Welcome to formaeffimera.com. This privacy policy provides clear and transparent information about how we process personal data collected through our website.
formaeffimera.com is committed to respecting and protecting your privacy in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the Italian Privacy Code (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018), and, where applicable, the UK GDPR and Data Protection Act 2018, as well as relevant U.S. state privacy laws for visitors from those jurisdictions (e.g., CCPA/CPRA in California, VCDPA in Virginia, and similar laws). This policy applies exclusively to personal data collected through our website for the purposes described below.
The site may also provide features powered by artificial intelligence; the related processing is described in detail in Chapter 13. Information on cookies and other tracking technologies (limited to technical and anonymised analytics that do not require a consent banner) is provided in Chapter 14. This policy was last updated on 20/08/2025.
formaeffimera.com collects only the following categories of personal data through the website, in accordance with the principle of data minimization (Article 5, Paragraph 1, Letter c of the GDPR):
No sensitive data or data belonging to special categories (Article 9 of the GDPR) are collected or processed. The site is not intended for children under 14 years of age (or 16 where required by national law), and no data relating to minors are knowingly collected.
In compliance with Article 11 of the GDPR and relevant international standards (including UK GDPR and the U.S. Children’s Online Privacy Protection Act – COPPA), no personal data exceeding the declared purposes are collected. The website does not use registration forms or automated data capture mechanisms for data not explicitly provided by the user.
For more details regarding the processing of data in connection with artificial intelligence tools, please refer to Chapter 13. For information on cookies and tracking tools, please refer to Chapter 14.
The personal data collected through formaeffimera.com are processed exclusively for the purposes set out below, in accordance with the legal bases established by the GDPR/UK GDPR and applicable national laws.
1. Handling communications received
2. Website security and maintenance
3. Compliance with legal obligations
4. Navigation analysis and performance (where applicable)
5. Use of artificial intelligence (AI) tools
Note: formaeffimera.com does not make decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects on individuals (Art. 22 GDPR/UK GDPR). For further details on AI processing, see Chapter 13. For cookies and tracking limited to technical and anonymised analytics, see Chapter 14.
The personal data collected through formaeffimera.com are processed in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, and data minimisation, as required under Article 5 of the GDPR/UK GDPR and applicable international standards.
Processing is carried out using electronic and IT tools, with appropriate technical and organisational measures in place to ensure the security and confidentiality of data, including:
Data are processed exclusively by the website owner or authorised personnel acting under instructions, and do not involve profiling or fully automated decision-making that produces legal or similarly significant effects on individuals.
Third-party providers
If personal data are processed by third parties (for example, Register.it for domain management, hosting providers, GitHub for content management, or external providers of AI tools), these parties are appointed as processors under Article 28 GDPR/UK GDPR and are bound by data processing agreements ensuring adequate levels of protection.
International data transfers
Where data are transferred outside the European Economic Area (EEA) or the United Kingdom, this occurs only in compliance with applicable safeguards, including the use of the European Commission’s and UK Information Commissioner’s Standard Contractual Clauses (SCC), transfer impact assessments (TIA), and supplementary measures as required.
High-risk processing
If the website introduces processing operations that may present a high risk to the rights and freedoms of individuals (for example, advanced AI systems), a Data Protection Impact Assessment (DPIA) will be carried out in compliance with Article 35 GDPR/UK GDPR, together with specific safeguards such as human oversight and auditability, in line with the EU Artificial Intelligence Act (AI Act) and relevant international standards.
Note: Data will never be shared with third parties for purposes not declared or unrelated to the purposes stated in this policy.
Personal data collected through formaeffimera.com are retained only for the time strictly necessary to achieve the purposes set out in this policy, in compliance with Article 5(1)(e) GDPR/UK GDPR.
1. Contact data
Retained for the time needed to manage the correspondence and provide a suitable response. Once the interaction is completed, data are deleted unless retention is required for legal obligations or for the controller’s legitimate interests (e.g., establishing, exercising, or defending legal claims).
