Privacy Policy

1) Definitions

First of all, I want to explain the meaning of some of the terms you will find within this policy.

I will also refer to you as the «Data Subject» or «User».

«Personal data» means any information relating to an identified or identifiable natural person.

By «processing» the GDPR means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

In any case, I will refer only to the processing of data provided while browsing this site and not on third-party websites that may be reachable through links present here.

2) Data Controller

The data controller (hereinafter also simply referred to, for convenience, as the «Controller») is Francesco Cappelli, with registered office at Via dei Feltreschi 7, 00164 Rome (RM), Italy.

Please note that the GDPR refers to the data controller as the party that determines the purposes and means of the processing of personal data.

At any time you may contact the Controller to request information regarding the processing of your data, by filling in the contact form on the site and specifying in the body of the message the reason for your request, relating to privacy and to the modification of data.

3) Rights of the Data Subject and how to exercise them

Privacy legislation guarantees you certain important rights, which I will list below. In any case, for a better understanding, you may consult in full Articles 15 et seq. of the GDPR.

The right of access (Art. 15 GDPR) means that you can ask for confirmation as to whether or not processing of data concerning you is taking place and, if so, obtain access to the personal data and to further information relating to the processing.

The right to rectification (Art. 16 GDPR) means that you can ask to rectify or supplement the data you provided or otherwise held by the Controller, where inaccurate or incomplete.

The right to erasure («right to be forgotten») (Art. 17 GDPR) provides the possibility of requesting that the data acquired or processed by the Controller be erased without undue delay, where (i) it is no longer necessary for the purposes for which it was collected, (ii) consent has been withdrawn and there is no other legal basis for the processing, (iii) the data subject has objected to the processing, (iv) the data has been unlawfully processed, or (v) there is a legal obligation to erase it.

The right to restriction of processing (Art. 18 GDPR) provides the possibility of requesting the restriction of the processing of personal data where one of the following applies: (i) the data subject contests the accuracy of their data, for the period needed by the Controller to verify the accuracy of such data; (ii) the processing is unlawful and the data subject opposes erasure, requesting instead that its use be restricted; (iii) although the Controller no longer needs it for the purposes of the processing, the data is required by the data subject for the establishment, exercise or defence of a legal claim; (iv) the data subject has objected to the processing pursuant to Art. 21(1) of the GDPR, pending verification as to whether the legitimate grounds of the Controller override those of the data subject.

The right to data portability (Art. 20 GDPR) consists of the right (i) to receive your data in a structured, commonly used and machine-readable format, (ii) to have it transmitted directly by the Controller to another controller indicated by you, where technically feasible, and (iii) to transmit it to another controller without hindrance from the Controller.

The right to object (Art. 21 GDPR) consists of the right to object, at any time on grounds relating to your particular situation, to the processing of personal data concerning you based on the lawfulness condition of legitimate interest, including profiling, or on the performance of a task carried out in the public interest or in the exercise of official authority, unless there are legitimate grounds for the Controller to continue the processing that override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of a legal claim.

The right not to be subject to automated decision-making, including profiling (Art. 22 GDPR), is the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects concerning you or significantly affect you, where you have not previously and explicitly consented, as provided for by Art. 22 of the GDPR.

The right to withdraw consent (Art. 7(3) GDPR) entails the possibility of withdrawing at any time the consent given, without affecting the lawfulness of processing based on consent given before its withdrawal.

To exercise your rights, it will be sufficient to fill in the contact form on the site, specifying in the body of the message the reason for your request, relating to privacy and to the modification of data.

In addition, you have the right to lodge a complaint with the Supervisory Authority, which in Italy is the Garante per la Protezione dei Dati Personali (Data Protection Authority).

