Privacy Policy

Last updated: 12.11.2025

This Privacy Policy explains how Global Experience LTD and Global Experience SRL (“we”, “us”, “our”) collect, use, disclose and protect personal information when individuals (“you”) use our websites and services.

This Policy applies, in particular, to the following websites (the “Websites”):

• Global Experience LTD (UK)
  
  • https://www.carpediemtours.com/
    
  • https://thetipsytours.com/
    
  • https://jackrippertour.com/
    
  • https://ghosttourlondon.com/
    
  • https://thebudapestfoodtour.com/
    
  • https://sohofoodtour.com/
    
• Global Experience SRL (Italy)
  
  • https://romewithchef.com/
    

and to any tours, travel experiences, food tours, and related services we offer via the Websites (the “Services”).

We are committed to handling personal information in accordance with applicable data protection laws, including, where relevant, the EU General Data Protection Regulation (GDPR), the UK GDPR, and applicable US state privacy laws such as the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA).

By using our Websites or Services, you acknowledge that you have read and understood this Privacy Policy.

---

1. Who We Are

Global Experience SRL 

For the website:

• https://romewithchef.com/
  

the data controller is:

Global Experience SRL
VIA DOMENICO FONTANA 12
00184 ROMA (RM)
Italy

1.3 Contact details (for all privacy matters)

For all websites and for any privacy-related questions or requests, you can contact:

• Email: tech@carpediemtours.com
  

We have not appointed a Data Protection Officer. However, you may use the email above for all enquiries regarding this Privacy Policy and our handling of personal information.

---

2. Scope of This Policy

This Privacy Policy applies to personal information we process when you:

• Visit or browse any of the Websites;
  
• Submit an enquiry or contact form;
  
• Make a booking or purchase a tour or experience via our booking widget (for example, powered by Rezdy);
  
• Subscribe to or receive marketing communications from us;
  
• Communicate with us via email, phone, WhatsApp or other channels in relation to our Services.
  

This Privacy Policy does not apply to third-party websites, platforms or services which may be linked to or from our Websites (such as payment providers, social media platforms, or online travel agencies). We encourage you to review their separate privacy policies.

---

3. Personal Information We Collect

The personal information we collect depends on how you interact with us.

3.1 Information you provide directly

Contact and enquiry data

When you fill out a contact or enquiry form or otherwise contact us, we may collect:

• Name and surname
  
• Email address
  
• Telephone number
  
• Travel dates
  
• Travel destination / tour of interest
  
• Billing address (where you choose to provide it)
  
• The content of your message, question or enquiry
  

Booking and customer data

When you make a booking or purchase a tour through our Websites (via our booking widget, such as Rezdy), we may receive:

• Name and contact details
  
• Booking details (tour, date, time, location, group size, travel dates, any special requests)
  
• Billing address or other invoicing details
  
• Information about the status of the payment (for example, whether payment succeeded or failed – but not your full card number)
  

Marketing and communication preferences

When you consent to receive marketing or when you become our customer and marketing is permitted by law, we may process:

• Name (if provided)
  
• Email address
  
• Telephone number (e.g. for WhatsApp communication)
  
• Your marketing preferences and any opt-in/opt-out choices
  

3.2 Information collected automatically

When you visit our Websites, we automatically collect certain information through cookies, pixels, and similar technologies, including:

• IP address
  
• Approximate location derived from IP address
  
• Device identifiers
  
• Browser type and version
  
• Operating system and platform
  
• Referring URL (website you came from)
  
• Pages visited, time and date of visit, time spent on each page
  
• Clicks, scrolls and general usage patterns (for example, through tools such as Microsoft Clarity)
  

We use tools such as:

• Google Analytics 4 (GA4), implemented via Google Tag Manager (GTM)
  
• Microsoft Clarity
  
• Advertising and remarketing tools such as Google Ads, Meta/Facebook Pixel, TikTok Pixel
  
• Marketing tools such as Klaviyo
  

These tools use cookies or similar technologies to help us understand and improve how our Websites and campaigns perform.

