Privacy policy

Data controller: Gabriele Virzì, in his capacity as the person responsible for the Del Moro Sicily website. Contact details for requests and privacy rights: use the information published on the Contact page (email info@delmorosicily.it, telephone +39 328 257 9590). What the site offers in practice. Public areas include the home page, About, Journal (articles and pillar categories), Experiences (descriptions, galleries, and request forms where provided), Guides, Digital products, Concierge, Book, legal pages, and Contact. Optional features: reader comments under Journal articles when a Supabase-backed storage is configured; a password-protected admin area under /gestisci for managing comments and articles when environment variables are set. Data you may provide. (1) Contact form: name, email, message. (2) Concierge and booking-style forms (including experience request forms): name, email, free-text notes, and optional fields such as travel dates, guests, origin, or accommodation preferences depending on the form. (3) Newsletter: email address. (4) Journal comments: article slug, locale, message, and optional display name; a honeypot field is used for spam protection. (5) Admin login: credentials you type are processed only to authenticate the session for authorised staff. How submissions are handled today. Forms send data over HTTPS to routes on this domain (/api/contact, /api/concierge, /api/newsletter, /api/journal-comment). When SMTP credentials are configured on the server, the contact and concierge routes (including experience request forms that use the concierge endpoint) send notification emails to the mailbox set in MAIL_TO (typically info@delmorosicily.it), including Reply-To where the visitor supplied an email. Retention follows your mailbox provider’s rules. The /api/newsletter endpoint accepts an email address and is prepared for Mailchimp (or a similar provider): until that integration is active, this site does not send transactional email for newsletter signups and does not subscribe the address to an external marketing list. Journal comments, when storage is configured, are stored in Supabase as pending until moderated. Technical and hosting data. Infrastructure providers (for example Vercel for hosting) generate server and HTTP logs (IP address, user agent, timestamps, URLs) needed to run and secure the service. Fonts are loaded via next/font (self-hosted at build time), without calling Google’s live font API from visitors’ browsers. Purposes and legal bases (summary). (1) Answering requests and organising proposals: steps prior to a contract at your request (Art. 6(1)(b) GDPR) and, where applicable, legitimate interest in correspondence (Art. 6(1)(f)). (2) Newsletter: consent where required (Art. 6(1)(a)). (3) Comments and moderation: performance of the service and legitimate interest in a safe community (Art. 6(1)(f)), plus legal obligations where applicable. (4) Admin authentication and security: legitimate interest and legal obligations (Art. 6(1)(c) and (f)). Retention. Data are kept only as long as needed to fulfil each purpose, including moderation history and legal or tax retention where applicable. Technical logs follow the hosting provider’s retention settings. Recipients and transfers. Data may be processed by IT suppliers (hosting, email, database such as Supabase) under appropriate agreements. If a supplier is outside the EEA, we use safeguards such as standard contractual clauses where required. We do not sell personal data. Your rights. Access, rectification, erasure, restriction, objection where provided by law, portability for data you provided, and withdrawal of consent for consent-based processing. You may lodge a complaint with your supervisory authority (in Italy, the Garante per la protezione dei dati personali). Changes. We will update this notice when features or suppliers change; the version on this page applies.