Privacy Policy of TauTouring.it

Last updated: January 16, 2026

1. Introduction

This Privacy Policy describes how we collect, use, store, and protect the personal data of users who visit and interact with the website tautouring.it (hereinafter “Site”).

Autonoleggio Tau Touring di Del Sarto Massimo S.R.L (hereinafter “Data Controller” or “we”) is committed to protecting users’ privacy and processing personal data in compliance with Regulation (EU) 2016/679 (GDPR) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (Italian Privacy Code).

We invite you to read this policy carefully to understand how your personal data is processed.

2. Data Controller

Autonoleggio Tau Touring di Del Sarto Massimo S.R.L.
Via Antonio Mordini 66 (Formerly Via Nuova) 55100 Lucca (LU) – Tuscany – Italy
VAT No. 02692980465
Email: info@tautouring.it

The Data Controller is responsible for collecting and processing your personal data through the Site.

3. Data Protection Officer (DPO)

Given the nature and size of the business, a Data Protection Officer has not been appointed. For any questions regarding the processing of your personal data, you can contact the Data Controller directly at the contact details provided above.

4. Types of Data Collected

During your browsing and interaction with our Site, we may collect the following categories of personal data:

4.1 Data voluntarily provided by the user

Identification data: first name, last name
Contact data: email address, phone number
Data submitted through forms: messages, information requests, content entered in contact forms
Booking data: name, email, and any notes provided when booking calls through contact forms.

4.2 Automatically collected data

Browsing data: IP address, browser type, operating system, pages visited, visit duration, navigation path
Cookies and tracking technologies: as described in our Cookie Policy, we use technical, analytical, and marketing cookies
Statistical data: number of visits, traffic sources, user behavior on the Site

4.3 Data from third parties

Social media: if you interact with our content on social media (LinkedIn, Instagram) or view content embedded from the Site, data may be collected according to the policies of the respective services

5. Purposes and Legal Basis for Processing

Your personal data is processed for the following purposes and on the following legal bases:

5.1 Technical and functional purposes of the Site (Legal basis: Legitimate interest – Art. 6, par. 1, lett. f) GDPR)

Ensuring the proper functioning of the Site
Managing IT security and preventing fraud
Resolving technical issues

Retention period: For the duration of the session or as necessary for the specific technical purpose

5.2 Managing contact requests and bookings (Legal basis: Performance of pre-contractual measures – Art. 6, par. 1, lett. b) GDPR)

Responding to your information requests via contact form, email, or WhatsApp
Providing quotes and commercial proposals
Managing the pre-contractual relationship

Retention period:

24 months from receipt of the request for contacts not converted into customers
10 years from termination of the relationship for active customers (for tax and legal obligations)

5.3 Provision of professional services (Legal basis: Performance of contract – Art. 6, par. 1, lett. b) GDPR)

Performing the requested and agreed services
Managing the contractual relationship
Archiving documents and materials related to projects
Fulfilling administrative, accounting, and tax obligations

Retention period: 10 years from termination of the relationship for tax, accounting, and legal obligations (Presidential Decree 600/1973)

5.4 Marketing and promotional communications (Legal basis: Consent – Art. 6, par. 1, lett. a) GDPR)

Sending email marketing via Brevo
Email automation sequences (funnels) to provide free content and propose services
Communications about news, updates, and offers related to our services
Sending free guides and informational materials

Retention period: Until consent is revoked or unsubscription from the mailing list

How to revoke: You can revoke your consent at any time by clicking the “Unsubscribe” link in every email or by writing to info@tautouring.it

5.5 Statistical analysis and Site improvement (Legal basis: Consent – Art. 6, par. 1, lett. a) GDPR)

Web traffic analysis via Google Analytics 4 and Matomo
Collection of aggregated statistics on user behavior
Improving user experience and content optimization

Retention period:

