Skip to content

Diadema di Venere

Privacy Policy

1. Data Controller

The data controller pursuant to Art. 4(7) GDPR is Giovanni Mantovani (Italian fiscal code MNTGNN02T16G912U), operating from Via delle Fornaci 212A, Marina di Campo, Campo nell'Elba 57034 (LI), Tuscany, Italy. Email: info@diademadivenere.it. For privacy-related requests please write to the same address with “GDPR” in the subject line.

The property owners (Gloria Bagnato for the Fornaci and Scalinate units, Marco Mantovani for the Montecristo unit) are listed on the Legal Notice page but are neither data controllers nor data processors of the personal data collected through this site.

2. Data Collected

Through the contact form we collect:

  • First and last name (required)
  • Email address (required)
  • Phone number (optional)
  • Check-in and check-out dates (optional)
  • Number of guests (optional)
  • Property preference (optional)
  • Free-text message (optional)
  • Newsletter preference (optional)

Through the AI-assisted chat we collect the messages you send (see §8). Through WhatsApp we receive the messages and content you send us (see §9). Cookies and identifiers are described separately in our Cookie Policy.

3. Purpose and Legal Basis

  • Handling booking requests — legal basis: performance of a contract / pre-contractual measures (Art. 6.1.b GDPR). Data is used to respond to the request and manage the stay.
  • Newsletter and offers — legal basis: consent (Art. 6.1.a GDPR), given via the form checkbox. Consent can be withdrawn at any time by writing to info@diademadivenere.it.
  • Aggregate site usage statistics— legal basis: consent (Art. 6.1.a GDPR), provided via the cookie banner and revocable at any time from the “Cookie preferences” link in the footer.
  • Security and abuse prevention — legal basis: legitimate interest of the controller (Art. 6.1.f GDPR) in preventing spam, fraud, and automated abuse.

Providing the data marked as required is necessary to respond to your request. Refusal makes it impossible for us to handle the booking. We carry out no automated decision-making nor profiling within the meaning of Art. 22 GDPR.

4. Retention Period

Data is kept for the duration of the contractual relationship and to meet tax obligations (maximum 10 years). If no booking is made, data is deleted within 12 months of the request. Newsletter preference is kept until consent is withdrawn. Cookies have differentiated retention periods, described in the Cookie Policy.

5. Recipients

Data is never sold or transferred to third parties for commercial purposes. It is shared only with the following providers, acting as processors under Art. 28 GDPR:

  • Vercel Inc. (USA) — site hosting, Vercel Analytics, Speed Insights, and media storage (Vercel Blob).
  • Supabase Inc. (USA, EU/Frankfurt infrastructure) — managed database.
  • Resend (Beam Engineering Inc.) (USA) — sending and receiving transactional email.
  • Google Ireland Ltd (EU) and Google LLC (USA) — Google Analytics 4 (only with consent).
  • Anthropic, PBC (USA) — processing of AI-chat messages to generate replies and, during pre-arrival registration, of the ID-document image you may upload for automatic field reading (OCR) (see §8).
  • Ollama Inc. (USA) — fallback processing of AI-chat messages when the primary provider is unavailable (see §8).
  • Meta Platforms Ireland Ltd (EU) — delivery and storage of messages sent to our WhatsApp Business number (see §9).

6. Transfers Outside the EU

Some of the providers above are based in the United States. Transfers occur on the basis of the EU-US Data Privacy Framework (European Commission adequacy decision of 10 July 2023) and/or Standard Contractual Clauses (SCCs) supplemented by additional technical measures (TLS in transit, encryption at rest, access controls). The AI-chat fallback provider (Ollama Inc.) processes messages only transiently to generate the reply and relies on the safeguards declared in its own privacy policy together with the technical measures above. Copies of SCCs and adequacy documentation are available on request where applicable.

7. Cookies

The site uses strictly necessary technical cookies and, only with your explicit consent, analytics cookies (Vercel Analytics, Vercel Speed Insights, Google Analytics 4) and marketing-attribution cookies. The full list including duration and purpose for each cookie is in our Cookie Policy. You can change your choices at any time via the “Cookie preferences” link in the footer.

8. Artificial intelligence (chat and document reading)

On public pages we offer a chat that generates replies via language models provided by Anthropic, PBC (USA) and, as a fallback, Ollama Inc. (USA). Your messages are sent to these providers solely to generate the reply. Under its commercial DPA, Anthropic does not use the content to train its models. Legal basis: legitimate interest of the controller (Art. 6.1.f GDPR) in offering pre-contractual assistance; you can always object by contacting us directly via email or WhatsApp.

During pre-arrival registration you may optionally photograph your ID document: the image is sent to Anthropic, PBC (USA) solely for automatic reading (OCR) of the data, which is then shown to you to verify before submitting (it is never submitted automatically). The photo is stored encrypted (AES-256-GCM) in private storage, is used only for the registration obligation (art. 109 TULPS), and is deleted automatically after checkout. You can always enter the data manually instead, without uploading any photo. Legal basis: legal obligation (Art. 6.1.c GDPR).

9. WhatsApp communications

When you reach out via WhatsApp (wa.me/393385965818) your messages are delivered, stored and end-to-end encrypted under Meta Platforms' terms. We process the conversation content to handle your request (legal basis: Art. 6.1.b GDPR). To delete messages you have sent, simply remove them from your WhatsApp app and email us asking for deletion on our side too.

10. Your Rights

You have the right to:

  • Access your personal data
  • Rectify or update it
  • Request erasure (“right to be forgotten”)
  • Object to processing based on legitimate interest
  • Request restriction of processing
  • Request data portability
  • Withdraw consent (newsletter, cookies, chat) at any time

To exercise these rights write to info@diademadivenere.it. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante) or your local supervisory authority.

11. Updates

Document version: 2.2. Updated on 29 May 2026. The controller reserves the right to amend this policy in the event of regulatory or process changes. Substantive updates will be communicated by email to newsletter subscribers or via a clearly visible notice on the home page.