Privacy policy

Privacy Policy TFL Tours

Welcome to

Please note that your personal data is processed in compliance with art. 13 of General Data Protection Regulation (“GDPR”) and the local applicable law (together, “privacy law”). We inform you that the data processing operation will take place in accordance with principles of fairness, lawfulness, proportionality, transparency and protection of confidentiality.

Data Controller

TFL Tours legally established in Via Salvatore Orlando, 3A int.11, 57123, Livorno – Italy


Phone: +39 0586 880855

Types of data processed

We can collect and process the following data:

  • personal data voluntarily provided by the User that consist of those data collected through the sending of e-mail indicated on the web page. The voluntary sending of e-mail indicated on the web page involves the subsequent acquisition of the sender’s address (in order to reply to the requests) and of any other personal data contained in the message itself;
  • Data collected via cookies: for more information, please refer to our extended cookie policy.
  • navigation data. The computer systems and software procedures in charge of the website’s operation acquire, during their normal operation, some personal data (so-called log files) the transmission of which is implicit in the use of internet communication protocols. This information is not collected in order to be associated to identified subjects, but by their very nature could consent the identification of the users through elaborations and combinations with the information held by third parties. This category of data includes IP addresses or domain names of the computer used by the users who connect to the site, the addresses in Uniform Resource Identifier (URI) notation of required resources, the browser, the time of the request, and other parameters related to the operating system and to the IT environment of the user. These data are used only in order to extract anonymous statistical information about the use of the site and to control its correct functioning. Such data could also be used to check for errors that were deleted immediately after processing.

Legal ground and purpose of the processing

The processing of the personal data is aimed exclusively at reaching the following purposes:

  • to understand your needs, to communicate with you, to respond and carry out your requests. The data processing is necessary to pursue Data Controller legitimate interest (art. 6 (f) GDPR) such as improving and developing new services and being more efficient;
  • to enter into and perform contracts with you. The data processing is necessary for the performance of the contract or in order to take steps prior to entering into the contract (art. 6 (b) GDPR);
  • to comply to the legal obligations to which the data controller is subject (art. 6 (b) GDPR).

Processing modality

The data you provide will be processed in compliance with the current privacy law and, in any event, to ensure the security and confidentiality of the same, such as to prevent the disclosure or unauthorized use, alteration or destruction.

The data will be processed both manually and with the help of electronic instruments according to logic strictly related to the purposes.

Data communication

Your personal information might be shared with professionals and/or third-party companies that perform outsourced services on behalf of the Controller, duly appointed via an agreement as data processors. They are provided only with the information necessary to carry out their functions.

The updated list of the data processors is available at the following address:

The data may also be disclosed to third parties to comply with legal obligations, to comply with orders from public authorities or to comply with requests from judicial authorities.

Duration of data processing

The personal data are processed for the period necessary to achieve the purpose for which it was collected and in accordance with the terms prescribed by law.

The Data Controller acknowledges your right to revoke, at any time, consent and to oppose the processing, as well to request the cancellation of data in accordance with art. 17 of GDPR.

Data transfer

Your personal data will not be transferred to countries outside the European Union that have not been found to provide an adequate level of protection for personal data.

In case of data transfer, we use specific approved contracts with our service providers that are based in countries outside the European Union. These contracts give your personal data the same protection it has in the EU.

Your rights

You have several legal rights in relation to the personal data we hold about you which are recognized by art. 15 to 22 of GDPR. These rights include:

  • obtaining information regarding the processing of your personal information and access to the personal information which we hold about you;
  • the updating, rectification or the integration of data;
  • obtaining the rectification or erasure of personal data, or where applicable, the restriction of processing;
  • object to the processing;
  • where applicable, receiving the personal data concerning you which you have provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company;
  • lodge a complaint with the competent supervisory authority.

The above rights can be exerted with request made without any formality to the Controller. The request can be sent to the Controller via mail at

Changes to the Privacy Policy

The Controller has the right to make changes to the Privacy Policy at any time without notice. The change will apply from the date of publication on the website. You are therefore invited to consult this section regularly.