Privacy Policy

PRIVACY NOTICE PURSUANT TO ARTS. 13–14 OF THE GDPR (GENERAL DATA PROTECTION REGULATION) 2016/679

Data Controller
Eva Galzerano – Twickenham, Richmond Borough – Phone: +44 7553 494855

Types of Data Collected

Among the Personal Data collected on this site—either directly or via third parties—are: geographical location, cookies, usage data, first name, last name, phone number, address, country, email, postal code, and city.

Full details about each data type are provided in the relevant sections of this privacy policy or through specific notices shown before data collection.

Personal Data may be voluntarily provided by the User or, in the case of Usage Data, automatically collected while using the site.
All Data requested on this site is mandatory, and if not provided, the service may not be available. When the site indicates certain Data as optional, Users may choose not to provide it without affecting service availability or operation.
If Users are unsure which Data is mandatory, they are encouraged to contact the Data Controller.

Unless otherwise stated, any use of cookies or other tracking tools by this site or third-party services is intended to provide the requested service, along with other purposes described in this document and the Cookie Policy, if available.

Users are responsible for any third-party Personal Data they publish or share via this site and guarantee they have the right to do so, relieving the Data Controller of any liability.

Legal Basis for Data Processing

The Data Controller processes User Personal Data if one of the following applies:

• The User has given consent for one or more specific purposes; (note: in some jurisdictions certain processing may proceed without consent unless the User objects (“opt-out”); this does not apply under EU data protection law)
• Processing is necessary for fulfilling a contract or pre-contractual measures with the User;
• Processing is required to meet a legal obligation to which the Controller is subject;
• Processing is necessary for performing a task in the public interest or exercising official authority vested in the Controller;
• Processing is necessary for the legitimate interests of the Controller or a third party.

Users can always request clarification on the legal basis of each processing operation.

Methods and Location of Data Processing

Processing Methods
The Controller applies appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of Personal Data. Data is processed using IT and telematic tools, with organizational procedures related to specified purposes.
Besides the Controller, authorized staff (admin, marketing, legal, IT staff) and external parties (technical service providers, postal couriers, hosting providers, IT firms, communication agencies) may access data. They may be designated as Data Processors. An updated list is available upon request.

Location of Processing
Data is processed at the Controller’s operational offices and wherever parties involved in processing are located. For details, contact the Controller. Data may be transferred to countries outside the User’s own. For more information, see the relevant section or contact the Controller.
Users may request the legal basis for any international transfer and protections in place.

Data Retention Period

Data is retained only as long as needed for the purposes collected. For example:

• Data collected for contract execution is kept until the contract is completed.
• Data processed for legitimate interests is retained until those interests are fulfilled.
• Consent-based data is retained until consent is withdrawn (and possibly longer if required by law).
  At the end of the retention period, Personal Data will be deleted, after which rights to access, deletion, rectification, and portability can no longer be exercised.

Data Security

• Data is stored on secure servers protected by firewalls and antivirus software.
• Servers are managed by reputable hosting providers chosen for security and reliability.
• Organizational and technical measures are in place to protect data against accidental loss or unauthorized access.
• While every effort is made to safeguard data, absolute security on the web cannot be guaranteed.
• Users must also protect their own information—keep passwords and account information confidential.
• In case of unauthorized data breach, Users will be notified within 72 hours as required by law.

Purposes of Data Processing

User Data is collected to enable the Controller to provide services and for the following purposes: location-based interactions, social media and external platforms integration, and contacting the User.

Details on Data Processing

Contacting the User
By completing the contact form, Users consent to the use of data (postal code, city, last name, email, address, country, first name, phone number) to respond to information or service requests.
Location of processing: Italy.
Data will not be shared with third parties.

Social Media and External Platform Interaction
Widgets integrated into the site (e.g. AddThis, YouTube, Instagram, Twitter) may collect cookies and usage data—even if not actively used—based on each service’s privacy settings. Processing locations: USA.

Analytics and Statistics

• Google Analytics (cookies and usage data) processed in the USA.
• WordPress Stats (cookies and usage data) processed in the USA.

Spam Protection

• Google reCaptcha (cookies and usage data) processed in the USA.

User Rights

Users have the right to:

• Withdraw consent at any time;
• Object to processing based on grounds other than consent;
• Access their data and receive a copy;
• Verify and request correction;
• Request processing restrictions;
• Request deletion;
• Receive their data in a structured, machine-readable format and request transfer (if applicable);
• File a complaint with a supervisory authority or court.

Specific Right to Object: When data is processed for public interest or legitimate interests, Users can object based on personal situations. For direct marketing, Users can object without giving reasons.

Requests are free and must be responded to within one month.

Additional Processing Information

Legal Defense
Data may be used to defend against abuse or legal requests, including disclosures to authorities.

Contextual Notices
Additional notices may be provided for specific services or data collection.

System Logs and Maintenance
System logs containing Personal Data (e.g. IP address) may be collected for maintenance.

Information Not Covered
Further details can be requested from the Controller. The site does not support “Do Not Track”—refer to third-party services’ policies.

Changes to this Privacy Policy

The Controller may update this policy at any time. Users will be informed via this page—check the “last updated” date. Continued use of the site implies acceptance. If you disagree, you may cease use and request data deletion. Previous versions remain applicable to data collected up to that point.

Definitions

• Personal Data: Any information relating to an identified or identifiable individual.
• Usage Data: Info collected automatically (e.g. IP address, browser, device, pages visited, timestamps, etc.).
• User/Interested Party/Data Controller/Data Processor: Defined as in GDPR.
• Cookies: Data stored on the User’s device; browser settings can block or limit cookies—note that disabling cookies may affect site functionality.