Home > Privacy Policy

About Us

My Tours in Rome is a leading brand of the online Tour Operator, Bellarome Ltd.

This privacy policy provides details about how we collect, share and use your personal information.

Contact us at info@www.mytoursinrome.com, if you have any questions or problems regarding the use of your Personal Data and we will gladly assist you.

Information on Personal Data Treatment according to the EU Regulation n.679/2016 (GDPR – General Data Protection Regulation).

According to Art.13 of the EU Regulation n.679/2016 (GDPR – General Data Protection Regulation), My Tours in Rome will process the personal data you have provided us in compliance with both the mentioned Regulations and the obligations and guarantees of the Law, contractual and regulatory provisions.

By using this site or/and our services, you consent to the Processing of your Personal Data as described in this Privacy Policy.

The personal data you provide is collected for the following purposes:

  • provision of the services requested and management of any complaints and / or disputes;
  • sending of commercial communications relating to products, sales activities and direct and indirect placement;
  • surveys of the degree of customer satisfaction on the quality of the services provided;
  • carrying out studies and statistical and market research.

Failure, partial or incorrect conferment of your data may have the impossibility of providing the requested services.

The treatments referred to in points 1 and 2 above may be carried out using computer or manual procedures with procedures such as to ensure compliance with the relevant regulations in force.

Within our organization, data may only be known by specifically authorized and educated individuals.

Data Controller

The Data Controller is My Tours in Rome, a Bellarome Ltd. Company, 1010 Cambourne Business Park, Cambourne, Cambridge, CB23 6DP (United Kingdom).

  • ABTA Member: n.:Y6277
  • ATOL licence (n.: T7347)
  • Member of Travel Trust Association (n.: U7789)
  • Registered Company in England and Wales, n.:6911233.

The person in charge (D.P.O. – Data Protection Officer) for My Tour in Rome is Mr. Giuseppe Filograsso.

Table of Contents.


  • Personal Data – any information relating to an identified or identifiable natural person.
  • Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
  • Data subject – a natural person whose Personal Data is being processed.
  • Child – a natural person under 16 years of age.
  • We/us (either capitalized or not) – My Tours in Rome

Data Protection Principles.

We are committed to follow these data protection principles:

  • Data Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you information regarding Processing upon request.
  • Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
  • Processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
  • Processing is limited with a time period. We will not store your personal data for longer than needed.
  • We will do our best to ensure the accuracy of data.
  • We will do our best to ensure the integrity and confidentiality of data.

Data Subject’s rights.

According to the European Union’s General Data Protection Regulation 2016/679, or GDPR, you have rights in relation to the personal information we hold about you.

We set out below an outline of those rights and how to exercise those rights.

Please note that we will require you to verify your identity before responding to any requests to exercise your rights by providing details only known to the account holder.

To exercise any of your rights, please visit our Privacy Center. Please note that for each of the rights below we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.


You have the right to know whether we process personal information about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.


You have the right to receive a subset of the personal information you provide us if we process it on the legal bases of our contract with you or with your consent in a structured, commonly used and machine-readable format and a right to request that we transfer such personal information to another party.

If you wish for us to transfer the personal information to another party, please ensure you detail that party and note that we can only do so where it is technically feasible.

We are not responsible for the security of the personal information or its processing once received by the third party.


You have the right to require us to correct any personal information held about you that is inaccurate and have incomplete data completed.

Where you request correction, please explain in detail why you believe the personal information we hold about you to be inaccurate or incomplete, so that we can assess whether a correction is required.

Please note that while we assess whether the personal information we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.


You may request that we erase the personal information we hold about you in the following circumstances:

  • where you believe it is no longer necessary for us to hold the personal information;
  • we are processing it on the basis of your consent and you wish to withdraw your consent;
  • we are processing your data on the basis of our legitimate interest and you object to such processing;
  • you no longer wish us to use your data to send you marketing; or,
  • you believe we are unlawfully processing your data.

Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.


