Privacy Policy — saveriocanepa.it

Last updated: 8 November 2025
(Notice pursuant to Articles 13–14 GDPR)

  1. Controller and contacts

Data Controller: Francesco Saverio Canepa, Via Sardegna 50, Rome.
Italian Tax Code (C.F.) CNPFNC69C24H591E — PEC: francescosaverio.canepa@pec.it — Tel.: +39 06 565488726.

Internal privacy contact: Francesco Saverio Canepa.

DPO: not appointed (not applicable at this time).
Information requirements: Art. 13 GDPR. EUR-Lex+1

  1. Categories of data

Browsing data: technical logs, IP addresses, timestamps, user-agent, security/firewall events.

Data provided via the contact form: name, email, message, any technical metadata (anti-spam).

Data from integrated third-party services: Google reCAPTCHA (anti-abuse), YouTube (only when videos are played), Google Ads (conversion tag, only with prior consent).

Google Analytics 4 (Google Ireland/Google LLC): aggregated usage statistics, IP anonymization enabled — third party — max retention 14 months. Legal basis: consent.

Microsoft Clarity (Microsoft Ireland Operations Ltd.): heatmaps and session recording with automatic masking of personal data (form inputs, numbers, emails) — third party — retention 90 days. Legal basis: consent. Details: clarity.microsoft.com/terms.

Cookies and tracking tools: see Cookie Policy.

  1. Purposes, legal bases, retention periods

ProcessingPurposeLegal basisRetention
Browsing and security (logs, firewall)provide the website; prevent abuse and incidentsController’s legitimate interest in security and service continuity (Art. 6(1)(f) GDPR)7–30 days for technical logs; longer in case of incidents
Contact form (WordPress)respond to enquiriesPre-contractual/contractual measures (Art. 6(1)(b))12 months from ticket closure
reCAPTCHA anti-spamprotect the form against abuse/botsLegitimate interest (Art. 6(1)(f)) with balancing and minimisationfor the time needed to validate
YouTube embeddisplay videosConsent (Art. 6(1)(a)) via banner/CMP; loaded only after your choiceaccording to the provider’s cookies; details in the Cookie Policy
Google Ads (conversion tag)measure conversions/advertising effectivenessConsent (Art. 6(1)(a)) via banner/CMPaccording to the provider’s cookies; details in the Cookie Policy

Regulatory note: the notice must associate a clear legal basis with each purpose (EDPB/Italian SA practice). EUR-Lex

  1. Nature of provision

Technical/security data: necessary for the website to operate.

Contact form data: necessary to receive a reply; failure to provide prevents handling the request.

YouTube/Google Ads: optional and subject to consent.

  1. Recipients and categories of vendors

Hosting/WordPress: Roma Comunica Web (EU/Italy) acting as processor under Art. 28 (DPA to be executed/retained).

Google Ireland/Google LLC: for reCAPTCHA, YouTube, Google Ads (independent controllers or joint controllers for their respective services).

Law-enforcement/judicial authorities if required by law.

Transfers outside the EEA: for the Google services involved, data may be transferred to the United States. The transfer is made to companies adhering to the EU-US Data Privacy Framework (EU adequacy of 10/07/2023); the DPF was upheld by the General Court of the EU on 03/09/2025 (case T-553/23), subject to any appeals. EUR-Lex+2 dataprivacyframework.gov+2

  1. Data subject rights

You have the right to access, rectification, erasure, restriction, portability, objection, and to withdraw consent. To exercise your rights: PEC francescosaverio.canepa@pec.it (or another dedicated channel: [●]@saveriocanepa.it).
Complaint to the Supervisory Authority: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Rome, tel. +39 06.69677.1, protocollo@pec.gpdp.it. Garante Privacy+1

  1. Children

The site is not directed at children. In Italy, digital consent is valid from age 14 (Art. 2-quinquies of the Italian Privacy Code). Garante Privacy+1

  1. Security

TLS/HTTPS, WordPress hardening, security updates, regular backups, access controls, critical-event logging, anti-bot protections. (Appropriate technical and organisational measures under Art. 32 GDPR).

  1. Changes

This notice may be updated to reflect regulatory/technological developments; versions will be published on this page with the date of update.


Cookie Policy — saveriocanepa.it

  1. What cookies and similar technologies are

Cookies, pixels, SDKs and similar technologies store/read information on your device. They are categorised as technical (necessary) and non-technical (e.g., marketing, profiling, analytics). Italian SA Cookie Guidelines (10/06/2021) and summary sheet. Garante Privacy+1

  1. Consent management (CMP)

The site uses a consent banner compliant with the Italian SA Guidelines (options: “Accept”, “Reject”, “Customise”).

You can change your preferences at any time: [Manage cookie preferences] (permanent footer link).

Non-technical cookies are blocked until you give consent. Garante Privacy

Operational tip: on WordPress, adopt a recognised CMP (e.g., Iubenda, Cookiebot, OneTrust) with periodic scans and Consent Mode v2 for Google/Ads tags.

  1. Categories and purposes on this site

Technical/necessary: security, load balancing, CMP preferences, form protection (reCAPTCHA).

Functional/Media: YouTube (video playback; enabled only with prior consent, preferably in “privacy-enhanced mode”).

Marketing/Advertising: Google Ads (conversions).
For each category, the provider, purpose, duration, first/third party are listed in the CMP-generated table (inventory updated automatically). Italian SA Guidelines. Garante Privacy

Indicative examples (to be verified via CMP scan):

  • Google reCAPTCHA (Google Ireland/Google LLC) — anti-abuse/technical — third party — variable duration (session token).

  • YouTube — video playback/functional — third party — variable duration; use “youtube-nocookie” where possible.

  • Google Ads — conversions/marketing — third party — duration per Google policy.

  1. How to change your choices

Use the [Manage cookie preferences] link (footer) to change or withdraw consent at any time.

You can also delete cookies from your browser, though some features may not be available afterward.

  1. Transfers outside the EEA

Google and YouTube cookies/services may involve transfers to the United States: the provider adheres to the Data Privacy Framework; for processing not covered by the DPF, SCCs and supplementary measures apply.