Cookie Policy

COOKIE POLICY

pursuant to the Guidelines of the Garante for the Protection of Personal Data on cookies and other tracking tools of June 10, 2021, the Regulation (EU) 2016/679 (“GDPR”) and the applicable legislation on the protection of personal data

Website: www.dimoredeimarinai.it
Data Controller: Dimore dei Marinai
Email: dimoredeimarinaitermoli@gmail.com
Last update: May 4, 2026

1. WHAT ARE COOKIES

Cookies are small text files that websites visited send to the user's device, such as a computer, smartphone, or tablet, where they are stored to be sent back to the same sites on the next visit.

Cookies allow the site to recognize the user's device, keep a session active, remember technical preferences, or enable specific features.

Cookies can be:

first-party cookies, set directly by the visited site;
third-party cookies, set by domains other than the one visited, for example through embedded content, maps, videos, CDNs, or other external services.

This Cookie Policy also refers to other technologies similar to cookies, such as scripts, SDKs, embedded content, local storage, session storage, or other technical identifiers that may involve access to or storage of information on the user's device.

2. CONSENT MANAGEMENT SYSTEM

The site www.dimoredeimarinai.it uses a consent management system via a cookie banner.

The system includes:

displaying the banner on first access, when necessary;
absence of pre-selection for non-technical categories;
ability to accept all optional cookies;
ability to refuse all optional cookies;
ability to granularly choose the individual available categories;
preventive blocking of any unnecessary third-party scripts, content, or services until consent is expressed;
ability to modify or revoke consent at any time through the link “Manage cookie preferences” present in the website footer.

User-expressed preferences are retained for at least 6 months, unless the cookies are deleted by the user, significant changes to processing, or technical impossibility to recognize the previously expressed choice.

Technical cookies necessary for the operation of the site and for storing banner preferences do not require user consent.

3. CATEGORIES OF COOKIES AND TECHNOLOGIES USED

As of the date of updating this Cookie Policy, the site does not use Google Analytics, Google Tag Manager, Meta/Facebook Pixel, active remarketing systems, or newsletters.

The site uses or may use the following categories of cookies and technologies.

3.1 Technical / Necessary Cookies

Consent required: no.
Status: always active.

These cookies are necessary for the correct functioning of the site, for session management, for security, and for storing user preferences expressed in the cookie banner.

Without these cookies, some essential functionalities of the site may not work properly.

Cookie Name	First / Third Party	Duration	Purpose
`dimore_session` or equivalent PHP cookie	First party	2 hours, unless otherwise technically configured	Management of the browsing session, site operation, and, where applicable, authentication in the administrative area
`www.dimoredeimarinai.it` or equivalent consent cookie	First party	At least 6 months, unless deleted by the user or significant modifications	Stores user preferences expressed in the cookie banner, avoiding re-presenting the banner on each visit
Security or configuration technical cookies	First party	Variable, based on the function	Security, session protection, proper technical functioning of the site

Technical cookies are not used for marketing, profiling, or advertising tracking purposes.

Security Notes on Session Cookie

The session cookie is configured, where technically possible, with security measures such as:

flag HttpOnly, to reduce the risk of access via JavaScript;
flag Secure, to transmit the cookie only via HTTPS connection;
attribute SameSite=Lax, to reduce the risk of CSRF attacks;
periodic regeneration of the Session ID to reduce the risk of session fixation.

3.2 Cookie and Banner Preferences

Consent required: no, when they are solely needed to store the user’s choices.
Status: active as they are necessary for managing consent.

The site may use cookies or technical storage to remember the choices expressed by the user regarding optional categories.

These tools do not serve to profile the user, but to respect their choice and not to republish the banner on each access.

Name / Category	First / Third Party	Duration	Purpose
General consent cookie or variable	First party	At least 6 months	Stores acceptance or refusal of optional categories
Cookie or variable related to optional functionalities	First party	At least 6 months	Stores possible consent for non-necessary functional services, if present
Cookie or variable related to maps/videos/third-party content	First party	At least 6 months	Stores possible consent for loading non-necessary external content

3.3 Statistical Cookies

Consent required: not applicable as of the date of this Cookie Policy.
Status: not active.

As of the date of updating this Cookie Policy, the site does not use Google Analytics, Google Tag Manager, or other third-party statistical systems based on tracking cookies.

The site may only use internal technical logs with anonymized IP addresses for safety, functionality, and aggregated traffic analysis purposes, as described in the Privacy Policy.

Such internal technical logs are not used for profiling, remarketing, or advertising tracking.

If in the future third-party statistical tools are activated, this Cookie Policy will be updated prior to activation and, where necessary, such tools will be blocked until user consent is obtained.

3.4 Marketing and Profiling Cookies

Consent required: not applicable as of the date of this Cookie Policy.
Status: not active.

As of the date of updating this Cookie Policy, the site does not use Meta/Facebook Pixel, Google Ads, remarketing systems, advertising profiling cookies, or similar behavioral marketing tools.

The data collected through contact forms, booking forms, or chatbots is not used for marketing purposes or newsletters without specific separate consent.

If in the future marketing or profiling tools are introduced, this Cookie Policy and the Privacy Policy will be updated before activation and such tools will only be activated with user consent, where required.

3.5 Functional Services: AI Chatbot with OpenRouter ZDR

Consent required: yes, if the chatbot is activated as an optional feature via the banner or through a specific positive action by the user.
Status: activatable at the user’s choice.

The site may provide an AI-based chatbot to provide information about the structure, rooms, services offered, and contents of the site.