You have a right to require us to stop processing the personal information we hold about you other than for storage purposes in the following circumstances:

  • You believe the personal information is not accurate for the period it takes for us to verify whether the data is accurate;
  • We wish to erase the personal information as the processing we are doing is unlawful but you want us to simply restrict the use of that data;
  • We no longer need the personal information for the purposes of the processing but you require us to retain the data for the establishment, exercise or defense of legal claims; or,
  • You have objected to us processing personal information we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal information while we determine whether there is an overriding interest in us retaining such personal information.


You have the right to object to our processing of data about you and we will consider your request.

Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.

You also have the right, at any time, to object to our processing of data about you in order to send you marketing, including where we build profiles for such purposes and we will stop processing the data for that purpose.


Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time by visiting the Privacy Center.

Data we gather.

We tend to limit the Personal Data gathering to the minimum information necessary to provide our service.

We also look for your consent to maintain a legal and transparent Provider/Customer relationship.

The less personal data we collect, the less impact of possible data breaches.

We don’t collect sensitive personal data, such as information about ethnic origin, political opinions, religious or philosophical beliefs, or genetic or biometric data.

A) Information you provided us.

This might be your:

  • e-mail address,
  • name,
  • chosen holidays package,
  • testimonials,
  • billing address,
  • home address,
  • telephone number,
  • any other information that is necessary for delivering you our services, or to enhance your customer experience with us.

We save in our website database the information you provide us with, in order for you to comment or perform other activities on the website.

This information includes, for example, your name, e-mail address, testimonials and your chosen holidays package.

B) Information automatically collected about you.

Data relating to your online activity on our websites with respect to our Services, including the following:

  • IP address
  • browser type and version
  • geographic location
  • pages you view
  • how you got to our Services and any links you click on to leave our Services
  • when you update your information, communicate with us, or order new Services
  • metadata about your use and your contacts’ use of our Services and your emails you send (including clicks and opens)
  • your interactions with any videos we offer
  • issues you encounter requiring our support or assistance
  • any device or other method of communication you use to interact with the Services.

We store this data we collect in a variety of places within our infrastructure, including system log files, back end databases and analytics systems.

When you use our services or look at the contents of our website, your activities may be logged.

C) Information from our mother Company, or other partners.

We don’t gather information from other partners.

From time to time, we might share information with our mother Company, Bellarome Ltd., for operational and administration purposes, with confirmation that they have legal grounds to share that information with us.

This is either information you have provided them directly with, or that they have gathered about you on other legal grounds.

D) Social Media

  • Information from third party social networking sites, including information that social networking sites provide to us if you use your credentials at such social networking sites to log into our Service (such as your name and email address to pre-populate our sign-up form).
  • The information you allow us to access varies by social networking site, and depends on the level of privacy settings you have in place at the social networking site. You can control and find out more about these privacy settings at the applicable social networking site.

E) Publicly available information.

We might gather information about you from publicly available sources.

How we use your Personal Data

We use your Personal Data to:

  • provide our service to you. This includes, for example, registering your account; providing you with other services you have requested; providing you with promotional items at your request and communicating with you in relation to those services; communicating and interacting with you; and notifying you of changes to any services.
  • enhance your customer experience;
  • fulfill an obligation under law or contract;
  • Send you special offers and promotional messages;

We use your Personal Data on legitimate grounds and/or with your Consent.

On the grounds of entering into a contract or fulfilling contractual obligations, we process your Personal Data for the following purposes:

  • to identify you;
  • to provide you the holidays services you required;
  • to communicate for holidays planning, sales and invoicing;
  • to send you tickets of booked holidays services (flight, hotels, transfers, entrances, local tours, restaurants, etc.);
  • to provide you any assistance during your holidays;
  • to provide you after market assistance;

On the ground of legitimate interest, we might ask your consent to process your Personal Data for the following purposes:

  • to send you personalized offers;
  • to administer and analyze our client base (purchasing behavior and history) in order to improve the quality, variety, and availability of services offered and/or provided;
  • to conduct questionnaires concerning client satisfaction;
  • to let you, as a client, write about your holidays experience (testimonials);
  • to offer you services that are similar to your purchasing history/browsing behavior as our legitimate interest.
  • to send you newsletters and campaign offers (from us only);
  • for other purposes we have asked your consent for;

We might process your Personal Data in order to fulfill obligation rising from law and/or use your Personal Data for options provided by law.

