The Data Controller is IHE Tour Operator S.r.l. (Tax Code and VAT number 10599040960) with its registered office at 20145, Milan, Via Vincenzo Monti No. 57/4, reachable at the email address:


Browsing data: These are data automatically acquired by the computer systems during the use and navigation of the site. This information (such as IP addresses, browser information, or the device used by the user) is collected and used exclusively to obtain anonymous statistical information to verify the correct functioning of the site, and is deleted immediately after processing.

Personal data provided by the user: In order to respond to user requests, the site collects data voluntarily entered by users. Specifically, names, email addresses, and possibly phone numbers. The user is free to provide or not provide the personal data requested by the site; it is understood that failure to provide or partially provide the data may result in the inability to obtain the requested services. The Data Controller does not process sensitive data or data belonging to special categories under Art. 9 GDPR. Such data, if necessary for the execution of the service requested by the user, are collected and processed directly by third parties without transiting through the Data Controller’s servers.

Cookies: These are files sent by the website to users and are used exclusively to store information related to the user’s active session and the site. If the user prefers not to receive cookies or wishes to be informed beforehand, they can modify their browser settings. To view the complete cookie policy, click here.


Users’ personal data are processed exclusively with IT tools, for the time strictly necessary for the purpose for which they were collected. Specific security measures are adopted to maintain the integrity of the collected data, prevent data loss and illicit use, and avoid unauthorized access.


User data will be used for the following purposes:

  1. Management of user contacts and communications.
  2. Newsletter service.
  3. Proper performance of the service by the Data Controller.
  4. Site navigation and processing of anonymous statistics.
  5. Fulfillment of legal or administrative obligations related to the site’s activities.
  6. Possible protection of the rights of the Data Controller or third parties.

The legal basis for the lawfulness of processing for the above activities is as follows (cf. Art. 6 para. 1 Reg. EU No. 679/2016 or GDPR):

  1. For the purposes listed in points 1 and 2: “consent of the data subject” pursuant to Art. 6, para. 1, lett. a) GDPR;
  2. For the purposes listed in points 3 and 4: “performance of a contract to which the data subject is party” pursuant to Art. 6, para. 1, lett. b) GDPR;
  3. For the purposes listed in points 5 and 6: “compliance with a legal obligation to which the Data Controller is subject” pursuant to Art. 6, para. 1, lett. c) GDPR.


The processing of data collected by this site takes place at the headquarters of the Data Controller or on servers owned by third parties within the EU, and is carried out only by personnel authorized to process it.


Personal data are not disseminated but may be communicated to third parties to allow the correct performance of the service requested by the user. In particular, data may be communicated to entities to which communication is mandatory to comply with specific legal obligations, or to entities providing services instrumental to the activities of the Data Controller (such as OLTA, suppliers, consultants, professional firms). In this case, third parties are appointed as Data Processors pursuant to Art. 28 Reg. EU No. 679/2016.


Personal data are processed and retained only for the time required by the purpose for which they were collected, in compliance with applicable regulations.


At any time, the user may exercise the rights under Art. 15 and following of Reg. EU No. 679/2016. The user can request access to their personal data and information related to it; the correction of inaccurate data or the completion of incomplete data; the deletion or restriction of the processing of personal data concerning them; object at any time to the processing of personal data under specific circumstances; withdraw consent at any time, limited to cases where processing is based on consent: processing based on consent and carried out before its withdrawal retains its lawfulness.

Requests can be addressed to the Data Controller at the email address

It is also possible to lodge a complaint with a supervisory authority, such as the Italian Data Protection Authority (

Date of publication: 14 May 2024

Last modified: 16 May 2024

My Agile Privacy
This website uses technical and profiling cookies. Clicking on "Accept" authorises all profiling cookies. Clicking on "Refuse" or the X will refuse all profiling cookies. By clicking on "Customise" you can select which profiling cookies to activate.