Privacy Policy

1. Data Controller

The Data Controller is Stefano Trucco.

For any request relating to the processing of personal data, users may contact the Data Controller through the form available on the Contacts page, indicating “Privacy” in the subject or in the message, or by writing to the email address indicated in the communications received from the website.

2. Types of data processed

The website may process the following categories of personal data.

a) Browsing data

The IT systems and software procedures used to operate the website acquire, during their normal operation, certain technical data whose transmission is implicit in the use of Internet communication protocols.

This category may include, by way of example, IP addresses, browser type, operating system, domain names of the devices used, time of the request, pages visited and other parameters relating to the user’s IT environment.

b) Data provided through the contact form

When the user fills in the contact form, the website may collect data such as:

• first name and last name;
• email address;
• professional role;
• requested service;
• message content;
• any further information voluntarily entered by the user.

c) Data provided for newsletter subscription

When the user subscribes to the newsletter, the following data may be processed:

• email address;
• technical information relating to the subscription;
• information relating to consent confirmation, if double opt-in is active;
• information relating to unsubscribe management;
• at present, the newsletter form only requires the email address, unless the form is modified in the future.

d) Technical and functional cookies

The website uses technical and functional cookies, which are necessary for the proper functioning of the pages and the services requested by the user. These may include technical WordPress cookies, cookies necessary for the proper functioning of the website and functional cookies related to language management, for example through Polylang.

Technical and functional cookies do not require the user’s prior consent, as they are necessary to allow website browsing or to provide a service requested by the user. At present, the website does not use profiling cookies, advertising cookies, analytics tools or tracking tools for marketing purposes.

Further information is available in the “Cookie Policy” section of this Privacy Policy.

3. Purposes and legal bases of processing

Personal data are processed for the following purposes.

a) Website operation, security and maintenance

Browsing data are processed to enable the technical functioning of the website, ensure its security, prevent misuse or malfunctions and obtain technical information useful for maintenance.

Legal basis: the legitimate interest of the Data Controller in ensuring the security, maintenance and proper functioning of the website.

b) Management of requests sent through the form or by email

Data provided by the user through the contact form or by email are processed in order to respond to requests for information, professional enquiries, collaboration proposals or communications preliminary to the start of a project.

Legal basis: the performance of pre-contractual measures taken at the request of the data subject and, where necessary, the legitimate interest of the Data Controller in managing received communications.

c) Newsletter delivery

Data provided for newsletter subscription are processed in order to send updates, editorial content, news, professional communications and information relating to the activity of Stefano Trucco.

Newsletter subscription may involve a double opt-in procedure: after entering the email address in the form, the user may receive a confirmation message and become subscribed only after completing the confirmation procedure.

The user may withdraw consent at any time by using the unsubscribe link included in the communications received or by contacting the Data Controller using the methods indicated in this Privacy Policy.

Legal basis: the consent of the data subject.

d) Compliance with legal obligations

Data may be processed in order to comply with obligations imposed by laws, regulations or requests from competent authorities.

Legal basis: compliance with legal obligations to which the Data Controller is subject.

4. Nature of data provision

The provision of browsing data is necessary for the use of the website.

The provision of data through the contact form is optional; however, failure to provide the data marked as necessary may prevent the Data Controller from responding to the user’s request.

The provision of data for newsletter subscription is optional. Failure to provide such data only prevents the user from receiving the newsletter.

5. Processing methods

Personal data are processed using IT, electronic and, where necessary, manual tools, in accordance with the principles of lawfulness, fairness, transparency, data minimisation, storage limitation, integrity and confidentiality.

The Data Controller adopts appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, disclosure or unlawful use.

The data are not subject to automated decision-making or profiling.

6. Recipients of personal data

Personal data may be processed by parties providing services necessary for the operation of the website and the management of related activities. By way of example, data may be processed by:

• hosting and technical infrastructure providers, including Hostinger;
• email service and domain mailbox providers, including Hostinger Email;
• tools used to send emails generated by the website, including FluentSMTP;
• newsletter service providers, including Mailchimp;
• security tools and plugins used to protect the website against unauthorised access, malicious traffic, spam or attempted compromise;
• parties responsible for the technical maintenance of the website;
• any IT, administrative or legal consultants, within the limits necessary to carry out their respective activities.

Depending on the case, these parties may act as data processors, independent data controllers or persons authorised to process personal data.

7. Newsletter and Mailchimp

Newsletter subscription takes place through a dedicated form. The data entered by the user is transmitted to the newsletter service only after the user voluntarily submits the form.

