Privacy policy.

Business name

Wildlanes EOOD
trading as
ALL ROUTES ITALY

Administration email

info@allroutesitaly.com

Effective Date: 4 March 2026

This Privacy Policy is issued by WILDLANES EOOD, trading as All Routes Italy (“Wildlanes”, “we”, “us”, “our”).

Registered Office: [Insert full registered address]
Company Registration Number: [Insert]
Email: info@allroutesitaly.com

For the purposes of the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and UK GDPR, Wildlanes EOOD is the Data Controller.

1. What Personal Data We Collect

We collect personal data in the following categories:

A. Booking & Travel Information

  • Full name

  • Date of birth

  • Gender

  • Postal address

  • Email address

  • Phone number

  • Passport details and passport scans

  • Visa documentation

  • Travel insurance details

  • Emergency contact

  • Dietary requirements

  • Height and weight (for motorcycle suitability)

  • Medical information (where voluntarily provided)

Special Category Data (Article 9 GDPR):

  • Health information

  • Disabilities

  • Food allergies

This data is processed only where necessary for contract performance or with explicit consent.

B. Financial Information

Payments are processed via PCI-DSS compliant providers (e.g., Stripe). We do not store full card details.

C. Website & Technical Data

  • IP address

  • Device type

  • Browser type

  • Cookie identifiers

  • Website usage data

  • Analytics identifiers

Collected via cookies and tracking technologies (see Cookie Policy).

D. Marketing Information

  • Name

  • Email address

  • Country

  • Travel preferences

  • Interaction history

  • Advertising engagement

E. Advertising & Custom Audience Data

We may use limited personal data (such as name, email address, phone number) to create Custom Audiences via platforms such as:

  • Google Ads (Customer Match)

  • Meta Platforms (Custom Audiences)

This allows us to show relevant advertisements to individuals who have previously interacted with us.

Before uploading:

  • Data is hashed (encrypted)

  • Only individuals with appropriate lawful basis are included

  • The platform acts as an independent data controller

  • Data is not sold

Lawful Basis:

  • Consent (where required)

  • Legitimate interest for marketing to existing customers (subject to balancing test)

You may object at any time by contacting us.

2. Legal Bases for Processing

We process data under the following lawful bases:

  • Contractual necessity (Article 6(1)(b))

  • Legal obligation (Article 6(1)(c))

  • Legitimate interests (Article 6(1)(f))

  • Consent (Article 6(1)(a))

  • Explicit consent for special category data (Article 9(2)(a))

  • Vital interests (Article 6(1)(d))

3. Profiling & Automated Processing

We may analyse your interactions with our website, marketing emails, and booking history to:

  • Segment customers

  • Deliver personalised advertising

  • Improve services

This constitutes profiling under Article 4(4) GDPR.

You have the right to object to profiling at any time.

We do not conduct automated decision-making that produces legal or similarly significant effects.

4. Marketing Communications

We send marketing communications only where:

  • You have opted in, or

  • We rely on soft opt-in under applicable ePrivacy rules.

You can unsubscribe at any time via the link in any email or by contacting us.

5. Photo & Video Usage (Corrected)

Photographs or videos taken during tours will only be used for promotional purposes where:

  • You have provided explicit consent; or

  • You have not objected following clear notice prior to filming.

You may withdraw consent at any time.

We do not rely on blanket booking consent for promotional imagery.

6. Data Sharing

We share data with:

  • Hotels

  • Transport providers

  • Motorcycle rental partners

  • Tour operators

  • IT service providers

  • Analytics providers

  • Advertising platforms

  • Legal and regulatory authorities

All processors operate under Data Processing Agreements.

We do not sell personal data.

7. International Transfers

Where personal data is transferred outside the EEA/UK (including to the United States), we ensure appropriate safeguards, including:

  • EU-US Data Privacy Framework (where applicable)

  • Standard Contractual Clauses (SCCs)

  • Transfer Risk Assessments

You may request details of safeguards.

8. Retention Periods

We retain data as follows:

  • Booking records: 7 years (tax/legal compliance)

  • Passport copies: 6 months after trip completion

  • Medical information: deleted immediately after trip unless incident record required

  • Marketing data: until withdrawal of consent or 3 years inactivity

  • Analytics data: 14–26 months (platform dependent)

9. Your Rights

You have the right to:

  • Access your data

  • Rectify inaccuracies

  • Erase data

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent

  • Lodge complaint with your supervisory authority

For Bulgaria (WILDLANES EOOD registration jurisdiction):
Commission for Personal Data Protection (CPDP)

10. Cookies & Tracking

We use:

  • Strictly necessary cookies

  • Analytics cookies (Google Analytics 4)

  • Marketing cookies (Google Ads, Meta Pixel)

Marketing and analytics cookies are only activated after your consent.

We use Consent Mode v2 to respect user preferences.

Full details are provided in our Cookie Policy.