Google Analytics 4: up to 26 months
Matomo: up to 13 months

5.6 Advertising and remarketing (Legal basis: Consent – Art. 6, par. 1, lett. a) GDPR)

Creating advertising campaigns on Facebook, Instagram, and LinkedIn
Remarketing to users who have already visited the Site
Conversion tracking and campaign optimization
Creating custom audiences

Retention period:

Google Ads (conversion and remarketing cookies): up to 540 days

5.7 Legal obligations (Legal basis: Legal obligation – Art. 6, par. 1, lett. c) GDPR)

Fulfillment of tax, accounting, and administrative obligations
Response to requests from competent authorities
Document retention according to current regulations

Retention period: According to the terms provided by tax and accounting regulations (generally 10 years)

6. Processing Methods

Personal data is processed using electronic and paper-based tools, with logic strictly related to the stated purposes and with the adoption of adequate security measures to ensure the confidentiality, integrity, and availability of the data.

Data is processed at the Data Controller’s premises and at the servers of the third-party service providers used (see section 8).

7. Data Recipients

Your personal data may be communicated or accessible to the following categories of recipients:

7.1 Authorized personnel

The Data Controller and any persons authorized by the Data Controller who need access to the data for the purposes described above.

7.2 Service providers (Data Processors)

Data may be communicated to third parties who provide services on behalf of the Data Controller, including:

Hosting and infrastructure services:

Vhosting – Website hosting
Google LLC – Google Drive for document storage

Communication services:

Google LLC – Google Meet for video conferencing
WhatsApp (Meta Platforms Ireland Limited) – Messaging service

Analytics and tracking services:

Google LLC – Google Analytics 4, Google Tag Manager
Matomo (self-hosted) – Analytics
Meta Platforms Ireland Limited – Facebook Pixel

WordPress plugins and tools:

FluentForms – Contact form management

These parties are designated as Data Processors pursuant to Art. 28 GDPR and process data exclusively according to the Data Controller’s instructions.

7.3 Professionals and consultants

Accountants, tax consultants, legal advisors, or other professionals who assist the Data Controller, bound by professional secrecy and confidentiality obligations.

7.4 Public authorities

When required by law, data may be communicated to public authorities, law enforcement, tax authorities, or judicial authorities.

8. Data Transfer Outside the EU

Some of the services we use involve the transfer of your personal data to countries outside the European Economic Area (EEA), particularly to the United States of America.

Such transfers are made on the basis of adequate safeguards provided by the GDPR, such as:

Standard Contractual Clauses (SCC) approved by the European Commission
Data Privacy Framework (DPF) between the EU and USA for certified companies
Other appropriate safeguards pursuant to Articles 44-49 GDPR

The main services that transfer data outside the EU are:

Google LLC (USA) – Google Analytics, Google Tag Manager, Google Drive, Google Meet

You can request more information about the safeguards applied by contacting us at info@tautouring.it.

9. Data Retention Period

Personal data will be retained for the time strictly necessary to achieve the purposes for which it was collected:

Purpose	Retention Period
Managing non-converted contact requests	24 months from receipt
Managing active customers and contractual documents	10 years from termination of the relationship
Email marketing and newsletter (Brevo)	Until unsubscription or consent revocation
Statistical analysis (Google Analytics 4)	Up to 26 months
Statistical analysis (Matomo)	Up to 13 months
Marketing cookies (Facebook Pixel)	Up to 2 years
Marketing cookies (LinkedIn Insight Tag)	Up to 180 days
Tax and accounting obligations	10 years (legal obligations)
Technical cookies	Session duration

At the end of the retention period, data will be deleted or irreversibly anonymized, unless further retention is necessary for compliance with legal obligations or for the establishment, exercise, or defense of legal claims.

10. Data Subject Rights

In accordance with the GDPR (Articles 15-22), you have the right to:

10.1 Right of access (Art. 15 GDPR)

Obtain confirmation of the existence of personal data concerning you and receive a copy of it, as well as information about its processing.

