Privacy

Privacy policy

How we handle personal data on cogole.to.

Last updated: 3 June 2026 · Version: 2026-06-03-v3

This notice describes how cogole.to processes users' personal data under Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended.

1. Data controller

The website cogole.to is an independent tourist guide for the village of Cogoleto, run privately by a private individual resident in Cogoleto (GE), Italy, on a non-professional, not-for-profit basis. Contact for privacy-related requests is available via the Contact page or at [email protected].

As this is small-scale, non-systematic processing that involves no special categories of data (Art. 9 GDPR) or criminal-conviction data (Art. 10 GDPR), the conditions of Art. 37 GDPR for appointing a Data Protection Officer (DPO) do not apply. The owner remains the direct point of contact for any data-protection matter at [email protected].

Because the processing is not purely occasional (postcards, reviews, polls, moderation and account access), the controller maintains the record of processing activities under Art. 30 GDPR, produced on request of the supervisory authority (the Italian Data Protection Authority, Garante).

2. Data collected and purposes

We only process the data strictly required for the site to function and for the interactions users request:

2.1 Anonymous visitors (no account)

Web-server logs: IP address, user-agent, pages viewed, language, referrer. Purpose: security, diagnostics, abuse prevention. Legal basis: legitimate interest (Art. 6.1.f GDPR). Retention: 30 days.
Technical cookies (cookie banner state, language, session): no consent required.
Aggregate analytics (Google Analytics 4): only with explicit consent. Retention: 24 months (GA4 default).

2.2 Registered users

Identity: email, display name, optional profile picture from the OAuth provider (Google, Facebook, Instagram, Apple) or email magic-link.
Provider: provider identifier and — for Instagram only — public handle (e.g. @username).
User-generated content: postcards (photo + caption), reviews, poll votes, scavenger-hunt checkpoints, earned badges.
Sessions: server-side session id, hashed IP and user-agent (for abuse detection).
Consent ledger: every cookie grant/withdraw is recorded with timestamp, policy version, hashed IP+UA.
Audit log: every notable action (login, export request, account deletion, etc.).

Legal basis for registered users:

Performance of a requested service (Art. 6.1.b GDPR) for postcards, reviews, polls, scavenger hunt.
Consent (Art. 6.1.a GDPR) for analytics and non-technical cookies.
Legitimate interest (Art. 6.1.f GDPR) for technical logs, anti-abuse, moderation.
Legal obligation (Art. 6.1.c GDPR) for audit + moderation records retained for legal compliance.

2.3 Postcard photos

Photos uploaded as "postcards from Cogoleto" are pre-moderated: nothing is published without approval. EXIF metadata (including GPS coordinates) is stripped on upload to avoid publishing your location.

2.4 Retention periods

Server logs: 30 days.
Analytics (GA4): 24 months.
Account identity and user-generated content: kept while the account is active; removed within 30 days of deletion (see §5).
Consent ledger: kept as evidence of consent for the lifetime of the account plus the applicable limitation period.
Audit and moderation records: retained up to 12 months for legal-compliance purposes.

3. Cookies

We split cookies into five categories:

Necessary (always on): cogoleto_consent (remembers your banner choice), __Host-cogoleto (session if signed in), cogoleto-lang (preferred language), cogoleto-theme (light/dark theme).
Analytics (opt-in): _ga, _ga_* from Google Analytics 4 — 24-month retention.
Preferences (opt-in): local cookies for layout, earned badges, etc.
Quick sign-in with Google (One Tap) (opt-in, off by default): loads the Google Identity Services script to automatically display the "Sign in with Google" card while you browse. Even without a click, loading the script sends your IP address, page URL, user-agent and — if you are already signed in to Google — your Google account identity to Google. See §3a of the cookie policy for details.
Marketing: we do not use advertising cookies. The category is declared for transparency and could be enabled in the future only with explicit consent.

Every form submission (contact, sign-in, poll votes) is protected by Google reCAPTCHA v3 as a necessary anti-abuse / security measure; it sets the technical cookie _GRECAPTCHA on the google.com domain and computes an anti-spam score. Legal basis: legitimate interest in security (art. 6.1.f GDPR). See the cookie policy for details.

Full details in the cookie policy. You can change your choices at any time by clicking "Manage cookies" in the footer.

4. Recipients and transfers

Data is processed by the controller and by the following third parties, strictly for the purposes described:

Cloudflare, Inc. (USA / Ireland) — CDN, DNS, DDoS protection. Relies on EU Standard Contractual Clauses 2021/914.
Google Ireland Ltd. and Google LLC (USA) — only if authorized: Google Analytics 4, Sign-in with Google, Google One Tap (quick sign-in), Google reCAPTCHA v3. US transfers: EU-US Data Privacy Framework (Google is self-certified) with EU Standard Contractual Clauses 2021/914 as a backup safeguard.
Meta Platforms Ireland Ltd. — only if you use Sign-in with Facebook or Sign-in with Instagram.
Apple Distribution International Ltd. (Ireland) — only if you use Sign-in with Apple.
Hosting providers in Italy (physical servers on Italian territory).

Transfers outside the European Union: only to third countries with adequacy decisions or under the EU Standard Contractual Clauses (Decision 2021/914). No transfers based on other safeguards.

5. Your rights (GDPR Articles 15–22)

At any time you may exercise these rights:

Right	How to exercise it
Access (Art. 15)	Request a complete ZIP export of your data from My profile → My data. Delivered by email within 7 days.
Rectification (Art. 16)	Edit your name, email and photo directly from My profile, or email us.
Erasure (Art. 17 — right to be forgotten)	Click "Delete my account" on the profile page. Your account is suspended immediately and permanently deleted after 30 days (cool-down window). You can request immediate deletion by email.
Restriction (Art. 18)	"Pause my account" on the profile page. We keep your data but stop processing it until you re-activate.
Portability (Art. 20)	The same export as Art. 15 is in open JSON, machine-readable, re-usable elsewhere.
Objection (Art. 21)	Click "Object to analytics and marketing" on the profile page, or withdraw consent via the cookie banner.
Complaint	You have the right to lodge a complaint with the Italian Data Protection Authority (Garante).

Requests made through the user panel are executed automatically within seconds (with an email confirmation). Requests sent by email to [email protected] are answered within 30 days as required by Art. 12.3 GDPR.

6. Automated decisions

We do not use any automated decision-making or profiling that produces legal effects on the data subject (Art. 22 GDPR).

7. Security

Technical and organisational measures we apply:

TLS 1.2/1.3 enforced on every subdomain, with HSTS preload.
Session cookies are HttpOnly, Secure, SameSite=Lax, with the __Host- prefix.
SHA-256 hashing of IP and user-agent in application logs (no plain-text storage).
No end-user passwords: authentication is OAuth/magic-link, no password to remember.
Encrypted daily backups, retained at two separate sites.
Full audit log of security events, monitored.

8. Minimum age

The service is not directed at children under 14 (the digital-consent threshold in Italy, art. 2-quinquies Codice Privacy). If you are a parent and believe your child has created an account, please contact us for immediate deletion.

9. Changes

This notice is versioned. When it changes materially we ask for your consent again via the banner. Previous versions remain available on request at [email protected].