privacy policy

Information on the Processing of Personal Data

(pursuant to Art. 13 of EU Regulation 2016/679)

This policy describes the management methods of the website homeortigia.com (hereinafter "Site") with reference to the processing of personal data of users who consult it and interact with web services accessible electronically.

1. Data Controller

The Data Controller of personal data is:
Carlo Di Silvestro
Via Dione, 71 - 96100 Syracuse (SR) - Italy
Fiscal Code: DSLCRL71S16C351G
Contact email for privacy: homeortigia@gmail.com

2. Types of Data Processed and Purpose of Processing

The processing of your personal data will take place in accordance with the principles of lawfulness, fairness, and transparency for the following purposes:

A) Navigation Data (Automated Processing)

The computer systems and software procedures used to operate this Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

  • Processed data: IP addresses, domain names of computers used by users, URI/URL (Uniform Resource Identifier/Locator) addresses, time of the request, method used in submitting the request to the server, size of the file obtained in response, numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user's operating system and computer environment.
  • Purpose: these data are used solely to obtain anonymous statistical information on the use of the Site, to ensure its correct functioning, and to ascertain responsibility in case of hypothetical computer crimes against the Site.
  • Legal Basis: the processing is based on the legitimate interest of the Data Controller (Art. 6, par. 1, lett. f, GDPR) to guarantee the security and operability of the Site.
  • Retention Period: such data are deleted immediately after processing, except for any need to ascertain crimes.

B) Data Voluntarily Provided by the User (Contact Form)

The Site hosts a contact form (e.g., "Request Availability" on the index.html page) through which the user voluntarily provides personal data.

  • Processed data: identification and contact data (name, surname, email address) and any other personal data that the user voluntarily includes in the body of the message (e.g., period of stay, number of guests).
  • Purpose: the exclusive purpose is to fulfill requests for information, availability, or quotes submitted by the user.
  • Legal Basis: the processing is necessary for the execution of pre-contractual measures adopted at the request of the data subject (Art. 6, par. 1, lett. b, GDPR).
  • Retention Period: data are retained for the time strictly necessary to respond to the request and, in the event of subsequent stipulation of a tourist rental contract, for the time required by civil and tax obligations (generally 10 years). In the absence of a contract stipulation, data will be deleted within 24 months of the last communication.

C) Processing via Cookies

The Site uses tracking tools. For details on the cookies used, the purposes, and the related legal bases, please refer entirely to the dedicated Cookie Policy.

D) Artificial Intelligence Services (Itinerary Generation and "Home Ortigia Assistant" Chatbot)

The Site offers advanced features based on large language models (LLM) provided by Google Cloud / Google LLC (Gemini model), specifically for itinerary generation and the virtual assistant (Chatbot).

  • Processed data:
    • Text inputs: travel preferences, questions, assistance requests, and any information freely entered by the user in the chat.
    • Voice inputs: if the user activates the dictation feature (microphone icon), voice data may be processed via browser APIs (e.g., Web Speech API of Google Chrome) which convert audio to text via third-party cloud services.
    • Context data: navigation language and history of the current chat session.
  • Purpose: providing immediate assistance, answering questions about the facility's services, and suggesting personalized tourist itineraries.
  • Legal Basis: execution of a service requested by the data subject (Art. 6, par. 1, lett. b, GDPR) and implied consent in the voluntary activation of the chat or microphone service.
  • Processing and Retention Methods:
    • Conversations are managed in "stateless" mode on the server side: data is sent to Google Gemini for response generation and is not saved in persistent databases of the Controller.
    • Chat history is saved exclusively in the Local/Session Storage of the user's device to ensure conversation continuity during navigation (see Cookie Policy).
    • Google may retain transient data for limited periods for security and service improvement purposes, in accordance with its privacy policies.
  • Warning: the user is invited not to enter special categories of data (e.g., health data) or financial data (credit cards) within the chat. The assistant is an automated system and may generate inaccurate responses ("hallucinations"); it is always recommended to verify critical information.

