Legal

Privacy Policy

Last updated: 27 March 2026

1. Data Controller

The Data Controller for the processing of personal data is:
Cavallino Nero Milano S.r.l.
Via Montenapoleone 8, 20121 Milan, Italy
Email: office@limo-service-milan.com

2. Data Protection Officer (DPO)

For any questions regarding the processing of personal data, you may contact the DPO at the following email address: office@limo-service-milan.com

3. Types of Data Collected

In the course of providing services and during website navigation, the Controller collects the following categories of personal data:

  • Identification data: name, surname, email address, phone number.
  • Booking data: service date, type of service requested, pick-up and drop-off addresses, any special requests.
  • Browsing data: IP address, browser type, operating system, pages visited, session duration. This data is collected automatically via technical cookies.
  • Payment data: payment data is handled exclusively by PCI-DSS certified third-party payment providers. The Controller does not store credit card data.

4. Purposes of Processing

Personal data is processed for the following purposes:

  • Booking management: to fulfil booking requests for chauffeured car hire (NCC) services.
  • Service communications: to send confirmations, reminders and information relating to booked services.
  • Legal obligations: to comply with applicable laws, regulations and statutory requirements.
  • Service improvement: to analyse website usage in anonymous, aggregated form and to improve the quality of services offered.

5. Legal Basis for Processing

Data processing is based on the following legal grounds under Article 6 of EU Regulation 2016/679:

  • Contractual performance (Art. 6.1.b): to fulfil booking requests and deliver the service.
  • Legal obligation (Art. 6.1.c): to comply with tax and regulatory obligations.
  • Consent (Art. 6.1.a): for sending promotional communications, where expressly requested by the user.
  • Legitimate interest (Art. 6.1.f): for service improvement and website security.

6. Data Retention

Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected:

  • Booking data: 24 months from the service date, unless longer retention is required by law.
  • Tax and accounting data: 10 years as required by Italian tax legislation.
  • Browsing data: 12 months from collection.
  • Promotional communications data: until consent is withdrawn.

7. Data Subject Rights

Under Articles 15–22 of EU Regulation 2016/679, the user has the right to:

  • Access (Art. 15): obtain confirmation of the existence of processing and access their personal data.
  • Rectification (Art. 16): obtain the correction of inaccurate data or the completion of incomplete data.
  • Erasure (Art. 17): obtain the deletion of their data (right to be forgotten), in the cases provided by law.
  • Restriction (Art. 18): obtain restriction of processing in the cases provided by the regulation.
  • Portability (Art. 20): receive their data in a structured, commonly used, machine-readable format.
  • Objection (Art. 21): object to the processing of their data on legitimate grounds.
  • Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of processing based on consent given prior to withdrawal.

To exercise their rights, the user may send a request to: office@limo-service-milan.com

The user also has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

8. Data Transfers

Personal data is processed and stored on servers located within the European Union. Should it be necessary to transfer data outside the European Economic Area, the Controller will ensure adequate safeguards are in place in accordance with Articles 46–49 of EU Regulation 2016/679.

9. Data Security

The Controller implements appropriate technical and organisational measures to protect personal data from unauthorised access, loss, destruction or alteration, including SSL/TLS encryption for all data transmissions through the website.

10. Changes to This Policy

The Controller reserves the right to amend this privacy policy at any time. Changes will be published on this page with an updated date. We recommend consulting this page periodically.