2. Technical navigation data (logs)
Retained for a maximum of 7 days, unless longer retention is necessary to investigate or mitigate security incidents or harmful activities affecting the website.
3. Legal obligations
Retained for the period required by applicable laws and regulations (e.g., administrative, accounting, or compliance purposes).
4. Consent-based processing
Where processing is based on consent (e.g., optional features), data are retained until the consent is withdrawn, without prejudice to any longer retention required by law.
5. AI input and output data
User-provided inputs and outputs generated by AI features are retained only for the time strictly necessary to deliver the service and perform quality checks (generally no longer than 90 days), unless security needs or legal obligations require longer retention. After this period, data are deleted or anonymised; related technical logs may be retained for 7–30 days for security and integrity purposes.
At the end of the applicable retention periods, personal data are deleted or anonymised so that individuals are no longer identifiable.
Personal data collected through formaeffimera.com are primarily processed within the European Economic Area (EEA) and the United Kingdom. Data are not transferred to third countries or international organisations outside these areas unless strictly necessary and always in compliance with applicable law.
Exceptions to transfer
If it becomes necessary to transfer data outside the EEA or the UK:
Providers and tools used
The site makes use of third-party services for domain, hosting, and content management:
No unauthorised transfers
No personal data transfers to third countries will occur without appropriate safeguards, without informing users, and, where required, without their explicit consent.
formaeffimera.com adopts appropriate technical and organisational measures to ensure the protection of personal data collected, in compliance with the GDPR/UK GDPR and applicable international regulations. The main objective is to prevent unauthorised access, disclosure, alteration, or destruction of personal data.
Technical Security Measures
1. Encryption
Data transmitted through the site are protected using advanced encryption protocols, such as HTTPS/TLS, to ensure confidentiality during communication. Where possible, encryption is also applied to data at rest.
2. Limited Access
Access to personal data is restricted exclusively to authorised personnel and providers involved in domain, hosting, and content management (e.g., Register.it, GitHub, or authorised AI providers), who are subject to strict security and confidentiality obligations.
3. Server Protection
The servers hosting the data and content of formaeffimera.com are managed in secure environments, protected by firewalls, intrusion detection systems, and continuous monitoring.
4. Backup and Recovery
Data are regularly backed up to ensure recovery in case of failures, cyber incidents, or data loss.
5. Credentials and API Keys
Passwords, access credentials, and API keys (including those for AI services) are managed securely, with policies for complexity, rotation, and where possible, multi-factor authentication (MFA).
Organisational Measures
1. Restricted Access Policies
Only individuals strictly necessary for processing activities are granted access to data, in line with documented policies and data minimisation principles.
2. Training and Awareness
Staff and collaborators receive training on data protection, cybersecurity, and safe use of AI-based systems.
3. Internal Procedures
Documented procedures are in place to manage incidents, retention, and secure deletion of personal data, in accordance with GDPR/UK GDPR and the EU Cyber Resilience Act.
Risk Mitigation and Incident Response
1. Monitoring and Updates
The site’s IT systems are continuously monitored and updated to prevent vulnerabilities and reduce risks related to evolving threats.
2. Data Breach Management
In the event of a personal data breach, formaeffimera.com will notify the competent supervisory authority (e.g., the Italian Garante or the UK ICO) within 72 hours where required, and will inform the affected users when there is a high risk to their rights and freedoms, in compliance with Articles 33–34 GDPR/UK GDPR.
3. Incident Register
All security incidents and breaches are documented internally, regardless of whether they require formal notification.
Limitations of Liability
Although formaeffimera.com implements all reasonable measures to ensure a high level of security, no system can guarantee absolute protection against all risks inherent to internet technologies. Nevertheless, the site is committed to continuous improvement in line with regulatory developments and international best practices.
In accordance with the General Data Protection Regulation (GDPR), the UK GDPR, and other applicable international data protection laws, users of formaeffimera.com are entitled to exercise the following rights regarding their personal data:
1. Right of Access (Art. 15 GDPR/UK GDPR)
You have the right to obtain confirmation as to whether personal data concerning you are being processed and, if so, access to such data and related information, including the purposes of processing, categories of data, recipients, and envisaged retention period.
