Privacy Policy

Beebosbags S.r.l. (commercial brand "YourLocalX")

Via Milano 45, 00184 – Rome (Italy)

Email: info@yourlocalx.com

Phone: +39 331 3326990

("Controller" or "we/us")

No Data Protection Officer (DPO) has been appointed. For any privacy matter, please contact us at the email above.

This Privacy Policy explains how we process personal data when you:

• browse or interact with www.yourlocalx.com and websites/pages under our control,
• request information or book our tours, transfers, luggage storage/transport, accommodations and related services,
• communicate with us via email, phone, WhatsApp/other messaging apps, or via OTA/partner platforms,
• request invoices/receipts or submit insurance/claim documentation (if applicable).

This Policy integrates our Terms & Conditions and applies to clients, prospective clients, website users and other counterparties.

• Identification & Contacts: name, surname, email, phone, address, nationality, document number (when required for ticketing/security), booking/reference codes.
• Booking & Service Data: date/time, party size, accommodation details, language preferences, itineraries, meeting points, luggage count/size (for storage/transport), special requests (e.g., accessibility).
• Payment Data: payment status, method, and transaction identifiers (we do not store full card details; payments are processed by certified providers).
• Communications: email/phone/WhatsApp messages, OTA chats, customer care records.
• Marketing Preferences: newsletter/consent choices; opt-in/opt-out logs.
• Technical & Browsing Data: IP address, device, logs, cookies or similar technologies (see Cookie Policy).

Special categories of data (e.g., health/mobility information or allergies) are processed only if you voluntarily provide them to perform the service (e.g., accessible routes). Do not share data that are not strictly necessary.

We process data only when a legal basis applies (Art. 6 GDPR and, where relevant, Italian law):

• Booking & Service Delivery (tours, transfers, luggage services, accommodations, tickets, trip planning)
  Legal basis: Contract performance (Art. 6.1.b) and pre-contractual measures; Legitimate interest for coordination/logistics; Legal obligation for invoicing, tax and public-authority requests.
• Payments & Anti-Fraud
  Legal basis: Contract; Legitimate interest (fraud prevention); Legal obligation (accounting/tax).
• Customer Care & Communications (email, phone, WhatsApp, OTA chats)
  Legal basis: Contract; Legitimate interest in quality control and efficient assistance.
• Insurance/Claims Handling (e.g., luggage insurance/claims, incident reports)
  Legal basis: Contract and Legitimate interest in managing claims; Legal obligation where applicable.
• Safety & Compliance (access rules at venues, tickets nominative, security requirements)
  Legal basis: Legal obligation; Contract with suppliers/venues.
• Marketing (newsletters, promotions, similar products "soft opt-in")
  Legal basis: Consent (Art. 6.1.a) for new subscribers; Legitimate interest/soft opt-in under Art. 130(4) Italian Privacy Code for existing clients—always with opt-out.
• Analytics & Website Security
  Legal basis: Legitimate interest in improving services and protecting systems; Consent for non-essential cookies where required.
• Defense of Rights (claims, pre-litigation, litigation)
  Legal basis: Legitimate interest.

Providing data marked as required is necessary to process bookings and deliver services. Failure to provide such data may prevent service execution. Marketing consent is optional and refusal does not affect services.

Processing is performed using electronic and paper tools with appropriate technical and organizational security measures (access controls, encryption where applicable, need-to-know policies, staff training, vendor due diligence, backups).

We do not use automated decision-making that produces legal effects concerning you. Any profiling for marketing (e.g., language/country/service interest) is limited, proportionate and based on consent or legitimate interest with opt-out.

We share data only as needed for the purposes above:

• Internal staff (customer care, operations, finance), bound by confidentiality.
• Third-Party Providers involved in your service: licensed guides, tour leaders, drivers/transport companies, hotels, restaurants, museums/venues, ticketing partners—only the data strictly necessary (e.g., name, party size, time, phone for contact).
• Technology & Business Providers acting as Processors: hosting/CMS, booking/CRM tools, payment gateways (e.g., certified PSPs), email/SMS tools, messaging integrations, calendar/providers, analytics, document storage, e-signature, customer support systems.
• OTAs/Marketplaces/Resellers when you book through them (they are independent controllers for their own processing).
• Insurers/Brokers/Loss Adjusters (if handling an insurance claim).
• Professional and Public Bodies (accountants, legal counsel, public authorities/regulators) where required by law or for defense of rights.

An updated list of main processors can be requested at privacy@yourlocalx.com.

Some providers may be located outside the EEA. Where required, we rely on European Commission adequacy decisions or Standard Contractual Clauses (SCCs) with supplementary safeguards. Copies of relevant safeguards can be requested at privacy@yourlocalx.com.

• Bookings/Service Records, Invoicing & Tax: generally 10 years (legal obligation).
• Customer Care Communications: up to 24 months from closure (longer if disputes).
• Insurance/Claims Files: for the limitation period of rights/claims (typically up to 10 years).
• Marketing Data: until withdrawal of consent/opt-out; logs kept to honor your preference.
• Technical Logs/Security: typically 6–24 months unless incidents occur.
• Cookies: per Cookie Policy and consent choices.

We may retain data longer where necessary for legal defense or regulatory reasons.

Our services are intended for adults. Minors must be accompanied by a responsible adult who provides necessary data and consents where applicable.

You may at any time:

• Access your data and obtain a copy;
• Rectify inaccurate/incomplete data;
• Erase data (right to be forgotten) where applicable;
• Restrict processing in certain cases;
• Object to processing based on legitimate interest, including marketing;
• Withdraw consent (where processing is based on consent), without affecting lawfulness prior to withdrawal;
• Data portability for data processed by automated means under consent/contract.

Requests can be sent to privacy@yourlocalx.com. We may verify your identity before acting on a request.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali): Piazza Venezia 11, 00187 Roma – www.garanteprivacy.it.

Payments are processed through certified payment service providers (PSPs). We receive confirmation/identifiers but do not store your full card details. PSPs act as independent controllers or processors, as per their own privacy notices.

For luggage storage/transport and any insurance/claim management, we process the data strictly necessary (e.g., identification, contact, booking/incident details, item description, photos/receipts). Where an insurer/broker/loss adjuster is involved, they process data as independent controllers according to their policies. Please only provide information relevant to the claim.

We process your contacts and messages to confirm bookings, provide instructions (e.g., meeting points), handle last-minute changes and offer assistance. If you contact us via WhatsApp or similar apps, your data are processed according to those platforms' own privacy terms. We minimize sharing to what is strictly necessary for operations.

Consent-based marketing: you can subscribe/unsubscribe at any time.

Soft opt-in (Art. 130(4) Italian Code): if you are an existing client, we may send emails about similar services you purchased; you can opt-out in every message.

We do not sell your data.

We use essential cookies for site functionality and, with your consent where required, analytics/measurement and personalization cookies. Details, settings, and retention are available in our Cookie Policy and banner.

We adopt appropriate security controls (role-based access, encryption where appropriate, secure configurations, staff training, vendor assessments, incident procedures). Nevertheless, no system can be guaranteed 100% secure; we monitor and improve controls continuously.

We may update this Policy from time to time to reflect legal or operational changes. The "Last updated" date indicates the latest version. Material changes will be reasonably notified (e.g., website notice or email where appropriate).

For privacy requests or questions: privacy@yourlocalx.com

For bookings and customer care: info@yourlocalx.com – +39 331 3326990

Controller: Beebosbags S.r.l. (YourLocalX) – Via Milano 45, 00184 Rome (Italy)