Privacy Policy

Last updated: March 11, 2025

1. Introduction

This Privacy Policy describes how the website https://matteocervelli.com collects, uses, and protects users’ personal data. We are committed to ensuring that your privacy is protected and that your personal data is processed in compliance with EU Regulation 679/2016 (GDPR) and Legislative Decree 196/2003 (Privacy Code).

2. Data Controller

• Identity: Cervelli Matteo
• Contact: [email protected]

2. Data Collected

• Navigation data: IP address, usage data (collected through Google Analytics, Umami Analytics, Ahrefs Analytics, Swiper.js)
• Personal data: email (newsletter via Kit), name and contact information (Calendly)
• Technical data: browser type and version, timezone setting and location, operating system and platform
• Collection methods: automatic (cookies) and voluntary (forms, Calendly)

3. Processing Purposes

• Statistical traffic analysis (Google Analytics, Umami Analytics, Ahrefs Analytics)
• Booking management (Calendly)
• Newsletter delivery with double opt-in (Kit)
• Providing and improving Website services
• Compliance with legal obligations

4. Legal Basis for Processing

• Consent (Art. 6(1)(a) GDPR) for newsletter, non-technical cookies, and forms
• Legitimate interest (Art. 6(1)(f) GDPR) for statistical analysis and Website operation
• Contract execution when using our services

5. Third Parties

• Google Analytics (Google LLC, USA)
• Umami Analytics (cloud.umami.is)
• Ahrefs Analytics (Ahrefs Pte. Ltd.)
• Calendly (Calendly LLC, USA)
• Kit (newsletter)

In cases where personal data is transferred to countries outside the European Union or the European Economic Area (such as the United States, where Google LLC and Calendly LLC are based), we implement specific safeguards including:

• Standard Contractual Clauses approved by the European Commission that impose binding contractual obligations on data recipients
• Transfer Impact Assessments to verify destination country laws
• Supplementary measures such as encryption and data pseudonymization where necessary
• For some service providers (such as Google), we also rely on their adherence to the EU-US Data Privacy Framework, which provides adequate guarantees for data transfers

6. Data Retention

Data is retained until consent withdrawal by the user or according to third-party policies.

6. Data Subject Rights

You can exercise the following rights:

• Right to access your personal data (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent

To exercise these rights, contact the Controller at: [email protected]

8. Security

The Controller implements appropriate technical and organizational measures to protect personal data from loss, misuse, or unauthorized access, including encryption where appropriate.

9. Changes to Privacy Policy

The Controller reserves the right to modify this Privacy Policy at any time. Changes will be published on the Website and, if significant, a notification may be provided.

Regulatory Reference

• EU Regulation 679/2016 (GDPR), Art. 13 and 14 (Information obligations)
• California residents: rights under the California Consumer Privacy Act (CCPA)