Mario Ciavarella

Back to home

Privacy Policy

Last updated: 2025-12-17

This Privacy Policy (hereinafter, the "Policy") describes the methods of managing the website mariociavarella.it (hereinafter, the "Website") with reference to the processing of personal data of users who consult it and/or use its features (for example, the contact form). This Policy is provided pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR"), UK GDPR and other applicable data protection legislation, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) and similar privacy laws worldwide.

Controller and Contact Details

The Data Controller for the processing of personal data collected through this Website is Mario Ciavarella, residing in Italy. For any matters related to data protection, you may contact the Data Controller via email at privacy@mariociavarella.it.

Key Principles of Data Processing

  • This Website does not require user accounts or newsletter subscriptions. The only personal data actively submitted by users is through the contact form, if chosen for use.
  • I do not sell or share your personal data for monetary or other valuable consideration. Your data is only used for the purposes described in this policy and is never sold to third parties.
  • Analytics (Google Analytics 4) is implemented on an opt-in basis and is activated solely upon the user's explicit consent provided via the cookie banner.
  • Spam protection services (such as reCAPTCHA) may be employed on the contact form to prevent automated abuse, operating under the legal basis of legitimate interest.

What I process and why

The processing of Personal Data by the Website is based on specific legal grounds as defined by the GDPR. These legal bases ensure that your data is processed lawfully and transparently. Below, I outline the categories of data processed, the purposes for processing, the corresponding legal basis and typical data retention periods.

The Website primarily serves informational purposes. Where non-essential processing (such as analytics) is concerned, it is disabled until your explicit opt-in consent is provided.

Category Purpose Legal basis Typical retention
Contact form
(name, email, message) 		Replying to your request and follow-up. GDPR art. 6(1)(b) for handling requests; GDPR art. 6(1)(f) for follow-up communications based on the legitimate interest of managing client relationships. For the time needed to handle the request, plus a reasonable follow-up period.
Analytics (optional)
(usage metrics) 		Understanding site usage and improving content. Consent (GDPR art. 6(1)(a)). Subject to your consent and the Google Analytics configuration.
Anti-spam (optional)
(reCAPTCHA token/score) 		Preventing automated abuse of the contact form. Legitimate interest (GDPR art. 6(1)(f)) to ensure the security and integrity of the contact form and prevent abuse. Processed during verification; not stored by the Website beyond technical logs (if any).
Server logs
(IP, user-agent, timestamps) 		Security, troubleshooting and service reliability. Typically 7 to 30 days, rotated for security, troubleshooting and debugging needs.
Consent preferences
(mc_consent) 		Storing and honoring your cookie choices. Legal obligation + consent for non-essential cookies. Up to 6 months.

Third-party Services, Cookies and Data Transfers

Service Providers

Depending on your actions and settings, data may be processed by:

  • Hosting / infrastructure providers (to deliver the Website and store server logs).
  • Email delivery provider (SMTP) (to deliver contact form messages to the site owner).
  • Google (Google Analytics 4, reCAPTCHA), only when enabled/used.

Cookies and Similar Technologies

The Website uses a first-party consent cookie to store your preferences. Non-essential cookies (including analytics) are only activated after opt-in. For details, see the Cookie Policy. You can review or change your preferences at any time using the "Cookie settings" link in the footer.

International Data Transfers

Some providers (e.g. Google) may process data outside the European Economic Area (EEA) and United Kingdom. Where applicable, such transfers are based on appropriate safeguards (e.g. Standard Contractual Clauses) and/or other legal mechanisms recognized under GDPR, UK GDPR and applicable data protection laws.

Data Security

The Data Controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: the pseudonymization and encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Your Rights as a Data Subject

Under the General Data Protection Regulation (GDPR), UK GDPR and other applicable privacy laws (including CCPA/CPRA for California residents), you are afforded specific rights concerning your personal data. These rights include:

  • Right of Access (Art. 15 GDPR): you have the right to obtain confirmation as to whether or not your personal data are being processed and, where that is the case, access to the personal data and further information.
  • Right to Rectification (Art. 16 GDPR): you have the right to obtain the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
  • Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR): you have the right to obtain the erasure of personal data concerning you without undue delay, under certain conditions.
  • Right to Restriction of Processing (Art. 18 GDPR): you have the right to obtain restriction of processing where specific grounds apply.
  • Right to Data Portability (Art. 20 GDPR): you have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance.
  • Right to Object (Art. 21 GDPR): you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing for such marketing.
  • Right to Withdraw Consent (Art. 7 GDPR): where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. For instance, you can manage your cookie preferences at any time via the "Cookie settings" link in the footer.

Additional Rights for California Residents

If you are a California resident, under the CCPA/CPRA you have additional rights:

  • Right to Know: you can request information about the categories and specific pieces of personal information I have collected about you.
  • Right to Delete: you can request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale/Sharing: as stated in this policy, I do not sell or share your personal information. Therefore, there is no need to opt-out.
  • Right to Non-Discrimination: you have the right not to receive discriminatory treatment for exercising your CCPA privacy rights.
  • Right to Limit Use of Sensitive Personal Information: I do not process sensitive personal information beyond what is necessary to provide my services.

How to Exercise Your Rights

To exercise any of these rights, please send a written request to the Data Controller via email at privacy@mariociavarella.it. I will respond to your request within the timeframes required by applicable law (generally 30 days for GDPR requests and 45 days for CCPA requests).

Supervisory Authorities

You also have the right to lodge a complaint with a supervisory authority:

  • EU/Italy: Italian Supervisory Authority for the Protection of Personal Data (Garante per la protezione dei dati personali) — garanteprivacy.it
  • United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
  • California: California Privacy Protection Agency (CPPA) — cppa.ca.gov

Children's Privacy

The Website is not intended for children under the age of 16. The Data Controller does not knowingly collect personal data from children under 16. If the Data Controller becomes aware that personal data from a child under 16 has been collected without parental consent, reasonable steps will be taken to delete such information promptly. If you believe that I might have any information from or about a child under 16, please contact me at privacy@mariociavarella.it.

Updates and references

This policy may be updated from time to time. The “Last updated” date at the top indicates when it was last changed. Official sources often referenced for EU/Italy:

  • GDPR — Regulation (EU) 2016/679: EUR-Lex
  • ePrivacy Directive — Directive 2002/58/EC: EUR-Lex
  • Italian Privacy Code — Legislative Decree 196/2003 (as amended): normative page
  • Italian DPA cookie guidelines (10 June 2021): docweb 9677876