Privacy policy

1. Introduction

Welcome to formaeffimera.com. This privacy policy aims to provide transparent and clear information regarding the processing of personal data collected through our website.

formaeffimera.com is committed to respecting and protecting your privacy in compliance with the provisions of the General Data Protection Regulation (Regulation EU 2016/679, hereinafter "GDPR") and applicable data protection laws.

This policy applies exclusively to personal data collected through our website and managed for specific purposes outlined in the following sections. We invite you to read this page carefully to understand how we process your data and what rights you may exercise.

2. Types of Personal Data Collected

formaeffimera.com collects only the following types of personal data through the website, in line with the principle of data minimization (Article 5, Paragraph 1, Letter c of the GDPR):

• Contact data: email addresses collected through direct communications (e.g., emails sent to info@formaeffimera.com or privacy@formaeffimera.com).
• Technical navigation data: information automatically collected during website access, such as IP addresses, browser type, operating system, and session details. These data are collected to ensure the website's security and improve user experience.

No sensitive data or data relating to special categories of personal data (Article 9 GDPR) are collected or processed.

In compliance with Article 11 of the GDPR, no data exceeding the declared purposes are collected. Our site does not use registration forms or automated data collection mechanisms for personal data not explicitly provided by the user.

3. Purposes and Legal Bases of Data Processing

The personal data collected through formaeffimera.com are processed exclusively for the following purposes, in compliance with the legal bases defined under the GDPR:

1. Management of Received Communications

• Purpose: To respond to requests sent via email to privacy@formaeffimera.com, providing information or support.
• Legal Basis: The execution of pre-contractual measures at the request of the data subject (Article 6, Paragraph 1, Letter b of the GDPR).

2. Website Security and Maintenance

• Purpose: To ensure the security of the website, prevent unauthorized access or cyberattacks, and improve functionality and user experience.
• Legal Basis: The legitimate interest of the data controller (Article 6, Paragraph 1, Letter f of the GDPR).

3. Compliance with Legal Obligations

• Purpose: To fulfill obligations required by applicable laws, such as requests from competent authorities or fiscal and administrative obligations.
• Legal Basis: Compliance with a legal obligation to which the data controller is subject (Article 6, Paragraph 1, Letter c of the GDPR).

4. Website Navigation and Performance Analysis (where applicable)

• Purpose: To monitor and analyze the use of the website to improve its content and functionalities.
• Legal Basis: Explicit consent from the user, when analytical cookies are used (Article 6, Paragraph 1, Letter a of the GDPR).

Note: No data processing for marketing or profiling purposes is carried out through the website.

4. Methods of Personal Data Processing

The personal data collected through formaeffimera.com are processed in compliance with the principles of fairness, lawfulness, transparency, and minimization, as established by Article 5 of the GDPR.

The processing is carried out using electronic and IT tools, with appropriate technical and organizational measures in place to ensure data security and confidentiality, including:

• Protection against unauthorized access: use of secure authentication systems for access to hosting servers and the GitHub platform used for website content management.
• Encryption of communications: use of the HTTPS protocol to secure data transmitted between the user and the website.
• Limited retention: personal data are stored only for the time necessary to fulfill the specified purposes and are subsequently deleted or anonymized.

Data processing is performed exclusively by the website owner or strictly authorized personnel and does not involve automated decision-making or profiling processes.

If data is processed by third parties (e.g., Register.it for domain management or hosting providers), these entities are designated as data processors under Article 28 of the GDPR and ensure adequate levels of protection.

Note: Data will never be shared with third parties for purposes not declared or unrelated to the stated objectives.

5. Data Retention Period

The personal data collected through formaeffimera.com are retained only for the period strictly necessary to achieve the purposes outlined in this privacy policy, in compliance with Article 5, Paragraph 1, Letter e of the GDPR.

1. Contact Data

Retained for the time necessary to manage communication and provide an adequate response to requests received via email. Once the interaction is complete, the data will be deleted unless retention is required for legal obligations or legitimate interests.

2. Technical Navigation Data

Retained for a maximum of 7 days, unless additional retention is necessary for detecting and managing activities harmful to the website’s security.

3. Legal Obligations

Data will be retained for the period required by applicable laws (e.g., tax, accounting, or administrative obligations).

4. Consent for Specific Purposes

If data processing is based on user consent (e.g., for non-essential cookies), the data will be retained until the user withdraws their consent.

At the end of these periods, personal data will be deleted or anonymized in a way that prevents identification of the data subjects.

6. Transfer of Personal Data

The personal data collected through formaeffimera.com are processed within the European Union and are not transferred to third countries or international organizations outside the European Economic Area (EEA), unless strictly necessary and in compliance with the provisions of the General Data Protection Regulation (GDPR).

Exceptions to Data Transfer

Should it become necessary to transfer data to third countries:

• The transfer will only occur to countries that ensure an adequate level of personal data protection as recognized by the European Commission, or
• Additional protective measures will be implemented, such as the use of Standard Contractual Clauses (SCC) approved by the European Commission or other equivalent guarantees as provided under the GDPR.

