Privacy Policy

Last updated: May 2026

For those who want the full picture, here is the complete policy.

1. Who is responsible for your data

The data controller is Nefset Tsiku, operating under the name Genoa Local Experiences.
Email: nefset@proton.me
Website: genoabylocal.com

2. What data we collect

When you make a booking, we collect:

• Full name
• Email address
• Phone number or WhatsApp
• Hotel or cruise ship name (optional)
• Special requests or notes you choose to share
• Booking details: tour, date, time, group size, payment amounts

We do not collect or store your payment card details. All card processing is handled directly by Stripe (see below).

If you accept analytics cookies, Google Analytics may collect basic website usage information, such as pages visited, approximate location, device/browser information, and referral source. We do not use this for advertising or to identify you personally.

3. Why we collect your data

• To process your booking — confirm your date, send confirmation details, and arrange the experience.
• To process payment — via Stripe, our secure payment provider.
• To communicate with you — send booking confirmation, payment reminders, and answer your questions before the experience.
• To manage our schedule — bookings are recorded in a private Google Calendar and a booking log.
• To improve the website — if you accept analytics cookies, we use aggregated Google Analytics data to understand site visits and improve the booking experience.

4. Legal basis (GDPR)

We process your data on the basis of contractual necessity (Article 6(1)(b) GDPR) — your data is needed to fulfill the booking you requested. In some cases, we rely on our legitimate interests to communicate with you about your experience.

5. Who we share your data with

Your data is shared only with the following trusted service providers, strictly for the purposes described above:

Your data is not sold, rented or shared with any third party for marketing purposes.

6. How long we keep your data

Booking information is retained for as long as necessary to fulfill the experience and meet any applicable legal obligations (such as accounting requirements). Payment records held by Stripe are subject to Stripe's own retention policies. You may request deletion of your data at any time (see below).

7. Your rights

Under GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Object to or restrict certain processing
• Data portability — receive your data in a machine-readable format
• Lodge a complaint with the Italian data protection authority (Garante per la protezione dei dati personali) at garanteprivacy.it

To exercise any of these rights, contact us at nefset@proton.me. We will respond within 30 days.

8. Analytics cookies

This website uses Google Analytics only after you click "Accept" on the cookie banner. If you click "Decline", Google Analytics is not loaded. You can also clear your browser's site data at any time to reset your choice.

Analytics cookies help us understand which pages are visited and how the booking experience can be improved. They are not used for advertising on this website.

9. Security

All data is transmitted over encrypted HTTPS connections. Payment data is handled exclusively by Stripe using industry-standard encryption. We do not store card numbers or CVV codes.

10. Changes to this policy

We may update this policy occasionally. Any significant changes will be reflected in the "Last updated" date above.

11. Contact

For any privacy-related questions, email nefset@proton.me or message on WhatsApp.