Privacy Policy

Last updated: January 2026

This privacy notice is provided pursuant to Articles 12, 13, and 14 of Regulation (EU) 2016/679 ("GDPR") and Legislative Decree No. 196 of June 30, 2003, as amended by Legislative Decree No. 101 of August 10, 2018 ("Privacy Code"). This document clearly and transparently describes what personal data is collected, the purposes and methods of processing, the security measures adopted to protect the data, as well as the rights that the data subject can exercise under the applicable legislation.

Brief Privacy Notice

Who processes the data: Dr. Christian Cassella – artivism®

Data collected: Information entered in the contact form (name, email, optional phone, message) and navigation data (technical cookies and anonymized analytical cookies from Google Analytics 4).

Why we use it: To respond to requests sent via the contact form, ensure the proper functioning of the site, and process aggregated and anonymous statistics on visits.

Rights: Access, rectification, erasure, restriction, portability, objection, and complaint to the Privacy Authority.

Cookies: Banner to accept or reject non-essential cookies.

1. Data Controller

The data controller is Dr. Christian Cassella, legal representative of artivism® (artivism by Christian Cassella – VAT No. 01904250709). You can contact us at privacy@artivism.it.

2. What Personal Data We Collect

Data You Voluntarily Provide

Name, surname, email address, phone number (optional), and content of the message sent via the "Contact Us" form or by email.

Navigation Data

IP address, device identifier, access time, referring URL; collected through server logs and essential technical cookies.

Anonymized Analytical Cookies

Google Analytics 4 is configured to anonymize the IP address and avoid individual profiling.

Third-Party Data

In some cases, we may receive information about you from publicly available sources or authorized third parties, such as when you interact with our social media profiles.

3. Purposes and Legal Bases for Processing

Responding to requests and providing site services – Legal basis: execution of pre-contractual measures/contract (Art. 6(1)(b) GDPR).

Ensuring security, functionality, and site maintenance – Legal basis: legitimate interest of the controller (Art. 6(1)(f) GDPR).

Processing aggregated and anonymous traffic statistics – Legal basis: legitimate interest, with balancing of users' rights and freedoms (Art. 6(1)(f) GDPR).

Legal obligations (e.g., accounting/tax obligations) – Legal basis: legal obligation (Art. 6(1)(c) GDPR).

Defense in court – Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

Direct marketing (if you have given consent) – Legal basis: consent of the data subject (Art. 6(1)(a) GDPR).

Legitimate Interest: When we process data based on legitimate interest, we conduct an assessment to ensure that such interest does not override your fundamental rights and freedoms. In particular, for site security, fraud prevention, and anonymized analysis, the processing is designed to minimize the impact on your privacy.

4. How We Process Data and How Long We Retain It

Processing is carried out using electronic tools and adequate security measures (HTTPS, encrypted backups, limited access). We retain data only for the time necessary to achieve the purposes:

  • Contact form/email data: 12 months from the last interaction, except for legal obligations or judicial protection needs.
  • Navigation logs: 30 days, except extensions in case of security incident investigations.
  • Data for tax/legal obligations: According to the terms provided by applicable legislation (generally 10 years for tax documents).

After this period, data is deleted or irreversibly anonymized.

Additional Security Measures: We adopt advanced encryption protocols (TLS), multi-factor authentication for administrative access, regular security system updates, and continuous staff training on data protection best practices.

5. Data Recipients and Extra-EU Transfers

Technical service providers (hosting, maintenance, registrar) who process data on behalf of the controller based on their respective terms of service that include data protection clauses compliant with GDPR. If servers are located outside the European Economic Area, transfers occur exclusively through Standard Contractual Clauses or other adequate safeguards under Art. 46 GDPR.

Google LLC (USA) for the Google Analytics 4 service, with anonymized IP address (where applicable) and transfer based on Standard Contractual Clauses 2021.

We do not sell or disseminate personal data to third parties. Transfers outside the EEA occur only with adequate safeguards (Art. 46 GDPR).

Automated Decision-Making: We do not subject your data to fully automated decision-making processes, including profiling, that produce legal effects or significantly affect you.

6. Data Provision

Providing mandatory data in the contact form is necessary to obtain a response; without it, we will not be able to process your request.

Providing data for marketing purposes is always optional and based on your explicit consent, which can be withdrawn at any time without affecting the lawfulness of previous processing.

7. Your Rights

You can exercise at any time the rights provided by Articles 15-22 GDPR:

  • Right of access (Art. 15): Obtain confirmation of processing and receive information on processed data, purposes, recipients, retention period.
  • Right to rectification (Art. 16): Correct inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of data if no longer necessary, if you withdraw consent, if you object to processing, if processing is unlawful, or to comply with legal obligations.
  • Right to restriction (Art. 18): Limit processing in case of dispute over accuracy, objection, unlawful processing, or for establishing rights in court.
  • Right to portability (Art. 20): Receive data in structured format to transmit to another controller, when processing is based on consent or contract and is carried out by automated means.
  • Right to object (Art. 21): Object to processing for legitimate reasons, in particular for direct marketing or profiling.
  • Right to withdraw consent (Art. 7): Withdraw previously given consent for a specific processing.

You can exercise these rights by writing to privacy@artivism.it and attaching a copy of an identity document. You will receive a response within 30 days. You also have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).

8. Protection of Minors

This site is not intended for minors under 16 years of age. If you are under 16, processing of data is lawful only with the consent of the person exercising parental responsibility (Art. 8 GDPR).

If we become aware that we have collected personal data from minors without verifiable parental consent, we will take measures to remove such information from our servers as soon as possible.

9. Cookies

Upon entering the site, a banner appears that allows you to accept or reject non-essential cookies. You can modify your preferences at any time via the "Cookie Settings" link in the site footer. More details are available in the Cookie Policy.

Technical cookies: Strictly necessary to ensure site functioning and authentication.

Analytical cookies: We use Google Analytics 4 in anonymized mode to collect aggregated statistical data on site usage. These cookies can be disabled via the banner settings.

Third-party cookies: Some embedded content (such as videos or maps) may install third-party cookies. You can block these cookies via browser settings or the cookie banner.

10. Changes to This Notice

Any updates will be published on this page with the new revision date. In case of substantial changes, you will be notified via banner and, if necessary, you will be asked to provide consent again.

We invite you to periodically consult this page to stay updated on our privacy practices.

Last updated: January 2026

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@artivism.it

Contact Form