Privacy Policy

Effective Date: May 12, 2025
Last updated: March 13, 2026

Farm in Tuscany is a travel brand operated by SAB di Seif Allah Bibari, the legal entity that manages this website and the related services made available through www.farmintuscany.com

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website, contact us, request information, make a booking, or otherwise interact with our services.

This Privacy Policy applies only to www.farmintuscany.com and to the services offered through it. It does not apply to third party websites or services that may be linked from our website.

1. Data Controller

SAB di Seif Allah Bibari
Address: Viale Spartaco Lavagnini 70/72
50129 Florence (FI), Italy
Email: [email protected]
VAT number: IT07456810485

2. Categories of Personal Data We Collect

We may collect the following categories of personal data:

a. Data you provide directly

When you contact us, request information, or make a booking, we may collect:

  • name
  • email address
  • phone number
  • booking details
  • billing details
  • travel preferences or special requests
  • any information you include in messages, forms, or emails

b. Booking and transaction data

When you book an experience, we may collect or receive information necessary to manage the reservation, such as:

  • selected experience
  • date and time of booking
  • number of participants
  • booking reference
  • status of the reservation
  • payment status
  • refund or cancellation details, where applicable

c. Payment data

Payments are processed through third party payment providers, including Stripe. We do not store full payment card details on our own servers. We may receive limited transaction details necessary to confirm payment, manage the booking, prevent fraud, process refunds, and comply with accounting obligations.

d. Technical and usage data

When you browse our website, certain data may be collected automatically, including:

  • IP address
  • browser type and version
  • operating system
  • device information
  • referring pages
  • pages visited
  • date and time of access
  • request and response data
  • server log information

e. Cookie and similar technology data

We use cookies and similar technologies to operate the website, store your preferences, record consent choices, measure usage, and, where enabled and permitted, support third party features. More details are available in our Cookie Policy.

3. Purposes of Processing and Legal Bases

We process personal data for the following purposes:

 a. To respond to inquiries and requests

We use your personal data to answer messages, provide information, and handle pre booking communications.

Legal basis: pre contractual steps taken at your request.

b. To manage bookings and deliver services

We use your personal data to process reservations, send confirmations, manage changes or cancellations, coordinate with suppliers where necessary, and provide customer support.

Legal basis: performance of a contract and pre contractual measures taken at your request.

c. To process payments and prevent fraud

We use limited transaction related data to confirm payments, handle refunds, reduce fraud risk, and maintain accurate records.

Legal basis: performance of a contract, compliance with legal obligations, and legitimate interest in fraud prevention and business security.

d. To operate, maintain, and secure the website

We use technical and usage data to ensure website functionality, diagnose technical issues, prevent abuse, monitor performance, and protect our systems.

Legal basis: legitimate interest in website administration, continuity, and security.

e. To comply with legal and regulatory obligations

We may process personal data to meet obligations under tax, accounting, consumer protection, data protection, or other applicable laws.

Legal basis: compliance with legal obligations.

f. To send marketing communications

Where permitted by law and where required on the basis of your consent, we may send newsletters, promotional messages, or updates about our services.

Legal basis: consent, where applicable, or legitimate interest where lawfully permitted.

You may withdraw consent or object to marketing communications at any time.

4. Sources of Personal Data

We collect personal data:

directly from you

from your communications with us

from booking and payment service providers involved in the reservation flow

automatically through website logs, cookies, and similar technologies

5. Recipients of Personal Data

We may share personal data with categories of recipients that are necessary to operate our business and services, including:

  • internal staff and authorized collaborators
  • hosting and infrastructure providers, including AWS
  • local partners or service providers involved in delivering the booked experience, where necessary
  • booking software providers, including Regiondo GmbH
  • payment service providers, including Stripe, where payments are processed through the booking system
  • consent management providers, including Complianz
  • professional advisers, where necessary
  • public authorities, regulators, courts, or law enforcement bodies where disclosure is required by law

Where required, these providers process personal data under contractual arrangements and only to the extent necessary for the relevant service.

6. Booking and Payment Providers

We use Regiondo as our booking system provider to manage reservations, booking workflows, confirmations, and related operational processes.

Online payments made through our booking flow are processed by Stripe through the payment functionality made available within the Regiondo system. Payment information entered during checkout is transmitted to the relevant payment provider using secure technical measures and is not stored in full on our own servers.

Where necessary, we may receive limited booking and transaction information from Regiondo and Stripe in order to manage reservations, confirm payment status, handle cancellations or refunds, provide customer support, and comply with legal or accounting obligations.

7. International Data Transfers

Some of our service providers may process personal data outside the European Economic Area. This may include infrastructure providers and payment related service providers used in connection with our website or booking flow.

In particular, our website infrastructure is hosted through AWS in the United States, and some service providers involved in booking, payments, communications, or technical support may process data in countries outside the EEA.

Where personal data is transferred outside the EEA, we rely on an appropriate legal mechanism under applicable data protection law, such as:

  • an adequacy decision, where available
  • Standard Contractual Clauses
  • another lawful transfer safeguard recognized under applicable law

Where a provider participates in the EU-U.S. Data Privacy Framework, transfers may also rely on that mechanism where applicable.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

As a general rule:

  • inquiry and contact data: up to 12 months after the last relevant contact, unless a longer period is needed for follow up, dispute handling, or legal reasons
  • booking and contract related data: up to 10 years where required for tax, accounting, or legal compliance
  • transaction and invoicing records: up to 10 years
  • technical logs are retained only for the period strictly necessary for security, troubleshooting, and legal protection, according to the actual retention settings of the infrastructure in use.
  • marketing data: until consent is withdrawn or the data is no longer needed for that purpose

Retention may be extended where necessary to establish, exercise, or defend legal claims.

9. Mandatory or Optional Provision of Data

Providing personal data for inquiries or bookings is voluntary. However, some data is necessary for us to respond to your request or complete a booking. If you do not provide the required information, we may not be able to process your request or provide the service.

Providing consent for non essential cookies and, where applicable, marketing communications is optional.

10. Your Rights

Subject to applicable law, you have the right to:

  • request access to your personal data
  • request rectification of inaccurate or incomplete data
  • request deletion of your data
  • request restriction of processing
  • object to certain processing activities
  • request portability of data where applicable
  • withdraw consent at any time where processing is based on consent

To exercise your rights, contact us at [email protected]

We may ask for information necessary to verify your identity before handling the request.

We will respond without undue delay and, in most cases, within one month of receiving the request. Where legally permitted, this period may be extended if the request is complex or if multiple requests are received.

You also have the right to lodge a complaint with the Italian Data Protection Authority:

Garante per la protezione dei dati personali
www.garanteprivacy.it

11. Minors

Our services are not intended for minors acting without the involvement of a parent or legal guardian. We do not knowingly collect personal data from minors in that context.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any updated version will be published on this page with the revised “Last updated” date.

Scroll to Top