The newsletter service is managed through Mailchimp. The data provided for newsletter subscription may therefore be processed by Mailchimp according to the terms and privacy notices applicable to the service.

Simply accessing the website or the page containing the newsletter form does not, at present, result in the installation of profiling cookies by Mailchimp, unless the website is technically configured differently or external scripts are introduced in the future.

For more information on how Mailchimp processes personal data, users may consult the privacy policy and data processing documentation made available by Mailchimp.

8. Transfer of data outside the EEA

Some technical providers used by the website, in particular newsletter services or cloud services, may involve the transfer of personal data to countries outside the European Economic Area.

In such cases, the transfer takes place in compliance with the safeguards provided by the GDPR, such as adequacy decisions, standard contractual clauses or other instruments permitted by applicable law.

9. Data retention period

Personal data are retained for no longer than is necessary for the purposes for which they were collected. In particular:

• data sent through the contact form or by email are retained for the time necessary to manage the request and, subsequently, for a period compatible with any organisational, administrative or defensive needs of the Data Controller;
• data processed for newsletter delivery are retained until consent is withdrawn, unsubscribing takes place or deletion from the service is requested;
• browsing data are retained for the time strictly necessary for the technical operation and security of the website, unless further legal obligations apply;
• data relating to technical and functional cookies are retained for the time strictly necessary for the proper functioning of the website and according to the technical settings of the website, the user’s browser and the services used;
• any technical logs relating to website security, protection against misuse and the sending of emails generated by the website may be retained for the time necessary to verify the proper functioning of the services, resolve any technical delivery or security issues and protect the website.

10. Rights of the data subject

The user may exercise, in the cases provided for by applicable law, the following rights:

• right of access to personal data;
• right to rectification of inaccurate data;
• right to erasure of data;
• right to restriction of processing;
• right to object to processing;
• right to data portability, where applicable;
• right to withdraw consent at any time, for processing based on consent.

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

11. How to exercise rights

To exercise their rights or request information about the processing of personal data, users may contact the Data Controller through the form available on the Contacts page, indicating “Privacy” in the subject or in the message, or by writing to the email address indicated in the communications received from the website.

The Data Controller will respond within the time limits provided for by applicable law.

Users also have the right to lodge a complaint with the competent supervisory authority. In Italy, the competent authority is the Italian Data Protection Authority — Garante per la protezione dei dati personali.

12. Cookie Policy

What cookies are

Cookies are small text files that websites may send to the user’s device while browsing. They may be used for different purposes, such as enabling the technical operation of the website, remembering certain settings or collecting information about how pages are used.

Cookies used by this website

At present, the website stefanotrucco.com uses technical and functional cookies, which are necessary for the proper functioning of the website and the services requested by the user. The cookies used may include:

• technical WordPress cookies, necessary for the functioning of the website and, where applicable, for managing the administrator user session;
• functional cookies related to language management, for example through Polylang;
• technical or functional cookies related to caching and performance optimisation, for example through LiteSpeed Cache;
• technical or functional cookies necessary for security, maintenance and the proper delivery of the pages.

Technical and functional cookies do not require the user’s prior consent, as they are necessary to allow website browsing or to provide a service requested by the user.

At present, the website does not use profiling cookies, advertising cookies, analytics tools or tracking tools for marketing purposes.

Newsletter and external services

Newsletter subscription takes place through a dedicated form. The data entered by the user is transmitted to the newsletter service only after the user voluntarily submits the form.

Simply accessing the website or the page containing the newsletter form does not, in itself, result in the installation of profiling cookies by the newsletter service, unless the website is technically configured differently or external scripts are introduced in the future.

Managing cookies through the browser

Users can configure their browser to block, delete or restrict the use of cookies. However, disabling technical or functional cookies may affect the proper functioning of some parts of the website.

Cookie settings can be managed directly through the browser used by the user.

Changes to this Cookie Policy

If in the future the website uses non-technical cookies, analytics tools, profiling tools, embedded third-party content, external anti-spam services, advertising services or marketing services, this policy will be updated and, where necessary, a consent collection system compliant with applicable law will be introduced.

13. Changes to this Privacy Policy

The Data Controller reserves the right to amend or update this Privacy Policy, including as a result of changes in legislation, technical updates to the website or changes in the services used.

The updated version will be published on this page, with the date of the latest update indicated above.

14. Language

This English version is provided for convenience. In the event of any discrepancy between the Italian version and the English version, the Italian version shall prevail.