Privacy Policy of keptour.com

Last updated: 24 November 2025

Introduction

Welcome to keptour.com (the “Website” or the “Application”).

This Privacy Policy explains how Keptour s.r.l. processes your personal data when you use the Website and its travel planning services.

Data Controller

The Data Controller is:

Keptour s.r.l.

Contact email: [email protected]

You can contact us at this address for any questions or requests regarding privacy.

Categories of Data Processed

When you use keptour.com, we may process the following categories of personal data.

2.1 Browsing and usage data

Collected automatically while you use the Website, for example:

  • IP address, browser type, device parameters, operating system;
  • pages visited, time spent on pages, clicks, itineraries created or viewed;
  • date and time of requests, referrer URLs, system logs.

These data are mainly collected through:

  • server logs;
  • tracking tools (cookies, pixels, local storage, etc.), as described in our Cookie Policy.

2.2 Data voluntarily provided by the user

When you fill in forms or contact us, we may collect:

  • first name, last name, email address;
  • any information you provide in free-text fields (for example, support requests, feedback);
  • if you decide to create an account (when available), the data required for registration (e.g. email, username, credentials or external identifier).

2.3 Travel itinerary and preference data

When you use Keptour’s features, we may process:

  • searched destinations, itineraries created or saved, planned travel dates;
  • preferences (e.g. budget, preferred activities, trip duration);
  • any notes or descriptions you add to your itineraries.

These data are needed to provide the planning features, suggestions and itinerary saving functions.

2.4 Data collected through cookies and tracking tools

We use technical, functional, statistical and – where you consent – marketing cookies.

Details on types of cookies, duration, and third-party providers are set out in the Cookie Policy of keptour.com, which forms an integral part of this Privacy Policy.

Note: at launch, we do not directly process payment data and we do not perform bookings of flights, hotels or other travel services. If we introduce such features in the future, we will update this Privacy Policy before starting any new processing.

Methods of Processing

Processing is mainly carried out using electronic tools, according to organisational procedures and logics strictly related to the purposes indicated and in compliance with appropriate security measures designed to prevent unauthorised access, loss, unlawful use or disclosure.

In addition to the Controller, data may be accessed by:

  • authorised internal staff (e.g. administration, IT, marketing, customer support);
  • technical service providers, hosting providers, maintenance providers, analytics tools, email platforms, etc., acting as Processors under Art. 28 GDPR, where required.

An updated list of Processors can be requested from the Controller.

Place of Processing and Extra-EU Transfers

Data are processed at the operational offices of Keptour s.r.l. and at the servers of our service providers (e.g. hosting, CDN, analytics), which may be located outside the European Union.

Where data are transferred to countries that do not provide an adequate level of protection according to the European Commission, Keptour s.r.l. adopts appropriate safeguards, such as adequacy decisions (where available), Standard Contractual Clauses (SCCs), and additional technical measures (e.g. encryption, pseudonymisation).

You can request more information about extra-EU transfers and the safeguards in place by contacting the Controller.

Data Retention

Unless otherwise specified:

  • Account and itinerary data are kept for the duration of the contractual relationship (i.e. as long as you keep your account) and thereafter for the time necessary to comply with legal obligations or to protect Keptour s.r.l.’s rights;
  • Contact data used to respond to requests are kept for the time needed to handle your request and for a limited subsequent period, where necessary to document the activities carried out;
  • Marketing data are kept until you withdraw your consent or exercise your right to object, subject to technical deletion times;
  • Technical logs and browsing data are generally kept for no longer than 12 months, unless otherwise required by law or security needs;
  • Cookies are stored for the periods indicated in the Cookie Policy (duration varies by type and provider).

Once the retention periods have expired, data will be deleted or irreversibly anonymised.

User Rights under the GDPR

As a data subject, you have the right to:

  • Access your personal data and obtain a copy;
  • Request rectification of inaccurate data or completion of incomplete data;
  • Request erasure of your personal data in the cases provided for by Art. 17 GDPR;
  • Obtain restriction of processing in the cases provided for by Art. 18 GDPR;
  • Object to processing based on legitimate interest, on grounds relating to your particular situation;
  • Object at any time to processing for direct marketing purposes, including profiling related to such marketing;
  • Receive your data in a structured, commonly used and machine-readable format and have them transmitted to another controller (data portability);
  • Withdraw your consent at any time, without prejudice to the lawfulness of processing based on consent before its withdrawal;
  • Lodge a complaint with a competent supervisory authority (for example, in Italy the Garante per la protezione dei dati personali, or the authority of your place of residence or work).

To exercise your rights, you can contact: [email protected]. The Controller will respond as soon as possible and in any case within one month.

Users Outside the EU (e.g. USA – CCPA/CPRA)

Keptour s.r.l. aims to ensure a high level of data protection also for users accessing the Website from non-EU countries.

If you reside in jurisdictions with specific consumer privacy laws (for example California – CCPA/CPRA or other regions with similar regulations), you may have additional rights, such as the right to know which categories of personal data we collect, use or disclose, the right to request deletion of your personal data (within the limits set by local law), and the right to opt out of the “sale” or “sharing” of personal data, where Keptour s.r.l. engages in activities qualifying as such under local laws.

To exercise such rights, you can contact us at [email protected], specifying your place of residence. Where specific mechanisms are required (e.g. a “Do Not Sell or Share My Personal Information” link), they will be made available on the Website.

Cookies and Tracking Tools

Keptour uses cookies and similar technologies for technical, statistical and – subject to your choice – marketing purposes.

How we use cookies, the types involved and the related consent settings are described in the Cookie Policy of keptour.com, which can be accessed at any time from the link in the Website footer and from the cookie banner.

Defence in Court and System Logs

Personal data may be used by the Controller in legal proceedings or in the preparatory stages thereof to defend against misuse of the Website or related services.

For operation and maintenance purposes, the Website and any third-party services used may collect system logs, i.e. files that record interactions and may also contain personal data (such as IP addresses and timestamps).

Changes to this Privacy Policy

Keptour s.r.l. reserves the right to modify this Privacy Policy at any time.

In case of material changes (for example, introduction of new functionalities such as bookings and payments), we will inform users through a prominent notice on the Website and, where necessary, seek renewed consent for processing activities that require it.

The updated version is always available on this page, with the date of the latest revision.