This site contains affiliate links. We may earn a small commission when you book through our links — at no extra cost to you.

Privacy Policy

Last updated: June 2025

This privacy policy explains how Best Things To Do In Rome ("we", "us", "our"), operated by [SITE_OWNER_NAME], collects, uses, and protects information when you visit www.bestthingstodoinrome.com (the "Site").

We take your privacy seriously and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR) where applicable.

Who We Are

The data controller for this website is [SITE_OWNER_NAME], contactable at [CONTACT_EMAIL].

What Data We Collect

Analytics Data (Google Analytics 4)

We use Google Analytics 4 (GA4) to understand how visitors use our Site. GA4 collects:

  • Pages you visit and time spent on each page
  • How you arrived at our Site (search engine, direct link, referral)
  • General geographic location (country/city level — not your precise location)
  • Device type, browser, and operating system
  • Interactions with content (scroll depth, link clicks)

This data is collected via cookies and processed by Google LLC. IP addresses are anonymised. We do not combine analytics data with any personally identifiable information. Google's privacy policy is available at policies.google.com/privacy.

Infrastructure Data (Cloudflare)

Our Site is served via Cloudflare's content delivery network. Cloudflare may collect log data including IP addresses for security and performance purposes. This data is processed by Cloudflare Inc. under their privacy policy (cloudflare.com/privacypolicy).

Data You Provide Directly

We do not operate a newsletter, comment system, or user account system. We do not collect names, email addresses, or other personal information directly through this Site. If you contact us by email, we will retain that correspondence in order to respond to you.

Cookies

Cookies are small text files stored on your device. We use the following cookies:

Essential Cookies

These are necessary for the Site to function and cannot be disabled.

Analytics Cookies (Google Analytics 4)

GA4 uses first-party cookies (_ga, _ga_[ID]) to distinguish users and sessions. These cookies persist for up to 2 years. You can opt out of GA4 tracking by:

  • Using the Google Analytics Opt-out Browser Add-on (tools.google.com/dlpage/gaoptout)
  • Enabling "Do Not Track" in your browser (we honour this signal)
  • Using your browser's cookie management settings to delete or block these cookies

Third-Party Cookies

When you click through to partner sites (Booking.com, GetYourGuide, Viator), those sites set their own cookies according to their own privacy policies. We have no control over these cookies.

Affiliate Links

This Site contains affiliate links to third-party booking platforms including Booking.com, GetYourGuide, and Viator. When you click an affiliate link and make a purchase or booking, we may receive a small commission from the partner. This does not affect the price you pay. A disclosure banner appears at the top of every page, and our full affiliate disclosure is available at /affiliate-disclosure.

We do not receive data about individual users from our affiliate partners beyond aggregate reports (total clicks, total bookings, total commission earned).

Legal Basis for Processing

We process data on the following legal bases under UK/EU GDPR:

  • Legitimate interests (Article 6(1)(f)): Analytics data to understand and improve the Site, where our interest in operating an effective website is balanced against your privacy interests.
  • Consent (Article 6(1)(a)): Where required by law (particularly for non-essential cookies under the UK PECR), we will seek your consent before placing cookies.

Data Retention

Analytics data is retained in GA4 for 14 months by default. Email correspondence is retained for as long as reasonably necessary to respond to your enquiry and for up to 2 years thereafter.

Data Sharing

We do not sell your personal data. We share data with:

  • Google LLC (Google Analytics 4 — analytics processor)
  • Cloudflare Inc. (infrastructure and security processor)

Both are subject to data processing agreements and, in the case of transfers outside the UK/EEA, appropriate safeguards (Standard Contractual Clauses).

Your Rights Under UK/EU GDPR

You have the following rights regarding your personal data:

  • Right of access: Request a copy of personal data we hold about you
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restrict processing: Request we limit how we use your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Rights related to automated decision-making: We do not carry out automated decision-making or profiling

To exercise any of these rights, contact us at [CONTACT_EMAIL]. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or your national data protection authority if you are in the EU.

Children's Privacy

This Site is not directed at children under 13. We do not knowingly collect personal data from children under 13.

Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top of this page will reflect any changes. Continued use of the Site after changes are posted constitutes acceptance of the updated policy.

Contact

For privacy queries, to exercise your rights, or to raise a concern: [CONTACT_EMAIL]