Privacy Policy

1. Data Controller

2. Types of Data Collected

2.1 Data provided voluntarily

When you use our contact form or request our services, we collect:

• Identifying data: first name, last name
• Contact data: email address, phone number
• Service-related data: type of service requested, message
• Language preferences: language selected on the site

2.2 Data collected automatically

During navigation on our site, the following are automatically collected:

• Technical data: IP address, browser type, operating system
• Navigation data: pages visited, session duration, referrer
• Cookies and similar technologies: as described in the dedicated section

3. Purposes and Legal Basis of Processing

Purpose	Legal Basis	Retention
Responding to contact requests	Consent (art. 6.1.a GDPR)	2 years from response
Providing consulting and development services	Contract execution (art. 6.1.b GDPR)	10 years (tax obligation)
Improving user experience on the site	Legitimate interest (art. 6.1.f GDPR)	2 years
Analytics and anonymous statistics	Consent (art. 6.1.a GDPR)	26 months (Google Analytics)
Tax and legal compliance	Legal obligation (art. 6.1.c GDPR)	10 years

4. Cookies and Tracking Technologies

4.1 Types of Cookies used

Technical Cookies (always active):

• Session: maintain preferences during navigation
• Language preferences: remember the selected language
• Cookie consent: store your cookie preferences

Analytics Cookies (require consent):

• Google Analytics: analyzes traffic and navigation behaviors in aggregate and anonymous form
• Duration: 26 months
• Purpose: improve user experience and optimize the site

Marketing Cookies (require consent):

• We currently do not use marketing cookies
• In the future they may be implemented for targeted advertising campaigns

🍪 Manage Cookie Preferences

5. Data Sharing

Your personal data may be shared with:

5.1 Service providers (Data Processors)

• Hosting provider: for web service delivery
• Email services: for sending communications (SMTP provider)
• Google Analytics: for traffic analysis (anonymous data)
• Security providers: for site protection from attacks

5.2 International transfers

Some of our service providers may be located outside the EU. In such cases, we guarantee that:

• Standard contractual clauses approved by the European Commission are used
• Providers adhere to recognized certification programs
• Appropriate security measures are implemented

6. Your Rights (GDPR)

As a data subject, you have the following rights:

6.1 Right of Access (art. 15 GDPR)

You can request a copy of the personal data we process about you.

6.2 Right of Rectification (art. 16 GDPR)

You can request the correction of inaccurate data or the completion of incomplete data.

6.3 Right to Erasure (art. 17 GDPR)

You can request the deletion of your data when:

• They are no longer necessary for the purposes for which they were collected
• You withdraw consent and there is no other legal basis
• You object to processing and there are no overriding legitimate reasons

6.4 Right of Restriction (art. 18 GDPR)

You can request the restriction of processing in specific cases.

6.5 Right to Data Portability (art. 20 GDPR)

You can request to receive your data in a structured and readable format.

6.6 Right to Object (art. 21 GDPR)

You can object to processing based on legitimate interest.

6.7 Withdrawal of Consent

You can withdraw consent at any time without affecting the lawfulness of processing based on consent given before withdrawal.

7. How to Exercise Your Rights

8. Data Security

We implement appropriate technical and organizational security measures to protect your data:

8.1 Technical Measures

• Encryption: all data is transmitted via HTTPS/TLS connections
• Secure backups: regular encrypted backup copies
• Firewall: advanced perimeter protection
• Updates: systems always updated with the latest security patches

8.2 Organizational Measures

• Limited access: only authorized personnel can access data
• Training: regular staff training on privacy and security
• Procedures: defined protocols for data management
• Audit: periodic verification of security measures

9. Data Breaches

In case of a personal data breach that poses a risk to the rights and freedoms of data subjects:

• Authority notification: within 72 hours of discovery
• Communication to data subjects: within 72 hours if the risk is high
• Corrective measures: immediate implementation of actions to limit damage

10. Minors

Our services are intended for persons over 16 years of age. We do not knowingly collect personal data from minors under 16 without the consent of parents or legal guardians.

If we become aware that we have collected data from a minor without appropriate consent, we will immediately proceed with deletion.

11. Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be:

• Communicated: through publication on the site with evidence of changes
• Notified: via email if changes are substantial
• Effective: from the date of publication on the site

We recommend consulting this page periodically to stay updated.

12. Right to Complain

You have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data violates GDPR.

13. Contact

---

This Privacy Policy has been drafted in compliance with the General Data Protection Regulation (GDPR) and applicable national regulations. It is also available in Italian and Romanian versions.