The chatbot uses OpenRouter as the access and routing service to a model/provider AI configured in ZDR — Zero Data Retention mode, where available.

The chatbot, as of the date of this Cookie Policy:

does not set its own profiling cookies;
does not save conversation text in the site database;
may use a technical session identifier to maintain the conversation during the visit;
transmits the text typed by the user to OpenRouter and to the configured AI provider to generate the response;
internally retains only technical usage logs, such as input/output token count, devoid of the textual content of the conversations.

Even with ZDR configuration, the user is invited not to input sensitive data, health data, personal documents, tax codes, payment data, credentials, or confidential information into the chatbot.

For more details on data processing via AI chatbot, please refer to the site’s Privacy Policy.

3.6 Maps and Geographical Content

Consent required: yes, if the map or external content involves loading unnecessary third-party resources for navigation.
Status: loading blocked until consent, where present.

The site may display maps or external geographical content, for example through Google Maps, Snazzy Maps, or similar services.

In the absence of consent, such content is not loaded automatically. The user may choose to enable them via the banner or through a specific activation button.

When the map is loaded, the external provider may receive technical data such as IP address, User-Agent, browser information, data regarding the visited page, and interactions with the map.

Service	Type	Consent	Notes
Google Maps / Snazzy Maps, if present	Third party	Yes	Loading map and external resources only after consent or positive action from the user

3.7 Embedded Videos and Multimedia Content

Consent required: yes, if the content is embedded via an external provider and involves communication of data to third parties.
Status: loading blocked until consent or action from the user, where present.

The site may contain embedded videos, for example through YouTube or similar services.

In the absence of consent, the embedded video may be blocked and replaced with a preview or an activation button. When the user decides to view the video, the external provider may receive technical data and may set cookies according to their policies.

Service	Type	Consent	Notes
YouTube / Google LLC, if present	Third party	Yes, where embedded and not strictly necessary	Loading the player may involve data transmission to Google

3.8 Kuula Virtual Tours

Consent required: depends on the integration method.
Status: if it’s a simple external link, no Kuula cookies are set before the click.

The site may contain links or content related to 360° virtual tours hosted on Kuula.

If the tour is present as a simple external link, no Kuula cookies are set by the site before the click. The user, by clicking the link, is redirected to the external Kuula site, subject to its Privacy Policy and Cookie Policy.

If instead the tour is embedded via iframe or embedded content, the loading must only take place after consent or positive action by the user, since it may involve the transmission of technical data to the provider.

3.9 Font Awesome via Cloudflare CDN

Consent required: normally no, if the loading is strictly technical and not aimed at profiling or marketing.
Status: technical third-party service, if used.

The site may load icons or static files, such as Font Awesome, via an external CDN, for example Cloudflare CDN / cdnjs.cloudflare.com.

Loading such resources may involve the transmission of IP address, User-Agent, and technical connection data to Cloudflare for the delivery of the requested file.

According to what is stated in the site configuration, this service is not used for marketing, profiling, or advertising tracking purposes.

To further reduce communication of data to third parties, the Data Controller may consider local loading of static files directly from its server.

3.10 Open-Meteo Weather Data

Consent required: normally no, if the service is called server-side without transmitting personal data of the user to the provider.
Status: to be verified based on the actual technical configuration.

The site may show public weather data via Open-Meteo.

If the request is made server-side by the site, without transmitting personal data of the user to the provider, no cookie is installed on the user's device.

If instead the request is made directly from the user's browser to Open-Meteo, the provider may receive technical data such as IP address and User-Agent. In this case, processing is described in the Privacy Policy and, if necessary, in this Cookie Policy.

4. SUMMARY OF COOKIES AND TECHNOLOGIES

Cookie / technology	Category	Part	Duration	Consent
`dimore_session` or equivalent PHP cookie	Technical / necessary	First party	2 hours, unless otherwise configured	No
Banner preference / consent cookie	Technical / necessary	First party	At least 6 months	No
Cookie or variable for functional preferences	Consent management technical	First party	At least 6 months	No, if it only stores the user's choice
OpenRouter ZDR AI Chatbot	Optional functional service / external technology	Third party for AI processing	No storage of text in the site database; technical logs for 12 months	Yes, if activated as an optional service
Google Analytics	Statistical	Third party	Not active	Not applicable
Google Tag Manager	Tag management	Third party	Not active	Not applicable
Meta/Facebook Pixel	Marketing	Third party	Not active	Not applicable
Google Maps / Snazzy Maps, if present	Maps / third-party content	Third party	Variable according to the provider	Yes, if embedded
YouTube, if present	Media / third-party content	Third party	Variable according to the provider	Yes, if embedded
Kuula, if simple external link	External link	Third party after the click	Managed by the external site	Not required before the click
Kuula, if embedded	Virtual tour / third-party content	Third party	Variable according to the provider	Yes, if embedded
Font Awesome via Cloudflare CDN, if used	External technical resource	Third party	No declared tracking cookie	Normally no
Open-Meteo, if called server-side	Public weather data	Third party / server-side	No browser cookie	Normally no

5. HOW TO MANAGE OR DISABLE COOKIES

5.1 Through the site banner

The user can modify or revoke their preferences at any time by clicking the link “Manage cookie preferences” available in the footer of the site.

From the management panel, it is possible to:

view the available categories;
accept optional categories;
reject optional categories;
modify a previously expressed choice.

The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

5.2 Through browser settings

The user can configure their browser to block, delete, or limit cookies.

