Privacy Policy

Dear Customer/User,
we wish to inform you that the processing of your personal data is performed with fairness and transparency, for lawful purposes and protecting your privacy and rights, in full compliance with current legislation on the protection of personal data (Reg. EU 2016/679 - GDPR and current Privacy Code).

Therefore, in fulfillment of the above-mentioned legislation, we provide you with the following information:

1. Data Controller

Data Controller:

Prenotazioni 24 s.r.l
registered office Portoferraio (LI), Via Casa del Duca, 1
CF. and VAT no: 01512130491

2. Methods of processing

Your data are processed by means of computer media, through our website with redirection to the websites and with electronic tools suitable to ensure high levels of security and confidentiality, according to the policies of the Data co-owners of the processing.

3. Nature of processed data

The website is solely a showcase site owned by Prenotazioni24 s.r.l. for advertising the following services: booking excursions through the affiliated website and booking ferries through the website, owned by Prenotazioni24 s.r.l. itself.

The booking of excursions is made by the user directly on the dedicated page of the site, to which is automatically redirected when requesting activation of the service: consequently, personal data are entered by the user exclusively on the forms provided by the site, and are in no way known to Prenotazioni24 s.r.l..

The booking of ferries is also carried out by the user directly on the appropriate page of the website, owned and operatored by Prenotazioni 24 s.r.l. directly and exclusively. In the latter case, the data requested are those necessary for Prenotazioni24 s.r.l. to execute the reservation with one of the affiliated ferry companies and are compulsorily communicated to the company that the ticket holder will be traveling with.

This website does not directly process any personal data, however some cookies are enabled, which are detailed in the Cookie Policy.

4. Purposes of the treatments and their legal basis

The two co-owners process personal and identifying data only for the purpose of carrying out the services offered and building customer loyalty.

The services offered are as follows:

  1. A wide selection of tours, excursions, guided tours, etc., organized directly by Tripadvisor Ireland Limited, the European representative of Viator Inc. which is proposed to the user as a Co-Processor, alongside Prenotazioni24 s.r.l., through the website For such purpose, the user who requests one of the mentioned services or others related to them is automatically redirected to the website without Prenotazioni24 s.r.l. being even aware of any personal data communicated to the Data Controller. From the moment of automatic redirection the user will be subject to the policies of Tripadvisor Ireland Limited and Viator Inc. published on the destination website at the following link.
  2. The ferry booking service for all relevant routes. The service is operated directly by Prenotazioni24 s.r.l. through automatic redirection to the website owned by Prenotazioni24 s.r.l.,, at the link.

The expressed and voluntary communication of data by filling out the forms specifically designed on the redirecting websites ( and implies the subsequent acquisition of those same data by the respective owners of the processing. Specific summary disclosures are prepared and/or visualized on the individual web pages assigned to the request for individual ancillary services.

5. Data transfers to third countries or international organizations

The transfer of personal data to non-European states or to international organizations that do not have legislation equivalent to the GDPR carries the risk that the interested party will not be granted similar rights and guarantees. It becomes therefore relevant for the data subject, to be informed of the potential risks related to data security and protection.

This website does not process personal data directly, however, when an adequate legal basis exists, in compliance with EU Reg. 2016/679 (GDPR) and Legislative Decree 196/2003 (the so-called Privacy Code), it installs some cookies with the characteristics and duration established (jointly or separately) by the two co-owners, as specified in the Cookie Policy.

6. Obligation or faculty to provide data and consequences of refusal

After redirecting to partner sites, if you request one or more services, you will be asked to communicate some of your personal data. Some of them are aimed exclusively at the performance of the requested services: failure to provide them entirely or partially will, as a result, make it impossible to perform them. Other personal data may be requested to optimize the use of the site or to allow the data controller to select the advertisements closest to your tastes and expectations. These additional data, which are not strictly necessary for the performance of the main service, become relevant for the performance of such ancillary services, which from time to time will be promptly and accurately represented to you: failure to provide them does not prevent the performance of the contracted services, but may make it difficult or impossible to perform the mentioned ancillary services.

Whenever the data controllers intend to offer you a service other than the main one, you will be provided with the purposes specifically pursued and all the information inherent in the processing to be carried out, and you will be asked to give your consent.

7. Communication and dissemination of collected data

Personal data is not collected directly by Prenotazioni24 s.r.l. on, but by the two co-owners on their respective redirection sites, so any communication to third parties or dissemination of user data is provided for and regulated by their respective policies.

8. Rights of the data subject

In your position as a data subject, you have the rights under Articles 13/22 and 77/79 EU Reg. 2016/679, which means the rights to:

  • revoke consent at any time. The data subject may always revoke consent to the processing of their personal data previously given (Art. 13(2)(c) EU Reg. 2016/679);
  • object to the processing of one's own data. The data subject may object to the processing of his or her data in the cases referred to in Article 21 EU Reg. 2016/679;
  • access to their own data. The data subject has the right to obtain information about the data processed by the Data Controller, about certain aspects of the processing and to receive a copy of the processed data (Art. 15 EU Reg. 2016/679);
  • verify and request rectification. The data subject may verify the correctness of his or her data and request that they are updated or corrected (Art. 16 EU Reg. 2016/679);
  • obtain restriction of the treatment. When certain conditions are met, the data subject may request the restriction of the processing of their data. In that case, we will not process the data for any purpose other than its storage (Art. 18 EU Reg. 2016/679);
  • obtain the cancellation or removal of their personal data. When certain conditions are met, the data subject may request the cancellation of their data by the Data Controller (Art. 17 EU Reg. 2016/679). In such cases we will certainly provide for the deletion as soon as possible.
  • the data subject has the right to receive their data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred without impediment to another data controller. This provision applies when data are processed by automated means and the processing is based on the consent of the data subject, a contract to which the data subject is a party or contractual measures related to it ( Art. 20 EU Reg. 2016/679);
  • propose complaint. The data subject may submit a complaint to the competent Data Protection Supervisory Authority (Art. 77 EU Reg. 2016/679);
  • take legal action (Art. 79 EU Reg. 2016/679).

9. Modalities for exercising rights

You may exercise your rights at any time by contacting the Data Controller at any of the contact details listed.

You may also, at any time, file a complaint with the Privacy Guarantor by registered mail with return receipt addressed to: Garante per la protezione dei dati personali, Piazza Venezia 11, 00186, Roma. Or by certified electronic mail (pec) addressed to: (art. 77 Reg. UE 2016/679), or appeal to the ordinary judicial authority (art. 79 Reg. UE 2016/679).