Contact Us
Contact Us
Contact Us

Privacy Policy

PRIVACY POLICY

1. Data Controller

The Data Controller is ⟦Company Name / First and Last Name⟧, located at ⟦Full Address⟧, VAT/Tax Code ⟦…⟧.
Contacts: email privacy@domain.com, PEC ⟦…⟧, phone ⟦…⟧.

2. Data Protection Officer (DPO) (if appointed)

The DPO is ⟦DPO Name / Company⟧, reachable at ⟦DPO email⟧.

(If not appointed: remove this section.)

3. Scope of Application

This notice describes how we process the personal data of users who visit and use the site https://yourdomain.com⟧ (hereinafter “Site”), including contacts and services offered.

4. Types of Data Processed

A) Browsing Data
Technical and usage data (e.g., IP address, logs, device/browser identifiers, information on visited pages, date/time of access, security events).

B) Data voluntarily provided by the user (depending on what you have on the site)

  • Contact / quote forms: ⟦first name, last name, email, phone, message, etc.⟧

  • Newsletter / marketing: ⟦email + any preferences⟧

  • E-commerce / orders (if present): ⟦personal data, shipping address, billing, etc.⟧

  • Reserved area (if present): ⟦username, credentials, access logs⟧

C) Cookies and tracking tools
Information via cookies/similar technologies: see Cookie Policy (Section 11). According to art. 122 Privacy Code, technical cookies do not require consent, while non-technical ones require consent when applicable. Normattiva+1

5. Purposes of Processing and Legal Bases

We process data for the following purposes:

  1. Provision of the Site and technical functionalities (security, proper functioning, abuse prevention).
    Legal basis: legitimate interest of the Controller (art. 6(1)(f) GDPR) and/or security obligations.

  2. Handling user requests (contacts, quotes, assistance).
    Legal basis: pre-contractual/contractual measures (art. 6(1)(b) GDPR) or legitimate interest (art. 6(1)(f) GDPR) depending on the case.

  3. Legal and fiscal obligations (if applicable).
    Legal basis: legal obligation (art. 6(1)(c) GDPR).

  4. Newsletter and promotional communications (if applicable).
    Legal basis: consent (art. 6(1)(a) GDPR). Revocable at any time (Section 9).

  5. Statistics/analytics

  • “Technical” analytics (only aggregate statistics and with minimization measures, including those indicated by the Guidelines) can be processed without consent when applicable requirements are met. DB

  • Non-technical analytics/marketing: Legal basis: consent. DB+1

  1. Profiling and personalized advertising (if applicable).
    Legal basis: consent (art. 6(1)(a) GDPR). DB+1

6. Processing Methods and Security Measures

Processing is carried out using IT tools and procedures suitable to ensure security and confidentiality, with appropriate technical and organizational measures (e.g., access control, logging, backup, hardening, minimization).

7. Data Recipients

Data may be communicated to:

  • IT/hosting and maintenance providers: ⟦provider name⟧ (Data Processing Agreement/appointment as processor)

  • email/CRM platforms: ⟦…⟧

  • analytics/advertising providers (only if activated): ⟦…⟧

  • consultants (legal, accounting) and competent authorities as required.

8. Transfers outside the EEA

If some providers process data outside the EEA, transfers occur through tools provided by the GDPR (e.g., adequacy decisions, SCC, supplementary measures).
For transfers to the USA, the adequacy decision EU-US Data Privacy Framework may apply if the provider is certified; alternatively, SCC and adequate measures will be used. EUR-Lex+1

9. Retention Periods

  • requests via form/assistance: ⟦e.g., 12 months⟧

  • newsletter: until consent is withdrawn / unsubscribed

  • contractual/fiscal data: ⟦e.g., 10 years (if applicable)⟧

  • security logs: ⟦e.g., 6 months/12 months⟧

  • cookie preferences and consents: for the time necessary to demonstrate them (accountability) and according to CMP settings. DB

10. Data Subject Rights

You can exercise the rights provided by arts. 15–22 GDPR: access, rectification, erasure, restriction, portability (if applicable), objection, withdrawal of consent (without affecting the lawfulness of prior processing), and not be subject to automated decisions within legal limits.
To exercise rights: ⟦privacy email⟧.

Complaint: you can lodge a complaint with the Data Protection Authority.

11. Cookie Policy and Preference Management

For information on cookies and tracking and to modify/withdraw consent: see the Site’s Cookie Policy and the link ⟦“Review cookie preferences”⟧ always available (e.g., in the footer). DB+1

12. Data of Minors

If you offer information society services directly to minors and rely on consent, in Italy a minor can give it from the age of 14; below this threshold, parental responsibility is required. University of Ferrara

13. Changes to this Notice

We may update this Privacy Policy; the updated version will be published on this page with the update date.