1. Introduction
This Privacy Policy describes how the website https://matteocervelli.com collects, uses, and protects users’ personal data. I am committed to ensuring that your privacy is protected and that your personal data is processed in compliance with EU Regulation 679/2016 (GDPR) and Legislative Decree 196/2003 (Privacy Code).
2. Data Controller
- Identity: Cervelli Matteo
- Contact: legal@matteocervelli.com
3. Data Collected
- Navigation data: IP address, usage data (collected through Umami Analytics, Ahrefs Analytics)
- Personal data: email (newsletter subscription), name and contact information (Calendly)
- Payment data: transaction data and payment information (Stripe)
- Technical data: browser type and version, timezone setting and location, operating system and platform
- Collection methods: automatic (cookies) and voluntary (forms, Calendly, payments)
4. Processing Purposes
- Statistical traffic analysis (Umami Analytics, Ahrefs Analytics)
- Booking management (Calendly)
- Newsletter delivery with double opt-in (self-hosted via Mercurius, operated by Ad Limen Srl)
- Payment processing and transaction management (Stripe)
- Providing and improving Website services
- Compliance with legal obligations
5. Legal Basis for Processing
- Consent (Art. 6(1)(a) GDPR) for newsletter, non-technical cookies, and forms
- Contract execution (Art. 6(1)(b) GDPR) for payment processing and service delivery
- Legitimate interest (Art. 6(1)(f) GDPR) for statistical analysis and Website operation
- Legal obligation (Art. 6(1)(c) GDPR) for tax and accounting requirements
6. Third Parties
- Umami Analytics (self-hosted by Ad Limen Srl)
- Ahrefs Analytics (Ahrefs Pte. Ltd.)
- Calendly (Calendly LLC, USA)
- Stripe (Stripe Inc., USA) for payment processing
Newsletter data is processed by Ad Limen Srl (VAT IT01620560522, Loc. Salceto 99, 53036 Poggibonsi SI) using the self-hosted Mercurius gateway. No third-party newsletter provider receives subscriber data.
In cases where personal data is transferred to countries outside the European Union or the European Economic Area (such as the United States, where Calendly LLC and Stripe Inc. are based), we implement specific safeguards including:
- Standard Contractual Clauses approved by the European Commission that impose binding contractual obligations on data recipients
- Transfer Impact Assessments to verify destination country laws
- Supplementary measures such as encryption and data pseudonymization where necessary
7. Data Retention
Data is retained until consent withdrawal by the user or according to third-party policies.
8. Data Subject Rights
You can exercise the following rights:
- Right to access your personal data (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent
To exercise these rights, contact the Controller at: legal@matteocervelli.com
9. Security
The Controller implements appropriate technical and organizational measures to protect personal data from loss, misuse, or unauthorized access, including encryption where appropriate. The website is self-hosted on infrastructure operated by Ad Limen Srl.
10. Changes to Privacy Policy
The Controller reserves the right to modify this Privacy Policy at any time. Changes will be published on the Website and, if significant, a notification may be provided.
Regulatory Reference
- EU Regulation 679/2016 (GDPR), Art. 13 and 14 (Information obligations)
- California residents: rights under the California Consumer Privacy Act (CCPA)