3.3 Information from third parties

We may receive personal information from:

• Booking and payment providers (for example, Rezdy, RezdyPay, PayPal) in connection with your bookings and payments;
  
• Marketing and CRM tools (for example, Klaviyo, Monday.com) that we use to manage communications and customer relationships;
  
• Advertising platforms (for example, Google, Meta/Facebook, TikTok) in the context of campaigns and analytics.
  

The information we receive from these third parties depends on your interactions with them and their privacy settings.

---

4. How We Use Personal Information and Legal Bases

Where the GDPR or UK GDPR applies, we must have a legal basis to process your personal information. We rely on the following bases, depending on the context:

• Performance of a contract or pre-contractual steps – to process your enquiries and bookings;
  
• Legal obligations – for accounting, tax and compliance requirements;
  
• Legitimate interests – to run, improve and protect our business and to communicate with customers, provided your interests and fundamental rights do not override those interests;
  
• Consent – for certain marketing activities and for non-essential cookies and similar technologies where required by law.
  

We use personal information for the purposes below:

4.1 To respond to enquiries and provide our Services

• Handling your enquiries and requests;
  
• Sending you information about tours and experiences;
  
• Managing and confirming your bookings and reservations.
  

Legal bases: performance of a contract or pre-contractual steps; legitimate interests (our interest in responding to enquiries and offering our tours).

4.2 To process bookings and payments

• Processing orders for tours and experiences;
  
• Issuing booking confirmations, receipts and invoices;
  
• Communicating with you about changes, cancellations or important information regarding your booking.
  

Legal bases: performance of a contract; legal obligations (for tax, accounting and other regulatory requirements).

4.3 To provide support and customer service

• Responding to your emails, contact form submissions or WhatsApp messages;
  
• Managing complaints or service issues.
  

Legal bases: performance of a contract; legitimate interests (to provide a good level of customer service).

4.4 To conduct analytics and improve our Websites and Services

• Understanding how the Websites are used and identifying trends;
  
• Improving content, navigation and user experience;
  
• Maintaining and enhancing the security and performance of our Websites.
  

Legal bases: legitimate interests (to improve and secure our Websites and Services); consent where required for analytics cookies and similar technologies.

4.5 To conduct marketing and remarketing

• Sending marketing emails about tours and experiences, primarily to customers and individuals who have opted in;
  
• Running advertising and remarketing campaigns (for example via Google Ads, Meta/Facebook and TikTok);
  
• Analysing the performance of our marketing through tools such as Klaviyo and analytics platforms.
  

Legal bases:

• Consent (for email marketing where required by law and for non-essential cookies/trackers);
  
• Legitimate interests (promoting and growing our business), particularly where “soft opt-in” for existing customers is permitted by local law.
  

You can opt out of marketing at any time (see Section 13).

4.6 To ensure security and prevent fraud

• Protecting our Websites, systems and bookings from misuse, fraud or security incidents;
  
• Detecting and responding to suspicious or fraudulent activity.
  

Legal bases: legitimate interests (protecting our business and users); legal obligations where applicable.

4.7 To comply with laws and enforce our rights

• Complying with legal obligations (e.g. accounting, tax, tourism regulations);
  
• Responding to lawful requests from authorities;
  
• Establishing, exercising or defending legal claims.
  

Legal bases: compliance with legal obligations; legitimate interests (protection of our rights).

---

5. Cookies and Similar Technologies

We use cookies and similar technologies (such as pixels and tags) for several purposes:

• To make the Websites work properly (strictly necessary cookies);
  
• To remember choices and certain preferences (functional cookies);
  
• To analyse the use of our Websites (analytics cookies);
  
• To deliver and measure advertising and remarketing campaigns (advertising cookies).
  

We use Cookiebot as our consent management platform to present a cookie banner and allow you to manage your cookie preferences. Where required by law, we will only use non-essential cookies (e.g. for analytics and advertising) if you give your consent.