4) Types of data processed through use of the site, purposes and legal basis of the processing, nature of the provision of data

Browsing data

When you visit this site, the server temporarily saves each access in a log file. For example, technical data is saved until its automatic deletion, such as the IP address of the requesting computer, the name of the owner of the IP address range, the date and time of access, the website from which the access was made (Referer URL), where applicable with the search term used, the name and URL of the files retrieved, the status code (e.g. error messages), the operating system of the user’s computer, the browser (type, version and language) and the transmission protocol used.

This data may be used by the Controller to derive anonymous statistical information on the use of the site in order to identify the pages preferred by users, so as to provide increasingly suitable content, and to monitor its correct functioning. Furthermore, this data could be used to establish liability in the event of computer crimes against the site, attacks on the network infrastructure or other unauthorised or abusive uses of the site.

The legal basis for this type of data processing lies in the legitimate interest of the Controller pursuant to Art. 6(1)(f) GDPR. The provision of this data is mandatory when browsing the site.

Cookies or similar technologies

Cookies are small text files stored by the computer when a site is visited by a user. You will find more information within the extended cookie policy placed at the foot of the site.

The legal basis for the processing of data carried out through the installation of technical cookies lies in the legitimate interest of the Controller pursuant to Art. 6(1)(f) GDPR to ensure the functionality of the site; in the case of the installation of cookies other than technical ones, the processing of personal data is based on consent, given pursuant to Art. 6(1)(a) GDPR through the cookie banner. Furthermore, when accessing and browsing the site, the provision of data collected through cookies is mandatory for technical cookies, while it is optional in other cases.

Data provided voluntarily by the User

In addition to what is specified above regarding browsing data and cookies, while browsing this site you may provide your personal data entirely voluntarily.

For example, this may happen:

a) by filling in contact forms to access free content (such as courses, materials, webinars, etc.). In these cases, I will process your data (such as name, e-mail and telephone number) to send you the requested content and any further information relating to my business. The legal basis for this processing is your consent, pursuant to Art. 6(1)(a) GDPR, which will be deemed given if you tick the relevant box at the foot of the form. Naturally, at any time you may withdraw your consent and thus no longer receive further content, simply by clicking on the relevant link at the foot of every message received, or by filling in the contact form on the site and specifying in the body of the message the reason for your request, relating to privacy and to the modification of data. The provision of this data is optional, but any refusal to provide it will not allow you to access this content.

For the sake of completeness, I should point out that the use of this content may take place on a different website, with the same Data Controller; in that case, you will find a different and specific information notice on the processing of your personal data.

b) by purchasing products. The purchase of products involves you providing a series of personal data, such as first name, surname, e-mail, telephone number, payment data, as well as any further data specified within the general terms and conditions of contract (which may provide for a specific identification procedure by the Data Subject), necessary for the conclusion of the contractual relationship and its performance, as well as for the fulfilment of any obligation provided for by and arising from the contract. In this case, the legal basis for the processing lies in the performance of a contract to which the data subject is party, pursuant to Art. 6(1)(b) GDPR, and in the legitimate interest of the Controller, pursuant to Art. 6(1)(f) GDPR, in particular to prevent abuse and fraud. The provision of this data is mandatory, since any refusal to provide it will not allow you to proceed with the purchase.

In this case too, I should point out that the purchase and use of the products may take place on a different website, with the same Data Controller, which will set out its own specific privacy policy.

c) through a request for information by telephone contact, instant messaging systems or contact forms. Within the site you will find various ways to get in touch with me and request information. In all these cases, the data acquired will be used to respond to your requests and provide you with information. In any case, in compliance with the principle of data minimisation, I will take care to collect only the personal data strictly necessary to respond in the best possible way. I ask you, however, never to transmit special categories of data pursuant to Art. 9 GDPR (such as, for example, data revealing racial or ethnic origin, political opinions, religious and philosophical beliefs, data concerning health, etc.).

The legal basis for this type of data processing lies in the performance of pre-contractual measures at the request of the data subject pursuant to Art. 6(1)(b) GDPR. The provision of this data is optional, but any refusal to provide it, in whole or in part, may prevent me from fulfilling your requests.

