Skip to main content

Travel Sicily by Promotour srl

Information on the processing of personal data pursuant to Regulation (EU) 2016/679

Last updated: July 2026

This Privacy Policy describes how Promotour S.r.l., through the website www.travel-sicily.it, processes the personal data of users who visit the website and/or use the contact form.

This information notice is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679, the “General Data Protection Regulation” or “GDPR”.


1. Data Controller

The Data Controller is:

Promotour S.r.l.
Via Piersanti Mattarella 20
90141 Palermo, Italy
VAT No.: IT03652890827
Email: info@travel-sicily.it
Phone: +39 091 508 2160

For any request concerning the processing of personal data, users may contact the Data Controller at the email address indicated above.


2. Categories of personal data processed

The following categories of personal data may be processed through the website.

Data voluntarily provided by the user

When the user fills in the contact form or sends a request by email, the following data may be collected:

  • first and last name;
  • company, school, agency or institution;
  • country;
  • email address;
  • phone number or WhatsApp contact;
  • type of request;
  • destination of interest;
  • approximate travel or event period;
  • number of participants;
  • any information voluntarily entered in the message field.

Users are invited not to include special or sensitive data in the form, such as data concerning health, religious, political or trade union beliefs, or any other information that is not necessary for managing the request.

Browsing data

The IT systems and software procedures used to operate the website may acquire, during their normal operation, certain technical data whose transmission is implicit in the use of Internet communication protocols.

This category may include, by way of example:

  • IP address;
  • browser type;
  • operating system;
  • date and time of access;
  • pages visited;
  • technical information relating to browsing.

Such data are used solely to ensure the proper functioning of the website, obtain anonymous statistical information on website use and prevent possible abuse or harmful activities.


3. Purposes of processing

Personal data may be processed for the following purposes:

a) Managing contact requests

Data entered in the form or sent by email are used to respond to user requests relating to MICE programs, private groups, school groups, educational travel, cultural, nature-based and volcanological experiences in Sicily and Italy.

b) Preparing commercial proposals or quotations

Where the user’s request concerns a specific program, event, trip or service, the data may be used to analyse the request and prepare a tailor-made proposal.

c) Managing pre-contractual and contractual communications

Data may be used to manage communications required before, during or after the possible establishment of a commercial relationship.

d) Compliance with legal obligations

Data may be processed to comply with tax, administrative, accounting or other applicable legal obligations.

e) Website security and proper functioning

Technical browsing data may be processed to ensure website security, prevent unauthorized access, fraudulent or harmful activities and guarantee the proper functioning of the web pages.


4. Legal basis of processing

The processing of personal data is based on the following legal grounds:

  • performance of pre-contractual or contractual measures, when processing is necessary to respond to a user request or prepare a proposal;
  • compliance with legal obligations, when processing is required by tax, administrative or accounting regulations;
  • legitimate interest of the Data Controller, to ensure website security, prevent abuse and manage communications with users, clients or potential clients;
  • user consent, where required, for any processing that is not strictly necessary, such as sending promotional communications or newsletters.

At present, unless otherwise indicated in specific forms, the website does not provide for automatic newsletter subscription or the sending of periodic promotional communications.


5. Processing methods

Personal data are processed using IT, telematic and, where necessary, paper-based tools, in accordance with the principles of fairness, lawfulness, transparency, data minimisation and security.

The Data Controller adopts appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, disclosure, alteration or destruction.


6. Provision of data

The provision of the data requested in the contact form is necessary to allow the Data Controller to respond to the user’s request.

Failure to provide the data marked as mandatory may make it impossible to send the form or manage the request.

The provision of additional, non-mandatory data is optional.


7. Recipients of personal data

Personal data may be processed by:

  • internal staff authorised by the Data Controller;
  • providers of IT services, hosting, website maintenance and technical management;
  • administrative, tax, legal or professional consultants, where necessary;
  • suppliers or operational partners involved in preparing a proposal or managing services requested by the user;
  • public authorities or authorised entities, in the cases provided for by law.

External parties processing personal data on behalf of the Data Controller are, where necessary, appointed as Data Processors pursuant to Article 28 GDPR.


8. Transfer of data outside the European Economic Area

Personal data are mainly processed within the European Economic Area.

Where, for technical or operational reasons, certain data are processed by providers located outside the European Economic Area, the transfer will take place in compliance with the safeguards provided for by the GDPR, such as adequacy decisions of the European Commission, standard contractual clauses or other instruments provided for by applicable legislation.


9. Data retention period

Personal data will be retained for the time necessary to pursue the purposes for which they were collected.

In particular:

  • data sent through the contact form will be retained for the time necessary to manage the request and any subsequent commercial relationship;
  • data relating to commercial requests or quotations may be retained for administrative, organisational and legal protection purposes;
  • data subject to tax, accounting or administrative obligations will be retained for the periods required by law;
  • technical browsing data will be retained for the time strictly necessary for the functioning and security of the website, unless required for the investigation of unlawful activities.

10. Cookies and tracking tools

The website may use technical cookies necessary for the proper functioning of the web pages and services requested by the user.

Any analytical, profiling, marketing cookies or third-party tools will be used only if present on the website and, where required by law, subject to the user’s prior consent.

For further information on the cookies used by the website, users may consult the specific Cookie Policy, where available.


11. Data subject rights

The user, as data subject, may exercise the rights provided for by Articles 15 and following of the GDPR.

In particular, the user has the right to:

  • request access to their personal data;
  • request rectification of inaccurate data;
  • request erasure of data, in the cases provided for by law;
  • request restriction of processing;
  • object to processing, in the cases provided for;
  • request data portability, where applicable;
  • withdraw consent given, without affecting the lawfulness of processing based on consent before its withdrawal;
  • lodge a complaint with the competent supervisory authority.

Requests may be sent to the Data Controller by writing to:

info@travel-sicily.it


12. Complaint to the Supervisory Authority

If the user believes that the processing of their personal data is carried out in breach of applicable legislation, they have the right to lodge a complaint with the Italian Data Protection Authority or with the competent supervisory authority in the EU Member State where they reside, work or where the alleged infringement occurred.


13. Changes to this Privacy Policy

The Data Controller reserves the right to amend or update this Privacy Policy at any time, including as a result of regulatory, technical or organisational changes.

Any changes will be published on this page. Users are therefore invited to consult this Privacy Policy periodically.