Privacy Policy & Data Protection: Elegia

What we collect

Legal bases used in this policy: Legitimate interest, Contract performance, Legal obligation, and Consent.

Usage Data

What: Pages visited, time spent, click paths, browser details
Purpose: Understand how the site is used and improve it
Retention: 180 days
Basis: Consent

Online Identifiers

What: Browser type and version, operating system
Purpose: Maintain platform security and optimise performance
Retention: 180 days
Basis: Consent

Location Data

What: Approximate location derived from IP address
Purpose: Country-level analytics
Retention: 180 days
Basis: Consent

Behavioral Data

What: Page interaction history
Purpose: Understand content performance
Retention: 180 days
Basis: Consent

Consent Records

What: Consent choices and timestamps
Purpose: Demonstrate compliance with GDPR consent requirements
Retention: 180 days
Basis: Legal obligation

Cookies

We set non-essential cookies (analytics and marketing) only after you consent. The list of cookies and browser storage this site uses, with their purpose and how long they last, is shown below and kept up to date automatically by our consent platform (Cookie-Script).

How we obtain it

Analytics data is collected automatically when you visit the site via Google Analytics. If you submit the contact form, we also record the information you enter.

Even without consent, GA4 sends minimal anonymous signals to Google (page URL, user agent, timestamp) via Consent Mode v2. These are used for aggregate modelling only. No cookies or persistent identifiers are set.

How we share it

We use Google Analytics to analyse website usage. The tags run through a server-side Google Tag Manager container hosted by Stape Europe OÜ (Tallinn, Estonia): data is collected from our own domain and processed within the EU, in France, before it reaches Google. Stape is a data processor under a Data Processing Agreement, and since this processing stays inside the EU, there is no transfer to a third country.

Google LLC, based in the US, is also a data processor for the analytics data, under a Data Processing Agreement, and is certified under the EU-US Data Privacy Framework (adequacy decision of 10 July 2023).

The contact form uses Cloudflare Turnstile (Cloudflare LLC, US) for bot protection. Cloudflare is certified under the EU-US Data Privacy Framework (adequacy decision of 10 July 2023).

We do not share personal data with any other third parties. We do not sell data.

Your rights

Right of Access
Right to Rectification
Right to Erasure
Right to Restrict Processing
Right to Data Portability
Right to Object
Right to be Informed
Withdrawal of Consent

To exercise any of these rights, contact us at . We will respond within one month. That period may be extended by two further months if the request is complex or numerous.

We may decline requests that are manifestly unfounded or disproportionate.

Right to lodge a complaint

You have the right to lodge a complaint with the Italian data protection authority, the Garante per la protezione dei dati personali: www.garanteprivacy.it

Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. No system is entirely risk-free, but we review our security practices regularly.

Our service providers are contractually bound to the same standards of confidentiality.

Changes to this policy

We review this policy periodically. Changes are effective immediately on publication. The updated date at the top of this page reflects the most recent revision.

Data controllers and contact

Elegia is operated as a joint venture. The joint data controllers are:

Controller: Klartika, vl. Alessio Re
Address: Prilaz baruna Filipovića 24, 10000 Zagreb, Croatia
VAT: HR91494145363

Controller: Travel Singularity di Simone Puorto
Address: Via Annia Regilla 23, 00178 Rome, Italy
VAT: IT16181931003

Email
Website: https://elegia.io