Providers and Tools Used

The site uses the following providers and tools for domain and content management:

1. Register.it: for domain registration, compliant with European Union security and privacy standards.

2. GitHub: for site and content management, operating in compliance with the GDPR. Data managed via GitHub are stored on servers located within the European Union or adequately protected.

No Unauthorized Transfers

No personal data transfers to third countries will occur without prior notice and, where required, without your explicit consent.

7. Security of Personal Data

formaeffimera.com implements appropriate technical and organizational measures to ensure the security of personal data and to protect them against unauthorized access, loss, destruction, alteration, or unauthorized disclosure, in compliance with Article 32 of the GDPR.

Technical Measures Implemented

1. Data Encryption

Personal data transmitted through the site are protected using security protocols such as HTTPS, which ensure encryption during transmission.

2. Limited Access

Access to personal data is restricted exclusively to authorized personnel and operators involved in domain and content management, such as Register.it and GitHub, which adhere to strict security policies.

3. Server Protection

The servers hosting the data and content of formaeffimera.com are managed in secure environments, protected by firewalls, intrusion detection systems, and controlled access.

4. Data Backup

Technical and operational data are regularly backed up to ensure information recovery in the event of malfunctions or incidents.

Risk Mitigation

1. Monitoring and Updates

The system undergoes continuous monitoring to identify and address potential security vulnerabilities. The software tools used are regularly updated to prevent risks associated with known security flaws.

2. Credential Management

Access to site management tools is secured with strong credentials and, where possible, two-factor authentication (2FA).

Notification Obligation

In the event of a personal data breach, formaeffimera.com is committed to notifying the relevant Data Protection Authority and, where required, the affected individuals, in accordance with Articles 33 and 34 of the GDPR.

8. Rights of Data Subjects

In compliance with the General Data Protection Regulation (GDPR), users of formaeffimera.com have the right to exercise the following rights concerning their personal data:

1. Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and information about:

• The purposes of the processing.
• The categories of personal data processed.
• The recipients or categories of recipients to whom the personal data have been or will be disclosed.
• The envisaged period for which the personal data will be stored or the criteria used to determine that period.

2. Right to Rectification (Art. 16 GDPR)

You have the right to obtain the correction of inaccurate personal data or the completion of incomplete data concerning you.

3. Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)

• You may request the deletion of your personal data in the following cases:
• The data are no longer necessary for the purposes for which they were collected.
• You have withdrawn your consent, and no other legal grounds for processing exist.
• You object to the processing, and there are no overriding legitimate grounds for it.
• The data have been unlawfully processed.

4. Right to Restriction of Processing (Art. 18 GDPR)

You have the right to obtain the restriction of processing in the following cases:

• You contest the accuracy of the personal data, for a period enabling the verification of the data's accuracy.
• The processing is unlawful, and you oppose the erasure of the data, requesting restriction instead.

5. Right to Data Portability (Art. 20 GDPR)

You can request to receive your personal data in a structured, commonly used, and machine-readable format and to have it transmitted directly to another data controller, where technically feasible.

6. Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your personal data based on the legitimate interests of the controller or for direct marketing purposes.

7. Right Not to Be Subject to Automated Decision-Making (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

8. How to Exercise Your Rights

To exercise your rights, you can send a request to the following email address:

privacy@formaeffimera.com

Your request will be handled without undue delay and, in any case, within one month of receipt, unless extended for complex cases. You will receive a clear and transparent response.

9. Right to Lodge a Complaint

If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the relevant Data Protection Authority (https://www.garanteprivacy.it/).

9. Updates and Changes to the Privacy Policy

formaeffimera.com reserves the right to update or modify this privacy policy at any time, in compliance with applicable legal provisions and the operational needs of the site.

Notification of Changes

1. Communication to Users

In the event of significant changes, formaeffimera.com will inform users through:

• A visible notification on the homepage of the site.
• An email sent to registered addresses, where applicable.

2. Effective Date of Changes

All changes will take effect on the date specified in the updated privacy policy. Users are encouraged to periodically review this page to stay informed about any updates.

Current Version

This privacy policy was last updated on 17/11/2024. Any subsequent changes will be noted in this section with the corresponding revision date.

Implicit Consent to Changes

Continued use of formaeffimera.com following the effective date of the changes constitutes acceptance of the updated terms.

Contact for Clarifications

For questions or requests for clarification regarding changes to the privacy policy, users can contact the data controller via:

• Email: privacy@formaeffimera.com
• Dedicated page: formaeffimera.com/en/contacts

10. Security of Personal Data

formaeffimera.com adopts appropriate technical and organizational measures to ensure the security of personal data collected, in compliance with the GDPR and applicable national regulations. The primary objective is to prevent unauthorized access, disclosure, alteration, or destruction of personal data.

Technical Security Measures

1. Encryption

Data transmitted through the site are protected using advanced encryption protocols, such as HTTPS/TLS, to ensure the confidentiality of communications between users and the server.

