1. Data Controller

Data Controller:

Alessandro Di Pierro

VAT number: 11712321006

Email: dipierro@gmail.com

Website: www.alessandrodipierro.com

The Data Controller may be contacted for any matter relating to the processing of personal data and the exercise of the rights provided for in this policy.

 

2. Categories of Personal Data Processed

During navigation and use of the services, the following categories of data may be processed:

• Navigation and technical data: IP address, browser type, operating system, pages visited, session duration, access timestamps, approximate geolocation data derived from the IP address. This data is collected automatically by computer systems to ensure the functioning of the website and security.

• Identification and contact data: name, surname, email address, provided voluntarily through contact forms, quote requests or direct communications.

• Data from cookies and tracking technologies: information collected through technical, analytical and profiling cookies, as detailed in the website's Cookie Policy.

​

3. Purposes of Processing and Legal Bases

Personal data is processed for the following purposes with the respective legal bases:

​

• Management of requests and provision of services: responding to requests for information, processing quotations, project management, provision of web design and development services, after-sales customer support.

Legal basis: Performance of a contract or pre-contractual measures (Art. 6, para. 1, letter b GDPR)

• Website security and operation: prevention of unauthorised access, detection of fraudulent activity, website maintenance and optimisation, backup and disaster recovery.

Legal basis: Legitimate interest of the data controller (Art. 6, para. 1, letter f GDPR)

• Direct marketing and promotional communications: sending newsletters, commercial communications, service updates, personalised offers, invitations to events.

Legal basis: explicit consent (Art. 6, para. 1, letter a GDPR) or legitimate interest for existing customers in compliance with electronic communications legislation

• Statistical analysis and service improvement: analysis of user behaviour, optimisation of user experience, development of new services, market research.

Legal basis: Legitimate interest (Art. 6, para. 1, letter f GDPR) for aggregated and anonymised data, consent for detailed profiling

• Protection of rights: establishment, exercise or defence of rights in court or out of court.

Legal basis: Legitimate interest of the data controller (Art. 6, para. 1, letter f GDPR)

 

4. Processing methods and security measures

Personal data is processed using IT and telematic tools and, in limited cases, paper-based tools, with logic strictly related to the purposes indicated and in any case in such a way as to guarantee the security and confidentiality of the data.

Security measures adopted:

• Encryption of data in transit using up-to-date HTTPS/TLS protocols

• Strong authentication systems and differentiated access control

• Regular automatic backups with periodic recovery tests

• Continuous monitoring of security vulnerabilities and timely updates

• Pseudonymisation and minimisation of data where technically possible

• Periodic training of personnel authorised to process data

• Documented procedures for managing security incidents

Unless otherwise specified, no automated decisions are made that produce significant legal effects on the data subject or automatic profiling pursuant to Article 22 of the GDPR.

 

5. Recipients and Communication of Data

Personal data may be disclosed to the following categories of subjects:

• Internal staff: collaborators, employees and internal consultants specifically authorised and trained in the processing of personal data.

• Technical service providers (Data Processors): hosting and cloud service providers, email marketing platforms, CRM systems, web analytics services, IT and maintenance service providers, backup and disaster recovery services.

• External professionals and consultants: accountants, tax and legal advisors, industry consultants, all bound by professional confidentiality obligations.

• Public authorities: when required by law, regulations or orders from competent authorities.

All recipients are required to process data in accordance with the GDPR and are bound by specific confidentiality agreements or are subject to legal confidentiality obligations. The complete list of data processors is available upon request.

​

6. International Transfers

Some services used may involve the transfer of personal data to countries outside the European Economic Area (EEA). In such cases, the transfer takes place exclusively in compliance with the appropriate safeguards provided for by the GDPR:

• Adequacy decisions of the European Commission (Art. 45 GDPR)

• Standard Contractual Clauses (SCC) approved by the European Commission (Art. 46 GDPR)

• Recognised certifications or codes of conduct

• Binding corporate rules where applicable

Data subjects may request specific information on transfers and obtain a copy of the safeguards adopted by contacting the Data Controller.

 

7. Retention periods

Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected:

• Browsing data and system logs: maximum 12 months from collection, unless retention is necessary for IT security purposes or for specific legal obligations.

• Data for marketing purposes: until the data subject withdraws consent and in any case no later than 24 months from the last documented active contact.

• Cookies: according to the timeframes specified in the Cookie Policy, generally no longer than 12 months for analytical cookies and 24 months for profiling cookies.

Once the specified terms have expired, the data will be permanently deleted or irreversibly anonymised.

 

8. Rights of the data subject

As a data subject, you have the right to exercise the following rights provided for in Articles 15-22 of the GDPR:

• Right of access (Art. 15): to obtain confirmation of the existence of processing of your personal data and to receive a copy of the same, together with information on the processing.

• Right to rectification (Art. 16): request the correction of inaccurate personal data or the integration of incomplete data.

• Right to erasure (Art. 17): request the erasure of personal data when it is no longer necessary, when consent has been revoked, in the event of unlawful processing or for legal reasons.

• Right to restriction (Art. 18): request the restriction of processing in the event of a dispute over the accuracy of the data, unlawful processing, or when the data is necessary for the establishment, exercise or defence of a right in court.

• Right to portability (Art. 20): to receive personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller.

• Right to object (Art. 21): to object to processing based on legitimate interest or for direct marketing purposes, including profiling.

• Right to withdraw consent: withdraw consent at any time, without prejudice to the lawfulness of processing based on consent given prior to withdrawal.

To exercise your rights: send a written request to dipierro@gmail.com, clearly specifying the right you wish to exercise and attaching a copy of your identity document. We will respond within 30 days of receiving your request, which may be extended by a further 60 days in particularly complex cases.

 

9. Complaints to the Supervisory Authority

You have the right to lodge a complaint with the Data Protection Authority if you believe that the processing of your personal data violates the GDPR:

Data Protection Authority

Piazza Venezia n. 11, 00187 Rome

Email: garante@gpdp.it - PEC: protocollo@pec.gpdp.it

Tel: +39 06.696771 - Website: www.garanteprivacy.it

 

10. Cookie Policy

The website uses technical cookies necessary for its operation, analytical cookies for aggregate statistics and, subject to consent, profiling cookies for personalised marketing. For detailed information on the cookies used, their purposes, storage times and how to manage consent, please refer to the complete Cookie Policy available at this link www.alessandrodipierro.com/cookie-policy

 

11. Changes to the Privacy Policy

The Data Controller reserves the right to modify or update this policy to adapt it to regulatory, organisational or technological changes. Substantial changes will be communicated via banners on the website or emails to registered users. The date of the last update is always indicated at the top of the document.

 

12. Contacts for Privacy Issues

For any questions, requests for clarification or to exercise your rights regarding the processing of personal data:

Email: dipierro@gmail.com