The Site offers an "Itinerary Generation" feature that uses large language models (LLM), specifically Google Gemini (provided by Google Cloud/Google LLC).

  • Processed data: travel preferences entered in the form (e.g., "main interest", "pace", "duration", "mode of travel"). Personal identification data (such as name or email) are not sent to the Artificial Intelligence. Data is transmitted in anonymous and aggregated form within the instruction prompt.
  • Purpose: automated processing of a tourist itinerary suggestion based on user inputs.
  • Legal Basis: execution of a service requested by the data subject (Art. 6, par. 1, lett. b, GDPR).
  • Retention Period: data sent to the LLM is processed in a transient (stateless) manner for the time strictly necessary to generate the response and is not stored permanently on the Controller's servers. Google may retain data for a limited period for security and abuse monitoring purposes, in accordance with its API policies.
  • Disclaimer: itineraries are generated by artificial intelligence and may contain inaccuracies or "hallucinations". The user is invited to verify information (schedules, openings) before the trip.

3. Nature of Data Provision

Except for navigation data (necessary for the use of the Site), the provision of personal data via the contact form is optional. However, failure to provide data marked as mandatory (e.g., name, email) will result in the objective impossibility for the Controller to fulfill the contact request.

4. Processing Methods

Processing is carried out by means of the operations indicated in Art. 4, no. 2) GDPR and specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and destruction of data. Data are subjected to both paper and electronic and/or automated processing. The Controller adopts adequate technical and organizational security measures to prevent data loss, illicit or incorrect use, and unauthorized access.

5. Data Recipients

Your personal data will not be disseminated. They may be communicated, for the purposes referred to in point 2, to:

  • Internal personnel authorized by the Controller for processing (collaborators);
  • Third parties (e.g., technical service providers, hosting providers, IT companies) appointed, if necessary, as Data Processors pursuant to Art. 28 GDPR.

The updated list of Data Processors is available upon request from the Controller. Data will not be communicated to other third parties unless communication is required by law or is strictly necessary for the fulfillment of user requests.

6. Extra-EU Data Transfer

The management and storage of personal data take place on servers located within the European Union. However, the use of third-party services (such as Google Tag Manager and services connected to it, e.g., Google Analytics) may involve the transfer of some navigation data to servers located outside the European Economic Area (EEA), particularly in the United States. This transfer is legitimized by the adoption of Adequacy Decisions by the European Commission (e.g., EU-U.S. Data Privacy Framework) and/or by the signing of Standard Contractual Clauses (SCC) approved by the European Commission, which guarantee an adequate level of data protection. For further details, please refer to the Cookie Policy.

7. Rights of the Data Subject

As a data subject, you may exercise, at any time, the rights provided for by Arts. 15 (Access), 16 (Rectification), 17 (Erasure - "right to be forgotten"), 18 (Restriction of processing), 20 (Data portability), and 21 (Opposition) of the GDPR. In particular, you have the right to obtain confirmation of the existence or otherwise of personal data concerning you, indication of the origin of the data, purposes and methods of processing, updating, rectification, integration of data, cancellation, transformation into anonymous form, or blocking of data processed in violation of the law. For processing based on consent, you have the right to revoke consent at any time, without prejudice to the lawfulness of the processing based on consent given prior to revocation.

8. Methods of Exercising Rights and Right to Complaint

You may exercise your rights at any time by sending a communication to the Controller's email address: homeortigia@gmail.com.

We also remind you that you have the right to lodge a complaint with the competent Supervisory Authority (for Italy, the Guarantor for the Protection of Personal Data) pursuant to Art. 77 GDPR.

9. Updates

This Privacy Policy is subject to updates. Users are invited to consult this page regularly.

Last update: November 2, 2025

Cookie and Privacy Notice

We use necessary technical cookies and, with your consent, third-party cookies (Google Tag Manager) for statistical analysis. The site also uses Artificial Intelligence systems for itinerary generation. Refusal of cookies does not affect navigation. Clicking "Reject" or [X] continues with technical cookies only.
Data Controller: Carlo Di Silvestro. Consult the Privacy Policy and the Cookie Policy.