Privacy Policy and Technical Cookies Information

1. Data Controller

The Data Controller is:

• Giovanni Carrieri
• Registered office: Via Camillo Rosalba, 49 - 70124 Bari (BA), Italy
• VAT Number: IT07669810728
• Email: info@giovannicarrieri.com
• Phone: +39 340 4020556

2. Personal Data Collected and Purpose of Processing

2.1 Data Collected Through the Contact Form

The website collects the following personal data when users fill out the contact form:

• Name and Surname
• Email address
• Message subject (optional)
• Message content

Purpose of processing:

Data collected through the contact form is processed exclusively for the following purposes:

• Responding to user requests
• Providing information about photography services offered
• Processing quotations or purchase requests
• Managing communication with potential clients

Legal basis for processing:

The processing of personal data collected through the contact form is based on consent freely given by the data subject when sending the message, as well as on the performance of pre-contractual measures taken at the request of the data subject (Art. 6, paragraph 1, lett. a) and b) of the GDPR).

3. Data Retention Period

In accordance with the storage limitation principle (Art. 5, paragraph 1, lett. e) of the GDPR), personal data collected through the contact form will be retained only for the time strictly necessary to achieve the purposes for which they were collected.

Specifically:

• General information requests: data will be retained for a maximum period of 12 months from receipt of the message, unless retention is necessary to comply with legal obligations or to manage any disputes.
• Quotation requests or commercial negotiations: data may be retained for a maximum period of 24 months to allow completion of the negotiation and possible execution of the contract.
• Acquired customers: if the request results in a contract, data will be retained for the duration of the contractual relationship and subsequently for the period required by current tax and accounting regulations (currently 10 years from the last accounting entry).

At the end of the retention period, personal data will be deleted or made irreversibly anonymous.

4. Processing Methods and Security Measures

Personal data are processed using IT and telematic tools, adopting appropriate technical and organizational security measures to ensure a level of security appropriate to the risk, in compliance with Arts. 32-34 of the GDPR.

In particular, the Data Controller adopts the following security measures:

• Protection through HTTPS protocol for secure data transmission
• Measures to protect against unauthorized access
• Restriction of data access to authorized personnel only
• Regular backups to prevent accidental data loss
• Personal data breach management procedures

5. Recipients of Personal Data

Personal data collected may be disclosed exclusively to the following recipients, strictly as necessary for processing purposes:

• Technical service providers: companies providing hosting services, website maintenance, and IT infrastructure management, acting as Data Processors pursuant to Art. 28 of the GDPR;
• Professional advisors: accountants, lawyers, or other professionals assisting the Data Controller in carrying out their business, bound by professional confidentiality obligations;
• Public authorities: in case of legitimate requests from competent authorities to comply with legal obligations.

Personal data will never be sold to third parties for commercial or marketing purposes without the prior explicit consent of the data subject.

6. International Data Transfers

Personal data are stored on servers located within the European Union. Should it be necessary to transfer data outside the European Economic Area, the Data Controller guarantees that such transfer will comply with the provisions of Chapter V of the GDPR, through the adoption of adequate safeguards (such as Standard Contractual Clauses approved by the European Commission).

7. Data Subject Rights

In accordance with Arts. 15-22 of the GDPR, the data subject has the right to:

• Right of access (Art. 15): obtain confirmation of whether personal data concerning them is being processed and, if so, obtain a copy;
• Right to rectification (Art. 16): obtain rectification of inaccurate personal data or completion of incomplete data;
• Right to erasure (Art. 17): obtain erasure of personal data ("right to be forgotten"), in cases provided by law;
• Right to restriction of processing (Art. 18): obtain restriction of processing in cases provided by law;
• Right to data portability (Art. 20): receive personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller;
• Right to object (Art. 21): object at any time to the processing of personal data;
• Right to withdraw consent (Art. 7, paragraph 3): withdraw consent at any time, without prejudice to the lawfulness of processing based on consent given before withdrawal;
• Right to lodge a complaint (Art. 77): lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

To exercise their rights, the data subject can contact the Data Controller:

• By email: info@giovannicarrieri.com
• By ordinary mail: Via Camillo Rosalba, 49 - 70124 Bari (BA), Italy

The Data Controller will respond to requests within 30 days of receipt, subject to an extension of a further 60 days in case of request complexity, promptly informing the data subject of the reasons for the delay.

8. Cookie and Other Tracking Tools Information

8.1 What Are Cookies

Cookies are small text files that visited websites send and record on the user's computer or mobile device, to be retransmitted to the same sites on subsequent visits. Cookies are used for different purposes, such as performing computer authentication, monitoring sessions, and storing specific information regarding users accessing the server.

8.2 Types of Cookies Used by This Website

This website uses exclusively technical cookies, which are essential for the proper functioning of the website and to enable navigation and use of its features.

Technical Cookies Used:

Type	Description	Duration
Session Cookies	Necessary to maintain the user's browsing state during the visit to the site. They are automatically deleted when the browser is closed.	Session (until browser closure)
Functional Cookies	Allow the site to remember choices made by the user (such as the selected language) to provide improved and personalized functionality.	Up to 12 months
Security Tokens	Used to prevent cyberattacks (such as Cross-Site Request Forgery) and ensure the security of the contact form.	Session

8.3 Third-Party Cookies

The site does not use profiling cookies or third-party cookies for marketing, advertising, or user behavior analysis purposes.

8.4 Legal Basis and Consent

In accordance with the Italian Data Protection Authority Guidelines of June 10, 2021, technical cookies do not require the user's prior consent, as they are strictly necessary for the provision of the service requested by the user.

Therefore, this website does not display any cookie banner as no cookies requiring user consent are used.

8.5 Cookie Management

Users can still manage or disable cookies by modifying their browser settings. Please note, however, that disabling technical cookies may compromise the proper functioning of the site and prevent access to certain features.

For more information on how to manage cookies in major browsers:

• Google Chrome
• Mozilla Firefox
• Safari (Mac)
• Safari (iPhone/iPad)
• Microsoft Edge

8.6 Passive Identifiers and Fingerprinting

This site does not use fingerprinting techniques or other passive identifiers to track users.

9. Changes to This Privacy Policy

The Data Controller reserves the right to modify, update, or supplement this Privacy Policy at any time, particularly in case of regulatory changes or variations in personal data processing methods.

Changes will be published on this page and will be effective from the date of publication. It is therefore advisable to regularly consult this page to check for updates.

The date of the last update is indicated at the beginning of this document.

10. Legal References

This Privacy Policy is drafted in compliance with:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)
• Italian Legislative Decree No. 196 of 30 June 2003 (Personal Data Protection Code) as amended by Legislative Decree 101/2018
• Guidelines on cookies and other tracking tools of the Italian Data Protection Authority (10 June 2021)
• Provisions and guidelines of the Italian Data Protection Authority