10.2 Right to rectification (Art. 16 GDPR)

Request the correction of inaccurate personal data or the completion of incomplete data.

10.3 Right to erasure / Right to be forgotten (Art. 17 GDPR)

Obtain the deletion of your personal data when:

They are no longer necessary for the purposes for which they were collected
You have withdrawn consent and there is no other legal basis
You have objected to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
They must be deleted to comply with a legal obligation

10.4 Right to restriction (Art. 18 GDPR)

Obtain the restriction of processing when:

You contest the accuracy of the personal data
The processing is unlawful but you do not want deletion
The data is no longer needed but you require it to defend a legal claim
You have exercised the right to object pending verification

10.5 Right to data portability (Art. 20 GDPR)

Receive the personal data concerning you in a structured, commonly used, and machine-readable format, and transmit it to another controller without hindrance.

10.6 Right to object (Art. 21 GDPR)

Object to the processing of your personal data for reasons connected to your particular situation, when processing is based on the legitimate interest of the Data Controller.

For direct marketing, you always have the right to object to processing without needing to provide reasons.

10.7 Right to withdraw consent (Art. 7, par. 3 GDPR)

Withdraw at any time the consent given for data processing, without affecting the lawfulness of processing based on consent given before its withdrawal.

Consent withdrawal for email marketing can be done by clicking the “Unsubscribe” link in every email.

10.8 Right to lodge a complaint

You have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data violates the GDPR.

Italian Data Protection Authority (Garante per la Protezione dei Dati Personali)
Piazza Venezia, 11 – 00187 Rome
Tel. +39 06 696771
Email: garante@gpdp.it
PEC: protocollo@pec.gpdp.it
Website: www.garanteprivacy.it

How to exercise your rights

To exercise your rights, you can contact the Data Controller:

Email: info@tautouring.it
Postal address: Via Antonio Mordini 66 (Formerly Via Nuova) 55100 Lucca (LU) – Tuscany – Italy

The Data Controller will respond to your request without undue delay and, in any case, within one month of receiving the request. This period may be extended by two months if necessary, taking into account the complexity and number of requests.

11. Data Security

The Data Controller adopts appropriate technical and organizational measures to ensure a level of security appropriate to the risk, pursuant to Art. 32 GDPR.

The security measures implemented include:

Use of encrypted connections (HTTPS/SSL) for data transmission
Authentication systems and access controls
Regular data backups
Use of antivirus software and firewalls
Periodic updates of systems and applications
Training of authorized personnel on secure data processing
Pseudonymization and encryption of data when appropriate

Despite the adoption of these measures, no Internet transmission system or electronic storage system is completely secure. We are committed to protecting your personal data, but we cannot guarantee the absolute security of information transmitted to our Site.

12. Cookies and Tracking Technologies

The Site uses cookies and similar tracking technologies. For detailed information on which cookies we use, for what purposes, and how to manage your preferences, please refer to our Cookie Policy.

13. Links to Third-Party Sites

Our Site may contain links to third-party websites. We are not responsible for the privacy practices of such external sites. We encourage you to read the privacy policies of every website you visit.

14. Minors

The Site is not intended for minors under 18 years of age, and we do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a minor without parental consent, we will take steps to delete such information as soon as possible.

15. Changes to the Privacy Policy

We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our services, applicable regulations, or our data processing practices.

All changes will be published on this page with the “Last updated” date indicated at the top of the document. In case of substantial changes that require new consent, we will inform you via email or through a notice on the Site.

We encourage you to periodically check this page to stay informed about how we protect your personal data.

16. Contact Us

For any questions, requests for clarification, or to exercise your rights regarding the processing of personal data, you can contact us:

Autonoleggio Tau Touring di Del Sarto Massimo S.R.L.
Via Antonio Mordini 66 (Formerly Via Nuova) 55100 Lucca (LU) – Tuscany – Italy
VAT No. 02692980465
Email: info@tautouring.it

We will be happy to respond to all your requests and provide you with any additional information you may need.