logo-sito

PRIVACY POLICY PURSUANT TO REGULATION (EU) 2016/679 (GDPR)

Last updated: January 28, 2026

Dear User, the protection of your personal data is a priority for us. Below, we explain how, why, and for how long we process your personal information when you visit toniodistefano.com.

1. DATA CONTROLLER

The Data Controller is:

Tonio Di Stefano

Registered Office: Via Clementi 5, 04100 Latina (LT), Italy.

Contact Email: [email protected]

2. TYPES OF DATA COLLECTED

We collect the following data necessary to provide our services:

  • Identification and Contact Data: Name, surname, email address, phone number.
  • Shipping/Billing Data: Physical address, date of birth (for tax verification), tax code/VAT number (if required for invoicing).
  • Payment Data: Transactions take place on external secure gateways (Mastercard/Visa/PayPal). We do not store your credit card details; we only receive confirmation of the successful transaction.
  • Browsing and Statistical Data: IP address, website usage data via Google Analytics 4.


3. PURPOSES AND LEGAL BASIS FOR PROCESSING

Your data is processed only when there is a valid legal basis:

Purpose

Legal Basis

Order fulfillment and sales: Managing the purchase of prints or photography services.

Performance of a contract (Art. 6.1.b GDPR)

Newsletter and Marketing: Sending promotional communications and news.

Explicit consent of the data subject (Art. 6.1.a GDPR)

Tax Obligations: Bookkeeping and invoicing.

Legal obligation (Art. 6.1.c GDPR)

Statistical Analysis: Monitoring website traffic via Google Analytics.

Consent (Cookie Banner) or Legitimate Interest (if anonymized)

Security: Prevention of fraud or cyber attacks.

Legitimate interest (Art. 6.1.f GDPR)

4. PROCESSING METHODS AND SECURITY

Your data is processed using IT tools and adequate security measures (SSL encryption) to prevent loss, illicit use, or unauthorized access.

5. DATA TRANSFER OUTSIDE THE EU

We use third-party services such as Google Analytics 4. Data transfer to the United States takes place in compliance with the EU-U.S. Data Privacy Framework, ensuring a level of protection equivalent to European standards. Where possible, we have activated IP address anonymization.

6. RETENTION PERIOD

We apply strict criteria to limit data retention:

  • Contractual/Tax Data: Kept for 10 years, as required by Italian civil and tax regulations.
  • Newsletter Data: Kept until your request for unsubscription (opt-out), which you can exercise at any time via the link at the bottom of the emails.
  • Browsing Data: Kept for a maximum period of 14 months (standard GA4 setting).


7. YOUR RIGHTS (Art. 15-22 GDPR)

At any time, you have the right to:

  1. Access your data and receive a copy.
  2. Request rectification or erasure (right to be forgotten).
  3. Object to processing for marketing purposes.
  4. Request data portability.
  5. Withdraw the consent provided (without affecting the lawfulness of previous processing).


To exercise your rights, please write to: [email protected]. You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

8. COOKIE POLICY

This site uses cookies. For granular management of your preferences and to know in detail which cookies we use, please consult our Cookie Policy.

9. CHANGES TO THIS POLICY

The Data Controller reserves the right to modify this policy. In the event of substantial changes, we will notify registered users or provide a prominent notice on the site. Continued use after the change implies acceptance of the new version.

0