Privacy policy

Personal Data Processing Notice (Privacy Policy)

Last updated: August 28, 2025
Effective date: August 28, 2025

1. Who we are (Data Controller)

Champions Tours
Registered office: Via Stella 19, 37121 Verona (VR), Italy
Email: championtoursita@gmail.com | Tel.: +9718000321010
Website: https://champions-tour.com/

The Data Controller determines the purposes and means of processing personal data collected through the Website (the “Service”).

Language: This notice is drafted in Italian. In the event of discrepancies with any translations, the Italian version shall prevail.

2. Types of data collected

Depending on how you interact with the Service, we collect and process the following categories of data:

  • Identification and contact data: first name, last name, email address, mobile phone number.

  • Browsing/technical data: IP address, user-agent, online identifiers (cookies/pixels), device information.

  • Transactional data: information related to orders and payments (amounts, currency, payment outcomes). Card data are handled by third-party payment providers; Champions Tours does not store full card details.

  • Feedback and content: reviews, testimonials, messages sent via our support channels.

We do not intentionally collect special categories of data (e.g., health data) or data relating to minors without appropriate parental/guardian consent.

3. Methods of collection

Data are collected:

  • Directly from the user: contact forms, quote requests, subscription to promotional communications, support requests.

  • Automatically: via cookies, pixels, and similar technologies (see §9 and the Cookie Policy).

  • From third parties: solely for technical/operational purposes (e.g., payment gateways, analytics or advertising tools).

4. Purposes and legal bases (Art. 6 GDPR)

We process data for the following purposes:

  • Service delivery, request management, orders and payments; legal basis: performance of a contract or pre-contractual measures.

  • Customer support and service communications; legal basis: contract and/or legitimate interest in ensuring proper operation of the Service.

  • Administration and legal compliance (accounting/tax obligations, IT security, abuse/fraud prevention); legal basis: legal obligation and legitimate interest.

  • Direct marketing (email/SMS/WhatsApp) and testimonials, basic profiling to propose relevant content/offers; legal basis: consent. For existing customers, we may rely on soft opt-in for similar products/services, in accordance with Art. 130(4) of the Italian Privacy Code, unless you object.

  • Analytics and Service improvement (aggregated statistics); legal basis: consent for non-technical cookies/IDs, or legitimate interest where tools are configured in compliance with applicable guidelines.

We may request additional consent if we intend to use data for further purposes not compatible with those described herein.

5. Provision of data

Providing data marked as necessary is essential to handle requests and deliver the requested services. Failure to provide such data may prevent the Service from being delivered.

6. Recipients and categories of providers

Data may be disclosed to:

  • Technical providers (hosting/CDN, IT maintenance, security).

  • Payment gateways and banking institutions for payment processing.

  • Communication platforms and CRMs for sending communications and managing relationships.

  • Analytics and advertising platforms (e.g., measurement/remarketing tools, ad networks), subject to consent where required.

  • Advisors/public bodies for legal/accounting compliance or legal defense.

These parties generally act as Data Processors under Art. 28 GDPR pursuant to written agreements; some entities (e.g., authorities, banks) act as independent Data Controllers.

An up-to-date list of Data Processors is available upon request at the email address indicated above.

7. Transfers outside the EEA

Some providers may operate outside the European Economic Area. In such cases, transfers are carried out in compliance with Arts. 44–49 GDPR, using Standard Contractual Clauses (SCCs), adequacy decisions, or other appropriate safeguards.

8. Retention periods

We apply data minimization and storage limitation principles:

  • Contractual/billing data: up to 10 years (civil and tax obligations).

  • Support communications: up to 24 months from the ticket/last interaction.

  • Marketing (data and consents): up to 24 months (or until opt-in is withdrawn/objection is raised).

  • Technical and security logs: up to 12 months, unless needed to investigate abuse or for legal defense.

  • Cookies/online IDs: as specified in the Cookie Policy.

  • Backups: for the strictly necessary technical time required for restore procedures.

Anonymized/aggregated data may be retained longer for statistical purposes.

9. Cookies and similar technologies

We use necessary technical cookies and, subject to consent, analytics and marketing cookies/pixels (e.g., for conversion measurement and targeted advertising).
User choices are managed through a consent banner and a Preferences Center.
For details (types, purposes, durations, third parties), please see our Cookie Policy available in the Website footer.

10. Data security

We implement appropriate technical and organizational measures (TLS/HTTPS, access controls, necessity and minimization principles, monitoring and technical logging). Online payments are handled by certified providers; we do not store full card details. While no measure can guarantee absolute security, we maintain incident-response procedures and, where required, breach notification processes (Arts. 33–34 GDPR).

11. Data subject rights

Under the GDPR, you have the right to:

  • Access, rectify, or delete your data;

  • Restrict or object to processing;

  • Withdraw consent at any time;

  • Obtain data portability.

To exercise your rights, email championtoursita@gmail.com.
We will respond within 30 days (extendable where permitted).
Complaints: You may contact the Italian Data Protection Authority (www.garanteprivacy.it) or the authority in your Member State.

California residents (CPRA/CCPA) – where applicable

If you reside in California, additional rights may apply (access, deletion, correction, limitation of use of Sensitive Personal Information, opt-out of “sale”/“sharing” for cross-context behavioral advertising, non-discrimination). We honor Global Privacy Control (GPC) signals where technically supported. To exercise these rights, contact us at the email above.

12. Minors

The Service is not intended for users under 16. If you believe a minor has provided data without parental consent, please contact us for deletion.

13. Links to third-party sites

The Website may contain links to third-party resources not controlled by the Data Controller. Please review their privacy policies. We are not responsible for processing carried out by such third parties.

14. Changes to this notice

We may update this notice for legal, technical, or business reasons. Changes take effect upon publication on the Website; in case of material changes, we will provide appropriate notice (e.g., banner/email, where applicable). The date at the top indicates the last update.

15. Privacy contacts

Champions Tours – Privacy
Via Stella 19, 37121 Verona (VR), Italy
Email: championstoursita@gmail.com
Tel.: +9718000321010