Privacy Policy

pursuant to EU Reg. 2016/679 and current legislation

Introduction: the GDPR and privacy

The General Data Protection Regulation (GDPR) or General Data Protection Regulation is a regulation (EU 2016/679) with which the European Commission intends to strengthen and homogenise the protection of personal data of citizens and residents of the European Union, within or outside its borders. This regulation supersedes the privacy laws of individual states and has been in force since 25 May 2018.

For more information, you can see the official text of the GDPR, the website of the privacy guarantor and the dedicated page on Wikipedia.

In accordance with the GDPR, this policy is intended to explain in a clear and simple way what personal data is collected through this website, where it is stored, for how long, for what purposes and how you can update it or request its deletion.

Who is the Data Controller: EPPI EVenti & Promozioni S.r.l.

EPPI EVenti & Promozioni S.r.l. (hereinafter the "Company") safeguards the confidentiality of personal data and guarantees them the necessary protection from any event that might put them at risk of violation.

As provided for by the European Union Regulation No. 679/2016 ("GDPR"), and in particular Article 13, below we provide the user ("Data Subject") with the information required by law regarding the processing of their personal data. (which we will refer to as the "Website") are websites owned by EPPI Eventi & Promozioni S.r.l. to which we will refer hereafter simply as the "Company".

EPPI Eventi & Promozioni S.r.l. our company, is based in Rome, via di Vigna Stelluti, 212 - 00191 Roma - P.IVA 05294021000.
Company manages the sites listed above and controls the management of personal data as described in this policy, in accordance with current privacy laws (General Data Protection Regulation (GDPR) - EU Regulation 2016/679).

You can contact us by email at

On what legal basis does Azienda collect and manage personal data?

Company uses as a legal basis the need to process personal data for the performance of its services, which include the sale of tourist products and services, transactional communication of orders from its Website catalogue. Without collecting the required data, it would not be possible to provide the aforementioned services.

Company then relies on its legitimate business interests to provide its services, promote them, prevent fraud and spam and improve its services.

Where required by applicable law, we will ask for your consent before processing your personal data for direct marketing purposes.

What kind of data does Company collect on the Website?

Company collects information that you provide to us via the contact and/or purchase forms on this site. For users requesting information or purchasing products or services this information includes your name, email, phone number and any other information you choose to include in your request.

For users wishing to join our affiliate programme we collect data on company name, official site, phone number and email, business interests, city and province, as well as the date of the request and the site from which the request originated.

For each form submission on our sites we also collect data about the browser and operating system used and the IP address, to combat spam and to identify any usability problems with our sites with particular configurations and devices.

When you visit our sites we automatically collect certain information. For example, your IP address, the date and time you access our site, the hardware, software or browser you use, and information about your computer's operating system and language settings. We also collect information about your clicks and the pages you have viewed, as well as information about which sites or marketing campaigns you used to arrive at our sites.

The Company does not require the data subject to provide any so-called "special" data, i.e., in accordance with the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning a person's health or sexual life or sexual orientation. In the event that the service requested from the Company requires the processing of such data, the interested party will be informed in advance and will be asked to give his/her consent.

Why does the Company collect this data on the Website?

The data sent to us through the form on these sites is first and foremost used to provide the information, including any offers, explicitly requested through the form itself.

For data relating to users who wish to join our affiliation programme, we collect the information that the user enters in the form in order to be able to send, by email or telephone, information and the contract for joining the affiliation programme as well as the relevant transactional communications of orders and anything else relevant to the service offered in the event that the user joins our affiliation programme.

Only with your explicit consent may we also send you any offers relating to services related to visibility on our sites or otherwise targeting products and services that we believe may be of interest to you.

We keep your request in our archives for statistical purposes and as a backup, so that we can resend it if necessary.

To those who make a request or purchase, Azienda also sends an email confirming that the request or purchase has been correctly made and this email may contain information, including links to articles and offers on Azienda websites.

Only with your explicit consent may we send you further commercial communications via email or SMS containing information and offers of interest about our Products and Services.

Further explicit consent may be required to send further commercial communications via email or SMS containing information and offers from third parties or partners of the Company.

