English
Privacy Policy (GDPR)
How we collect, use and protect your data when you browse BiteTheCity and when you click our partners’ affiliate links and widgets.
0. Data Controller
BiteTheCity by Sergio Anderson
Registered office: Strada alla Chiesa, 8 – 43044 Collecchio (PR) – Italy
VAT No.: to be added
Website: www.bitethecity.com
E-mail: info@bitethecity.com
Phone / WhatsApp: +39 320 153 6226
This notice is provided pursuant to EU Regulation 2016/679 (“GDPR”) and Italian data protection rules.
1. Types of data collected
- Browsing data: IP address, device identifiers, technical logs, pages visited, date/time of requests.
- Data provided voluntarily: name, surname, e-mail, phone number, and any information you send through forms or emails.
- Service-related data: preferences or food allergies you may provide in order to organize a tasting or experience.
- Commercial/affiliate tracking data: parameters added when you click on a partner link or widget (e.g. GetYourGuide, Viator) so that the booking can be attributed to BiteTheCity.
2. Purposes of processing and legal bases
- Providing website contents and replying to requests – Art. 6(1)(b) GDPR.
- Compliance with legal/tax obligations – Art. 6(1)(c) GDPR.
- Security and misuse prevention – Art. 6(1)(f) GDPR.
- Soft marketing to existing customers (information on similar services, with opt-out) – Art. 6(1)(f) GDPR.
- Newsletter / marketing – only on the basis of your explicit consent – Art. 6(1)(a) GDPR.
3. Cookies and affiliate tracking
The website uses technical cookies and, with your consent via the cookie banner, may use third-party and tracking cookies in order to:
- measure traffic and improve user experience;
- recognize that a booking was initiated from our site when you click a GetYourGuide or Viator link/widget, so the partner’s system can correctly attribute the commission;
- enable remarketing/profiling if activated and only with your consent.
You can manage your preferences through the cookie banner or through your browser settings. Please also refer to the dedicated Cookie Policy.
4. Nature of data provision
Data requested to answer your queries or to provide a service are necessary; if you do not provide them, we may not be able to respond. Data for marketing, newsletters and non-technical cookies are optional and are processed only if you give consent.
5. Data retention
- Contact / enquiry data: up to 24 months from the last relevant contact.
- Administrative/accounting data: up to 10 years, in line with Italian tax laws.
- Marketing / newsletter data: until consent is withdrawn or for a maximum of 24 months of inactivity.
- Cookies / technical logs: according to the durations specified in the Cookie Policy or in your browser.
6. Recipients and data processors
Personal data may be shared with service providers (hosting, site maintenance, e-mail providers, accounting/tax consultants) appointed, where appropriate, as Data Processors under Art. 28 GDPR.
When you click a booking link of third-party platforms (GetYourGuide, Viator, etc.), from that moment on your data are processed by those platforms under their own privacy policies, which you should read carefully.
7. Transfers outside the EU
Some service providers may be located or may have servers outside the European Union. In such cases, the Controller will adopt the safeguards required by Chapter V GDPR (adequacy decisions, Standard Contractual Clauses, supplementary measures).
8. Data subject rights
You can exercise the rights granted by Arts. 15–22 GDPR at any time:
- access to your personal data;
- rectification or update;
- erasure (“right to be forgotten”), where applicable;
- restriction of processing;
- objection to processing;
- data portability;
- withdrawal of consent, without affecting the lawfulness of processing based on consent before withdrawal.
Requests can be sent to: info@bitethecity.com. You also have the right to lodge a complaint with your national Data Protection Authority.
9. Data security
We implement appropriate technical and organisational measures (https, access control, backups) to protect personal data against loss, misuse or unauthorised access.
10. Children’s data
Our services are not intended for children under 16. If we become aware that we have collected data from a minor without the consent of a parent/guardian, we will erase such data without delay.
11. Updates to this notice
This Privacy Policy may be updated from time to time, especially in case of regulatory changes or new services. The most recent version is always available on this page.