Privacy Policy

1. Data Controller

The data controller is Paolo Bonacchi, based in Milan, Italy.

Contact: pbonacchi@gmail.com

2. Data Collected

This website collects the following categories of data:

• Technical data: IP address, browser type, device information, pages visited (via analytics cookies, only with consent)
• Contact data: only if you voluntarily contact us via email or LinkedIn

This website does not require registration and does not collect personal data without your explicit action or consent.

3. Purpose and Legal Basis

4. Data Recipients & Sub-processors

• Vercel Inc. (USA) — hosting and analytics. Data processing under Standard Contractual Clauses (SCCs).
• Supabase Inc. (USA) — database hosting. Data processing under SCCs.
• Google Fonts — font delivery (IP address transmitted to Google servers).

5. International Data Transfers

Some sub-processors are based in the United States. Transfers are protected by Standard Contractual Clauses (SCCs) as per GDPR Art. 46(2)(c) and, where applicable, the EU-U.S. Data Privacy Framework.

6. Data Retention

• Analytics data: aggregated, no personal identifiers retained beyond session
• Contact inquiries: retained for the duration of the conversation, then deleted
• Cookie consent records: up to 5 years (as proof of consent)

7. Your Rights

Under GDPR, you have the right to:

• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Eraseyour data ("right to be forgotten", Art. 17)
• Restrict processing (Art. 18)
• Data portability (Art. 20)
• Object to processing (Art. 21)
• Withdraw consent at any time (Art. 7(3))

To exercise these rights, contact pbonacchi@gmail.com.

8. Right to Complain

You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali): www.garanteprivacy.it

9. Changes to This Policy

This privacy policy may be updated periodically. The "last updated" date at the top reflects the most recent revision.