Full Transparency

The Data Controller is:

• Legal Name / Business Name: Social Facile di Federico Cadamuro
• Owner: Federico Cadamuro
• Registered Office: Via Gorizia 24, 31022, Preganziol (TV)
• Privacy Contact Email: [email protected]
• VAT Number: 05366430261
• Tax Code: CDMFRC99S02L407V

The IT systems used to operate this website automatically collect certain personal data during normal operation. This data is inherent to internet communication protocols (e.g., IP addresses, device parameters, request timestamps).

This data is used for:

• Anonymous Statistics: Monitoring the proper functioning of the website.
• Security: Investigating potential cybercrimes and protecting the website from attacks (e.g., SPAM, DDoS). To this end, the website may use traffic analysis technologies (e.g., Cloudflare or Firewall) that filter anomalous requests based on the Controller's Legitimate Interest (Art. 6.1.f GDPR) in protecting the infrastructure.

To ensure maximum performance and security, this website uses an architecture that may include:

• Hosting / Origin Server: The website is hosted on infrastructure (VPS/Dedicated) managed by OVHcloud (France/EU), acting as Data Processor. Servers are located within the European Economic Area (EEA), in compliance with GDPR security standards.
• Content Delivery and Security Network (CDN): Traffic to this website may be filtered and distributed by Cloudflare, Inc. (USA/Global) or similar services. These services act as a "Reverse Proxy" to protect the website from DDoS attacks and malicious access. Although Cloudflare is a US-based company, it adheres to the Data Privacy Framework (DPF), ensuring adequate protection levels for the transfer of data (IP addresses and system logs) necessary for security.

Unlike most websites, this site is designed according to the Privacy by Default principle:

• No Google Fonts: Typefaces are self-hosted on our server. No calls are made to Google's servers to load fonts.
• No Analytics Services: We do not use Google Analytics or any other statistical measurement tools that install cookies or track user browsing behavior.
• No Embedded Content: We do not load videos (YouTube/Vimeo) or maps (Google Maps) directly into pages to avoid third-party tracking. Links to these platforms are simple external hyperlinks.

To protect contact forms from automated submissions (Bots), we use a privacy-friendly system:

• Honeypot Technique: Invisible form fields that, if filled in (by bots), automatically block the submission without processing any personal data.

This website contains hyperlinks to external websites (e.g., Google Maps for directions, Social Networks, partner sites). By clicking on these links, the user leaves this domain. The Controller is not responsible for data processing carried out by these external websites, which are governed by their respective privacy policies.

Social buttons on the website are simple static links and do not use third-party cookies until clicked.

Through the forms on this website, the following personal data is collected:

• First Name
• Last Name
• Email
• Instagram
• Website
• Interest
• Monthly marketing budget
• What does your business do?
• What's the challenge you're facing online?

Purpose: Preparation of quotes, project feasibility assessment, or management of preliminary business relationships.
Legal Basis: Performance of pre-contractual measures (Art. 6.1.b GDPR).

The user agrees not to send sensitive or judicial data (e.g., health data, political opinions) via the contact form, as they are not necessary for the purposes of the service.

This website does not use profiling or marketing cookies.

Only technical cookies or session identifiers strictly necessary for network communication and security are used. In accordance with current regulations, the installation of such technical tools does not require prior user consent (no cookie banner required).

Data submitted by users (via email or form) is managed through email systems. Storage takes place on the Controller's email provider servers, protected by appropriate security measures. No data is archived in the website's database.

Data will be retained in accordance with the principle of storage limitation (Art. 5 GDPR):

• Contact Requests (Leads): Data will be deleted 12 months after the last interaction or the closure of the request, if no contractual relationship follows.
• Administrative/Client Data: If a contractual relationship is established, data will be retained for 10 years to comply with civil and tax legal obligations.

Data processing takes place at the server locations indicated in section 3 (EU/France).

For email management, the Controller may use providers (e.g., Google/Microsoft) that operate globally. In such cases, data transfers to Third Countries (e.g., USA) are carried out in compliance with the Data Privacy Framework (DPF) or pursuant to Standard Contractual Clauses (SCCs) approved by the European Commission.

Additionally, data may be shared with tax advisors, accountants, or legal counsel for the accounting and administrative obligations required when a contractual relationship is established.
Such parties act, depending on the case, as duly appointed Data Processors or independent Data Controllers.

At any time, you may exercise the rights provided by Articles 15-22 of the GDPR (access, rectification, erasure, restriction, portability, objection) by sending a request to the Controller's email address. You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).