2. Regular Backups

Personal data collected are subject to regular backups, ensuring the possibility of recovery in case of incidents or data loss.

3. Server Protection

Servers hosting the data are protected by firewalls and continuous monitoring systems to prevent cyberattacks.

4. Authentication

Access to personal data is restricted to authorized personnel who must authenticate using unique and secure credentials.

Organizational Measures

1. Limited Access to Data

Only individuals strictly necessary for processing purposes (such as domain managers at Register.it or developers at GitHub) have access to personal data, based on strict control policies.

2. Data Breach Management Procedures

Specific procedures are in place to manage potential personal data breaches, including notification to affected individuals and the relevant Data Protection Authority, where required.

Data Retention

1. Retention Period

Personal data collected will be retained only for the time necessary to achieve the purposes for which they were collected, unless legal obligations require longer retention periods.

2. Secure Deletion

Once the retention period has expired, personal data will be securely deleted using techniques that ensure their irrecoverability.

User Responsibilities

Users are encouraged to contribute to the security of their data by:

• Using strong passwords and not sharing them with third parties.
• Promptly contacting privacy@formaeffimera.com in case of suspected compromise of their data.

Limitations of Liability

While all reasonable measures are taken to protect personal data, formaeffimera.com cannot guarantee absolute security, particularly in relation to inherent vulnerabilities in web technologies. However, any security breaches will be handled in accordance with applicable regulations.

11. Complaints and User Rights

Users of formaeffimera.com have the right to lodge complaints regarding the processing of their personal data, in compliance with the GDPR and applicable regulations.

Filing Complaints

1. Direct Contact with the Controller

Users are encouraged to contact formaeffimera.com to resolve any issues related to the management of personal data. You can send an email to privacy@formaeffimera.com with a detailed description of the matter.

2. Complaint to the Data Protection Authority

If users believe that their rights have been violated, they can lodge a complaint with the relevant supervisory authority in their jurisdiction or the appropriate Data Protection Authority within the EU.

User Rights

1. Right of Access (Art. 15 GDPR)

Users can request information about the personal data processed by formaeffimera.com, including:

• The purposes of the processing.
• The categories of personal data processed.
• The recipients of the personal data.

2. Right to Rectification (Art. 16 GDPR)

Users can request the correction or update of inaccurate personal data.

3. Right to Erasure (Art. 17 GDPR)

Users can request the deletion of their personal data, unless legal or legitimate obligations require its retention.

4. Right to Restriction of Processing (Art. 18 GDPR)

Users can request the restriction of the processing of their data under certain circumstances, such as contesting the accuracy of the data.

5. Right to Data Portability (Art. 20 GDPR)

Users can request to receive their personal data in a structured, commonly used, and machine-readable format, or to have it transferred to another data controller.

6. Right to Object (Art. 21 GDPR)

Users can object to the processing of their personal data on legitimate grounds.

7. Right Not to Be Subject to Automated Decision-Making (Art. 22 GDPR)

Users have the right not to be subjected to decisions based solely on automated processing, including profiling, that have significant effects on them.

Exercising Rights

Users can exercise their rights by submitting a written request to:

• Email: privacy@formaeffimera.com
• Subject line: "Exercise of Privacy Rights"

The request will be handled within 30 days, as required by the GDPR.

12. Security Measures

formaeffimera.com adopts appropriate technical and organizational security measures to protect users' personal data from unauthorized access, loss, alteration, or disclosure. These measures comply with the requirements set out in the GDPR (Articles 32-34).

Technical Measures

Data Encryption

1. Personal data are protected using encryption protocols during transmission and, where possible, during storage.

The site uses the HTTPS protocol to ensure secure communication.

Authentication and Limited Access

2. Access to systems and management platforms is restricted to authorized personnel only.

Multi-factor authentication systems are implemented to secure administrative access.

Data Backup and Recovery

3. Regular backups are performed to prevent data loss.

Data recovery procedures are in place in case of incidents.

Protection from Cyber Attacks

4. Firewalls, antivirus systems, and continuous monitoring software protect the site from malicious access and vulnerabilities.

Organizational Measures

Training and Awareness

1. Individuals handling personal data receive specific training on GDPR regulations and security measures.

Internal Policies

2. Documented internal procedures govern the management of personal data and responses to potential breaches.

Contracts with Third Parties

3. All third parties involved in data processing (e.g., GitHub or Register.it) are bound by contracts ensuring GDPR compliance.

Data Breach Management

Response Plan

1. In the event of a personal data breach, formaeffimera.com will follow the response plan below:

• Notification to the Data Protection Authority within 72 hours of identifying the breach, if required.
• Communication to affected users in cases of high risk to their rights and freedoms.

Incident Log

2. All breaches are documented in an internal log, regardless of whether formal notification is required.

Updating Security Measures

formaeffimera.com continuously monitors its infrastructure to adapt security measures to new technologies, emerging threats, and regulatory requirements.