🔐 Privacy Policy

Last updated: 06/06/2025

1. Data controller

The data controller is:

Alessandro Palladino
Email: info@scoprigaeta.it
Phone: +39 3482680868
Registered office: Gaeta

2. Types of data collected

We collect:

• Identifying data: first name, last name, email, phone number (via contact form and reservation)
• Browsing data: IP addresses, browser type, operating system, etc. (via Google Analytics and CDN)

Data Processing by Virtual Assistant (Chatbot)

The Site offers interaction with an Artificial Intelligence-based virtual assistant (“Enea”). In connection with this service:

• Data processed: The system processes the content of conversations (User prompts/questions) and related technical metadata (date, time, system log).
• Anonymity: The service is configured not to require User registration or input of identifying information (First Name, Last Name, Email). Interaction takes place anonymously.
• Purpose:
  1. Provision of automated response service (Legal basis: Execution of the requested contract/service).
  2. Training and improving the quality of the A.I. algorithm (Legal basis: Legitimate interest of the Owner).
• Important Notice: The User is encouraged NOT to enter any personal data (such as phone numbers, addresses, health or bank details) within the chat. Should the User voluntarily enter such data, the Owner will process it in accordance with this policy, reserving the right to anonymize or delete it from system logs to protect the User’s privacy.

3. Purpose and legal basis for processing

Data are processed for:

• Provide information about attractions and services
• Responding to requests received through forms
• Manage booking requests and business collaborations
• Offer promotional content via email or online tools

Legal basis:

• Explicit consent (for contact and marketing)
• Contractual or pre-contractual obligations (reservations, requests)
• Legitimate interest (security, optimization)

4. Method of treatment.

Processing is done electronically, with appropriate systems to ensure data security. We do not use automated decision-making processes or direct profiling.

5. Data retention

Personal data will be stored:

• For 12 months from the last communication
• Until explicit request for deletion by the data subject

6. Recipients of the data

Data may be disclosed to:

• Technical service providers (e.g., Hostinger hosting, CDN)
• Google LLC (Analytics, YouTube)
• Meta Platforms (Instagram)
• WordPress and Elementor plugins or tools

Data are hosted on servers located in France (EU), but some tools such as Google and Meta may involve a transfer outside the EU. In this case, the standard contractual clauses approved by the European Commission are respected.

SPECIAL SECTION: DATA PROCESSING PHOTO CONTEST “DISCOVER GAETA”

In connection with the conduct of the photo contest hosted on the Site, the Owner processes specific categories of personal data for the purposes described herein:

1. Data of the Participants (Authors of the photos)

• Data collected: First name, last name, email address, phone number (optional), and the uploaded image file.
• Purpose: Management of contest entry, verification of requirements, publication of the work in the public gallery, contact in case of winning and delivery of prizes.
• Legal Basis: Execution of contractual and pre-contractual measures (adherence to the Rules of Contest), pursuant to Art. 6 par. 1(b) of the GDPR.
• Publication: The submitted image will be published on the site associated with the Author’s Name (or pseudonym if indicated), making it publicly visible.

2. Voter Data and Anti-Fraud Security Systems During online voting stages, the Site collects technical data about users who express preferences (“Vote” or “Pass”), even if they are not registered.

• Data collected: IP address (processed in pseudonymized/encrypted form), connection times (Log), and unique device identifiers generated through Device Fingerprinting technologies (analysis of technical parameters such as browser, resolution, operating system).
• Purpose:
  • Ensure uniqueness of voting (prevent multiple votes from the same user/device).
  • Detect and block attempts at fraud, use of bots or automated scripts.
  • Validating the final ranking.
• Legal Basis: Legitimate Interest of the Owner (art. 6 par. 1 lett. f of the GDPR) to ensure the cybersecurity of the site and the regularity of the competition. User consent is not required for this processing, as it is strictly necessary for security.

3. Contest-specific Retention Times.

• Participant Data: Retained for the duration of the contest and thereafter for the period necessary to fulfill legal and tax obligations related to the awarding of prizes (e.g., receipts assignment of rights). Winning photos will remain published indefinitely as assets of the contest archive unless requested to be removed.
• Technical Voters Data (IP/Fingerprint): Retained for the time strictly necessary for the conduct of voting and subsequent verification of the regularity of the ranking (maximum 6 months after the end of the contest), after which they will be irreversibly deleted or anonymized.

4. Data recipients Data may be viewed by:

• Internal staff and technical collaborators in charge of site management.
• Members of the Technical Jury (limited to images and names, for expertise evaluations).
• Providers of the prizes (only the data of the winners, if necessary for the enjoyment of the prize, e.g., hotel reservation).

7. User Rights.

You have the right to:

• Accessing your data
• Request correction or deletion
• Limit or oppose treatment
• File a complaint with the Privacy Guarantor(www.garanteprivacy.it)

You can exercise your rights by writing to: alessandro.palladino3@gmail.com