---

PRIVACY POLICY – BUZZ EXPERIENCE SRLS

Last update: January 21, 2026

This policy is provided pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR") and describes how the personal data of users who browse and use the website www.buzzexperience.it (hereinafter, the "Website").

1) Data controller

The Data Controller is:

Buzz Experience SRLS
Headquarters: Corso Garibaldi, 63 – 72100 Brindisi BR), Italy
Email: info@buzzexperience.it
(hereinafter, the "Data Controller").

2) Types of personal data processed

The Data Controller may process the following categories of personal data:

2.1 Browsing data

During normal operation, the IT systems and software procedures used to operate the Website acquire some personal data, including:

• IP address and technical data of the device;
• browser, operating system, language;
• pages visited, duration of visit, interactions;
• date and time of access;
• error data and security logs.

2.2 Data provided voluntarily by the user

The Data Controller processes the data provided directly by the user through:

• contact forms;
• requests for information/quotes;
• reservations and purchases;
• communication via email, telephone, or WhatsApp;
• support chat.

Examples of data: first name, last name, email address, telephone number, message content, preferences, dates, number of participants, information useful for providing the service.

2.3 Data relating to orders and reservations (WooCommerce / Booking)

In the event of a purchase or reservation through the Website, data such as the following may be processed:

• personal and contact details;
• order/reservation details;
• billing information (where required);
• information necessary for the proper performance of the service.

2.4 Payment details

Online payments are made through external providers (e.g., Stripe).
The Data Controller does not normally process or store complete payment card details, which are managed directly by the provider in accordance with its own security standards.

2.5 Data collected through cookies and tracking tools

The Website may collect data through cookies and similar technologies (e.g., pixels, tags), including:

• online identifiers;
• browsing and behavioral data;
• conversion events and interactions with advertising campaigns.

3) Purpose of processing and legal basis

Personal data is processed for the following purposes:

3.1 Request and contact management

To respond to requests for information, quotes, and assistance.

• Legal basis: Article 6(1)(b) GDPR (pre-contractual measures/contract)

3.2 Reservations, purchases, and management of tourist services

To manage orders, reservations, vouchers, tours, experiences, and related activities.

• Legal basis: Article 6(1)(b) GDPR (contract)

3.3 Legal and tax obligations

To comply with legal obligations (e.g., accounting and invoicing).

• Legal basis: Article 6(1)(c) of the GDPR (legal obligation)

3.4 Online payments (Stripe)

To enable payment for services purchased on the Website.

• Legal basis: Article 6(1)(b) GDPR (contract)

3.5 Newsletters and promotional communications

To send commercial and promotional communications (newsletters, offers, updates).

• Legal basis: Article 6(1)(a) of the GDPR (consent)

The user may revoke their consent at any time by clicking on the unsubscribe link in each email or by contacting the Data Controller.

3.6 Statistical analysis and performance (Google Analytics)

To analyze traffic and improve the content and performance of the Website.

• Legal basis: Article 6.1.a GDPR (consent for non-technical cookies)

3.7 Advertising and remarketing (Meta Pixel)

To measure conversions, create audiences, and perform remarketing activities via Meta (Facebook/Instagram).

• Legal basis: Article 6(1)(a) of the GDPR (consent)

3.8 Protection of the Owner (security and defense)

To prevent abuse, handle complaints, and protect the rights of the Data Controller.

• Legal basis: Article 6(1)(f) of the GDPR (legitimate interest)

4) Processing methods and security measures

The processing is carried out using electronic and/or paper-based tools, in accordance with the principles of lawfulness, fairness, transparency, and data minimization.

The Data Controller shall take appropriate technical and organizational measures to protect data from unauthorized access, loss, alteration, or disclosure.

5) Provision of data

The provision of data is:

• necessary to request information and use the services of the Website;
• optional for marketing purposes and for non-technical cookies.

Failure to provide this information may make it impossible to provide the requested service.

6) Data recipients and suppliers involved

Personal data may be disclosed to external parties involved in the provision of services and/or in the technical and commercial management of the Website.

6.1 Marketing and newsletter service providers

The Data Controller uses:

• Brevo (email marketing and automation)
• Mailchimp (email marketing and newsletters)
• MailTurismo (management of communications and/or flows related to tourism)

6.2 Booking engine and channel manager

The Data Controller uses:

• MailTurismo (booking/tourism management, where integrated)
• Regiondo (channel manager and/or booking/experience management)

6.3 E-commerce and order management

The Website uses:

• WooCommerce (WordPress) for order and payment management

6.4 Online payments

The Data Controller uses:

• Stripe as a payment gateway

6.5 Advertising and analytical tools

The Website may use:

• Google Analytics
• Meta Pixel (Facebook/Instagram)

6.6 Contact and support

The Website may use:

• direct links to WhatsApp
• customer support chat tools

6.7 Maps and reviews

The Site may incorporate:

• maps (e.g., services such as Google Maps)
• third-party reviews or content widgets

These subjects may act as Data Processors (Article 28 of the GDPR) or as independent Data Controllers, depending on the service and the respective purposes.

7) Cookies and consent management

The Website uses technical cookies necessary for its operation and, subject to consent, analytics and marketing cookies.

The user may:

• accept or reject unnecessary cookies via the banner;
• change your preferences at any time via the Website's cookie management system.

8) Transfer of data outside the EU/EEA

Some services used (e.g., marketing, analytics, and advertising platforms) may involve data transfers to countries outside the European Economic Area (EEA), such as the United States.

In such cases, the Data Controller shall implement appropriate safeguards as provided for in the GDPR, such as:

• European Commission adequacy decisions, where applicable;
• Standard Contractual Clauses (SCC) and supplementary measures where necessary.

9) Data retention period

The data is stored for the time necessary for the purposes for which it was collected, in particular:

• requests and contacts: up to 12 months;
• orders and reservations: for the entire duration of the relationship and for the terms provided for by tax/accounting regulations;
• newsletter/marketing: until consent is revoked;
• Cookies and tracking: according to the technical duration of cookies and preferences expressed.

10) Rights of the data subject

The user may exercise the rights provided for in Articles 15-22 of the GDPR, including:

• access to data;
• rectification;
• deletion;
• restriction of processing;
• data portability;
• objection to processing;
• withdrawal of consent.

To exercise your rights, you can write to: c.buzzerra@buzzexperience.it

11) Complaint to the Data Protection Authority

Users who believe that their data is being processed in violation of the law may lodge a complaint with:

Personal Data Protection Authority
www.garanteprivacy.it

12) Changes to this policy

The Data Controller reserves the right to update this policy. Any changes will be published on this page with the date of the update.

---