You can manage your cookie preferences through:

• The Cookiebot banner or settings on our Websites; and
  
• Your browser settings, which may allow you to block, delete or limit cookies.
  

Please note that blocking certain cookies may affect the functionality of the Websites.

---

6. Payments and Third-Party Recipients

6.1 Payments

Our booking and payment flows are handled through third-party providers such as Rezdy, RezdyPay and PayPal.

• When you make a payment, your payment card details are processed directly by these providers.
  
• We do not store full payment card numbers on our systems.
  

The processing of your payment information is governed by the relevant provider’s privacy policy.

6.2 Other service providers and partners

We use other third parties to help us operate our Websites and Services, such as:

• Booking and payment providers (Rezdy, RezdyPay, PayPal);
  
• Email and marketing platforms (Klaviyo);
  
• Customer relationship management (CRM) tools (Monday.com);
  
• Analytics and advertising providers (Google Analytics, Microsoft Clarity, Google Ads, Meta/Facebook, TikTok);
  
• Cookie consent provider (Cookiebot);
  
• Hosting and IT service providers.
  

Depending on the context, these third parties may act as:

• Processors, processing personal information on our behalf and according to our instructions; and/or
  
• Independent controllers, where they determine their own purposes and means of processing (for example, some large advertising platforms).
  

We contractually require processors to implement appropriate security measures and process personal information only as instructed by us.

6.3 Other disclosures

We may also disclose personal information:

• To professional advisers, such as lawyers, accountants or auditors, where necessary;
  
• To public authorities, regulators or law enforcement, where we are legally obliged or permitted to do so;
  
• To a potential or actual buyer in connection with a merger, acquisition, business sale or restructuring, in which case personal information may be transferred as part of the transaction, subject to appropriate safeguards.
  

We do not sell personal information in the traditional sense. However, the use of certain advertising technologies may constitute a “sale” or “sharing” of personal information under some US state laws. Where this is the case, we will comply with applicable obligations, including providing opt-out options.

---

7. International Transfers

Our main servers are located in the United Kingdom. Because we operate internationally and use global service providers, personal information may be transferred to, and processed in, countries outside your country of residence, including countries outside the European Economic Area (EEA) and the UK, such as the United States.

Where we transfer personal information from the EU/EEA or the UK to a country that has not been recognised as providing an adequate level of protection, we implement appropriate safeguards, such as:

• Standard Contractual Clauses approved by the European Commission or UK authorities; and/or
  
• Other valid data transfer mechanisms permitted by applicable law.
  

You may contact us at tech@carpediemtours.com for more information about these safeguards.

---

8. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy, including to meet legal, accounting or reporting obligations.

We apply, in particular, the following criteria:

• Enquiries and general correspondence: typically kept for up to 4 years from the date of last contact, unless a longer period is required or justified (for example, in case of ongoing disputes or complaints).
  
• Booking and transaction data: kept for the duration of the relationship and then for the period required by tax and accounting laws or other legal obligations.
  
• Marketing data: kept until you opt out or withdraw consent, or after a defined period of inactivity, after which it may be removed or anonymised.
  
• Technical and analytics data: kept in accordance with the retention settings of the analytics and advertising tools we use, and then aggregated or anonymised where possible.
  

When personal information is no longer needed, we will delete it or anonymise it, unless we are required to keep it for longer to comply with our legal obligations.

---

9. Security

We take appropriate technical and organisational measures to protect personal information against unauthorised access, accidental loss, destruction or damage. These measures include:

• HTTPS/TLS encryption for data transmitted to and from our Websites;
  
• Access controls and least-privilege principles for staff and systems;
  
• Regular backups of key systems and data;
  
• Use of reputable hosting and IT providers;
  
• Internal administrative policies and procedures aimed at protecting data.
  

While we strive to protect personal information, no method of transmission or storage is completely secure and we cannot guarantee absolute security.

