity.

7. Your Data Protection Rights under GDPR

You have the following rights regarding your personal data:

Right of Access: You can request a copy of the personal data we hold about you.

Right to Rectification: You can request that we correct any inaccurate or incomplete data.

Right to Erasure (“Right to be Forgotten”): You can request that we delete your personal data, under certain conditions.

Right to Restrict Processing: You can request that we limit the processing of your personal data, under certain conditions.

Right to Data Portability: You can request that we transfer the data we have collected to another organization, or directly to you.

Right to Object: You can object to our processing of your personal data, particularly where we rely on legitimate interest as our legal basis.

Right to Withdraw Consent: Where we rely on your consent for processing (e.g., for marketing), you have the right to withdraw that consent at any time.

Right to Lodge a Complaint: You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or your local supervisory authority.

To exercise any of these rights, please contact us at [Seu Email de Contato].

8. Data Security
We have implemented appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way.

9. Changes to This Privacy Policy
We may update this policy from time to time. The updated version will be posted on this page with a new “Last updated” date. We encourage you to review this page periodically.