Disabling technical cookies may compromise the proper functioning of some parts of the site.

Below are links to instructions for major browsers:

Browser	Link Instructions
Google Chrome	support.google.com/chrome/answer/95647
Mozilla Firefox	support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox
Apple Safari	support.apple.com/en-us/guide/safari/sfri11471
Microsoft Edge	support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge
Opera	help.opera.com/en/latest/web-preferences/#cookies

6. SERVICES NOT ACTIVE AS OF THE DATE OF THIS POLICY

As of the date of updating this Cookie Policy, the site declares to not use:

Google Analytics;
Google Tag Manager;
Meta/Facebook Pixel;
Google Ads or remarketing systems;
advertising profiling cookies;
active newsletter systems;
third-party anti-spam services such as Google reCAPTCHA.

If one or more of these services are activated in the future, the Data Controller will proactively update this Cookie Policy and the Privacy Policy and, where required, will collect user consent before activation.

7. CONTACT DATA FOR COOKIE REQUESTS

For any requests regarding the use of cookies and similar technologies on this site, please contact the Data Controller:

Dimore dei Marinai
Email: dimoredeimarinaitermoli@gmail.com

For more information on the processing of personal data, please refer to the site's Privacy Policy.

8. CHANGES TO THE COOKIE POLICY

The Data Controller reserves the right to modify or update this Cookie Policy at any time, particularly in case of:

regulatory updates;
technical modifications to the site;
introduction of new cookies or similar technologies;
activation of new third-party services;
changes in the policies of the providers used.

Changes will be published on this page with an update of the date indicated at the top.

The user is encouraged to periodically consult this Cookie Policy.

9. REFERENCE LEGISLATION

This Cookie Policy is drafted taking into account:

Regulation (EU) 2016/679, General Data Protection Regulation, GDPR;
Legislative Decree 196/2003, Personal Data Protection Code, as amended by Legislative Decree 101/2018;
Directive 2002/58/EC, ePrivacy Directive, and its Italian transposition;
Guidelines of the Garante for the Protection of Personal Data on cookies and other tracking tools of June 10, 2021, Provision No. 231.

Last update: May 4, 2026
Related document: Privacy Policy

Manage Cookie Preferences

Privacy Policy

PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA

pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018

Website: www.dimoredeimarinai.it
Last update: May 4, 2026

1. DATA CONTROLLER

The Data Controller of the personal data collected through the website www.dimoredeimarinai.it is:

Dimore dei Marinai
Company Name: Dimore dei Marinai di Pasquale Maria Lanzone
Registered Office: via Giudicato vecchio, 9
VAT / Tax Code: IT01797500707
Email: dimoredeimarinaitermoli@gmail.com

For any communication related to the processing of personal data, the data subject may contact the Data Controller at the email or PEC address indicated above.

As of the date of this update of the privacy policy, the Data Controller has not appointed a Data Protection Officer (DPO), as the conditions for mandatory appointment under Article 37 GDPR do not occur. Should such an obligation arise, the contact details of the DPO will be published in this section.

2. TYPES OF DATA COLLECTED, PURPOSES, AND LEGAL BASES

2.1 Browsing Data and Internal Technical Logs

During normal navigation of the website, the system may automatically record certain technical data necessary for its functioning, security, and aggregated traffic analysis.

The data processed through the internal visit log system are:

Data	Processing
IP Address	Anonymized during recording; saved as `0.0.0.0` and real IP is not retained
Browser / User-Agent	Stored for 90 days
URL of the visited page	Stored for 90 days
HTTP Referer	Stored for 90 days
PHP Session ID pseudonymized	Stored for 90 days
Date and time of the visit	Stored for 90 days

Purpose: aggregated statistical analysis of traffic, cybersecurity, prevention of abuse, monitoring the proper functioning of the website.

Legal Basis: legitimate interest of the Data Controller pursuant to Article 6, paragraph 1, letter f) GDPR, in compliance with the principle of data minimization.

Retention Period: 90 days. Upon expiration, the data are automatically deleted through the periodic deletion system provided by the website.

2.2 Contact Form

Through the contact form available on the website, the user can voluntarily send a request for information to the Data Controller.

The collected data are:

Field	Type of Data	Mandatory
Name	Personal Data	Yes
Email Address	Contact Data	Yes
Message	Free text entered by the user	Yes

The data are stored in the internal table dedicated to the website messages and are also sent to the email address info@dimoredeimarinai.it to enable the Data Controller to respond to the request.

The system uses an internal anti-spam control based on a random numeric code. No external anti-spam services such as Google reCAPTCHA are used unless otherwise specified in the policy.

Purpose: receiving and managing information requests sent by the user.

Legal Basis: execution of pre-contractual measures adopted at the request of the data subject pursuant to Article 6, paragraph 1, letter b) GDPR and/or legitimate interest of the Data Controller to respond to the requests received pursuant to Article 6, paragraph 1, letter f) GDPR.

Retention Period: 24 months from the receipt of the message, unless further retention is necessary for legal obligations, protection of the Data Controller's rights, or management of any disputes.

The provision of data is optional, but failure to provide makes it impossible to send the request and receive a response.

In the contact form, the user is invited to review this privacy policy before submission. The respective checkbox serves to acknowledge the information and does not constitute consent for marketing purposes.

2.3 Booking Form

Through the booking form, the user can send a request regarding availability or reservation of a stay at the facility.

