Accedi Registrati

Privacy Policy

Privacy Policy of Journey-Buddies.com Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”)…

Privacy Policy of Journey-Buddies.com

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) and applicable Italian law, this privacy notice describes how personal data of users interacting with the Journey-Buddies.com website (the “Platform”) is processed.

Data Controller

Creattivo Communication by Massimiliano Parolin

VAT No.: 04149140230
REA: VR-396283
Registered office: Via Aeroporto Berardi 106, 37139 Verona (VR), Italy
Phone: +39 045 5116560
General email: info@cre-attivo.it
PEC: massimiliano.parolin@pec.it

The Data Controller manages the Platform and determines the purposes and means of personal data processing.

Types of Data Processed

  • Identification and contact data: username, email, optional full name, city, date of birth, phone number (if provided), IP address.
  • Profile data: biography, profile picture, languages, travel preferences and interests.
  • Travel-related data: travel proposals, participation requests, destinations, dates, descriptions, request status, participation history.
  • User-generated content: messages, group chats, travel stories, images, reviews and ratings.
  • Technical and usage data: access logs, user agent, visited pages, actions performed, cookies and necessary technical identifiers.
  • Security data: credentials (encrypted passwords), tokens, sessions, security events.
  • Payment data (future developments): managed by certified providers; the Controller does not access full card details.

Purposes and Legal Bases for Processing

  • Service provision (registration, account management, traveler matching, messaging, content publication): performance of a contract or pre-contractual measures (Art. 6.1.b GDPR).
  • Moderation and security (abuse prevention, anti-fraud, community protection, compliance with Terms of Use): legitimate interest (Art. 6.1.f GDPR).
  • Platform improvement (aggregated/anonymous statistical analysis, UX optimization, feature development): legitimate interest (Art. 6.1.f GDPR).
  • Promotional communications (newsletter, personalized travel suggestions, updates): consent (Art. 6.1.a GDPR).
  • Legal compliance (tax, accounting, authority requests): legal obligation (Art. 6.1.c GDPR).

Processing Methods and Security Measures

  • Use of IT and digital systems with profiled and tracked access control.
  • HTTPS-secured communications; passwords stored using strong hashing algorithms.
  • Prevention of major application vulnerabilities, anti-CSRF systems, logging and regular backups.

Nature of Data Provision

Data required for registration and core functionality is mandatory; without it, the Platform cannot be used. Optional data enhances the user experience (e.g., more accurate matchmaking).

Data Communication and Recipients

  • Public visibility on the Platform: username, profile picture (if approved), bio, published trips, stories and reviews.
  • Other users: private messages and chats are visible only to participants; email/phone are shared only if the user chooses to disclose them.
  • Service providers (data processors): hosting, email delivery, maintenance, anonymized analytics, payment services (if enabled). Regulated by Art. 28 GDPR agreements.
  • Authorities: when required by law or to protect rights in legal contexts.

International Data Transfers

If certain providers operate outside the EEA, transfers occur according to GDPR Articles 44 et seq., including Standard Contractual Clauses and additional safeguards where required. Updated information is available upon request.

Data Retention

  • Account and profile data: kept for the duration of the account; deleted upon request or after 24 months of inactivity.
  • User content (trips, stories, reviews): retained until removed by the user or account deletion; alternatively anonymized.
  • Security logs: 12 months (longer if incidents or obligations require).
  • Administrative/accounting data: 10 years as required by law.

User Rights

Users may exercise rights under Articles 15–22 GDPR: access, rectification, deletion, restriction, portability, objection, withdrawal of consent (where applicable). Users may also lodge complaints with the Data Protection Authority.

How to Exercise These Rights

For privacy requests: email privacy@cre-attivo.it or send a PEC to massimiliano.parolin@pec.it. The Controller will reply within 30 days, unless GDPR extensions apply.

Minors

The Platform is not intended for users under 16 years of age (or the local minimum age). If minors are found to be using the service, the Controller will delete their data as soon as discovered.

Cookies and Similar Technologies

  • Technical cookies: for authentication, sessions and security.
  • Analytics cookies: possibly aggregated/anonymous, without tracking individuals.
  • Profiling cookies: used only with explicit consent. See the Cookie Policy for details.

Preferences can be managed through the cookie banner and dedicated settings page.

Moderation, Liability and User Content

  • Users are responsible for all content they publish.
  • Unlawful or rights-infringing content is prohibited.
  • The Controller may hide or remove reported content and, in serious cases, suspend accounts.
  • The Platform connects travelers but does not organize trips nor assumes responsibility for activities outside the Platform.

Automated Decisions and Profiling

No decisions are made based solely on automated processing that produce legal effects or significantly impact users without safeguards. Personalized suggestions (e.g., compatible trips) are based on interactions and may be disabled by withdrawing consent.

Supervisory Authority

Italian Data Protection Authority (Garante per la Protezione dei Dati Personali)
Piazza Venezia, 11 – 00187 Rome – Italy
Website: www.garanteprivacy.it
Email: garante@gpdp.it
PEC: protocollo@pec.gpdp.it
Tel. (+39) 06.696771

DPO

No Data Protection Officer (DPO) has been appointed, as the conditions under Art. 37 GDPR do not apply.

Policy Updates

The Controller may update this policy to reflect regulatory or technical changes. Significant updates will be communicated. Last update: November 10, 2025.

Transparency Notes

The Controller’s identifying information (company name, VAT number, contacts) is available on the corporate website and official public registries.

  • Company website: cre-attivo.it
  • Public contacts: see the “Contact Us” page.
  • Official business registry data: public databases and filings.