Bespoke

Florence tours

by emotions in florence

Bespoke

Florence tours

by emotions in florence

Privacy policy

Last updated: April 16, 2026

Data Controller

The Data Controller of personal data collected through this website is Be Spoke Florence Tours by Emotions in Florence (Lucia Casini, Simona Bonichi), with registered office at Via S. Caterina d’Alessandria, 12 – 50123 Florence (Italy), email: [email protected].

Types of Data Collected

This website may collect, independently or through third parties, the following categories of personal data: cookies and other tracking tools, usage data, first name, last name, email address, phone number, country of residence, and number of children.

Any additional personal data collected may be indicated in specific information notices displayed at the time of data collection.

Personal data may be freely provided by the User, for example by filling out the contact form, or collected automatically when using the website.

Providing certain personal data may be necessary to allow the Controller to provide the requested services; failure to provide such data may make it impossible to fulfill the request.

The User assumes responsibility for any personal data of third parties shared through this website and guarantees having the right to communicate or distribute them, releasing the Controller from any liability.

Purposes of Processing

The User’s personal data are processed for the following purposes:

  • responding to requests for information, quotes, or contact;
  • providing the requested services;
  • monitoring traffic and analyzing website usage;
  • enabling interaction with social networks and external platforms;
  • complying with legal obligations;
  • establishing, exercising, or defending legal claims.

Legal Basis for Processing

The Controller processes personal data based on one or more of the following legal grounds:

  • performance of pre-contractual or contractual measures, when processing is necessary to respond to a User’s request or provide a requested service;
  • compliance with legal obligations, when processing is required by law;
  • legitimate interest of the Controller, within the limits allowed by law, such as for security purposes, fraud prevention, and legal defense;
  • User consent, where required, particularly for non-technical cookies, profiling tools, or third-party services that install tracking technologies.

Processing Methods

Personal data are processed using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated, in compliance with the principles of lawfulness, fairness, transparency, minimization, and security.

The Controller adopts appropriate technical and organizational measures to prevent unauthorized access, disclosure, modification, or destruction of personal data.

Authorized Persons and Data Processors

In addition to the Controller, personal data may be accessible to authorized internal personnel or external parties providing services to the Controller, such as, by way of example, technical service providers, hosting providers, IT consultants, legal advisors, maintenance providers, and communication agencies.

Where necessary, such parties are appointed as Data Processors pursuant to Article 28 of the GDPR. An updated list of processors can be requested from the Controller.

Place of Processing

Data are processed at the Controller’s premises and in any other location where the parties involved in the processing are located. For further information, Users may contact the Controller.

Data Retention Period

Personal data are retained for the time strictly necessary to achieve the purposes for which they were collected and, in any case, for the period required by applicable law or necessary to protect the Controller’s rights.

In particular:

  • data submitted via the contact form are retained for the time necessary to manage the request and any follow-up;
  • data processed for legal obligations are retained for the periods required by law;
  • data collected through cookies and tracking tools follow the retention periods indicated in the Cookie Policy or tool settings.

Details on the Processing of Personal Data

Contacting the User

Contact form

By filling in the contact form with their data, the User authorizes the Controller to use them to respond to requests for information, quotes, or other inquiries indicated in the form.

Personal data processed: first name, last name, email address, phone number.

Legal basis: performance of pre-contractual measures requested by the User.

Interaction with Social Networks and External Platforms

This website may allow interaction with social networks and external platforms directly from its pages, for example through buttons, widgets, links, or embedded content related to Facebook, Instagram, Pinterest, and Tripadvisor.

Such services may collect traffic data relating to the pages where they are installed even if the User does not use them.

Interactions and information acquired are subject to the User’s privacy settings for each platform.

Personal data processed: cookies, tracking tools, usage data.

Legal basis: User consent, where required.

Analytics

This website may use analytics services to monitor and analyze traffic data and understand User behavior.

Google Analytics

Google Analytics is a web analysis service provided by Google. It allows the Controller to analyze website usage, generate reports, and improve content and services.

Personal data processed: cookies, tracking tools, usage data.

Legal basis: User consent, where required.

Cookies and Other Tracking Tools

This website uses technical cookies and, subject to User consent, may also use cookies or similar tools for statistical, functional, experience, measurement, or marketing purposes, including third-party cookies.

Technical cookies, strictly necessary for the functioning of the website or the provision of a requested service, do not require User consent.

Non-technical cookies and other tracking tools are used only with the User’s free, specific, informed, and documented consent.

The User may manage, refuse, or withdraw consent at any time via the cookie banner, cookie preference center, or browser settings, noting that disabling some tools may affect website functionality.

For detailed information, Users can consult the Cookie Policy.

Transfers to Third Countries

Personal data may be processed by providers located outside the European Economic Area. In such cases, the Controller ensures that transfers are carried out in compliance with applicable law, adopting appropriate safeguards pursuant to Articles 44 et seq. of the GDPR, such as adequacy decisions or standard contractual clauses.

Legal Defense

Personal data may be used by the Controller to establish, exercise, or defend legal claims, including in case of misuse of the website or related services.

System Logs and Maintenance

For operation and maintenance purposes, this website and third-party services may collect system logs, which may include personal data such as the User’s IP address.

User Rights

Users may exercise their rights under Articles 15 and following of the GDPR.

  • access their personal data;
  • request rectification or deletion;
  • request restriction or object to processing;
  • request data portability where applicable;
  • withdraw consent at any time;
  • lodge a complaint with a supervisory authority.

Changes to This Privacy Policy

The Controller reserves the right to modify this Privacy Policy at any time. Changes will be published on this page.

Legal References

This Privacy Policy is drafted in accordance with Regulation (EU) 2016/679 (GDPR) and applicable data protection laws.