Privacy and Cookie Policy

This Application collects certain Personal Data from its Users.

Data Controllers

Fabio Damiani and Marco Quistini
Address: Via XX Settembre 58/A, 24122 - Bergamo, Italy
Contact email: info@studiopang.it

Types of Data collected

Among the Personal Data collected by this Application, either independently or through third parties, there are: Cookies, Usage Data and Email. Personal Data may be freely provided by the User (such as contact email), or, in the case of Usage Data (such as IP address), collected automatically during the use of this Application for technical and security purposes.

Cookie Policy

This Application uses technical cookies and necessary identifiers to ensure the proper functioning of the website and the security of navigation. No profiling or advertising tracking cookies are used.

Technical and functional cookies

• Polylang (pll_language): Used to store the User’s selected language and apply it on future visits. Duration: 1 year.
• Cloudflare (__cf_bm, _cfuvid): Generated through Vimeo video integration to distinguish real users from bots and ensure connection security. Duration: Session / 30 minutes.
• Wordfence (wf-scan-issue): Used for security purposes and to protect the website from unauthorized access. Duration: Session.

Managing cookies via browser

Users can manage cookie preferences directly within their browser and prevent third parties from installing them. Through browser settings, it is also possible to delete previously installed cookies. Disabling technical cookies may affect the proper functioning of some parts of the website.

Legal basis of processing

The Data Controller processes Personal Data relating to the User if one of the following conditions applies:

• The User has given consent for one or more specific purposes (sending communications via Mailchimp);
• Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller (website protection via Wordfence and performance optimization);
• Processing may also be necessary for the performance of pre-contractual measures taken at the User’s request or to comply with legal obligations.

Methods and place of processing

Processing methods

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. Processing is carried out using IT and/or telematic tools.

Parties involved

In addition to the Data Controller, in some cases, Personal Data may be accessible to external parties appointed as Data Processors:

• Aruba S.p.A.: Hosting provider and server infrastructure (Italy).
• Mailchimp (Intuit Inc.): Management of contact databases and email communications. Data may be transferred to the United States based on the Data Privacy Framework or Standard Contractual Clauses.

Place and retention period

Data is processed at the Data Controller’s operating offices and retained for the time necessary to fulfill the purposes for which it was collected.
Data related to the newsletter is retained until the User withdraws consent.
Security logs (IP addresses and usage data), also collected through protection systems such as Wordfence, are retained for a limited period, generally between 7 and 30 days, unless required for the investigation of unlawful activities or upon request by authorities.

Purposes of Data processing

Contacting the User

Through the contact form, the User provides their email address to be contacted. Informational communications or newsletters are sent only with explicit consent via Mailchimp.
Data collected: Email.

Security and maintenance

This Application uses Wordfence to analyze traffic and detect potential security threats.
Data collected: IP address and Usage Data.

Content from external platforms

This Application embeds videos from Vimeo (Vimeo, LLC) with "Do Not Track" mode enabled, limiting data collection to technical purposes necessary for playback.
Data collected: Cookies and Usage Data.

User rights

Users may exercise certain rights regarding their Data:

• Withdraw consent at any time;
• Object to the processing of their Data;
• Access their Data and request rectification;
• Obtain restriction of processing or erasure of Data;
• Receive their Data and have it transferred to another controller (data portability);
• Lodge a complaint with a supervisory authority;
• Not be subject to decisions based solely on automated processing, including profiling, except where permitted by law.

Additional information

Further details regarding the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page