We reserve the right to anonymize the gathered Personal Data, and to use any such data.

We will use data outside the scope of this Policy, only when it is anonymized.

We save your billing information and other gathered information about you for as long as needed for accounting purposes, or other obligations deriving from the Law, but not longer than the strictly required time lapse.

We might process your Personal Data for additional purposes that are not mentioned here, but are compatible with the original purpose for which the data was gathered.

To do this, we will ensure that:

  • the link between purposes, context and nature of Personal Data is suitable for further processing;
  • the further processing would not harm your interests;
  • there would be appropriate safeguard for processing.

We will inform you of any further processing and purposes.

Who else can access your Personal Data

We do not share, or sell, your Personal Data with/to third parties Companies.

Unless they belong to our business chain, and strictly limited to provision of the booked services.

Personal Data about you is in some cases provided to our operating partners within our mother Company, in order to provide you the services you required, or to enhance your experience as customers.

We might share your data with:

  • Our processing partner (Mother Company): Bellarome Ltd., 1010, Cambourne Business Park, Cambourne, Cambridge, CB23 6DP (United Kingdom);
  • Our business partners, strictly for the purpose of booking and providing you the holidays services you required:
    • Airlines,
    • Accommodations,
    • Restaurants,
    • Transfer Companies,
    • Coach Companies,
    • Railways,
    • Local Tours providers,
    • Entertainments tickets providers,
    • Any further provider whose holidays services you asked us to book.
  • Connected third parties: so far, we are not connected with third parties. Therefore, we don’t share your Personal Data with anyone. In the future, we might work with processing partners who are able to ensure adequate level of protection to your Personal Data.

We disclose your Personal Data to third parties or public officials when we are legally obliged to do so.

We might disclose your Personal Data to third parties if you have consented to it, or if there are other legal grounds for it.

How we secure your data

We are committed to keep your Personal Data safe.

Our hosting service (Bluehost.com, by The Endurance International Group, Inc.) saves data in the United States. Please, refer to their Privacy Policy page: https://www.endurance.com/privacy/privacy.

From our part, we have implemented in our website the following best practices to safeguard Personal Data:

  • Safe protocols for communication and transferring data (such as HTTPS).
  • Anonymising and pseudonymising, where suitable.
  • Constant monitor our systems for possible vulnerabilities and attacks.
  • Passive protections from attacks attempts and hackering activities. In particular, we have implemented security plugins like BulletProof Security (this plugin acts as a Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam & much more), and Worldfence, as an effective firewall to prevent force-brute attacks.
  • Periodical change of long-tail access password to the admin dashboard, to prevent unauthorized access.
  • A reCAPTCHA service to protect your data from spamming and abuse activities via automatic bots.

Even though we try our best, we can not guarantee the security of information.

However, we are committed to notify suitable authorities of data breaches.

We are also committed to notify you if there is a threat to your rights or interests.

We are committed to do everything we reasonably can, to prevent security breaches and to assist authorities should any breaches occur.

If you have an account with us, note that you have to keep your username and password secret. Please, never provide your login data to anyone.


We do not intend to collect or knowingly collect information from children.

We do not target children with our services.

Cookies and other technologies we use

We use cookies and/or similar technologies to analyze customer behavior, administer the website, track users’ movements, and to collect information about users.

This is done in order to personalize and enhance your experience with us.

A cookie is a tiny text file stored on your computer.

Cookies stored information is necessary to make our website work.

We can only access the cookies created by our website.

You can control cookies at your browser level.

Choosing to disable cookies may hinder your use of certain functions.

We use cookies for the following purposes:

A) Necessary cookies – these cookies are required for you to be able to use some important features on our website, such as logging in. These cookies don’t collect any personal information. Among them:

  • Technical Cookies:
    • wordpress_test_cookie
    • wordpress_logged_in_
    • wprdpress_sec
  • WooCommerce: We are planning to use WooCommerce as the ecommerce platform in the near future. During the purchasing process and the Cart, the system will store two operating cookies. These cookies are strictly necessary and cannot be deactivated:
    • woocommerce_cart_hash
    • woocommerce_items_in_cart
  • Cloudflare: For performance reasons, we use Cloudflare as a Content Delivery Network (CDN). Consequently, this saves the “_cfduid” cookie to apply the security settings for all clients. This is a strictly necessary cookie for all the Cloudflare security functionalities, and cannot be deactivated.
    • _cfduid

B) Functionality cookies – these cookies provide functionality that makes using our service more convenient and makes providing more personalized features possible. For example, they might remember your name and e-mail in comment forms, so you don’t have to re-enter this information next time when commenting.

