Anima of ItalyApply

Legal

Privacy Policy

Last updated: April 17, 2026

This Privacy Policy explains how Tati Travel S.r.l. (“Anima of Italy”, “we”, “us”) collects, uses, and safeguards the personal data of visitors and applicants on animaofitaly.com. We have written it in plain English and we welcome questions at any time.

1. Data controller

The data controller is:

Tati Travel S.r.l.
Via [PLACEHOLDER], Perugia, Italy
VAT / P.IVA 03720110547
SCIA prot. 29231 del 17/02/2020
Email: privacy@animaofitaly.com

2. What we collect

When you submit an application on this site we collect:

  • Identity & contact data: first name, email address, phone number.
  • Travel preferences: your answers to the 13-question application (past Italy trips, interests, travel style, budget bracket, ideal timing, composition of your travel party).
  • Technical & marketing data: IP-based country, user agent, referral URL, UTM parameters, advertising click identifiers (fbclid, gclid) when you arrive from a paid campaign.

We do not collect special-category data (health, religion, biometrics). Please do not include such information in the free-text fields of the application.

3. Why we process your data (legal basis)

  • To evaluate your application and contact you — performance of pre-contractual measures at your request (GDPR Art. 6(1)(b)).
  • To tailor our selection and itinerary — our legitimate interest in matching travellers and experiences (Art. 6(1)(f)).
  • Marketing analytics and advertising measurement — your explicit consent, given through our cookie banner (Art. 6(1)(a)). You can withdraw it at any time.
  • Legal obligations — accounting, tax, and travel-industry record-keeping (Art. 6(1)(c)).

4. Who we share your data with

We rely on a short list of vetted sub-processors, each bound by a data processing agreement:

  • Supabase, Inc. (United States) — application database hosting.
  • Vercel Inc. (United States) — website and serverless function hosting.
  • Resend Inc. (United States) — transactional email delivery.
  • Meta Platforms, Inc. (United States) — advertising measurement (only if you accept marketing cookies).
  • Google LLC (United States) — analytics (only if you accept analytics cookies).
  • Functional Software, Inc. (Sentry) — error monitoring, when enabled.

We never sell your data. We never share it with third-party brokers, data marketplaces, or unaffiliated tour operators.

5. International data transfers

Our sub-processors above are based in the United States. Transfers outside the European Economic Area are covered by the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, the EU–U.S. Data Privacy Framework. You may request a copy of the clauses by writing to the email address in Section 1.

6. How long we keep your data

  • Application records that do not convert into a booking: 24 months from submission, then deleted or anonymised.
  • Records connected to a completed journey: 10 years, as required by Italian accounting and travel-contract law.
  • Marketing and analytics event data: 14 months (Google Analytics default), or as long as you leave consent active.

7. Your rights

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the right to: access your data, correct it, delete it, restrict or object to its processing, and receive a portable copy. You can also lodge a complaint with your local supervisory authority — in Italy, the Garante per la protezione dei dati personali.

If you are a California resident, under the CCPA/CPRA you have equivalent rights to know, delete, correct, and limit the use of your personal information. We do not sell or share personal information as those terms are defined in the CCPA/CPRA.

To exercise any of these rights, email privacy@animaofitaly.com. We reply within 30 days.

8. Cookies and tracking

We use a minimal set of cookies and equivalent technologies. For details — including how to refuse or withdraw consent at any time — see our Cookie Policy.

9. Security

All data is transmitted over HTTPS. Application records are stored in a database with row-level security that permits access only through our authenticated server-side code, never from the browser. Access is limited to team members who need it for selection and hospitality.

10. Changes to this policy

We may update this policy to reflect changes in law or in the services we use. The date at the top of this page always indicates the latest revision. Material changes will be announced on the homepage.