2. Right to Rectification (Art. 16 GDPR/UK GDPR)
You have the right to obtain without undue delay the correction of inaccurate personal data and the completion of incomplete personal data.
3. Right to Erasure – "Right to be Forgotten" (Art. 17 GDPR/UK GDPR)
You may request the deletion of your personal data where one of the following grounds applies:
4. Right to Restriction of Processing (Art. 18 GDPR/UK GDPR)
You have the right to obtain restriction of processing in the following cases:
5. Right to Data Portability (Art. 20 GDPR/UK GDPR)
You may request to receive your personal data in a structured, commonly used, and machine-readable format and to transmit those data to another controller, where technically feasible.
6. Right to Object (Art. 21 GDPR/UK GDPR)
You have the right to object at any time to the processing of your personal data when based on the controller’s legitimate interests, including profiling. Where data are processed for direct marketing purposes, you have the absolute right to object.
7. Right not to be Subject to Automated Decision-Making (Art. 22 GDPR/UK GDPR)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. With respect to AI systems, formaeffimera.com ensures human oversight is always available, and you may request human intervention, express your point of view, and contest any automated decision.
8. How to Exercise Your Rights
To exercise your rights, you may send a request to the following contact address:
Email: privacy@formaeffimera.com
Requests will be handled without undue delay and, in any case, within one month of receipt, unless an extension is required for complex cases. You will receive a clear and transparent reply.
9. Right to Lodge a Complaint
If you believe that the processing of your data violates applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority. For EU residents, this may be the Italian Data Protection Authority (Garante per la protezione dei dati personali, https://www.garanteprivacy.it/), for UK residents the Information Commissioner’s Office (ICO, https://ico.org.uk/), or with the competent authority in your country of residence.
formaeffimera.com reserves the right to update or modify this privacy policy at any time, in accordance with applicable legal requirements (including the GDPR, UK GDPR, and relevant international regulations) and operational needs of the website.
Notification of Changes
1. Communication to Users
In the event of significant changes, formaeffimera.com will inform users by:
2. Effective Date of Changes
All modifications will take effect from the date specified in the updated privacy policy. Users are encouraged to periodically review this page to remain informed about any updates.
Current Version
This privacy policy was last updated on 20/08/2025. Any subsequent revisions will be indicated in this section with the corresponding date.
Implicit Consent to Changes
Continued use of formaeffimera.com following the effective date of changes constitutes acceptance of the updated terms of this policy.
Contact for Clarifications
For any questions or requests regarding modifications to the privacy policy, including updates concerning the use of artificial intelligence tools or cookies, users may contact the data controller at:
formaeffimera.com adopts appropriate technical and organizational measures to ensure the security of personal data collected, in compliance with the GDPR, the UK GDPR, and applicable international regulations. The primary objective is to prevent unauthorized access, disclosure, alteration, or destruction of personal data.
Technical Security Measures
1. Encryption
Data transmitted through the site are protected using advanced encryption protocols, such as HTTPS/TLS, to ensure the confidentiality of communications between users and the server. Where possible, encryption is also applied to stored data.
2. Regular Backups
Personal data collected are subject to regular backups, ensuring the possibility of recovery in case of incidents, failures, or data loss.
3. Server Protection
Servers hosting the data are located in secure environments and are protected by firewalls, intrusion detection systems, and continuous monitoring to prevent cyberattacks.
4. Authentication
Access to personal data is restricted to authorized personnel who must authenticate using unique and secure credentials. Multi-factor authentication (MFA) is applied where available. API keys and service credentials (including those for AI integrations) are rotated regularly and stored securely.
Organizational Measures
1. Limited Access to Data
Only individuals strictly necessary for processing purposes (such as domain managers at Register.it, developers at GitHub, or authorized AI service providers) have access to personal data, under strict confidentiality and security policies.
2. Data Breach Management Procedures
Specific procedures are in place to manage potential personal data breaches, including documentation in an internal register, notification to the relevant Data Protection Authority (e.g., the Italian Garante or the UK ICO) within 72 hours where required, and communication to affected individuals when there is a high risk to their rights and freedoms, in accordance with Articles 33–34 GDPR/UK GDPR.
