Privacy & data protection

Privacy policy & GDPR information

We care about privacy and about using your personal data in a transparent, fair way. On this page we explain what data we collect, why we collect it, how long we keep it, who we share it with, and which rights you have under the EU General Data Protection Regulation (GDPR).

This privacy policy is intended as a clear summary for guests and website visitors. It does not replace tailored legal advice. If you have questions about how we handle your data, contact us using the details below.

1. Who we are and contact details

This website is operated under the brand Dolomites Mountain Guides. For the purposes of the GDPR, the data controller is:

Dolomites Mountain Guides

Operated by: Luca Trubbiani

Website: www.dolomitesmountainguides.com

Strada ai matonari 7, 38045 Civezzano (TN), Italy | VAT 02778180220

Email: info@dolomitesmountainguides.com

2. Scope of this privacy policy

This privacy policy applies to:

  • • Visits to our website and use of our online content.
  • • Enquiries sent via contact forms and booking forms on this website.
  • • Subscription to any newsletter or similar updates we may offer.
  • • Direct communication with us by email, phone, messaging apps or social media in relation to our guiding services.
  • • Online payments related to bookings (when offered), including card payments via Stripe.

This policy does not apply to websites or services operated by third parties, even if we link to them from our pages (for example accommodation, rental shops, transport providers). Please consult their privacy policies separately.

3. What personal data we collect

3.1 Data you provide directly

  • Contact and enquiry forms: name, email address, telephone number, message, preferred dates, type of activity, number of participants and any other information you choose to share.
  • Booking forms: in addition to the above, we may ask for further details needed to organise the trip (e.g. approximate level/experience, language preferences, logistics).
  • Account / portal (if used): email, authentication details (e.g. login tokens), and booking-related preferences.
  • Newsletter / marketing communications (if available): email address and your communication preferences.

3.2 Payments, orders and transaction records (important)

When you pay online, we must keep a record of your order and the related transaction for operational, customer-service, accounting and legal purposes. These records may include:

  • • Booking/order identifier, date/time and status (pending/paid/failed/refunded).
  • • Amount, currency, payment purpose (deposit/balance/full) and payment method (e.g. card, bank transfer).
  • • Transaction references and technical identifiers provided by Stripe (e.g. payment intent ID, checkout session ID).
  • • Billing email and basic customer reference needed to match the payment to a booking.

We do not store your card details. Card payments are processed by Stripe. We do not receive, store or have access to your full card number, CVV, or similar card security data. Stripe processes your payment data according to their own privacy and security standards.

3.3 Data collected automatically when you visit the site

When you browse our website, certain technical data are collected automatically, for example:

  • • IP address and approximate location (country/region).
  • • Device and browser type, operating system, language settings.
  • • Pages visited, time and duration of visit, referring page/URL.
  • • Interactions with the website (clicks, forms, error pages).

This information may be collected through server logs, cookies and similar technologies, and via tools such as analytics or equivalent services.

3.4 Special categories of data

We do not intentionally collect sensitive data such as health information, religion or political opinions via the website. For certain activities, it may be useful to know about relevant medical conditions or allergies in order to plan safely. In that case we ask only for information that is strictly necessary and treat it with particular care.

Please avoid sharing unnecessary sensitive details in free-text fields. If something is important for your safety during the activity, we will discuss it with you directly and confidentially.