C) Analytics cookies – these cookies track the use and performance of our website and services. These cookies allow us to count visits and the sources of traffic in order to measure and enhance our site performances. As many other websites, we use Google Analytics services, which store information in the following cookies:

    • _ga
    • _gid
    • _gat

Google has its own Privacy Policy. Moreover, you can also refer to Google Analytics’ data practices and commitment to protecting the confidentiality and security of data. If you’d like to opt out of tracking by Google Analytics, please visit the Google Analytics opt-out page.

D) Advertising cookies – these cookies are used to deliver advertisements that are relevant to you and to your interests. In addition, they are used to limit the number of times you see an advertisement.

They are usually placed to the website by advertising networks with the website operator’s permission.

These cookies remember that you have visited a website and this information is shared with other organizations such as advertisers.

Quite often, targeting or advertising cookies will be linked to site functionality provided by the other organization.

  • AdWords by Google: we use AdWords to monitor conversations through Google Clic.
  • Google Tag Manager: we use Google Tag Manager to monitor our site traffic and to help us test new functionalities.
  • Facebook Pixel: we use Facebook to track connections to social media channels
    • m_pixel_ratio
    • presence
    • sb
    • wd
    • xs
    • fr
    • tr
    • c_user
    • datr

You can remove cookies stored in your computer via your browser settings.

These next links allow you to control cookies, through browsers settings.

Please note that disabling cookies in your browser will have effects to all the sites you’ll visit.

Alternatively, you can control some 3rd party cookies by using a privacy enhancement platform such as optout.aboutads.info or youronlinechoices.com.

For more information about cookies, visit allaboutcookies.org.

Theme and Plugins

This website uses the “Travel Agency” theme by RARA THEMES, in order to offer the best user experience, thanks to all its funtionalities, and to give the included information a better usability.

To further enhance our website functionalities, we use small programs for specific purposes, called plugins. Some of them may collect Personal Data. Herewith, the policies they follow.

EWWW Image Optimizer

When we receive images from visitors use the API or ExactDN, those images may be transmitted to third-party servers in foregin countries.

If Backup Originals is enabled, images are stored for 30 days.

Otherwise, no images are stored on the API for longer than 30 minutes.

API Text: User-submitted images may be transmitted to image compression servers in the United States and stored there for up to 30 days.

ExactDN Text: User-submitted images that are displayed on this site will be transmitted and stored on a global network of third-party servers (a CDN).


Smush does not interact with end users on this website.

The only input option Smush has is to a newsletter subscription for site admins only.

Smush sends images to the WPMU DEV servers to optimize them for web use.

This includes the transfer of EXIF data. The EXIF data will either be stripped or returned as it is. It is not stored on the WPMU DEV servers.

Smush uses the Stackpath Content Delivery Network (CDN).

Stackpath may store web log information of site visitors, including IPs, UA, referrer, Location and ISP info of site visitors for 7 days.

Files and images served by the CDN may be stored and served from countries other than your own.

Stackpath’s privacy policy can be found here.

Smush uses a third-party email service (Drip) to send informational emails to the site administrator.

The administrator’s email address is sent to Drip and a cookie is set by the service.

Only administrator information is collected by Drip.


We collect information about you during the checkout process on our store.

This information may include, but is not limited to, your name, billing address, shipping address, email address, phone number, credit card/payment details and any other details that might be requested from you for the purpose of processing your orders.

Handling this data also allows us to:

  • Send you important account/order/service information.
  • Respond to your queries, refund requests, or complaints.
  • Process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests.
  • Set up and administer your account, provide technical and/or customer support, and to verify your identity.

