Privacy Policy
Thank you for your interest in my Privacy Policy. This Privacy Policy applies to my website, www.maurocarac.com operated by me, Mauro Caracuzzo of Via della libertà 9, San Gemini (TR), Italy, and the third parties I'm using to provide the website (“we”, “us”, “our”).
Background
This Privacy Policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum, to make sure you understand the information provided. However, to achieve this objective I would like to explain you the following three concepts.
What is Personal Data?
Personal Data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute Personal Data.
What is Processing?
"Processing" means and covers virtually any handling of data.
What law applies?
I act as the data controller in accordance with Italy`s Data Protection Code (“DPC”) and the EU's General Data Protection Regulation (“GDPR”).
General Principles
Purpose and legal basis of processing
In accordance with the DPC and GDPR we need to have both a purpose and a legal basis to process Personal Data. The purposes are:
* providing the website and its functions and contents,
* responding to contact requests and communicating with my clients, followers and website users,
* showcasing some of my art and offering my artwork portfolio, and
* security measures.
Of course, we can only do that if we have at least one of the following legal bases or in other words lawful reasons to do so. Unless specifically described below, we typically link the above purposes to one of the following:
* consent,
* to fulfill our services and carry out contractual obligations,
* to fulfill our legal obligations, and
* to protect our legitimate interests.
Security
My website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, login data or contact requests that you send to us. We have also implemented numerous security measures (“technical and organizational measures”) for example encryption or need to know access, to ensure the most complete protection of Personal Data processed through my website.
Nevertheless, internet-based data transmissions can always have security gaps, so absolute protection cannot be guaranteed. In this sense, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, I will notify all affected individuals whose Personal Data may have been compromised as expeditiously as possible after which the breach was discovered.
Retention and Storage
I retain your Personal Data as necessary in connection with the purposes described in this Privacy Policy.
Minors
I do not request Personal Data from minors and children and do not knowingly collect such data or pass it on to third parties.
Automated decision-making
Automated decision-making including profiling does not take place.
Do Not Sell
I do not sell your Personal Data.
Special Category Data
Unless specifically required and consent is obtained, for a particular service, I do not process special category data.
International Transfer
In the course of my website operation, we process data. We usually do not transfer Personal Data to countries outside Italy and the EEA. However, if we do, I will make sure that processing of your Personal Data is governed by Processing Agreements that include Standard Contractual Clauses for a high level of data protection.
Sharing and Disclosure
We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of my services, b) you have consented to the disclosure, c) or if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or other legal proceedings at home or abroad or to fulfill our legitimate interests.
Marketing
If you have given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
Direct Marketing generally takes the form of email but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out. The legal basis for processing is the initiation of a contract, our legitimate interest and your consent.
Data collection and processing
Data that is collected automatically
i) Log files
Each time you visit my website, a number of general data and information is transmitted - even if you use my website for purely informational purposes. I only collect the general data and information that your browser transmits to my website's server. This data and information are collected are technically necessary for the display my website to you and that serve the stability, security and danger or threat prevention in the event of attacks on my website, such as:
* IP address
* date and time of an access to the website
* type and version of browser used
* operating system used and its interface
* the website from which an accessing system arrives at my website (so-called referrer)
* sub-websites that are accessed via an accessing system on my website,
* Internet service provider of the accessing system.
This data is deleted after the storage is no longer necessary for error analysis or danger or threat prevention. The legal basis for this data processing is my legitimate interest. When analyzing these general data and information, I do not draw any conclusions about you as a data subject.
ii) Hosting
We host my website using the services of Squarespace. In this sense, Squarespace processes all data and communication data including IP addresses, that are provided to us through my website. This means that all data submitted to my website are transferred to Squarespace. The legal basis for processing is our legitimate interest.
iii) Content Management System
We use the Content Management System (CMS) of Squarespace, to publish and maintain the created and edited Content and texts on my website. This means that all content and texts submitted to us by users for publication is transferred to Squarespace. The legal basis for this processing is my legitimate interest.