The collected data are:

Field	Type of Data	Mandatory
Name and Surname	Personal Data	Yes
Phone Number	Contact Data	Yes
Email Address	Contact Data	Yes
Check-in Date	Data related to the stay request	Yes
Check-out Date	Data related to the stay request	Yes
Number of Adults	Data related to the stay request	Yes
Number of Children	Data related to the stay request	Yes
Message / Notes	Free text entered by the user	Yes
Requested Room	Numerical ID generated by the system or selected through the website	Automatic / contextual

The data are stored in the internal table dedicated to bookings and are also sent to the email address info@dimoredeimarinai.it to manage the request.

Purpose: managing the booking request, checking availability, pre and post-stay communications, fulfilling contractual, administrative, tax, and accounting obligations related to the stay.

Legal Basis: execution of pre-contractual measures adopted at the request of the data subject and/or execution of a contract to which the data subject is a party, pursuant to Article 6, paragraph 1, letter b) GDPR. For any tax, accounting, or regulatory obligations, the legal basis is compliance with legal obligations pursuant to Article 6, paragraph 1, letter c) GDPR.

Retention Period: 36 months from the receipt of the request, unless further retention is necessary for tax, accounting, regulatory obligations, or protection of the Data Controller's rights.

The provision of data is necessary to manage the booking request. Failure to provide makes it impossible to process the request.

The user is invited not to enter sensitive data or unnecessary information for managing the request in the "message" field.

2.4 AI Chatbot with OpenRouter and ZDR Model

The website offers users a virtual assistant based on artificial intelligence, aimed at providing information about the facility, rooms, services offered, and site content.

The chatbot uses OpenRouter as a routing and access service to the AI model. The Data Controller configures the service using a ZDR Model/Provider, Zero Data Retention, where available, to minimize data retention by the AI provider.

The use of the chatbot is optional. Before use, users are informed that the messages typed may be transmitted to OpenRouter and the AI provider selected through OpenRouter to generate an automated response.

The data processed within the chatbot are:

Data	Processing
Text of messages entered by the user	Transmitted to OpenRouter and the AI model/provider configured in ZDR mode to generate the response; not saved in the website's database
Responses generated by the AI	Not stored in the website's database
Chat Session ID	Generated client-side or application-side for session management; not used to directly identify the user
Input/Output token count	Saved in the internal table `chatbot_usage` to monitor API usage; does not contain the text of conversations

Purpose: to provide automated assistance to users and respond to inquiries about the facility, rooms, and services provided.

Legal Basis: consent of the data subject pursuant to Article 6, paragraph 1, letter a) GDPR, expressed through a positive action before using the chatbot and/or through the cookie preference management panel, where the chatbot uses technologies not strictly necessary.

Retention Period: technical usage logs, devoid of the textual content of conversations, are retained for 12 months.

Important Notice: users are invited not to enter sensitive data, health data, personal documents, tax codes, payment data, confidential information, or unnecessary personal data in the chatbot. Even if the chatbot is configured with a ZDR model/provider, the messages typed are still transmitted to an external AI service to generate the response.

The chatbot does not engage in automated decision-making processes that produce legal effects or similarly significantly affect the user.

2.5 Newsletter

The site does not currently have an active newsletter system and does not send periodic promotional communications via newsletter.

There is no public signup form for the newsletter, and email addresses collected through the contact or booking forms are not used for marketing or newsletter purposes without separate specific consent.

If a newsletter is activated in the future, this privacy policy will be updated to include registration methods, purposes, legal basis, retention period, unsubscription methods, and consent management.

3. COOKIES AND TRACKING TECHNOLOGIES

For detailed information on the cookies and tracking technologies used by the site, please refer to the Cookie Policy available at:

www.dimoredeimarinai.it/cookie.php

As of the date of this update, the site does not use Google Analytics, Google Tag Manager, or Meta/Facebook Pixel.

In summary, the site may use the following categories of cookies and tools:

Category	Consent Required	Examples
Technical / Necessary Cookies	No, always active	PHP session cookies, cookies necessary for the functioning of the site, cookies to store banner preferences
Functional or Non-Necessary Preference Cookies	Yes, where present	Advanced preferences or non-essential optional features, potential activation of the AI chatbot if managed through consent
Statistical Cookies	Not active as of the date of this update	The site does not use Google Analytics or other third-party statistical systems; only internal technical logs with anonymized IP are present
Marketing Cookies	Not active as of the date of this update	The site does not use Meta/Facebook Pixel, remarketing tools, or advertising tracking
Third-Party Cookies or Content	Yes, when they involve tracking or communication of data to third parties not necessary for navigation	Maps, embedded videos, virtual tours, external content loaded on request or with prior consent

Any unnecessary third-party scripts or content are pre-blocked and are activated only after the user expresses consent through the cookie banner or the preference management panel.

The preferences expressed by users are retained for at least 6 months, unless there are significant changes to the treatments, technical impossibility to recognize the previous choice, or deletion of cookies by the user.

Users can modify or revoke consent at any time via the link “Manage Cookie Preferences” present in the footer of the site.

4. DATA RECIPIENTS

The personal data collected through the website may be communicated or made accessible, within the limits of the purposes indicated in this policy, to the following categories of recipients:

Internal or Authorized Entities

authorized personnel of the accommodation facility, for managing contact requests, bookings, and communication with users;
subjects operating under the authority of the Data Controller, where present and duly authorized.

Technical Suppliers and Third-Party Services

The data may also be processed by technical suppliers providing services necessary for the functioning of the site or optional services activated with the consent of the user. Such subjects operate, where provided, as Data Processors pursuant to Article 28 GDPR or as independent Data Controllers, according to the role actually played.

