Privacy Policy
Journey Buddies Privacy Statement Pursuant to Articles 13 and 14 of the Regulation (EU) 2016/679…
Journey Buddies Privacy Statement
Pursuant to Articles 13 and 14 of the Regulation (EU) 2016/679 (“GDPR”) and applicable Italian legislation, this statement describes the processing of personal data of users who interact with the site Journey Buddies (the “Platform”).
Data Controller
Creattivo Communication by Massimiliano Parolin
VAT: 04149140230REAA: VR-396283
Registered office: Via Aeroporto Berardi 106, 37139 Verona (VR), Italy
Telephone: +39 045 5116560
General email: diego.ramirez.14@journey-buddies.invalid
PEC: privacy@journey-buddies.com
The Data Controller manages the Platform and determines the purposes and means of the processing of personal data.
Types of processed data
- Identification and contact data: username, email, eventual name and surname, city, date of birth, phone number (if provided), IP address.
- Profile data: biography, profile picture, languages, preferences and travel interests.
- Travel data: proposals and requests for participation, destinations, dates, descriptions, status of requests, history participations.
- User-generated content: messages, group chats, travel stories, pictures, reviews and reviews.
- Technical data and use: access logs, user agents, pages visited, actions carried out, cookies and technical identifiers necessary.
- Safety data: Credentials (cited passwords), tokens, sessions, security events.
- Payment data (future developments): managed through certified providers, without access of the Owner to the complete data of the cards.
Purposes and legal basis of treatment
- Service delivery (registration, account management, matching between travellers, messaging, content publication): execution of pre-contractual and/or contractual measures (Art. 6.1.b GDPR).
- Moderation and safety (prevention of abuse, anti-fraud, community protection, compliance with the Terms of Use): legitimate interest (Art. 6.1.f GDPR).
- Improvement of Platform (use measurement, UX and functionality development through non-essential tools): consent (Art. 6.1.a GDPR), revoked at any time.
- Promotional communications (newsletter, personalized tips, news): consent (Art. 6.1.a GDPR) freely revoked.
- Actuals (fixes, accounting, requests of the Authority): Legal obligation (Art. 6.1.c GDPR).
Methods of treatment and safety measures
- Processing through computer systems and telematics, with profiled and tracked access.
- Protection of communications with HTTPS protocol; password stored with robust hashing algorithms.
- Prevention of major application vulnerabilities, anti-CSRF token management, logging systems and reasonable backups.
Nature of bestowal
The data required for registration and use of essential features are mandatory; failure to provide prevents the use of the Platform. Other data are optional but can improve the user experience (e.g. more accurate matching).
Communication and data recipient
- Public viability on Platform: username, profile photo (if approved), bio, trips created/published, stories and reviews.
- Other users: private messages and chats are visible only to participants; email/phone are shared only if the user decides to do so.
- Suppliers (responsible for processing): hosting, sending email, maintenance, analytics in aggregate/anonymized form, payments (if activated). Reports governed by agreements ex art. 28 GDPR.
- Authority: where required by law or to protect rights in court.
Extra transfers EU
If some suppliers or systems reside outside the European Economic Area, the transfer will take place in accordance with Articles 44 of the GDPR, e.g. through Standard Contractual Clauses of the European Commission and additional safeguard measures, where necessary. Up-to-date information on transfers is available on request.
Storage times
- Accounts and profile data: for the duration of the account; cancellation on request or after 24 months of inactivity.
- Content (Travels, stories, reviews): up to removal from the user or deletion of the account; alternatively they may be anonymous.
- Safety technical logs: 12 months (except for additional requirements in case of accidents or legal obligations).
- Administrative and accounting data: 10 years under law.
Rights of interested parties
You may exercise the rights provided for in Articles 15–22 GDPR: access, rectification, cancellation, limitation, portability, opposition, withdrawal of consent (where applicable). You can also lodge a complaint with the Data Protection Authority.
How to exercise rights
For privacy requests: send an email to privacy@journey-buddies.com or a PEC a privacy@journey-buddies.com. The Data Controller will respond within 30 days, unless prorogated in cases provided by the GDPR.
Minors
The Platform is not intended for under 16 years (or at least different age provided by local law). In case of unconformed use, the Data Controller will delete the data that has just come to know the registration.
Cookies and similar technologies
- Technical/necessary cookies: for authentication, session and security.
- Analytical cookies: possibly in aggregate/anonymized form, without individual tracking.
- Profiling cookies: used only after explicit consent. More details in the Cookie Policy.
Preferences are manageable via the banner and the appropriate settings page.
Moderation, accountability and content of users
- Users are responsible for the published content and information provided.
- The publication of illicit content or rights of third parties is prohibited.
- The Data Controller may remove or obscure reported content and, in serious cases, suspend accounts.
- The Platform facilitates the meeting between travellers but does not physically organize the travels of users or assumes responsibility for activities carried out outside the Platform.
Automated decisions and profiling
Decisions based solely on automated treatments that produce legal effects on the user or significantly affect his person, without adequate guarantees. Any custom suggestions (e.g. related trips) are based on preferences and interactions and are disabled by revoking marketing consent.
Contact data of the supervisory authority
Guarantee for Personal Data Protection
Piazza Venezia, 11 – 00187 Rome – Italy
Web: www.garanteprivacy.it – Email: hello@journey-buddies.com – PEC: privacy@journey-buddies.com – Tel. (+39) 06.696771
D
A Data Protection Officer (DPO) has not been appointed, as the conditions laid down in Article 37 GDPR do not apply.
Information updates
The Data Controller may change this information to adapt it to regulatory or technical developments. Substantial changes will be communicated appropriately. Last update: 10 November 2025.
Notes of transparency on data of the Data Controller
The identification references of the Data Controller (social name, VAT, contact details) are published on the company website and on public/official databases.
- Company name and VAT on the website: I think it’s… it.
- Public contacts (phone, email): page “Contact us” of the site.
- Chamber data (VAT, REA, headquarters): business data banks and visures.
Cookie, measurement and preferences
The necessary cookies support access, security and required functions. Non-essential measurement is activated only after consent and includes pseudonymized internal statistics and Google Analytics 4, provided by Google Ireland Limited. The consent can be refused or revoked without limiting the service through the “Review cookie choices” command in the footer.
Google can process technical and usage data according to Analytics settings and its own privacy policy. Any international transfers are managed according to the applicable guarantees defined in the relationship with the supplier. Cookies, durations and revocation modes are described in Cookie Policy.
Community, profiles and internal messages
When registering, you can choose optionally if you make the profile available in the Community by other authenticated users. If you accept, the name or chosen public name is shown; if it is missing, we show the name and initial name of the surname. Only after an explicit and revoked choice can full name and surname be shown. Photos approved, biography, city, can also be shown Travel preferences, interests and reliability signals available. Email and phone are not shown in the directory.
Subscribers can search for profiles for preferences and send personal messages through the dashboard. The text of the messages remains accessible to participants in the conversation and is treated to provide the service, prevent abuse and manage reports. Notice emails do not include message content.
You can immediately hide the profile from the settings. The revocation removes the profile from the results but does not automatically delete the conversations already started; you can block a user from the conversation or exercise the rights described in this statement.