Additionally we may also collect the following information:

  • Location and traffic data (including IP address and browser type) if you place an order, or if we need to estimate taxes and shipping costs based on your location.
  • Product pages visited and content viewed while your session is active.
  • Your comments and product reviews if you choose to leave them on our website.
  • Account email/password to allow you to access your account, if you have one.

If you choose to create an account with us, your name, address, and email address, which will be used to populate the checkout for future orders.


Bootstrapped Ventures, the developer of WP Ultimate Recipe, does not have access to any of the data collected by the plugin. This is all stored in the local database.

What personal data is stored in the local database and why we collect it

Cookies. When user ratings are enabled, we store a WPURP_User_Voted_%recipe% cookie (with %recipe% the ID of the recipe) that contains the rating this user has given to a particular recipe. This cookie is used as (one of the) measures to prevent rating spam.

When the User Menus feature is enabled, we store WPURP_Shopping_List_Recipes_v2, WPURP_Shopping_List_Servings_v2 and WPURP_Shopping_List_Order_v2 cookies to be able to show the same shopping list to a guest on later visit. This does not contain any personal data.

When the Meal Planner feature is enabled, we store WPURP_Meal_Plan_ID and WPURP_Meal_Plan_ID_%id% cookies to be able to show the same meal plan to a guest on later visit. This does not contain any personal data.

IP Address. When user ratings are enabled we store the IP address upon voting. This is used as (one of the) measures to prevent rating spam.

Their own manually input information. With the User Submission feature personal data can be collected, depending on the fields that were added to the form. This can include the user email and name.

Third party embeds. When enabling the share buttons or any of our partner integrations you will be including their code on your website.

By doing so you’re agreeing to their Terms of Use and Privacy Policy.

For the share buttons this can be Twitter, Facebook, Google+, Pinterest, StumbleUpon and LinkedIn.

For partners integrations the plugin uses MediaVine, AdThrive, BigOven, Food Fanatic, Yummly and Chicory. All can disabled on the settings page.

Fonts in the recipe templates will be loaded from the Google Web Font API (fonts.googleapis.com) unless changed in the Template Editor. You will be agreeing to their Terms of Use and Privacy Policy.

How long we retain your data. Our cookies are stored for 30 days.

User submitted data is stored indefinitely in the local database.

We collect information about visitors who comment on Sites that use our Akismet anti-spam service.

The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).


We collect information about visitors who comment on Sites that use our Akismet anti-spam service.

The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).


BPS has a GDPR Compliance Setup Wizard Options setting, which allows someone to turn IP address logging On or Off throughout all BPS plugin features by choosing the GDPR Compliance On option setting on the Setup Wizard Options page.

BPS Features affected: Security Logging, Login Security Logging, and Maintenance Mode Logging.

DPO Contact Information

My Tours in Rome (Mr. Giuseppe Filograsso)

Tel.: +39 06 92949604 (Rome Office)

Email: info@www.mytoursinrome.com

Supervisory Authority

Changes to this Privacy Policy

We reserve the right to modify this privacy policy at any time, so please review it frequently.

If we decide to change this privacy policy in any material way, we will notify you here, by email, or by means of a notice on www.mytoursinrome.com.

In all cases, your continued use of any Services constitutes acceptance to any such changes.

Last modification was made on 23rd September 2018.

Logo My Tours in Rome 150x150


Our site uses profiling and marketing cookies, also from third parties, to send you advertising messages in line with your preferences.


Pursuant to EU Regulation n.679/2016 (GDPR), you can accept or refuse every single cookie, as it is clearly described in the pop up menu accessing to the site, or in the "Privacy Policy" page.


If you continue to browse or access other items below this banner, you consent to the use of cookies.


Privacy Settings

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. Control your personal Cookie Services here.

These cookies are necessary for the website to function and cannot be switched off in our systems.

In order to use this website we use the following technically required cookies
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

For perfomance reasons we use Cloudflare as a CDN network. This saves a cookie "__cfduid" to apply security settings on a per-client basis. This cookie is strictly necessary for Cloudflare's security features and cannot be turned off.
  • __cfduid

Decline all Services
Accept all Services
Copy Protected by Chetan's WP-Copyprotect.