Privacy Policy

1. Data Controller

SudRiders S.r.l.
Registered office: Catania, Sicily, Italy
VAT number: IT05XXXXXXXX
Email: info@sudriders.com

SudRiders S.r.l. (hereinafter "SudRiders", "we", "us") is the Data Controller responsible for the processing of your personal data as described in this Privacy Policy, in accordance with EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended.

2. What Data We Collect

We may collect and process the following categories of personal data:

• Contact data: name, surname, email address, phone number
• Tour preference data: travel dates, destination preferences, riding style, accommodation preferences, dietary requirements, group composition (collected through our profiling questionnaire)
• Technical data: IP address, browser type, device information, pages visited (collected via cookies and analytics)
• Communication data: content of messages you send us via forms or email

3. Purpose and Legal Basis

We process your personal data for the following purposes:

• Service delivery (Art. 6(1)(b) GDPR — contract performance): to design your personalised tour, process bookings, provide travel logistics and customer support.
• Pre-contractual measures (Art. 6(1)(b) GDPR): to respond to enquiries and prepare customised tour proposals based on your profiling questionnaire.
• Legitimate interest (Art. 6(1)(f) GDPR): to improve our website, services and user experience; to ensure network and information security.
• Consent (Art. 6(1)(a) GDPR): to send marketing communications or newsletters, where you have opted in. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c) GDPR): to comply with applicable tax, accounting and regulatory requirements.

4. How We Collect Data

We collect data through:

• The Tailored Tour Design profiling form on our website
• The booking request form (hosted on Google Forms)
• Cookies and analytics tools (Google Analytics) — see our Cookie Policy
• Direct communication via email or phone

5. Data Sharing and Third Parties

Your data may be shared with:

• Accommodation partners (hotels, B&Bs, agriturismi) to fulfil your booking — only the data strictly necessary for the reservation.
• Google LLC — as processor for Google Forms and Google Analytics. Google processes data in accordance with its own privacy policy and applicable Standard Contractual Clauses for EU-US transfers.
• Netlify Inc. — as hosting provider and form data processor.
• Professional advisors — accountants and legal counsel, where required by law.

We do not sell, rent or trade your personal data to any third party for marketing purposes.

6. International Data Transfers

Some of our service providers (Google, Netlify) are based in the United States. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission (Art. 46(2)(c) GDPR).

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Tour enquiries and profiling data: up to 24 months from the last interaction, unless a booking is made.
• Booking and contractual data: for 10 years from the end of the contractual relationship, as required by Italian tax and accounting regulations.
• Analytics data: aggregated and anonymised after 14 months (Google Analytics default).
• Marketing consent data: until you withdraw consent.

8. Your Rights

Under the GDPR, you have the following rights:

• Access (Art. 15): request a copy of the data we hold about you.
• Rectification (Art. 16): correct inaccurate or incomplete data.
• Erasure (Art. 17): request deletion of your data ("right to be forgotten").
• Restriction (Art. 18): restrict the processing of your data in certain circumstances.
• Portability (Art. 20): receive your data in a structured, machine-readable format.
• Objection (Art. 21): object to processing based on legitimate interest or for direct marketing.
• Withdraw consent (Art. 7(3)): withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, contact us at info@sudriders.com. We will respond within 30 days.

9. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali): www.garanteprivacy.it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.