Skip to main content

By Mario Rossi. Published . Updated .

Privacy Policy

Privacy Policy

This notice describes how personal data collected via the website is processed.

Privacy Policy

(pursuant to Articles 13–14 of Regulation EU 2016/679 – GDPR)

Last update: [DATE]

1. Data Controller

Mario Rossi
[ADDRESS]
Email: hello@example.com

The Controller has not appointed a Data Protection Officer (DPO) as the conditions set out in Article 37 GDPR do not apply. For any request concerning your personal data, you may contact the Controller directly at the above address.

2. Categories of personal data processed

Data provided by the data subject

  • Contact details: name, email address, and the content of the message submitted via the contact form.

Data collected automatically during browsing

  • Analytics (Plausible): aggregated and anonymous browsing data (visited pages, session duration, generic source), without cookie tracking and without collecting full IP addresses or personal identifiers. Policy: https://plausible.io/privacy.
  • Technical logs (Netlify): hosting is provided by Netlify, which may record technical data (e.g., IP address, user agent, timestamp) for IT security and service operation purposes. Policy: https://www.netlify.com/privacy/.

3. Purposes of processing and legal bases

Main purposes

  • Reply to contact requests, inquiries or quotes — Legal basis: pre-contractual measures at the request of the data subject (Art. 6(1)(b) GDPR).
  • Anonymous analytics to improve the website — Legal basis: legitimate interest (Art. 6(1)(f) GDPR), balanced thanks to anonymisation and absence of tracking.
  • IT security, abuse prevention and technical operation — Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

Direct marketing / Newsletter (only if requested)

If the data subject ticks the optional checkbox, the Controller may process the email address (and name, if provided) to send occasional updates/newsletter and direct marketing communications.

Legal basis: explicit consent (Art. 6(1)(a) GDPR). Consent is optional.

Withdrawal: at any time via the unsubscribe link in each email or by writing to hello@example.com.

4. Data recipients (Data Processors)

Personal data may be shared with entities acting as Data Processors under Article 28 GDPR, on the basis of specific contractual agreements.

  • Netlify (hosting)
  • Plausible Analytics (anonymous analytics)
  • [EMAIL MARKETING PROVIDER] (if newsletter is activated)

Data are not disclosed to other parties or made public.

5. Transfers outside the EU

Some providers may transfer personal data to third countries (outside the EU/EEA). Transfers are carried out in compliance with Chapter V GDPR safeguards (e.g., Standard Contractual Clauses – SCCs, or other appropriate safeguards).

  • Netlify: [specify SCC / DPF if applicable]
  • Plausible Analytics: EU servers (no extra-EU transfer)
  • [EMAIL MARKETING PROVIDER]: [specify EU/non-EU and safeguards]

6. Data retention

  • Contact form data: up to 2 years from receipt, unless legal obligations or legal defence require longer.
  • Newsletter/marketing data: until consent withdrawal or up to 24 months from the last interaction.
  • Analytics (Plausible): aggregated and anonymous data (not attributable to individuals).
  • Technical logs (Netlify): typically ~30 days (according to provider policy).

7. Data subject rights

The data subject has the right to:

  • Access (Art. 15)
  • Rectification (Art. 16)
  • Erasure (Art. 17)
  • Restriction (Art. 18)
  • Portability (Art. 20)
  • Objection (Art. 21)
  • Withdrawal of consent (Art. 7(3))

How to exercise rights: send a written request (also by email) to hello@example.com. The Controller will respond within 1 month (extendable by 2 months in complex cases, with notice).

Complaint: you may lodge a complaint with the Italian DPA (www.garanteprivacy.it) or your local EU supervisory authority.

8. Automated decision-making and profiling

The Controller does not carry out automated decision-making (Art. 22 GDPR) nor profiling activities.

9. Cookies and tracking technologies

The website does not use profiling or tracking cookies.

Technical cookies: strictly necessary cookies may be used (e.g., language preferences, security). They do not require consent.

Cookie-less analytics: Plausible is cookie-less and collects only aggregated and anonymous data.

10. Changes to this policy

This policy may be updated periodically. Changes will be published on this page with the last update date.