Among the potentially used technical and third-party services are:

Service / Provider	Purpose	Potentially Processed Data
Hosting / VPS Provider	Publication and functioning of the site	Technical data, form data, server logs
OpenRouter	AI Chatbot with ZDR model/provider	Texts entered by the user in the chatbot, sent to generate the response
AI Provider selected through OpenRouter	Generation of the chatbot's response	Texts entered by the user in the chatbot, processed according to the available ZDR configuration
Google LLC	Any YouTube videos, maps, or other Google embedded content, if present and loaded	Technical data and interactions with embedded content, only where applicable and with prior consent when required
Cloudflare Inc.	CDN, security, possible distribution of static resources	IP address and connection technical data
Snazzy Maps / Google Maps	Map visualization, if embedded	Technical data and IP address, only if the map is loaded by the user or with prior consent if not necessary
YouTube / Google LLC	Viewing embedded videos, if present	Technical data and interactions with the player, only where the content is loaded
Kuula	360° virtual tours, if present	Technical data and interactions, when the user opens the virtual tour or the embedded content is loaded
Open-Meteo	Viewing public weather data, if present	No personal data if the request is made server-side; possible user IP if the request occurs directly from the browser

The site does not use, at the date of this privacy policy, Google Analytics, Google Tag Manager, Meta/Facebook Pixel, or active newsletter systems.

The data are not sold to third parties or transferred for purposes other than those indicated in this privacy policy.

5. TRANSFERS OF DATA TO THIRD COUNTRIES

Some third-party services used by the site may involve the transfer of personal data to countries not belonging to the European Economic Area.

The Data Controller is committed to ensuring that such transfers occur in compliance with Articles 44 and following of the GDPR, through adequate safeguards such as adequacy decisions, Standard Contractual Clauses approved by the European Commission, Data Processing Agreements, supplementary technical measures, or other bases provided for by applicable law.

Recipient	Country / Area	Potentially Transferred Data	Applicable Safeguards
OpenRouter	USA or another area indicated by the provider	Texts entered in the chatbot and transmitted to generate the response	Configuration with ZDR model/provider where available, applicable contractual safeguards, DPA and/or SCC where necessary
AI Provider selected through OpenRouter	Geographical area varying according to the provider/model used	Texts entered in the chatbot and transmitted to generate the response	Use of model/provider in ZDR mode where available, applicable contractual safeguards, DPA and/or SCC where necessary
Google LLC	USA / global infrastructure	Technical data related to any embedded videos, maps, or Google content, only where present and loaded	DPA, SCC, and safeguards made available by the provider
Cloudflare Inc.	USA / global infrastructure	IP and technical data necessary for resource distribution or security	DPA and contractual safeguards made available by the provider
Snazzy Maps / Google Maps	USA / global infrastructure	IP and technical data related to loading the map, if present	Conditions and safeguards made available by the respective providers
Kuula	USA or another area indicated by the provider	IP and technical data related to the virtual tour, if present	Conditions and safeguards made available by the provider
Open-Meteo	Germany / EEA	Public weather data; any technical data only if the call is made from the browser	Not applicable for non-EEA transfers if processing remains in the EEA

The use of the AI chatbot involves the transmission of messages typed by the user to OpenRouter and the configured AI provider. The Data Controller uses a ZDR model/provider, where available, and adopts minimization measures. The user is nevertheless encouraged not to enter unnecessary personal data or special categories of personal data in the chatbot.

6. RETENTION PERIOD

Personal data are retained for the time strictly necessary for the purposes for which they were collected, in compliance with the principles of minimization and limitation of retention.

Data Category	Retention Period
Internal navigation logs, User-Agent, URL, Referer, and pseudonymized technical data	90 days
IP Address in the site's internal logs	Not retained in real form; anonymized at the time of registration
Messages sent via contact form	24 months from receipt
Data sent via booking form	36 months from receipt, unless legal, tax, accounting obligations, or protection of the Controller's rights require further retention
Chatbot usage logs without the text of conversations	12 months
Text of chatbot conversations	Not saved in the website's database; transmitted to OpenRouter and the ZDR AI provider for generating a response
Cookie preferences	At least 6 months, unless deleted by the user or significant changes to processing
Data potentially processed for tax, accounting, or regulatory obligations	For the period provided by applicable law

Upon expiration of the retention periods, the data are deleted or irreversibly anonymized, unless legal obligations or the need to protect the Data Controller's rights arise.

7. SECURITY MEASURES

The Data Controller adopts appropriate technical and organizational measures to ensure a level of security commensurate with the risk, pursuant to Article 32 GDPR.

The measures adopted include, where technically implemented:

forced HTTPS connection across the entire site;
active SSL/TLS certificate;
redirect from HTTP to HTTPS;
session cookies configured with security flags such as HttpOnly, Secure, and SameSite=Lax, where compatible;
periodic regeneration of Session ID to reduce the risk of session fixation;
validation and sanitization of user inputs;
protection against Email Header Injection in forms;
using prepared statements via PDO to reduce the risk of SQL Injection;
admin panel protected by authentication and, where active, by two-factor authentication;
MariaDB/MySQL database hosted in an environment not directly exposed to the public network;
minimization of collected data;
anonymization of the IP address in internal logs;
configuration of the chatbot with ZDR model/provider via OpenRouter, where available;
non-storage of the textual content of chatbot conversations in the website database;
periodic deletion of data upon expiration of retention periods.

