This Privacy Policy describes how Vento Digitale di Marco Forlani ("we", "us", "our", or "Company") collects, uses, protects, and shares your personal information when you use our website www.ilariaargento.com (the "Website") and our services, including contact forms, product purchases, and general inquiries.
We are committed to protecting your privacy and ensuring transparency in how we handle your personal data in compliance with applicable data protection laws worldwide, including the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and Lei Geral de Proteção de Dados (LGPD).
2. DATA CONTROLLER
The data controller responsible for your personal information is:
Vento Digitale di Marco Forlani
Via Pietro Mascagni, 119
24033 Calusco d'Adda (BG)
Italy
We do not have a designated Data Protection Officer (DPO) as we do not meet the legal requirements necessitating one under applicable data protection regulations.
3. SCOPE AND APPLICABILITY
This Privacy Policy applies to:
All visitors and users of www.ilariaargento.com
Individuals who contact us through our web forms
Customers who purchase products or services from us
Any person whose personal data we process in connection with our business activities
Geographic Scope: This policy complies with privacy laws in the European Union (EU GDPR), United Kingdom (UK GDPR), California (CCPA), Brazil (LGPD), and other applicable jurisdictions worldwide.
4. INFORMATION WE COLLECT
4.1 Information You Provide Directly
When you interact with our Website or services, we may collect:
Contact Information:
First name and last name
Email address
Telephone number
Country and city
Mailing address (for product delivery)
Commercial Information:
Order details and transaction history
Product preferences
Payment information (processed by third-party providers)
Shipping and billing addresses
Invoice and fiscal data (as required by law)
Communications:
Contents of messages sent through contact forms
Email correspondence
Customer support inquiries
4.2 Information Collected Automatically
When you visit our Website, we automatically collect:
Technical Information:
IP address (anonymized for analytics)
Browser type and version
Operating system
Device information
Pages visited and time spent on pages
Referring website addresses
Click patterns and navigation paths
Cookies and Tracking Technologies:
Technical cookies for website functionality
Analytics cookies for aggregate traffic analysis (anonymized)
Session identifiers
We do NOT collect:
Sensitive personal data (health, religious beliefs, political opinions, etc.) unless legally required
Data from social media platforms
Behavioral profiling data for marketing purposes
5. PURPOSE AND LEGAL BASIS FOR PROCESSING
We collect and process your personal data for the following purposes:
5.1 Contact and Communication
Purpose: To respond to your inquiries, questions, and requests
Note: We do NOT conduct personalized marketing or behavioral profiling
6. COOKIES AND TRACKING TECHNOLOGIES
6.1 What Are Cookies
Cookies are small text files stored on your device when you visit our Website. They help us provide you with a better experience and analyze how our Website is used.
6.2 Types of Cookies We Use
Strictly Necessary Cookies (Technical Cookies)
Purpose: Essential for website functionality, navigation, and security
Duration: Session or persistent (up to 1 year)
Legal Basis: Legitimate interest - no consent required
Purpose: To understand how visitors use our Website through anonymized, aggregate data analysis
Duration: Up to 2 years
Legal Basis: Consent (can be declined)
Data Processing: All analytics data is anonymized and aggregated; we cannot identify individual users
No Third-Party Sharing: Analytics are processed internally; we do NOT share data with external analytics platforms
6.3 Cookies We Do NOT Use
We do NOT use:
Social media cookies or integrations
Advertising or marketing cookies
Third-party tracking cookies
Cross-site tracking technologies
Behavioral profiling cookies
6.4 Managing Cookie Preferences
Browser Controls:
You can control and manage cookies through your browser settings:
Chrome: Settings > Privacy and Security > Cookies
Firefox: Options > Privacy & Security > Cookies
Safari: Preferences > Privacy > Cookies
Edge: Settings > Privacy > Cookies
Blocking Cookies:
Blocking strictly necessary cookies may affect website functionality. Blocking analytics cookies will not impact your browsing experience.
Withdrawal of Consent:
You can withdraw consent for analytics cookies at any time by changing your browser settings or contacting us at info@ventodigitale.com.