Lastly, the data entered in the forms may be used to show you personalised online advertising campaigns (remarketing) instead of generic advertisements, through specialised platforms such as Google Adwords, Bing Ads, Facebook Advertising and Criteo. In this case, site users are grouped into virtual lists, in an aggregate form that cannot be traced back to individual users, based on the information entered and choices made on this site and others owned by the company, based on the site and pages visited and actions taken on the site such as sending an enquiry or subscribing to a newsletter. In this way we try to show you advertisements targeted to your interests, through advertising platforms such as Google Adwords, Bing Ads, Facebook Advertising and Criteo, instead of generic ads.

Where is the data collected stored and for how long?

The data collected both from our forms and from browsing our sites are collected through the following platforms:

  • Google Analytics - for data related to site navigation and purchase.
  • Google Tag Manager - for data relating to site navigation and purchasing.
  • Criteo - for data relating to purchases, navigation and choices made on the site.
  • InspectLet - for site navigation and shopping data.
  • Bing Ads - for site browsing and purchasing data.
  • Google AdWords - for site navigation and purchasing data.
  • Google Gmail - Each form generates an email addressed to Company which stores it in Gmail accounts ()
  • Google Documents Pages - Data can be exported to documents stored in Google's service, Google Suite
  • Mailchimp - for requests sent via forms and subscriptions to our newsletters
  • Amazon SES AWS - for requests sent via forms and subscriptions to our newsletters
  • On databases stored on our servers at the provider
  • On documents and databases stored at the company's premises in Florence, Italy.
  • On documents and databases stored at the Amazon AWS service

Transmission of personal data as described in this Privacy Policy may include transfer overseas to countries that do not have data protection laws as comprehensive and complete as those of European Union countries. Where required by EU law, we will only transfer personal data to recipients that offer an adequate level of data protection. Google, Bing, Amazon, Facebook, Criteo and Mailchimp are leading international companies and their servers are distributed worldwide, including outside the EU countries. has its servers in Strasbourg, France. In some cases, data may also be stored in other data centres in the network. For more information please consult the OVH. com data centre network or contact us. Company based in Florence, Italy

The Company relies on special procedures to prevent unauthorised access to data, as well as its misuse. Only authorised personnel may access personal data in the course of their work. We retain your personal data for as long as we deem necessary to enable you to use our services, to advertise our services, to conduct our business, to comply with legal obligations and to resolve disputes. All personal data held by us is governed by this Privacy Policy. If you have questions about a specific data retention period for certain types of personal data we process, please contact us as indicated below.

With whom is collected data shared?

The data collected through the request and/or purchase forms arrive, in the form of email, both to Company, which operates the Websites, and to the sender. Other than the use stated in this policy, data is not shared with any other third party.

Data collected through the forms with which the user wishes to join the affiliate programme is not shared by Azienda with any third party.

Site navigation and usage information collected through tools such as Google Analytics is only shared in aggregate (i.e., not linked to individual users) with Company employees and partners.

We only share certain personal data, including your email address, with advertising partners for the purpose of advertising the Website (to ensure that the most appropriate target audience receives relevant ads). We undertake to always share e-mail addresses in an encrypted format so that they can be matched to existing customer databases.
Third parties to whom the company entrusts the performance of certain activities such as tax compliance, IT or business consulting, fraud prevention, debt collection. In these cases the recipients of the communication are appointed as data processors

How does Azienda handle children's personal data?

The services offered by are intended only for persons over the age of 16. For persons under the age of 16, use of our services is only permitted with the consent of their parents or legal guardian. If we become aware of the processing of data of persons under 16 years of age without the valid consent of a relative or legal guardian, we reserve the right to delete such data.

How can you check, update and possibly delete personal data that you have shared with the Company?

At the request of the data controller and in accordance with current privacy laws (General Data Protection Regulation (GDPR) - EU Regulation 2016/679), Azienda undertakes to have the personal data in its possession reviewed, amended or deleted.

The easiest way to do this is to send us an email to in which you can ask us to view, update or definitively delete the data concerning you that we have in our files.

Every communication from us sent via the Mailchimp platform, the server of this site, via SMTP of the provider or via Amazon SES AWS also includes a link from which you can update your data and consent and possibly choose not to be contacted again in the future.

We do our best to respond promptly and comprehensively to every request as is our duty. It is always your right to lodge a complaint with the supervisory authority.

This Policy may be changed in the future, so please visit this page regularly to be aware of any updates.


All content on the site, including text, photographs and graphics is the property of Azienda, with the exception of photographic content owned by third parties and used with permission. All content on the site is protected by Italian and European copyright laws, no content may be copied or imitated in whole or in part without the written consent of Azienda.