Users are invited not to transmit unnecessary data through forms or the chatbot, sensitive data, health data, personal documents, credentials, payment data, or confidential information.

8. RIGHTS OF THE DATA SUBJECT

Pursuant to Articles 15-22 GDPR, the data subject may exercise the following rights:

Right of Access: to obtain confirmation as to whether or not personal data concerning them are being processed and to receive information related to the processing.
Right to Rectification: to obtain the rectification of inaccurate personal data and the completion of incomplete data.
Right to Deletion: to obtain the deletion of personal data in the cases provided for by law.
Right to Restrict Processing: to obtain the restriction of processing in the cases provided for by the GDPR.
Right to Data Portability: to receive in a structured, commonly used, and machine-readable format the personal data provided to the Data Controller, in the cases provided for by Article 20 GDPR.
Right to Object: to object to processing based on the legitimate interest of the Data Controller, for reasons related to their particular situation.
Right to Withdraw Consent: to withdraw consent granted at any time, without affecting the lawfulness of processing based on consent before withdrawal.

Consent to cookies and optional tools may be modified or revoked at any time via the link “Manage Cookie Preferences” present in the footer of the site.

How to exercise rights

Requests can be sent:

via email to: info@dimoredeimarinai.it
via PEC to: [INSERT PEC ADDRESS]

The Data Controller will respond without undue delay and, in any case, within one month of receiving the request. This period may be extended by two months in the event of particular complexity or a high number of requests, with prior notification to the data subject.

9. RIGHT TO LODGE A COMPLAINT

The data subject who believes that the processing of their personal data is carried out in violation of current regulations has the right to lodge a complaint with the Italian Data Protection Authority.

Italian Data Protection Authority
Piazza Venezia, 11
00187 Rome
Website: www.garanteprivacy.it
Email: garante@gpdp.it
PEC: protocollo@pec.gpdp.it

The data subject may also lodge a complaint with the control authority of the EU member state in which they reside or work habitually, or of the place where the alleged violation occurred.

10. NATURE OF DATA PROVISION

Processing	Provision	Consequences of Non-Provision
Website Navigation	Automatic, limited to the necessary or anonymized technical data	Navigation remains possible
Contact Form	Optional	Impossibility of sending the request and receiving a response
Booking Form	Necessary for managing the request	Impossibility of processing the booking request
AI Chatbot with OpenRouter ZDR	Optional	The chatbot will not be available or unable to generate responses
Third-Party Statistical Cookies	Not active as of the date of this privacy policy	No consequences
Marketing Cookies	Not active as of the date of this privacy policy	No consequences
Optional third-party contents, such as maps, videos, or virtual tours	Optional, where consent is required	The relevant content may not be displayed

11. AUTOMATED DECISION-MAKING PROCESSES

The site uses an AI-based chatbot via OpenRouter and a ZDR-configured model/provider to provide informational assistance to users.

The chatbot:

does not adopt automated decisions that produce legal effects concerning the user;
does not significantly affect the person;
does not replace direct contact with the facility;
provides automatic responses based on the website's content, a predefined knowledge base, and the configured AI model;
may make errors or generate outdated responses; therefore, relevant information, especially availability, prices, terms of stay, and bookings, must always be confirmed directly by the facility.

Messages from the user are sent to OpenRouter and the configured AI provider to generate the response. The Data Controller uses a ZDR model/provider, where available, and adopts settings oriented towards minimization, limitation of retention, and reduction of data use for further purposes.

12. CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to modify or update this privacy policy at any time, particularly in case of regulatory changes, technical updates to the site, introduction of new services, or changes to the suppliers used.

Substantial changes will be communicated through an announcement on the site. The date of the last update is indicated at the beginning of the document.

Users are encouraged to periodically consult this page.

APPENDIX — LINKS TO THIRD-PARTY SERVICE POLICIES

To view the privacy policies of third-party services potentially used by the site:

Service	Link
OpenRouter	openrouter.ai/privacy
Google LLC, YouTube, Google Maps, or other potentially embedded Google content	policies.google.com/privacy
Cloudflare	www.cloudflare.com/privacypolicy
Open-Meteo	open-meteo.com/en/terms
Kuula	kuula.co/privacy

This policy is drafted pursuant to Articles 13 and 14 of Regulation (EU) 2016/679, GDPR, and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.

Last update: May 4, 2026

Terms of Service

TERMS AND CONDITIONS OF USE OF THE SITE

Website: www.dimoredeimarinai.it
Last updated: May 4, 2026

1. INFORMATION ABOUT THE WEBSITE OWNER

The site www.dimoredeimarinai.it is managed by:

Dimore dei Marinai
Company name: Dimore dei Marinai di Pasquale Maria Lanzone
Registered office: via Giudicato vecchio, 9
VAT / Tax Code: IT01797500707
Email: dimoredeimarinaitermoli@gmail.com

In this document, the above-mentioned entity is also referred to as “Owner,” “Manager,” “Structure,” or “Dimore dei Marinai.”

2. SUBJECT OF THE TERMS

These Terms and Conditions govern access to and use of the site www.dimoredeimarinai.it, its contents, contact and reservation forms, AI chatbot, and any informational services available online.

Access to and use of the site imply acceptance of these Terms, within the limits applicable to browsing and the use of available features.

If the user does not wish to accept these Terms, they are invited not to use the site and its related online services.

These Terms do not replace any specific conditions for stay, booking, payment, cancellation, or ancillary services communicated directly by the Structure during the request, confirmation, or contract phase.

