Last updated: November 12, 2025
1. Who we are
Data controller: ART & GLAM LTD trading as Visit Sardinia®
Company number: 13654916
Registered office: 2nd Floor College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, United Kingdom
Email (privacy/general): info@vipsardinia.com
2. Personal data we collect
- Identity and contact: name, email, phone/WhatsApp, address, nationality.
- Trip details: destination, dates, group composition, preferences, budgets, special requests.
- Special category data (only if you provide it and where necessary): health/dietary information used solely to arrange suitable services; processed with your explicit consent.
- Communications: emails, messages, call notes.
- Technical: IP address, device/browser type, pages viewed (via cookies/analytics if enabled).
- Payment references: transaction IDs or last 4 digits via our processors; we do not store full card data.
3. How and why we use your data (lawful bases)
- Provide proposals, confirm services, and deliver your trip: contract or steps prior to contract.
- Personalise recommendations and concierge support: legitimate interests/contract.
- Customer service and operational notices: contract/legitimate interests.
- Marketing (news, offers): consent; you can withdraw at any time.
- Legal, tax, and accounting compliance: legal obligation.
- Special category data: explicit consent; you may withdraw consent, but this may limit our ability to meet requests.
4. Sharing your data
- Suppliers to deliver your trip (hotels, villas, yacht brokers/owners, captains, guides, drivers, restaurants, activity providers).
- Service providers acting on our instructions: CRM, email and form tools, payment processors, cloud/hosting, analytics (where enabled).
- Authorities where required by law (e.g., guest registrations, safety or customs requirements).
We do not sell personal data.
5. International transfers
Your data may be transferred outside the UK/EEA to deliver services (e.g., suppliers in Italy/France or IT providers). Where required, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses with UK addendum, or rely on adequacy decisions/derogations.
6. Retention
- Enquiries: up to 24 months from last contact.
- Bookings and financial records: 6–10 years as required by UK law.
- Marketing contacts: until you unsubscribe or ask us to delete.
7. Your rights
You have rights to access, rectification, erasure, restriction, portability, and to object to processing based on legitimate interests, plus the right to withdraw consent for marketing at any time. To exercise rights, email info@vipsardinia.com. You can complain to the UK Information Commissioner’s Office: ico.org.uk.
8. Security
We implement appropriate technical and organisational measures including encryption in transit, access controls, least‑privilege access, and vetted processors. No system is 100% secure; avoid sending sensitive data over unsecured channels.
9. Cookies
We use essential cookies and, with your consent, analytics/marketing cookies. See our Cookies Policy for details and to manage preferences.
10. Children
Our services are not directed to children under 16. We process children’s data only as provided by adults for travel arrangements and with appropriate permissions.
11. Changes to this notice
We may update this policy from time to time. The latest version will be posted here with an updated “Last updated” date.