Officina Kreativa

    Privacy Policy

    Personal data processing information pursuant to EU Regulation 2016/679 (GDPR) and applicable Italian law.

    Last updated: April 23, 2026

    1. Data controller

    The data controller is Officina Kreativa S.r.l., with registered office at Via T. Campanella 11/13, 88900 Crotone (KR), Italy. VAT and Tax ID: 03722090796.

    Privacy contact email: info@officinakreativa.it.

    2. Data we collect

    We collect the following personal data when you interact with the site:

    • Contact form and quiz data: name, email, phone (optional), project description, qualification quiz answers.
    • Navigation data: IP address, browser type, operating system, pages visited, timestamps (collected only with analytics consent).
    • Cookies and technical identifiers: see Cookie Policy for full details.

    3. Processing purposes

    We process your data for the following purposes:

    • Respond to your inquiries submitted via contact form (legal basis: pre-contractual measures art. 6.1.b GDPR).
    • Measure website page effectiveness via analytics tools (legal basis: consent art. 6.1.a GDPR).
    • Show you more relevant ads via Meta, LinkedIn, Google Ads (legal basis: consent art. 6.1.a GDPR).
    • Comply with tax, accounting, and security legal obligations (legal basis: legal obligation art. 6.1.c GDPR).

    4. Data retention

    Contact form data is retained for a maximum of 24 months from first contact, unless a commercial relationship is established (in which case legal accounting retention periods apply, 10 years).

    Analytics data is retained for 14 months in pseudonymized form, then aggregated and deleted at individual level.

    5. Data recipients

    Data is shared exclusively with technical service providers necessary for the operation of the site and marketing activities, appointed as Data Processors under art. 28 GDPR:

    • Railway.app (hosting and database platform) — USA, with EU-approved Standard Contractual Clauses.
    • Google LLC (Google Analytics 4, Google Tag Manager) — USA, with Data Processing Terms and SCCs.
    • Meta Platforms Inc. (Meta Pixel and Conversion API, with marketing consent) — USA/IE, with SCCs.
    • LinkedIn Corporation (Insight Tag, with marketing consent) — USA/IE, with SCCs.
    • Transactional email providers for internal notifications.

    6. Non-EU transfers

    Some of the providers listed above are based in the United States. Transfers take place based on Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, under the EU-US Data Privacy Framework.

    7. Your rights

    You can exercise the following rights at any time by writing to info@officinakreativa.it:

    • Right of access to your data (art. 15 GDPR).
    • Right to rectification (art. 16).
    • Right to erasure / right to be forgotten (art. 17).
    • Right to restriction of processing (art. 18).
    • Right to data portability (art. 20).
    • Right to object (art. 21).
    • Right to withdraw consent at any time without affecting the lawfulness of previous processing.
    • Right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

    8. Data security

    We implement appropriate technical and organizational measures to protect data: TLS encrypted connections, password hashing, access control, audit logging, encrypted backups. In case of a data breach that poses a high risk to the rights of data subjects, we will inform you within 72 hours as required by art. 33 GDPR.

    9. Changes to this policy

    We reserve the right to update this policy. The last update date is shown at the top of the document. Substantial changes will be communicated via banner or email.