3. NATURE OF THE SITE

The site is intended for informational and promotional purposes related to the accommodation facility Dimore dei Marinai, its lodgings, services offered, the surrounding area, contact methods, and any requests for availability or reservation.

The information published on the site is provided for general purposes and may concern, by way of example:

description of the facility;
rooms or available lodgings;
services offered;
images and photographic content;
tourist information;
contact details;
information request form;
reservation request form;
informational chatbot based on artificial intelligence;
any maps, videos, virtual tours, or external content.

The Owner commits to keeping the information as up-to-date as possible but does not guarantee that every content is always complete, error-free, or updated in real-time.

4. CONTACT FORM

The site provides a contact form through which the user can send information requests to the Structure.

The user agrees to provide correct, updated, and relevant data for the request sent.

The submission of the contact form does not automatically result in the conclusion of a contract or an obligation for the Structure to provide a service, unless otherwise agreed upon between the parties.

The Structure will respond to requests received in accordance with its internal organizational timing.

The user is invited not to include sensitive data, health data, payment data, credentials, personal documents, or confidential information not necessary for the request in the message.

The processing of personal data sent through the contact form is governed by the site's Privacy Policy.

5. RESERVATION FORM AND AVAILABILITY REQUESTS

The site may provide a form to send requests for availability or reservations related to the Structure.

Unless expressly indicated otherwise, the submission of the reservation form constitutes a request for availability or reservation and does not automatically imply the final confirmation of the stay.

The reservation is considered confirmed only following an explicit communication from the Structure, sent via email, phone, message, or other channels agreed upon with the user.

Any specific conditions relating to:

actual availability;
prices;
deposits or advance payments;
payment methods;
check-in and check-out times;
cancellation conditions;
rules of the facility;
included or excluded services;
tourist tax, where applicable;
documentary obligations of guests;

will be communicated by the Structure during the response, quote, confirmation, or management of the reservation.

The user is responsible for the accuracy of the data entered, including name, surname, email, phone, stay dates, number of guests, and any notes.

The Structure is not responsible for missed contacts or confirmations due to the entry of incorrect or incomplete data by the user.

6. PRICES, AVAILABILITY, AND STAY INFORMATION

The information present on the site concerning prices, rooms, availability, offers, images, services, and stay conditions is for informational purposes and may be subject to updates, seasonal changes, material errors, or organizational modifications.

Any prices or availability indicated on the site do not constitute a binding offer, unless expressly confirmed in writing by the Structure.

In case of discrepancies between the information present on the site and the direct communication sent by the Structure to the user during the confirmation phase, the conditions confirmed directly by the Structure shall prevail, unless mandatory rights recognized by applicable law provide otherwise.

The images present on the site are for descriptive and representative purposes. The Structure commits to presenting its environments accurately, but elements such as furnishings, layout, lighting, amenities, or aesthetic details may vary over time.

7. AI CHATBOT

The site may provide an AI-based chatbot designed to provide informational assistance to users.

The chatbot uses OpenRouter as a service for access and routing to a configured AI model/provider in ZDR — Zero Data Retention mode, where available.

The chatbot has exclusively informational and navigation support purposes. The responses generated do not constitute:

a contractual proposal;
booking confirmation;
a binding quote;
guarantee of availability;
official communication from the Structure;
legal, tax, health, or professional advice.

Relevant information regarding availability, prices, stay conditions, bookings, cancellations, and services must always be confirmed directly by the Structure through official contact channels.

The chatbot may generate incomplete, inaccurate, outdated, or not perfectly aligned responses to the actual situation. The user is encouraged to always verify important information before making decisions.

The user agrees not to input into the chatbot:

sensitive data;
health data;
personal documents;
tax codes;
payment data;
credentials;
confidential information;
offensive, illegal, discriminatory content or content contrary to the law.

The textual content of conversations is not saved in the site's database. Technical logs devoid of the text of conversations, such as input/output token counts, may be retained for technical monitoring purposes and API usage control.

For further details on data processing via the AI chatbot, please refer to the site's Privacy Policy.

8. PROPER USE OF THE SITE

The user agrees to use the site lawfully, correctly, and in compliance with these Terms.

It is prohibited, by way of example:

to use the site for unlawful, fraudulent, or harmful purposes;
to send false, incomplete, misleading data or data referring to third parties without authorization;
to use the forms for spam, phishing, unsolicited advertising messages, or mass communications;
to attempt unauthorized access to the administration panel, server, database, or restricted areas;
to interfere with the operation of the site, overload it, or compromise its security;
to introduce viruses, malware, harmful scripts, or malicious code;
to perform scraping, aggressive crawling, mass copying, or unauthorized automated collection of content;
to use the chatbot to generate unlawful, offensive, defamatory, discriminatory content, or that infringes others' rights;
to violate intellectual property rights, privacy, image rights, or other rights of third parties.

The Owner reserves the right to block, limit, or report improper uses of the site, even in order to protect the security of the systems and its rights.

9. INTELLECTUAL PROPERTY

Unless otherwise indicated, all content on the site, including texts, photographs, images, graphics, logos, visual elements, layout, code, page structure, descriptions, informational materials, and multimedia content, are owned by the Owner or used based on rights, licenses, or permissions.

Copying, reproducing, modifying, distributing, publishing, extracting, reusing, or commercially exploiting the site's content without the written permission of the Owner is prohibited, except in cases permitted by law.

Viewing the content for personal, informational, and non-commercial use is permitted.

Any trademarks, logos, trade names, or distinctive signs of third parties present on the site belong to their respective owners.