6.5 Cookie List
Cookie Name
Type
Purpose
Duration
session_id
Technical
Session management
Session
security_token
Technical
Security and CSRF protection
Session
analytics_anon
Analytics
Anonymized traffic analysis
24 months
7. DATA SHARING AND DISCLOSURE
7.1 Third-Party Service Providers
We share your personal data only with trusted service providers who assist us in operating our business:
Hosting and Infrastructure:
Provider: Amazon Web Services (AWS)
Location: European Union data centers only
Purpose: Website hosting, data storage, backup, disaster recovery, and business continuity
Safeguards: AWS is GDPR-compliant; data remains within EU territory
Payment Processors:
Providers: PayPal, Paddle, Stripe, and banking institutions
Purpose: Processing online payments and transactions
Data Shared: Payment information, transaction details, billing addresses
Note: We do NOT store or access complete payment card information; this is handled securely by payment processors under PCI-DSS compliance
Shipping and Logistics:
Providers: Courier and shipping services
Purpose: Product delivery
Data Shared: Name, delivery address, telephone number, order details
7.2 Legal Obligations and Protection
We may disclose your personal information when:
Required by law, regulation, legal process, or governmental request
Necessary to protect our rights, property, or safety, or that of others
To detect, prevent, or address fraud, security, or technical issues
In connection with business transactions (mergers, acquisitions) with appropriate safeguards
7.3 What We Do NOT Do
We do NOT:
Sell, rent, or trade your personal information to third parties
Share your data for third-party marketing purposes
Transfer data outside the EU without appropriate safeguards
Use external social media platforms or analytics services that collect personal data
8. INTERNATIONAL DATA TRANSFERS
8.1 Data Storage Location
Your personal data is primarily stored and processed on AWS servers located within the European Union. We do not transfer data to servers outside the EU.
8.2 Payment Processor Transfers
Payment processors (PayPal, Paddle, Stripe) may transfer data internationally as part of their payment processing operations. These providers implement appropriate safeguards:
Standard Contractual Clauses (SCCs): Approved by the European Commission for international data transfers
Privacy Shield Framework: Where applicable, certified providers under the EU-U.S. and Swiss-U.S. Privacy Shield
Adequacy Decisions: Transfers only to countries recognized by the EU as providing adequate data protection
8.3 Safeguards for International Transfers
When data is transferred internationally, we ensure:
Use of European Commission-approved Standard Contractual Clauses
Compliance with GDPR Article 46 requirements
Regular assessment of data protection adequacy in recipient countries
Encryption and security measures during transmission (SSL/TLS)
9. DATA RETENTION
We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy:
9.1 Communication and Inquiry Data
Retention Period: Duration of correspondence plus 2 years for record-keeping
Purpose: Customer service history and business continuity
9.2 Commercial and Transaction Data
Retention Period:10 years from the end of the fiscal year
Legal Basis: Italian fiscal and tax law requirements (Codice Civile Art. 2220)
Data Covered: Invoices, orders, payment records, transaction details
9.3 Technical and Analytics Data
Retention Period: Up to 24 months
Purpose: Website improvement and security monitoring
Note: Data is anonymized and aggregated
9.4 Data Deletion
After retention periods expire:
Personal data is securely deleted or permanently anonymized
Backups containing expired data are overwritten within 90 days
You may request earlier deletion subject to legal retention requirements
10. YOUR RIGHTS
10.1 Rights Under GDPR (EU and UK)
If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights:
Right to Access (Art. 15 GDPR)
Request confirmation of whether we process your personal data
Obtain a copy of your personal data
Receive information about processing purposes, categories, and recipients
Right to Rectification (Art. 16 GDPR)
Request correction of inaccurate or incomplete personal data
Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)
Request deletion of your personal data under certain circumstances
Subject to legal retention obligations (e.g., 10-year fiscal records)
Right to Restrict Processing (Art. 18 GDPR)
Request limitation of processing under certain conditions
Right to Data Portability (Art. 20 GDPR)
Receive your personal data in a structured, commonly used, machine-readable format
Transmit data to another controller where technically feasible
Right to Object (Art. 21 GDPR)
Object to processing based on legitimate interests or for direct marketing purposes
Right to Withdraw Consent (Art. 7(3) GDPR)
Withdraw consent at any time where processing is based on consent
Does not affect the lawfulness of processing before withdrawal
Right Not to be Subject to Automated Decision-Making (Art. 22 GDPR)
Protection against solely automated decisions with legal or significant effects
Note: We do NOT use automated decision-making or profiling
Right to Lodge a Complaint
File a complaint with your local data protection authority (see Section 10.5)
10.2 Rights Under CCPA (California Residents)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
Right to Know
Request information about personal data collected, used, disclosed, or sold in the past 12 months
Request categories and specific pieces of personal information collected
Right to Delete
Request deletion of personal data we collected from you, subject to certain exceptions
Right to Opt-Out of Sale
Note: We do NOT sell personal information
Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights
Authorized Agent
You may designate an authorized agent to make requests on your behalf
Verification
We may require verification of your identity before fulfilling requests
10.3 Rights Under LGPD (Brazilian Residents)
If you are a Brazilian resident, you have rights under Lei Geral de Proteção de Dados:
Right to Confirmation and Access: Confirmation of processing and access to your data
Right to Correction: Correction of incomplete, inaccurate, or outdated data
Right to Anonymization, Blocking, or Deletion: Under certain circumstances
Right to Portability: Data portability to another service provider
Right to Information: About public and private entities with which we share data
Right to Information about Consent: Information about the possibility and consequences of not providing consent
Right to Revoke Consent: Revoke consent at any time
Right to Object: Object to processing in certain cases
10.4 How to Exercise Your Rights
To exercise any of the above rights, please contact us:
Autoridade Nacional de Proteção de Dados (ANPD):www.gov.br/anpd
11. DATA SECURITY
11.1 Security Measures
We implement appropriate technical and organizational security measures to protect your personal information:
Technical Measures:
SSL/TLS Encryption: All data transmitted between your device and our servers is encrypted using Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols
Secure Hosting: AWS infrastructure with enterprise-grade security, firewalls, and intrusion detection
Access Controls: Restricted access to personal data on a need-to-know basis
Regular Backups: Automated backup systems for data recovery and business continuity
Disaster Recovery: Comprehensive disaster recovery and business continuity plans within AWS EU infrastructure
Organizational Measures:
Confidentiality agreements with employees and service providers
Regular security training and awareness programs
Data breach response procedures
Privacy by design and by default principles
11.2 Security Limitations
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for:
Keeping your passwords and access credentials confidential
Using secure networks when accessing our Website
Promptly notifying us of any suspected security breaches
11.3 Data Breach Notification
In the event of a data breach affecting your personal information:
GDPR Compliance: We will notify affected individuals within 72 hours where required
Notification Contents: Nature of the breach, likely consequences, and measures taken
Supervisory Authority: We will report breaches to relevant data protection authorities as required by law
12. AUTOMATED DECISION-MAKING AND PROFILING
We do NOT use:
Automated decision-making processes
Profiling or behavioral analysis
Algorithmic decisions with legal or significant effects on individuals
AI-based processing of personal data for automated decisions
All decisions affecting your rights, services, or commercial relationships are made by human review.
