Privacy Policy

Last updated: 8 April 2026

1. Who We Are

This website is operated by the Owner (the "Data Controller"), based in the United Kingdom. For any questions about this policy or your personal data, please contact us at:

gennarellifrancescopio@gmail.com

2. What Data We Collect

We collect personal data only when you voluntarily provide it through our contact form:

• Name
• Email address
• Subject (optional)
• Message

We also automatically collect your IP address when you submit the contact form, solely for rate limiting and security purposes.

This website does not use cookies, analytics, tracking pixels, or advertising of any kind.

3. How We Use Your Data

We process your personal data on the legal basis of legitimate interest (Article 6(1)(f) UK GDPR / EU GDPR):

• Contact form data — to read and respond to your enquiry
• IP address — to prevent abuse through rate limiting and to maintain the security of the website

When a new contact form submission is received, a generic notification (containing no personal data) is sent to the Owner. Your personal details remain stored only on the server.

4. Who Has Access to Your Data

• The Owner (Data Controller) — based in the United Kingdom
• Technical administrator — based in Italy, manages the website on behalf of the Owner
• Contabo GmbH — hosting provider based in Germany, where the server is located

Your data is never sold, rented, or shared with third parties for marketing or advertising purposes.

5. International Data Transfers

Your data is stored on a server located in Germany (Contabo GmbH) and may be accessed by the technical administrator in Italy. These transfers take place within the European Economic Area (EEA) and are covered by the UK adequacy decision for the EEA. No data is transferred outside the EEA/UK.

6. How Long We Keep Your Data

• Contact form submissions — automatically deleted after 12 months
• Rate limiting records — overwritten on each new submission; stale records are automatically removed
• Security audit logs — retained for 90 days, then automatically deleted

7. Your Rights

Under both the UK GDPR (and the Data Protection Act 2018) and the EU GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate personal data
• Erase your personal data ("right to be forgotten")
• Restrict the processing of your personal data
• Data portability — receive your data in a structured, commonly used format
• Object to the processing of your personal data

To exercise any of these rights, please contact us at gennarellifrancescopio@gmail.com. We will respond to your request within one month.

8. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority:

• United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
• European Union: Your national data protection authority

9. Changes to This Policy

The Owner may update this privacy policy from time to time. Any changes will be reflected in the "Last updated" date at the top of this page. We encourage you to review this policy periodically.