Privacy Policy — MyTaormina

Last updated: 2026-05-27.

---

Summary

When using MyTaormina:

• We do not collect personal identifying data (name, email, phone): the service is openly accessible, with no registration
• We do not use tracking, profiling or third-party cookies
• Aggregate site statistics are collected anonymously via Vercel Analytics and Vercel Speed Insights, cookieless and with no persistent fingerprinting (visitor metrics are tied to an anonymous visitor hash that rotates daily)
• If you change language, we store your preference in a technical cookie (NEXT_LOCALE), exempt from consent
• Your GDPR rights are fully guaranteed

For full details, see below.

---

1. Data controller

• Enrico Moschella, self-employed professional
• VAT no.: IT06278590879
• Registered address: 95016 Mascali (CT), Italy
• Single contact email (including GDPR/privacy requests): info@mytaormina.app

The Controller has not appointed a Data Protection Officer (DPO), as the mandatory requirements under art. 37 GDPR are not met.

2. Categories of data processed

2.1 Data collected automatically (anonymous)

• Aggregate browsing metrics, collected via Vercel Analytics: page visited, referrer, country (derived from IP), device and browser category. Vercel Analytics is cookieless: no cookies or persistent identifiers are used; unique visitor counts are based on an anonymous visitor hash that rotates daily and cannot be linked to the user over time
• Core Web Vitals, collected via Vercel Speed Insights to measure the technical quality of the service (e.g. LCP, CLS, INP). These metrics are tied to the same anonymous, daily-rotating hash used by Vercel Analytics and do not constitute profiling
• IP address, temporarily logged by the hosting provider (Vercel) for security and diagnostic purposes, retained only for the time strictly necessary (typically 30 days) and then automatically deleted
• No persistent tracking identifiers: no analytics or third-party cookies, no tracking localStorage, no fingerprinting or similar techniques are used

2.2 Technical cookies

• NEXT_LOCALE: technical-functional cookie that stores the language preference, set only when the user manually changes the site language. Exempt from prior consent (Italian Data Protection Authority Guidelines of 10 June 2021, para. 3.2.1).

2.3 Data possibly provided by the user

• GPS position: used exclusively in real time if the user grants the browser permission for the "near me" map function. The data is not stored on the Controller's systems nor transmitted to third parties.

3. Purposes of processing and legal bases

The Controller has assessed that the legitimate interest pursued does not override the fundamental rights and freedoms of the data subject, given the level of anonymisation and the absence of profiling.

4. Recipients and external processors

Data may be processed by the following external data processors, under art. 28 GDPR:

No data is sold, transferred, shared or made available to third parties for advertising, profiling, marketing or data brokerage purposes.

5. Extra-EU data transfer

Some providers (in particular Vercel and possibly Cloudflare) are based in the United States. Technical data (including IP in temporary logs) may transit through US servers.

The transfer is covered by the following adequate safeguards under Chapter V GDPR:

• EU-U.S. Data Privacy Framework, based on the European Commission's adequacy decision of 10 July 2023 (for providers that adhere to it)
• Standard Contractual Clauses approved by the European Commission with Implementing Decision (EU) 2021/914 of 4 June 2021

The Controller monitors the evolution of the legal framework applicable to international data transfers.

6. Data subject's rights

At any time, the user may exercise the rights provided by arts. 15-22 GDPR:

• Access to data concerning them (art. 15)
• Rectification of inaccurate or incomplete data (art. 16)
• Erasure of data ("right to be forgotten") (art. 17)
• Restriction of processing (art. 18)
• Portability of data in a structured, readable format (art. 20)
• Objection to processing based on legitimate interest (art. 21)
• Withdrawal of consent at any time, without prejudice to the lawfulness of processing carried out before withdrawal (art. 7.3)
• Right not to be subject to automated decisions, including profiling, producing legal or significant effects (art. 22)
• Complaint to the Supervisory Authority: Italian Data Protection Authority (Garante) — garanteprivacy.it

To exercise a right: write to info@mytaormina.app. A response will be provided within 30 days of receipt of the request, subject to justified extension under art. 12.3 GDPR.

7. Minimum age

The service is not intended for minors under 14 years of age. The Controller does not knowingly collect data of minors under 14. Should it become aware of any involuntary processing of data of minors under 14, it will promptly delete such data (see art. 2-quinquies of Italian Legislative Decree 196/2003).

8. Data security

The Controller adopts appropriate technical and organisational measures to ensure a level of security appropriate to the risk, under art. 32 GDPR (HTTPS/TLS across the service, protected administration tool access, data minimisation principle, choice of GDPR-compliant providers).

No system can however guarantee absolute security: the user acknowledges the residual risk inherent in any data transmission over the Internet.

9. Changes to this Privacy Policy

This Privacy Policy may be updated in case of:

• Changes to the technical tools used
• Introduction of features that entail new processing
• Regulatory developments or changes in applicable practice

Changes are dated above. Substantial changes are notified on the service homepage for at least 30 days.

10. Contacts

• Single email (privacy, general, legal): info@mytaormina.app
• Complaint to the Italian Data Protection Authority: garanteprivacy.it