10. PHOTOGRAPHIC AND MULTIMEDIA CONTENT

The photographs, videos, virtual tours, and other multimedia content on the site have descriptive and promotional purposes.

It is prohibited to download, copy, reuse, modify, or publish such content on other sites, social networks, advertising materials, or commercial channels without the written permission of the Owner or the relevant rights holder.

Any discrepancies between published images and the actual state of the environments may depend on updates, maintenance, seasonal changes, furniture modifications, or other organizational reasons.

11. THIRD-PARTY SERVICES AND CONTENT

The site may include or link to services and content provided by third parties, such as by way of example:

OpenRouter for the AI chatbot;
Google Maps or Snazzy Maps, if available;
YouTube or other video services, if available;
Kuula for any virtual tours;
Cloudflare CDN for technical resources like icons or static files;
Open-Meteo for any public weather data.

These services are managed by third parties and may be subject to their own terms, conditions, and privacy policies.

The Owner does not fully control the content, availability, security, updates, or modes of operation of third-party services and is not responsible for any changes, interruptions, errors, or processing independently performed by those entities, within the limits permitted by law.

Where applicable, loading of external content not necessary for navigation is subject to user consent or a positive action on their part, as indicated in the Cookie Policy.

12. EXTERNAL LINKS

The site may contain links to external sites or resources that are not controlled by the Owner.

Linking to external sites does not imply approval, guarantee, or liability of the Owner in relation to their contents, services, products, policies, security, or processing of personal data.

The user is invited to consult the terms of use and privacy policies of external sites visited.

13. PRIVACY AND COOKIES

The processing of users' personal data is governed by the Privacy Policy of the site.

The use of cookies and similar technologies is governed by the Cookie Policy of the site.

As of the last update of these Terms, the site states that it does not use Google Analytics, Google Tag Manager, Meta/Facebook Pixel, active newsletter systems, or remarketing tools.

The AI chatbot is configured via OpenRouter with the ZDR model/provider, where available, as described in the Privacy Policy and Cookie Policy.

14. SITE AVAILABILITY

The Owner commits to keeping the site available and functional but does not guarantee that access will be continuous, uninterrupted, error-free, or always secure.

The site may be temporarily unavailable due to technical reasons, maintenance, updates, hosting issues, security, force majeure, or causes beyond the Owner's control.

The Owner reserves the right to modify, suspend, update, or discontinue, in whole or in part, functionalities, content, or services of the site without incurring liability toward the user, except as unavoidably provided by law.

15. LIMITATIONS OF LIABILITY

The Owner is not responsible, within the limits permitted by law, for damages, losses, or disruptions arising from:

improper use of the site by the user;
inputting incorrect or incomplete data into forms;
failure to receive communications due to user errors, anti-spam filters, email issues, or technical problems;
temporary unavailability of the site;
material errors, typos, or outdated content;
information generated automatically by the AI chatbot and not confirmed by the Structure;
services, content, or third-party sites;
force majeure events or circumstances outside the reasonable control of the Owner.

It is understood that no provision of these Terms limits or excludes liability that cannot be excluded under applicable law, including willful misconduct, gross negligence, damage to persons or mandatory consumer rights.

16. ADMINISTRATIVE AREA AND RESTRICTED ACCESS

Any administrative or restricted areas of the site are accessible exclusively to authorized individuals.

Any attempt at unauthorized access, circumvention of security measures, using others' credentials, abusive scanning, code manipulation, server compromise, or unauthorized access to the database is prohibited.

The Owner reserves the right to implement technical, organizational, and legal measures to protect the site and its information systems.

17. MINORS

The site is directed at adult users or users who browse with the consent and supervision of a parent or guardian.

Reservation requests and contractual relations related to the stay must be made by adults who are capable of acting, unless otherwise provided by applicable regulations.

18. COMMUNICATIONS WITH THE STRUCTURE

Official communications with the Structure can take place via:

email: dimoredeimarinaitermoli@gmail.com;
other contact details possibly indicated on the site.

Responses provided via AI chatbot do not constitute official communication from the Structure.

For urgent requests, reservations, changes, cancellations, or relevant information on the stay, the user is invited to contact the Structure directly via official channels.

19. MODIFICATIONS TO THE TERMS

The Owner reserves the right to modify or update these Terms at any time, particularly in the event of:

regulatory changes;
technical updates of the site;
introduction or removal of services;
variations in the management of forms, chatbots, third-party content or online functionalities;
organizational needs of the Structure.

The changes will be published on this page with an update of the date indicated at the top.

The user is invited to periodically consult these Terms.

20. APPLICABLE LAW AND JURISDICTION

These Terms are governed by Italian law.

For any disputes related to the use of the site, these Terms, or online informational services, the jurisdiction designated by applicable law will be competent.

If the user acts as a consumer, the mandatory jurisdiction of the court in the place of residence or domicile of the consumer, where provided by law, remains unaffected.

Before initiating any dispute, the user is invited to contact the Structure at dimoredeimarinaitermoli@gmail.com to seek an amicable resolution.

The European online dispute resolution platform, previously known as the ODR platform, has not been operational since July 20, 2025. The consumer user nonetheless retains the rights and protection mechanisms provided by applicable Italian and European legislation.

21. RELATED DOCUMENTS

These Terms must be read together with the following documents published on the site:

Privacy Policy;
Cookie Policy;
any specific conditions for booking, cancellation, payment, or stay communicated by the Structure.

22. CONTACTS

For questions regarding these Terms and Conditions, you can contact: