Privacy & Cookies Policy

We are committed to protecting the privacy of our clients, potential clients and partners. We take your privacy seriously and treat all the information you give us with great care.

Our Privacy Policy explains how we collect, store and use the personal information you give to us. If you have any questions concerning your personal data and how we look after it then please contact us via the address below.

As a data controller, we fully comply with the the General Data Protection Regulation (GDPR). At Out of Italy, we treat everyone’s data in the same secure manner, wherever you are from.

  • Out of Italy
  • By Out of Italy srl
  • Via Baldo degli Ubaldi, 10
  • Milan 20156 – Italy
  • Registered Company REA MI-2610592
  • Email:

Privacy policy concerning the processing of personal data pursuant to articles 13-14 of (EU) Regulation 2016/679

Type of data collected

We collect personal information from you, our clients electronically and also automatically about the pages you visit on our website. Please see our Cookies policy for more information.

We collect personal information about you which is essential for us to deliver our services to you, and which helps us to improve our services. This includes: Name and address; email address and telephone numbers; date of birth; passport information; dietary preferences; additional needs due to reduced mobility; payment information such as credit card and bank details. Information of current and previous holidays you have booked with us or done, details of enquiries you have made with us and details of quotes you have asked us to provide to you. Details of job applications; feedback you have provided to us and details of any complaints you have made; interaction with our social media pages and any other information that help us to better understand our clients so that we can personalise and improve the services we offer and to deliver the best service we can.

In choosing to share your personal information with us, you will be agreeing to Out of Italy holding and using your information as described in this policy.

If you no longer want us to process your personal details you can ask us to stop at any time.

Purposes and legal basis

Performance of measures connected to contractual or preliminary obligations: For the purposes of evolved browsing or management of customized contents; statistical purpose and analysis of the users’ browsing; management of cookies required for the portal; management of technical statistical cookies for the portal.

Consent: sale of data; management of non-technical marketing cookies for the portal; management of technical marketing cookies for the portal; management of non-technical statistical cookies for the porta; marketing, including periodic newsletters with marketing, information and regulatory updating contents; Profiling for marketing purposes in order to create a customer profile through the collected data aimed at personalizing commercial offers. Consent can be revoked at any time pursuant to Article 7 paragraph 3 of the GDPR.

Your contribution of data is optional with regard to the abovementioned purpose, and any refusal of consent will not affect the continuation of the relationship or the congruency of the processing

Fulfilment of legal obligations: legal compliance with regard to taxation and accounting; managing of controversy.

Processing procedures

Using electronic calculators running self-managed softwares or directly engineered; using electronic calculators running softwares managed by third parties; computer processing.

Your data will only be processed by staff specifically authorised by the Data Controller, and specifically by the following categories of staff: persons in charge of data processing; administration office; IT and marketing department.


Your data may be disclosed to external entities for the correct management of the relationship and specifically for the following categories of Recipients, including all the duly designated Data Processors:

  • Banks and lenders;
  • Public/private subjects whose data transmission is mandatory or necessary in compliance with regulations or functional to the relationship management;
  • Insurance companies;
  • Sub-suppliers;
  • Google Analytics;
  • Web service provider for the management and maintenance of the platform.


Your personal data will not be disseminated in any way.

Data Storage

In accordance with the principles of lawfulness, limitation of purpose and minimisation of data, pursuant to art. 5 of the GDPR, the data storage period for your personal data is:

  • set for a timing not larger than the one which implies its purpose achievement, given the aim to collect data, and collected and processed for the execution and fulfillment of contract purposes;
  • established for a period of time not exceeding the purposes for which the data were collected and processed and complying with the compulsory times required by law;
  • set for a timing not longer than the supplied services fulfillment.


Your personal data may also be transferred, only for the aforesaid purposes, to the following countries:

  • EU Countries: the transfer is cross-border, therefore intra-EU to servers such as Travel Compositor hosted in Spain or Microsoft 365 servers hosted in European datacenters.

Cookie management

In case you have doubts or concerns about the use of cookies you can always intervene to prevent the setting and reading, for example by changing the privacy settings in your browser in order to block certain types.

Since each browser – and often different versions of the same browser – also differ significantly from each other if you prefer to act independently through the preferences of your browser, you can find detailed information about the procedure required in the guide of your browser. For an overview of the most common browsing modes, please visit

Advertising companies also allow you to opt out of receiving targeted ads, if desired. This does not prevent the setting of cookies, but interrupts the use and collection of some data by these companies.

For more information and cancellation options, visit

You are entitled, by application to the Data Processor, to obtain the erasure (right to be forgotten), restriction, updating, rectification and portability of your personal data, to object to their processing, and in general to exercise all your rights under articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR.

Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the Data Subject

  1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her exist, regardless of their being already recorded, and disclosure of such data in intelligible form, and the right to lodge a complaint with the supervisory authority.
  2. The data subject has the right to be informed of:
  • the source of the personal data;
  • the purposes and methods of processing;
  • the logic applied if the data are processed by electronic devices;
  • the identification data concerning the Data Controller, the Data Processors and the representative designated as per article 5, comma 2;
  • the entities or categories of entity to whom or which the personal data may be disclosed and who or which may get to know said data as designated representative in the State’s territory, as data processors or as persons in charge of the processing.
  1. The data subject is entitled to obtain:
  • the updating, rectification or, where interested therein, integration of the data;
  • the erasure, anonymisation or blocking of data that have been unlawfully processed, including data whose retention is not necessary for the purposes for which they were collected or subsequently processed;
  • certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
  • the portability of the data.
  1. The data subject has the right to object, in whole or in part:
  • on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
  • to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
error: This content is protected !! You can get in touch with us if you need it :)