ToursAboutContactAccountBook Now

Legal

Privacy Policy

Last updated: 24 May 2025

1. Who We Are

Golden Ticket ("we", "us", "our") is a private tour and experience company operating in Rome, Italy. Our registered contact address is Rome, Italy. You can reach us at info@goldenticket.travel or +39 392 515 5490.

This policy explains how we collect, use, and protect personal information when you visit our website or book an experience with us.

2. Information We Collect

We collect information you give us directly, including:

  • Booking information — your name, email address, phone number, number of guests, and any special requests you submit when making a booking.
  • Account information — email address and password if you create a customer account.
  • Payment information — we use third-party payment processors (such as Stripe). We do not store your card number or full payment details on our servers.
  • Communications — messages you send via our contact form or support cases.

We also collect limited technical data automatically:

  • Browser type, device type, and IP address (for security and fraud prevention).
  • Pages visited and time spent (via server logs and analytics).

3. How We Use Your Information

We use your data to:

  • Process and confirm tour bookings.
  • Send booking confirmations, reminders, and tour-day logistics by email.
  • Respond to support enquiries and manage your account.
  • Process payments securely through our payment processor.
  • Comply with legal obligations (accounting records, tax filings).
  • Improve our website and services based on aggregated, anonymised usage data.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

4. Legal Basis for Processing (GDPR)

For visitors from the European Economic Area, our legal bases for processing are:

  • Contract performance — processing your booking and delivering the service you purchased.
  • Legitimate interests — fraud prevention, security, and improving our services.
  • Legal obligation — retaining financial records as required by Italian and EU law.
  • Consent — where we ask for it explicitly (e.g. marketing emails you opt into).

5. Data Sharing

We share your data only where necessary:

  • Payment processors — Stripe or similar, to handle card transactions.
  • Booking platform partners — Viator and GetYourGuide receive booking data for reservations made through those platforms, under their respective privacy policies.
  • Email providers — used to send transactional emails (booking confirmations, OTP codes).
  • Legal authorities — if required by law or to protect our rights.

All third-party processors we use are contractually required to keep your data secure and use it only for the purposes we specify.

6. Data Retention

We retain booking and financial records for 7 years as required by Italian tax law. Account information is retained while your account is active and for 2 years after your last booking. You may request deletion of your account at any time (see Section 8).

7. Cookies

Our website uses strictly necessary session cookies to keep you logged in to your account. We use Cloudflare Turnstile on forms for spam prevention; Cloudflare's cookie and data practices are governed by Cloudflare's Privacy Policy. We do not currently use advertising or tracking cookies.

8. Your Rights

Under GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion of your data (subject to legal retention requirements).
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, email us at info@goldenticket.travel. We will respond within 30 days. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at garanteprivacy.it.

9. Data Security

We use industry-standard security measures including HTTPS encryption, hashed passwords, and access controls to protect your data. No method of transmission over the internet is 100% secure; however, we take all reasonable steps to protect your information.

10. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions, contact us at:
Email: info@goldenticket.travel
Phone: +39 392 515 5490
Address: Rome, Italy