PRIVACY & COOKIE POLICY (PCP)
FIRMIAMO LE TUE CREAZIONI®
VERSION 5.0 of 26-08-2025
Table of Contents
Art. 1 – Data Controller and DPO
Art. 2 – Types of data processed
Art. 3 – Purposes and legal bases
Art. 4 – Data retention
Art. 5 – Recipients and Transfers
Art. 6 – Data subjects' rights
Art. 7 – Data Security and Data Breach
Art. 8 – Cookie Policy
Art. 9 – Link to the GTC
Art. 10 – Amendments
Art. 1 – Data Controller and DPO
1.1. The Data Controller of personal data is:
PROGETTIAMO EVENTI di Siricola Anna
brand FIRMIAMO LE TUE CREAZIONI® (hereinafter, FIRMIAMO®)
Headquarters: via Pomaretto 6/B – 10135 Turin (Italy)
VAT number 1222950014 – REA TO-1274536 – ARTISAN company Register TO-379913
Privacy Contacts:
· Email: info@firmiamoletuecreazioni.com
· WhatsApp: +39 3475074852
· PEC: progettiamoeventi@pec.it
1.2. DPO
FIRMIAMO® is not required to appoint a Data Protection Officer (DPO),
as the conditions referred to in Art. 37 GDPR (absence of large-scale processing,
special categories of data or systematic monitoring) are not met.
For any privacy request, however, you can contact the Data Controller using the contact details provided above.
Art. 2 – Types of data processed
· Identification data (name, surname, address, email, phone, tax code/VAT number)
· Transactional data (orders, payments, invoicing)
· Navigation data (IP, access logs, user agent, technical cookies)
· Marketing/profiling data (only with prior consent)
FIRMIAMO® does not intentionally process sensitive data (Art. 9 GDPR).
Any special data spontaneously communicated by the user will be deleted immediately.
Art. 3 – Purposes and legal bases
3.1. Processing takes place for:
· Contract execution (Art. 6.1.b GDPR): order fulfillment, shipments, customer support.
· Legal obligations (Art. 6.1.c GDPR): tax, accounting, regulatory compliance.
· Explicit consent (Art. 6.1.a GDPR): newsletter, marketing cookies, profiling.
· Legitimate interest (Art. 6.1.f GDPR)
3.2. Details of legitimate interest
· Cybersecurity: technical monitoring to prevent fraud, attacks, or unlawful use.
· Legal protection: data retention for legal defense.
Balancing: such processing is limited, proportionate and does not override the rights of the data subject, who can object at any time (Art. 21 GDPR).
Art. 4 – Data retention
· Contractual and fiscal data: 10 years (legal obligation).
· Newsletter/marketing data: until consent is revoked.
· Navigation data: maximum 24 months.
Criteria:
The duration is defined based on legal obligations, contractual needs, and the principle of minimization (Art. 5.1.e GDPR). The maximum duration for technical logs is based on Art. 132 of the Privacy Code (Legislative Decree 196/2003, as amended), which allows retention for up to 24 months for security purposes and the detection of computer crimes.
Art. 5 – Recipients and Transfers
5.1. Data may be communicated to:
· Couriers/shippers (GLS, Poste Italiane, etc.)
· EU IT/hosting providers
· Accounting/tax/legal consultants
· Competent authorities (if required by law)
5.2. International Transfers
Any extra-EU transfers (e.g., USA for digital tools like Google or Meta) only occur if supported by adequacy decisions (Art. 45 GDPR),
Standard Contractual Clauses (Art. 46 GDPR) or other appropriate safeguards.
Upon request, FIRMIAMO® provides details on the specific measures adopted.
5.3. Data Processors
FIRMIAMO®'s service providers (e.g., hosting, newsletter, shippers, payments) act as external data processors under Art. 28 GDPR, based on contracts that ensure adequate technical and organizational measures.
Art. 6 – Data subjects' rights
6.1. Users may exercise their rights under Articles 15–22 GDPR at any time:
· Data access
· Rectification or erasure
· Restriction and objection
· Portability
· Withdrawal of consent
Requests via email to info@firmiamoletuecreazioni.com or via PEC.
6.2. Complaints to the Guarantor
Users have the right to lodge a complaint with the Italian Data Protection Authority:
· Website: www.gpdp.it
· Email: garante@gpdp.it
· Phone: +39 06.696771
Art. 7 – Data Security and Data Breach
7.1. FIRMIAMO® adopts appropriate technical and organizational measures, including:
· Protected connection SSL/TLS
· Encrypted periodic backups
· Authentication with unique credentials
· Data access restricted to authorized personnel
· System monitoring against malware and cyber attacks
In the event of a data breach, FIRMIAMO® will notify the Guarantor and data subjects without delay, if the risk is high (Art. 33–34 GDPR).
7.2. Right to erasure
In case of erasure requests concerning data published online, FIRMIAMO® will assess the balance with other fundamental rights (e.g., freedom of expression, legal obligations) according to the criteria established by the ECJ and the EDPB Guidelines.
Art. 8 – Cookie Policy
8.1. Types
· Technical cookies: necessary for website operation.
· Anonymized analytical cookies: aggregated statistics.
· Profiling/marketing cookies: only with prior consent.
8.2. Management
Banner compliant with Guarantor Provision 10.06.2021: accept all, reject, customize.
8.3. Cookie Table
|
Cookie/Service |
Purpose |
Duration |
Opt-out |
|
Google Analytics 4 (anonymized IP) |
Aggregated statistics |
26 months |
|
|
Meta Pixel (Facebook/Instagram) |
Personalized marketing |
90 days |
|
|
Mailchimp/Sendinblue |
Newsletter sending |
Until consent is revoked |
Art. 9 – Link to the GTC (General Terms and Conditions of Sale)
This Policy integrates Art. 9 GTC. For processing related to contract execution, the pre-contractual information contained in the GTC also applies.
Art. 10 – Amendments
This policy may be updated due to regulatory or technical changes.
Registered users will be informed via email in case of substantial changes.
📌 Last updated: August 26, 2025
📌 Version: 5.0 – Privacy & Cookie Policy FIRMIAMO®