---

10. Your Rights (EU/UK and Similar Jurisdictions)

If you are in the EU/EEA, UK, or another jurisdiction with similar data protection laws, you may have some or all of the following rights, subject to legal limitations:

• Right of access: to obtain confirmation as to whether we process your personal information and to receive a copy of it.
  
• Right to rectification: to request correction of inaccurate or incomplete data.
  
• Right to erasure: to request deletion of your personal information in certain circumstances.
  
• Right to restriction of processing: to request that the processing of your personal information is restricted in certain cases.
  
• Right to object:
  
  • to processing based on our legitimate interests, on grounds relating to your particular situation;
    
  • to processing for direct marketing purposes, at any time.
    
• Right to data portability: to receive personal information that you have provided to us in a structured, commonly used, machine-readable format and to transmit it to another controller, where technically feasible and where the legal conditions are met.
  
• Right to withdraw consent: where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing before withdrawal.
  

To exercise these rights, please contact us at tech@carpediemtours.com and clearly describe your request. We may need to request additional information to verify your identity.

You also have the right to lodge a complaint with your local data protection authority, in particular in the country where you live or work, or where you consider that your rights have been infringed.

---

11. Additional Information for California and Certain US State Residents

Depending on your state of residence and applicable law, you may have additional rights in relation to your personal information. For example, under the CCPA/CPRA (for California residents), you may have the right to:

• Know the categories of personal information we collect, the purposes for which we use it, and the categories of third parties to whom it is disclosed;
  
• Access specific pieces of personal information we hold about you;
  
• Request deletion of personal information, subject to certain exceptions;
  
• Correct inaccurate personal information;
  
• Opt out of the “sale” or “sharing” of personal information where such activities occur;
  
• Not be discriminated against for exercising your privacy rights.
  

To exercise these rights, you may contact us at tech@carpediemtours.com and specify that your request relates to rights available under your local law (e.g. CCPA/CPRA). We will respond in accordance with applicable legal requirements and may need to verify your identity.

Where our use of certain advertising cookies or sharing with third-party partners constitutes a “sale” or “sharing” of personal information, you may opt out by:

• Managing your cookie preferences through our cookie banner or settings; and/or
  
• Contacting us at tech@carpediemtours.com and asking to opt out of such “sale” or “sharing”.
  

---

12. Children’s Privacy

Our Websites and Services are not directed to children under 16 years of age, and we do not knowingly collect personal information from children under this age.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at tech@carpediemtours.com. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information as required by law.

---

13. Marketing Communications

We may send you marketing communications (for example, about tours, offers, and news):

• When you have explicitly opted in to receive them; or
  
• When you have made a booking with us and we are permitted by applicable law to send you marketing for similar services, subject to your right to opt out.
  

Marketing communications may be sent by email and, in some cases, via WhatsApp or similar messaging services.

You can opt out of marketing at any time by:

• Clicking the unsubscribe link in marketing emails;
  
• Replying with the appropriate stop words (such as “STOP”) where this option is provided in WhatsApp or similar messaging; or
  
• Contacting us at tech@carpediemtours.com and asking to stop receiving marketing communications.
  

Even if you opt out of marketing, we may still send you non-marketing messages that are necessary for your bookings or our Services (for example, booking confirmations, essential updates, or legally required notices).

---

14. Automated Decision-Making and Profiling

We do not use personal information to make decisions based solely on automated processing (including profiling) that produce legal effects or similarly significant effects on you.

We may use basic segmentation (for example, by language, destination, previous bookings or website behaviour) to tailor marketing content and improve relevance, but this does not have legal or similarly significant effects.

---

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our Websites, Services, technologies, or legal requirements.

When we do so, we will update the “Last updated” date at the top of this page. In some cases, we may provide additional notice (for example, a banner on the Website or an email) for significant changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we handle personal information.

---

16. How to Contact Us

If you have any questions, comments or requests regarding this Privacy Policy or our data practices, please contact:

Email: tech@carpediemtours.com