Data Retention
1. Retention Period
Personal data collected will be retained only for the time necessary to achieve the purposes for which they were collected, unless legal obligations require longer retention periods.
2. Secure Deletion
Once the retention period has expired, personal data will be securely deleted or anonymized using techniques that ensure their irrecoverability.
User Responsibilities
Users are encouraged to contribute to the security of their data by:
Limitations of Liability
While all reasonable measures are taken to protect personal data, formaeffimera.com cannot guarantee absolute security, particularly in relation to vulnerabilities inherent in internet technologies. However, any security incidents will be handled in accordance with applicable regulations, including GDPR, UK GDPR, and the EU Cyber Resilience Act.
Users of formaeffimera.com have the right to file complaints regarding the processing of their personal data, in accordance with the GDPR, the UK GDPR, and other applicable international data protection laws.
Submitting Complaints
1. Direct Contact with the Controller
Users are encouraged to first contact formaeffimera.com to resolve any issues related to the management of their personal data. Requests can be sent to privacy@formaeffimera.com with a detailed description of the issue.
2. Complaint to the Supervisory Authority
If users believe that their rights have been violated, they may file a complaint with the competent supervisory authority:
- For residents in the European Union: the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) or the authority in their Member State of residence or employment.
- For residents in the United Kingdom: the Information Commissioner’s Office (ICO).
Contact details of the Italian Garante: https://www.garanteprivacy.it/
Contact details of the UK ICO: https://ico.org.uk/
User Rights
1. Right of Access
Users may request information about their personal data processed by formaeffimera.com, including purposes, categories of data, and recipients.
2. Right to Rectification
Users may request the correction or updating of inaccurate or incomplete personal data.
3. Right to Erasure
Users may request the deletion of their personal data, except where retention is required by law or for legitimate purposes such as legal defence.
4. Right to Restriction of Processing
Users may request the restriction of processing in specific cases, for example when they contest the accuracy of the data or object to its processing.
5. Right to Data Portability
Users may request to receive their personal data in a structured, commonly used, and machine-readable format, and, where technically feasible, to transmit them to another controller.
6. Right to Object
Users may object to the processing of their personal data where it is based on legitimate interests. Where data are processed for direct marketing purposes, the right to object is absolute.
7. Right not to be Subject to Automated Decisions
Users have the right not to be subject to decisions based solely on automated processing, including profiling, that have legal or similarly significant effects. With respect to artificial intelligence tools, formaeffimera.com guarantees human oversight and the possibility for users to request human intervention, express their views, and contest automated decisions.
Exercising Rights
Users may exercise their rights by sending a written request to:
Email: privacy@formaeffimera.com
Subject line: "Exercise of privacy rights"
Requests will be handled without undue delay and, in any case, within one month of receipt, in accordance with GDPR and UK GDPR provisions. Extensions may apply in complex cases, in which case users will be informed promptly.
formaeffimera.com implements technical and organizational measures to protect users’ personal data from unauthorized access, loss, alteration, or disclosure. These measures comply with the GDPR, the UK GDPR, and other applicable international data protection regulations.
Technical Measures
1. Data Encryption
Personal data are protected during transmission through encryption protocols such as HTTPS/TLS. Where applicable, encryption is also applied to stored data.
2. Authentication and Limited Access
Access to systems and platforms is limited to authorized personnel only. Strong password policies are enforced, with multi-factor authentication (MFA) and periodic rotation of access credentials and API keys, including those used for AI services.
3. Backup and Recovery
Regular backups are performed to prevent data loss. Recovery procedures are in place to ensure service continuity in the event of incidents.
4. Protection Against Cyber Threats
Firewalls, antivirus software, and continuous monitoring systems are employed to detect and prevent cyberattacks and other vulnerabilities, in line with the EU Cyber Resilience Act.