4. Why we use your data (purposes and legal bases)

We process your personal data only when we have a valid legal basis under Article 6 of the GDPR. In practice, this means:

Purpose
Examples
Legal basis
Handling enquiries & bookings
Replying to messages, preparing offers, confirming trips, communicating practical information.
Pre-contractual steps & performance of a contract (Art. 6(1)(b) GDPR).
Payments & transaction administration
Recording orders and payments (deposit/balance), issuing receipts/invoices, payment reconciliation, fraud prevention, handling disputes/chargebacks where applicable.
Performance of a contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)); in some cases legitimate interest (Art. 6(1)(f)).
Managing customer relationships
Follow-ups, service continuity, keeping a record of trips taken for future planning.
Legitimate interest in providing good service (Art. 6(1)(f) GDPR).
Newsletter & marketing (if active)
Sending trip updates, new program announcements or seasonal information.
Consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time.
Website analytics & improvement
Understanding which pages are most useful, detecting usability issues and improving content.
Consent via cookie/banner where required, or legitimate interest (Art. 6(1)(a)/(f)).
Security, anti-spam & abuse prevention
Preventing misuse, protecting forms from automated spam, keeping logs for investigations.
Legitimate interest (Art. 6(1)(f) GDPR).
Legal obligations
Accounting, tax obligations, responding to lawful requests by authorities.
Compliance with legal obligations (Art. 6(1)(c) GDPR).

5. Cookies, analytics & similar technologies

Our website may use cookies and similar technologies to make the site work, remember your preferences and understand how visitors use our pages.

  • Necessary cookies: required for basic security and functionality (e.g. session cookies).
  • Preference / functional cookies: remembering language or other minor preferences.
  • Analytics cookies: measuring traffic and usage patterns in an aggregated way.

Where required by law, non-essential cookies will be used only if you give consent via a cookie banner or similar mechanism. You can delete or block cookies using your browser settings.

6. How long we keep your data

We keep personal data only for as long as needed for the purposes described above, or to comply with legal obligations. As an indication:

  • Enquiries without booking: typically up to 12–24 months.
  • Bookings and guided services carried out: for the contractual relationship and for the period required by tax and accounting laws.
  • Payment and transaction records: retained for accounting, audit and legal compliance purposes (often several years), and longer if needed to handle disputes, chargebacks or legal claims within limitation periods.
  • Newsletter data: until you unsubscribe or withdraw consent.
  • Technical logs: usually a few weeks or months, unless needed longer for security investigations.

7. Who we share data with

We do not sell your data. We may share personal data only when necessary with:

  • Service providers: website hosting, email providers, newsletter services, IT support, analytics providers and anti-spam tools.
  • Payment processor (Stripe): if you choose to pay by card, your payment is processed by Stripe. We receive and store only the information needed to reconcile and manage the transaction (e.g. status, amount, currency, and Stripe identifiers). We do not store card data.
  • Authorities or professional advisors: where required by law or to defend our rights (e.g. accounting/tax advisors, legal counsel).

When we use external providers who process personal data on our behalf, we use appropriate contractual safeguards (e.g. data processing agreements) where required by law.

8. Transfers outside the EU/EEA

Some providers may process data outside the EU/EEA. Where this happens, we use appropriate safeguards, such as adequacy decisions or Standard Contractual Clauses (SCCs), and we aim to minimise data shared. Stripe and other providers may operate globally; consult their documentation for details on transfers and safeguards.

9. Your rights under the GDPR

As a data subject you have rights, subject to certain conditions:

  • • Right of access and to receive a copy of your data.
  • • Right to rectification of inaccurate or incomplete data.
  • • Right to erasure in certain cases.
  • • Right to restriction of processing in certain cases.
  • • Right to data portability, where applicable.
  • • Right to object to processing based on legitimate interests, including direct marketing.
  • • Right to withdraw consent at any time where processing is based on consent.

To exercise your rights, contact us at info@dolomitesmountainguides.com .

You also have the right to lodge a complaint with your data protection authority. In Italy: Garante per la Protezione dei Dati Personali.

10. Children & minors

Our website and services are primarily aimed at adults. We do not knowingly collect personal data from children under 16 for marketing purposes. Where minors take part in activities, we process their data through and with the consent of their parent or legal guardian as required by applicable law.

11. Changes to this privacy policy

We may update this privacy policy from time to time (for example when we add new services such as online payments or when laws change). The latest version is always available on this page and replaces previous versions.

Last updated: [28 Feb 2026].