Privacy Policy

Summary

1. Data Controller

The Data Controller is:

2. Data Collected

This website collects the following categories of personal data:

A) Data provided voluntarily by the user

Through the contact form, we collect:

• Name and surname
• Email address
• Phone number
• Subject and message content

Providing this data is optional, but necessary to respond to your request.

B) Data collected automatically

For internal statistical purposes, this website automatically collects:

• IP address
• Approximate geographic location (city, country)
• Pages visited and time of visit
• Referral source (e.g., Google, social networks, direct)
• Device type and browser

This data is collected through an internal analytics system that does not use third-party cookies.

3. Purposes and Legal Basis

Contact form responses

Purpose: To respond to information requests and provide the requested services.

Legal basis: Performance of pre-contractual measures at the request of the data subject (Art. 6.1.b GDPR) and legitimate interest of the Data Controller (Art. 6.1.f GDPR).

Statistical analysis

Purpose: To analyze website traffic and improve user experience.

Legal basis: Legitimate interest of the Data Controller (Art. 6.1.f GDPR) for internal statistical analysis necessary to improve services.

Legal obligations

Purpose: To fulfill legal obligations to which the Data Controller is subject.

Legal basis: Legal obligation (Art. 6.1.c GDPR).

4. Processing Methods

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data.

Processing is carried out using IT and/or electronic tools, with organizational methods and logic strictly related to the purposes indicated.

In addition to the Data Controller, data may be accessible to authorized internal personnel (administrative, commercial) or external parties (hosting providers, IT service providers) appointed as Data Processors where necessary.

5. Data Retention Period

Personal data is processed and stored for the time required by the purpose for which it was collected:

• Contact form data: 24 months from collection, or until the purpose is fulfilled
• Analytics data: 24 months
• Cookie preferences: 12 months

At the end of the retention period, personal data will be deleted. Therefore, at that time, the right of access, deletion, rectification, and data portability can no longer be exercised.

6. Data Recipients

Your data may be shared with the following categories of recipients:

Data Processors

7. International Data Transfers

Contact form data and analytics data are stored exclusively on servers located in Italy (Aruba S.p.A.).

For IP geolocation, only IP addresses are temporarily processed by ip-api.com; the result is stored on our servers in Italy. No personal data is transferred outside the European Union.

8. Your Rights

Under the GDPR (Articles 15-22), you have the right to:

• Access – obtain confirmation of the existence of your data and access it
• Rectification – request correction of inaccurate data
• Erasure – request deletion of your data ('right to be forgotten')
• Restriction – request restriction of processing
• Portability – receive your data in a structured, commonly used format
• Object – object to processing based on legitimate interest
• Withdraw consent – withdraw consent at any time without affecting the lawfulness of prior processing

How to exercise your rights

To exercise these rights, contact us at:

info@atelieralessandroabate.com

The request is free of charge and the Data Controller will respond within one month.

Right to lodge a complaint

You have the right to lodge a complaint with the Italian Data Protection Authority:

www.garanteprivacy.it

9. Cookie Policy

This website uses only technical cookies that are strictly necessary for its operation. We do not use third-party profiling or advertising cookies.

Technical cookies (necessary)

These cookies are essential for the website to function properly. They do not require consent under Article 122 of the Italian Privacy Code.

• cookie_consent – Stores your cookie preferences (Duration: 12 months)
• theme – Stores your theme preference (light/dark) (Duration: persistent)
• lang – Stores your language preference (Duration: persistent)

Internal analytics (without cookies)

This website uses an internal analytics system that does not install cookies on the user's device. We collect anonymous statistical data (pages visited, referral source, approximate location, device type) stored exclusively on our servers in Italy. This data is used solely for internal statistical purposes to improve the website and is not shared with third parties.

Managing cookies

You can configure cookies through your browser settings:

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge

10. Changes to This Policy

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying users on this page. Please check this page regularly, referring to the date of last modification indicated at the top.

11. Definitions and Legal References

Personal Data

Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly.

Data Controller

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Processor

The natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller.

Data Subject (User)

The natural person to whom the personal data refers.

Cookie

Small text files that websites visited by the user send to their device, where they are stored to be retransmitted to the same sites on subsequent visits.

Legal references

This privacy policy is drawn up based on multiple legislative provisions, including Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.