Organizational Measures
1. Training and Awareness
Personnel involved in data processing are provided with regular training on GDPR/UK GDPR requirements, cybersecurity practices, and safe handling of AI systems.
2. Internal Policies
Internal procedures are in place for managing personal data securely, ensuring proper retention and deletion, and documenting processing operations in line with accountability principles.
3. Third-Party Providers
All third parties involved in the processing of personal data (such as Register.it, GitHub, or AI service providers) are contractually bound to comply with GDPR/UK GDPR standards and provide adequate safeguards.
Data Breach Management
1. Breach Response Plan
In the event of a personal data breach, formaeffimera.com will notify the competent supervisory authority (e.g., the Italian Garante or the UK ICO) within 72 hours when required, and inform affected individuals if the breach is likely to result in a high risk to their rights and freedoms, in compliance with Articles 33–34 GDPR/UK GDPR.
2. Incident Register
All data breaches and security incidents are recorded in an internal register, regardless of whether they require notification to the authorities.
Continuous Improvement
formaeffimera.com monitors its infrastructures and procedures on an ongoing basis to adapt security measures to new technologies, emerging threats, and evolving regulatory requirements.
formaeffimera.com uses artificial intelligence (AI) systems and tools to provide advanced features to users and enhance the browsing experience, in full compliance with European, UK, and international data protection and digital security regulations.
Purposes of AI Processing
Categories of Data Processed
Legal Bases for Processing
Absence of Binding Automated Decisions
formaeffimera.com does not make decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects on individuals (Art. 22 GDPR/UK GDPR and the EU AI Act). Human intervention is always guaranteed in processes that directly affect users.
Processors and Data Transfers
Any external AI service providers are appointed as data processors under Art. 28 GDPR/UK GDPR and are bound by contracts ensuring compliance with GDPR, UK GDPR, and the AI Act. Where data are transferred to third countries (e.g., the United States), Standard Contractual Clauses (SCC) adopted by the European Commission or the UK International Data Transfer Agreement (IDTA) are applied, together with Transfer Impact Assessments (TIA) and supplementary measures to ensure adequate protection.
Retention Period
Input and output data related to AI functions are retained only for the time strictly necessary to deliver the service and perform technical quality checks, and in any case no longer than 90 days, unless required for security or legal obligations. After this period, the data are deleted or anonymized.
Security Measures
Specific User Rights Related to AI
Minors and Special Categories of Data
AI functionalities are not intended for users under the age of 14 (or 16 where required by national law). Special categories of data (Art. 9 GDPR/UK GDPR) are not processed through AI systems, unless explicit and informed consent is given within the limits permitted by law.
Regulatory Alignment
formaeffimera.com is committed to complying with the GDPR, the UK GDPR, the Italian Privacy Code, and Regulation (EU) 2024/1689 on Artificial Intelligence (AI Act), as well as international best practices (OECD AI Principles, UNESCO, UK AI governance guidelines, and emerging U.S. state AI regulations). Should “high-risk” AI systems be introduced, a Data Protection Impact Assessment (DPIA) will be carried out, appropriate technical documentation will be prepared, and human oversight will be guaranteed as required by the AI Act and international standards.
Contacts
For clarifications or to exercise your rights related to the processing of data through artificial intelligence systems, you can write to privacy@formaeffimera.com with the subject line “AI Request”.
formaeffimera.com uses only technical cookies and, where applicable, anonymised analytical cookies configured with measures that prevent direct user identification. These tools are used solely to ensure the proper functioning of the site and to improve security and performance.
Types of Cookies Used
Cookie Management
Users can configure their browser at any time to disable or delete technical and analytical cookies. However, disabling technical cookies may affect the correct functioning of the website.
Retention Period
Session cookies are automatically deleted when the browser is closed. Any persistent cookies used have a limited duration and, in any case, do not exceed 12 months.
Additional Information
For more details on the processing of data through cookies and tracking tools, users can contact the data controller at privacy@formaeffimera.com. This approach is consistent with the GDPR, the UK GDPR, the Italian Data Protection Authority guidelines, and the requirements of the UK Information Commissioner’s Office (ICO) under the PECR.