13. CHILDREN'S PRIVACY
Our Website and services are not intended for children under the age of 16 (or the applicable age of digital consent in your jurisdiction).
We do NOT knowingly:
Collect personal information from children
Direct marketing or content toward children
Sell products or services to children
If you believe a child has provided us with personal information:
We will promptly investigate and delete such information
We may request verification of parental authority
Parental Rights:
Parents or legal guardians may request access to, correction, or deletion of their child's personal data by contacting us.
14. CHANGES TO THIS PRIVACY POLICY
14.1 Updates and Modifications
We may update this Privacy Policy from time to time to reflect:
Changes in our business practices
New legal or regulatory requirements
Technological advancements
User feedback
14.2 Notification of Changes
Material Changes:
We will notify you by email (if we have your email address) or by prominent notice on our Website
Notice will be provided at least 30 days before changes take effect
You may be required to provide renewed consent for material changes
Non-Material Changes:
Updated Privacy Policy will be posted on this page
"Last Updated" date at the top will be revised
We encourage periodic review of this Privacy Policy
14.3 Your Options
If you do not agree with changes to this Privacy Policy:
You may discontinue use of our Website and services
You may request deletion of your personal data (subject to legal retention requirements)
Contact us to discuss concerns or questions
15. THIRD-PARTY LINKS
Our Website may contain links to external websites not operated by us. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any external sites you visit.
16. BUSINESS TRANSFERS
In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of the business transaction. We will:
Notify you via email and/or prominent Website notice
Ensure the receiving party agrees to honor this Privacy Policy
Provide you with options regarding your personal data
17. CONTACT INFORMATION
17.1 Privacy Inquiries
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
Mail:
Vento Digitale di Marco Forlani
Via Pietro Mascagni, 119
24033 Calusco d'Adda (BG)
Italy
17.2 Data Protection Rights Requests
To exercise your data protection rights (access, rectification, erasure, etc.):
Email:info@ventodigitale.com Subject: Data Rights Request Include: Full name, email address, specific request details
17.3 Response Commitment
We commit to responding to all inquiries within:
General Inquiries: 5 business days
GDPR Requests: 30 days (may be extended by 60 days for complex requests)
CCPA Requests: 45 days (may be extended by 45 days)
LGPD Requests: 15 days
18. GOVERNING LAW AND JURISDICTION
18.1 Governing Law
This Privacy Policy is governed by:
Primary Jurisdiction: Laws of Italy and the European Union
EU GDPR: Regulation (EU) 2016/679
Italian Privacy Code: Legislative Decree 196/2003 (as amended)
18.2 Additional Jurisdictions
Where applicable, this Privacy Policy also complies with:
UK GDPR and UK Data Protection Act 2018
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Lei Geral de Proteção de Dados (LGPD) of Brazil
Other applicable international data protection laws
18.3 Dispute Resolution
Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Bergamo, Italy, except where otherwise required by mandatory consumer protection laws in your jurisdiction.
19. ACCEPTANCE OF THIS POLICY
By using our Website, submitting information through our contact forms, or purchasing products or services from us, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
If you do not agree with this Privacy Policy, please do not use our Website or services.
20. EFFECTIVE DATE
This Privacy Policy is effective as of the "Last Updated" date shown at the beginning of this document.
Current Version: November 2025 Previous Version: October 2025
APPENDIX: SPECIFIC PROVISIONS BY JURISDICTION
A. European Union and United Kingdom
Legal Basis: GDPR and UK GDPR
Supervisory Authority: National data protection authorities