Privacy Information

BOOK YOUR EXPERIENCE

Privacy Information

Privacy Policy (GDPR) — Birdwatching Sardinia

Last updated: [30/12/2025]

This Privacy Policy explains how Birdwatching Sardinia (the “Website”) collects, uses, discloses, and protects personal data when you visit the Website, contact us, or book our experiences (together, the “Services”). We process personal data in accordance with the EU General Data Protection Regulation (GDPR) 2016/679 and applicable national laws.

1) Data Controller

Controller:
L’ Alta Bhanda di Giosuè Serreli (“we”, “us”, “our”)
Registered office: [Loc. Imbarcadero Fiume Coghinas]
VAT / Tax ID: [IT01941120907]
Email: [info@birdwatchingsardinia.it]
Phone: [+39.328.27.98.442]

2) What Personal Data We Collect

Depending on how you use the Website, we may collect:

A. Data you provide directly

  • Contact details: name, email, phone number
  • Booking details: number of participants, preferred date/time, language, special requests
  • Billing data (if applicable): invoice name, address, VAT number
  • Communications: messages you send via forms, email, WhatsApp, or other channels

B. Data collected automatically (usage and technical data)

  • IP address, device and browser information, operating system
  • Pages visited, referring URLs, date/time of access, basic interaction data
  • Cookies and similar technologies (see “Cookies” section below)

C. Special categories of data
We do not request health data. If you voluntarily share health/accessibility information (e.g., mobility needs, allergies) we will process it only to manage your request and ensure safety, using appropriate safeguards.

3) Why We Process Your Data and Legal Bases

We process personal data only when we have a lawful basis under the GDPR:

  1. To respond to inquiries and provide support
    • Purpose: answer messages, provide information, manage requests
    • Legal basis: legitimate interest (Art. 6(1)(f)) or steps prior to contract (Art. 6(1)(b))
  2. To manage bookings and deliver experiences
    • Purpose: confirm reservations, communicate logistics, provide the tour/service
    • Legal basis: performance of a contract (Art. 6(1)(b))
  3. To comply with legal and accounting obligations
    • Purpose: invoicing, tax obligations, fraud prevention where required
    • Legal basis: legal obligation (Art. 6(1)(c))
  4. To improve the Website and measure performance (analytics)
    • Purpose: understand traffic, improve content and user experience
    • Legal basis: consent for non-essential cookies/trackers where required (Art. 6(1)(a)) and/or legitimate interest for strictly necessary measurements, depending on configuration and local rules
  5. Marketing communications (newsletter / promotions) (only if used)
    • Purpose: send updates, offers, news
    • Legal basis: consent (Art. 6(1)(a))
      You can withdraw consent at any time via the unsubscribe link or by contacting us.

4) Who We Share Data With (Recipients)

We may share personal data only as necessary with:

  • Hosting and technical providers (website hosting, email services, security, backups)
  • Booking/CRM tools (if used to manage reservations and customer requests)
  • Payment providers (if you pay online; the provider processes payment data under its own policies)
  • Analytics providers (only if enabled and in line with your cookie choices)
  • Public authorities where legally required

All providers act as data processors (Art. 28 GDPR) where applicable, under contractual obligations to protect data.

Note: List your actual providers here (e.g., hosting company name, email provider, booking plugin/service, analytics tool, newsletter platform).

5) International Data Transfers (Outside the EEA)

Some service providers may process data outside the European Economic Area. In such cases, transfers occur only with appropriate safeguards such as:

  • an adequacy decision by the European Commission, or
  • Standard Contractual Clauses (SCCs) and supplementary measures where required.

6) Data Retention (How Long We Keep Data)

We retain personal data only for as long as necessary:

  • Inquiries: typically up to [6–24 months] after last contact
  • Bookings and service records: up to [X years] (often aligned with contractual and legal requirements)
  • Invoices/accounting records: as required by law (commonly up to 10 years in Italy)
  • Marketing lists: until you withdraw consent or request deletion
  • Technical logs: typically [days/months] for security and troubleshooting

7) Your GDPR Rights

You have the right to:

  • Access your data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase data (“right to be forgotten”) (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing based on legitimate interest (Art. 21)
  • Withdraw consent at any time (Art. 7(3))
  • Lodge a complaint with a supervisory authority

Italy: you may contact the Garante per la Protezione dei Dati Personali.

To exercise your rights, email: [Privacy email]. We may need to verify your identity before completing a request.

8) Cookies and Tracking Technologies

The Website may use cookies and similar technologies for:

  • Strictly necessary functions (security, load balancing, essential preferences)
  • Analytics/performance (only where enabled and permitted)
  • Embedded content (e.g., maps, videos) which may set third-party cookies

Where required, we use a cookie banner/consent mechanism allowing you to accept or reject non-essential cookies.
If you maintain a separate cookie page, add: “For more details, see our Cookie Policy: [link/page].”

9) Security Measures

We implement appropriate technical and organizational measures to protect data, such as access controls, least-privilege permissions, backups, and secure communication where available. No method of transmission/storage is 100% secure; however, we work to minimize risks.

10) Children’s Privacy

Our Website and Services are not directed to children under [18] without parental/guardian involvement. If you believe a child has provided data without appropriate authorization, contact us to request deletion.

11) Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts (Art. 22 GDPR), unless explicitly stated.

12) Third-Party Links

The Website may contain links to external websites. We are not responsible for their privacy practices. We encourage you to read the privacy policies of third parties you visit.

13) Changes to This Policy

We may update this Privacy Policy as our Website or legal requirements change. The “Last updated” date will reflect the latest revision.

14) Contact

For privacy-related requests or questions:
Email: [info@birdwatchingsardinia.it]
Phone: [+39.328.27.98.442]
Address: [Loc. Foce del Coghinas]

Book a Birdwatching Tour with us !