iv) Fonts
We have integrated Google Fonts and the Fonts of Typekit by Adobe on my website. This means that when your browser connects to my website, Google’s and Adobe’s servers transmit the fonts back to your browser to display them properly. In that sense, Google and Adobe become aware of your i) IP address; and ii) other technical data related to your access. The integration is based on our legitimate interest.
v) reCAPTCHA
We also use Google`s reCAPTCHA to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as you enter my website. The legal basis is our legitimate interest.
vi) Cookies
We use so-called Essential or Necessary cookies on my website. In accordance with the DPC and the EU`s Privacy and Electronic Communications Directive (“PECD”) we are required to obtain your consent before placing so-called Non-Essential Cookies (Functional cookies, Analysis and Performance Cookies, Advertising Cookies or Targeting Cookies). However, as we have refrained from placing Non-Essential Cookies, we are not required to obtain any consents nor to have a cookie consent tool. Nonetheless, this may change in the future and if we do use Non-Essential Cookies we will provide a Cookie Policy.
Data from third party sources
We may obtain data about you from third-party sources, such as from social networks, and other third parties. We may use this data to better analyze your user behavior to improve our ability to provide you with relevant marketing information and services, and to prevent and combat fraud.
Data that is collected directly
i) Contacting me
If you contact me, your transmitted Personal Data will be automatically stored for the purpose of processing the request or replying to you. Data processing for the purpose of contacting me is carried out on the basis of your voluntarily given consent or the initiation of a contractual service.
ii) Social Media
I`m present on social media on the basis of my legitimate interest (currently Instagram). If you contact me via social media, I and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis is my legitimate interest, your consent or, in some cases, the initiation of a contractual service, if any.
v) When you work with me
The protection of your data is particularly important to me in the performance of my services. I therefore only want to process as much Personal Data (for example, your name, address, e-mail address or telephone number) as is absolutely necessary. Nevertheless, I rely on the processing of certain personal data, in order to fulfill my contractual obligations to you or to carry out pre-contractual measures. This processing of personal data will always be carried out in accordance with DPC and the GDPR and in accordance with our separate privacy policy.
vi) Administration, financial accounting, office organization, contact management
I process data in the context of administrative tasks as well as organization of our operations, and compliance with legal obligations, such as archiving. In this regard, I process the same data that I process in the course of providing my contractual services. The processing bases are my legal obligations and my legitimate interest.
Your Rights and Privileges
Privacy Rights
You can exercise the following rights:
* Right to information
* Right to rectification
* Right to deletion
* Right to data portability
* Right of objection
* Right to withdraw consent
* Right to complain to a supervisory authority
* Right not to be subject to a decision based solely on automated processing
If you have any questions, please contact us.
Updating your information
If you believe that the information I hold about you is inaccurate or request its rectification, deletion, or object to its processing, please do so by contacting me.
Withdrawing your consent
You can withdraw consents you have given at any time by contacting me.
Access Request
In the event you want to make a Data Subject Access Request, please contact us. I will respond to requests regarding access and correction as soon as reasonably possible. Should I not be able to respond to your request within thirty (30) days, I will tell you why and when I will be able to respond to your request. If I`m unable to provide you with any Personal Data or to make a correction requested by you, I will tell you why.
Complaint to a supervisory authority
You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. The supervisory authority in Italy is the Garante per la Protezione dei Dati Personali (Garante”) Piazza Venezia n. 11 - 00187 Rome (Italy), www.garanteprivacy.it. However, we would appreciate the opportunity to address your concerns before you contact the Garante.
Changes
I may update this Privacy Policy from time to time. If I make changes to this Privacy Policy or we materially change our use of your Personal Data, I will revise the Privacy Policy accordingly.
Questions?
If you have any questions about the processing of your Personal Data, please contact me.
Effective Date
This Privacy Policy was last updated on Tuesday, 10. October, 2023.