Further processing

Please note that the data provided for the purposes set out above could be used to send communications concerning similar products, on the basis of the legitimate interest of the Controller, pursuant to Art. 6(1)(f) GDPR and Recital 47 of the GDPR, as well as Art. 130(4) of the Privacy Code, it being understood that at any time you may exercise your right to object by clicking on the link at the foot of the communication or by filling in the contact form on the site, specifying in the body of the message the reason for your request, relating to privacy and to the modification of data.

Finally, all data provided through use of the site could be processed to pursue further legitimate interests of the Controller (e.g. to prevent abuse and fraud, for the establishment, exercise or defence of a legal claim) or for compliance with legal obligations, respectively pursuant to Art. 6(1)(f) and (c) GDPR.

5) Data retention policy

As regards browsing data, this will be retained for the time strictly necessary to fulfil the specific purpose of the processing, while you can find all the information on cookies within the dedicated policy.

The personal data provided for the purposes referred to in para. 4(a) of this policy will be retained until you withdraw your consent.

The personal data provided for the purposes referred to in para. 4(b) of this policy will be retained for the time necessary to fulfil the purpose, in particular for the entire duration of any contractual relationship concluded and, after its termination, for the ordinary limitation period of 10 years; in the event of judicial litigation, for the entire duration thereof, until the deadlines for bringing actions of challenge have expired, in any case subject to compliance with the legislation in force.

The personal data provided for the purposes referred to in para. 4(c) of this policy will be retained for the time strictly necessary to fulfil the request, unless a subsequent different purpose of the processing arises (such as, for example, the purchase of a product).

Should the processing become necessary to pursue further legitimate interests of the Controller or for compliance with legal obligations, the retention will have a differentiated duration depending on the applicable legislation.

Once the retention periods have elapsed, the data will be destroyed, erased or anonymised. At the same time, should other processing purposes subsequently arise, I will provide you with further information.

6) Processing methods and security measures

I store your personal data mainly in electronic form, adopting specific security measures aimed at preventing any breach of personal data, such as data loss, unlawful or incorrect uses and unauthorised access. However, such measures, due to the nature of the online transmission medium, cannot absolutely limit or exclude any risk of unauthorised access or dispersion of data. For this reason, I advise you to periodically check that you have software devices suitable for protecting the network transmission of data, both inbound and outbound (such as up-to-date antivirus systems), and that your Internet service provider has adopted suitable measures for the security of data transmission over the network (such as, for example, firewalls and anti-spam filters).

7) Disclosure of data

I will not disclose your personal data to third parties, except in those cases where it is indispensable, and only to the extent strictly necessary to achieve the purposes of the processing, as specified above.

Therefore, the data may be disclosed:

• to personnel duly authorised by the Controller;
• to third parties (such as third-party technical service providers, hosting providers, social media managers, IT companies, e-mail delivery providers, third parties providing administrative, payment and invoicing services, consultants, partners), appointed from time to time, where necessary, as Data Processors pursuant to Art. 4(8) GDPR, which defines a «data processor» as the natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
• to parties to whom the right to access the data is granted by legal provisions or regulations and to other parties provided for by law.

In any case, you may always ask me to provide you with the updated list of Data Processors. The data will not, however, be disseminated, i.e. disclosed to undefined parties.

8) Transfer of data outside the EU

Our servers are located within the European Union. However, in the event of transfers of data to non-EU countries (for example where the data temporarily transits on the servers of our suppliers), these will take place in compliance with the applicable legal provisions pursuant to Chapter V of the GDPR and with the commitment to adopt, or to require my suppliers to adopt, measures aimed at guaranteeing the level of protection of personal data required by the legislation.

9) Minors

If you are under 16 years of age (14 years if you are on Italian territory), consent is lawful only if given or authorised by the holder of parental responsibility. Furthermore, if you are under 18 years of age, you may purchase services only through a parent or guardian.

10) Changes to this policy

This policy may be subject to periodic updates, which I will publish here on the site.