Privacy Policy

Last updated: October 11, 2025

Data Controller:

Andrea Piani
Via Pelliccerie 10
33100 Udine (UD) - Italy
VAT ID: 02915190306
Email: andreapiani.dev@gmail.com
Phone: +39 351 624 8936

This Privacy Policy describes how the website www.andreapiani.com (hereinafter "Website") collects, uses, and protects users' personal data, in compliance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679).

1. Types of Data Collected

The Controller collects the following types of personal data:

1.1 Data Provided Voluntarily by the User

When you fill out contact or quote request forms on the Website, we collect:

Name and Surname
Email
Phone Number (optional)
Company/Organization (optional)
Project Description and other technical information provided in forms

1.2 Navigation Data (Technical Cookies)

During navigation, the Website automatically collects:

IP Address
Browser Type and device used
Pages Visited and time spent
Operating System
Referrer (website you came from)

This data is collected in aggregated and anonymous form for statistical purposes.

1.3 Cookies and Tracking Technologies

The Website uses:

Necessary technical cookies: for website functionality (consent storage, sessions)
Analytical cookies: Google Analytics for anonymous traffic statistics (only with consent)

For more details, see our Cookie Policy.

2. Purpose of Processing and Legal Basis

Purpose	Legal Basis (GDPR)	Retention Period
Respond to quote/contact requests	Performance of pre-contractual measures (Art. 6.1.b GDPR)	12 months from request
Send commercial communications/newsletter	Explicit consent (Art. 6.1.a GDPR)	Until consent withdrawal
Tax and accounting compliance	Legal obligation (Art. 6.1.c GDPR)	10 years (tax obligation)
Anonymous traffic statistics (Analytics)	Legitimate interest (Art. 6.1.f GDPR) with cookie consent	26 months (Google Analytics)
Website security and abuse prevention	Legitimate interest (Art. 6.1.f GDPR)	12 months (server logs)

3. Processing Methods

Personal data is processed using IT and telematic tools, in compliance with GDPR security measures. Processing is carried out:

✓ With predominantly automated methods
✓ For the time strictly necessary for the purposes for which they were collected
✓ With access limited only to the Controller and authorized data processors
✓ Adopting adequate technical and organizational security measures (HTTPS encryption, backups, firewalls)

4. Data Communication and Disclosure

4.1 Data Recipients

Your personal data may be communicated to:

Formspree Inc. - Form management service (USA) - Privacy Policy
Google LLC - Google Analytics for statistics (USA) - Privacy Policy
Hosting providers - Server and technical infrastructure of the website
Accountant/tax consultants - Only for contractual/tax compliance

Transfers outside the EU: Some providers (Formspree, Google) are based in the USA. Transfer occurs through:

✓ Standard contractual clauses approved by the European Commission
✓ Adequate safeguards provided by Art. 44-49 GDPR

4.2 No Public Disclosure

Your personal data will never be publicly disclosed or sold to third parties for commercial purposes.

5. Your Rights (Art. 15-22 GDPR)

As a data subject, you have the right to:

📄 Right of Access (Art. 15)

Obtain confirmation of the existence of your personal data and receive a copy.

✏️ Right of Rectification (Art. 16)

Correct inaccurate or incomplete data.

🗑️ Right to Erasure (Art. 17)

Obtain deletion of your data (right to be forgotten), subject to legal obligations.

⏸️ Right to Restriction (Art. 18)

Restrict processing in specific cases provided by GDPR.

📦 Right to Data Portability (Art. 20)

Receive your data in a structured, commonly used, machine-readable format.

🚫 Right to Object (Art. 21)

Object to processing based on legitimate interest or for marketing purposes.

🔄 Withdrawal of Consent (Art. 7.3)

Withdraw consent at any time (without prejudice to the lawfulness of processing based on consent before its withdrawal).

⚖️ Right to Lodge a Complaint (Art. 77)

Lodge a complaint with the Data Protection Authority.

How to Exercise Your Rights:

You can send a request via email to: andreapiani.dev@gmail.com

We will respond within 30 days of receipt of the request, as provided by Art. 12.3 GDPR.

6. Data Security

The Controller adopts adequate technical and organizational security measures to protect personal data from unauthorized access, loss, destruction, or disclosure, including:

✓ HTTPS/SSL encryption for all communications
✓ Regular backups of data
✓ Firewalls and antivirus systems kept up to date
✓ Limited access to data only by authorized personnel
✓ Pseudonymization of data when possible

7. Cookies and Similar Technologies

The Website uses necessary technical cookies and, with prior consent, analytical cookies. For detailed information on:

Types of cookies used
Duration and purposes
How to manage/disable cookies

See our Cookie Policy.

8. Minors

The Website's services are not directed at minors under 16 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data, contact us for immediate deletion.

9. Changes to the Privacy Policy

This Privacy Policy may be updated periodically for regulatory compliance or service changes. Changes will be published on this page with an update of the date at the top. We invite you to regularly consult this page.

10. Contact and Complaints

For any questions about the Privacy Policy or to exercise your rights:

Andrea Piani
Email: andreapiani.dev@gmail.com
Phone: +39 351 624 8936
Address: Via Pelliccerie 10, 33100 Udine (UD), Italy

Supervisory Authority (Italian Data Protection Authority - Garante Privacy):

Garante per la Protezione dei Dati Personali
Piazza Venezia 11, 00187 Rome, Italy
Website: www.garanteprivacy.it
Email: garante@gpdp.it

← Back to Homepage