Last updated: [23/02/2026]

​

TERMS AND CONDITIONS OF USE

1.1 Purpose of the website
This website (“Site”) is intended for informational purposes and to present the accommodation/property (“Casa Tanino / Case Greco”). It allows users to contact the Data Controller through a contact form or via a WhatsApp link.

1.2 No online booking on the Site
The Site does not handle bookings, payments, or the issuance of stay confirmations. Any requests sent via the contact form or WhatsApp are intended solely to obtain information and/or to be contacted back. If the user follows links to third-party platforms (e.g., booking portals or social networks), the use of those services is governed by the terms and policies of the respective providers.

1.3 Use of the Site
The user agrees to use the Site lawfully and properly, without attempting to violate its security or compromise its functionality, and without sending false, offensive, or unlawful communications through the contact channels.

1.4 Intellectual property
Texts, images, logos, and content on the Site are the property of the Data Controller or are used under license/permission. Reproduction, modification, or distribution of the content without written authorization is prohibited, except where permitted by law.

1.5 Links to third-party websites
The Site may contain links or references to third-party websites/services (such as WhatsApp, social networks, or booking platforms). The Data Controller does not control such websites/services and is not responsible for their content, security, or data processing practices. Users are encouraged to review the respective information notices.

1.6 Limitation of liability
The Data Controller strives to keep the information accurate and up to date but does not guarantee the absence of errors or interruptions of the Site. To the extent permitted by law, the Data Controller shall not be liable for any direct or indirect damages arising from the use of the Site or the inability to use it.

1.7 Changes
The Data Controller may update these Terms at any time. Changes become effective upon publication on the Site.

1.8 Applicable law and jurisdiction
These Terms are governed by Italian law. For any dispute, the competent court shall be the court of the consumer’s place of residence or domicile, where applicable; otherwise, the court of Palermo.

​

PRIVACY POLICY
(ART. 13 REGULATION (EU) 2016/679 – “GDPR”)

​

2.1 Data Controller
The Data Controller is Carmen Greco
Address: Via R1, 90015 Cefalù (PA), Italy
Email: casatanino@gmail.com

(hereinafter referred to as the “Data Controller”)

2.2 Types of data processed
Through the Site, the Data Controller may process:
a) Data voluntarily provided by the user via the form: first name, last name, email, phone number, message content.
b) Data provided by the user via WhatsApp: phone number and message content.
c) Technical browsing data: technical information (e.g., IP address, logs) strictly necessary for the operation and security of the Site.

2.3 Purposes of processing and legal basis
Data are processed for:
A) Responding to information requests and contacting the user (via email/phone/WhatsApp).
Legal basis: performance of pre-contractual measures taken at the data subject’s request (Art. 6(1)(b) GDPR).
B) Technical management and security of the Site, prevention of abuse/spam, and protection of the Data Controller’s rights.
Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
C) Possible handling of requests related to a future stay/service, with collection of additional data ONLY if and when necessary: in such case, a specific notice will be provided at the time of collection.

2.4 Methods of processing
Processing is carried out using electronic and/or paper-based tools, with appropriate security measures to protect data from unauthorized access, loss, or disclosure.

2.5 Provision of data
Providing the data marked as necessary in the form is optional; however, if such data are not provided, it will not be possible to respond to the request.

2.6 Data recipients
Data may be processed by:
– personnel authorized by the Data Controller;
– technical service providers (e.g., hosting, website maintenance, email providers), appointed where necessary as Data Processors pursuant to Art. 28 GDPR.
Data are not disclosed.

2.7 Transfer of data outside the EU
Some providers (e.g., messaging or email services) may process data outside the European Economic Area. In such cases, transfers are carried out in compliance with the GDPR through appropriate safeguards (e.g., standard contractual clauses and/or adequacy decisions, where applicable).

2.8 Data retention period
– Requests sent via the form/WhatsApp: up to [12 months] after the request is closed, unless further obligations apply or legal protection is required.
– Technical security logs: for the time strictly necessary and in any case according to the provider/hosting settings.

2.9 Data subject rights
Users may exercise the rights provided by Articles 15–22 GDPR (access, rectification, erasure, restriction, objection, data portability) by writing to the Data Controller using the contact details indicated above.

2.10 Complaint to the Supervisory Authority
If the user believes that the processing violates the GDPR, they may lodge a complaint with the competent Data Protection Supervisory Authority.

2.11 Changes to this notice
This notice may be updated. The version published on the Site is the one currently in force.

WHATSAPP-SPECIFIC NOTES
By clicking the WhatsApp button or contacting the Data Controller via WhatsApp, the user uses a third-party service. WhatsApp operates under its own policies and terms. The Data Controller will process the chat content solely to handle the request and contact the user.