Privacy Policy

How we collect, use and protect your personal information

Data Protection

Your privacy is important to us. We are committed to protecting your personal information and using it only for the purposes specified in this policy.

Data Controller

Company Name: Ex Vulcano di Pascazio Donato

Address: Via Imbriani, 59, Modugno, Bari, Italy

Email: info@exvulcano.com

Phone: +39 380 192 1594

PEC: exvulcano@pec.it

VAT Number: IT09081970726

Types of Data Collected Through This Site

Through our website, we collect and process exclusively the following categories of personal data:

Anonymous Technical Navigation Data

Esempi: IP address (anonymized), browser type, operating system, pages visited, visit duration

Fonte: Automatically collected during navigation

Anonymous Performance Metrics

Esempi: Core Web Vitals (LCP, FID, CLS), loading times, rendering metrics

Fonte: Automatically collected by the browser during navigation

Server Technical Logs

Esempi: Request timestamps, requested URLs, HTTP status codes, user agent

Fonte: Automatically generated by the web server to ensure proper site operation

Technical logs are used exclusively for security, maintenance and diagnostic purposes. They are not used for profiling or user tracking

Payment Data

Esempi: Credit card information (handled directly by Stripe), billing data, transaction amount

Fonte: Provided by the user during the payment process

Sensitive credit card data is managed exclusively by Stripe and is never stored on our servers

Purpose of Processing

Your personal data collected through this site is processed exclusively for the following purposes:

Anonymous Statistical Analysis of the Site

To understand how the website is used, which sections are most visited, which contents are most useful, in order to improve the browsing experience. Data is collected anonymously and in aggregate form through privacy-first analytics services, without the use of cookies and without the possibility of identifying individual users.

Base giuridica: Legitimate interest (Art. 6.1.f GDPR)

Not required

Site Performance Monitoring

To measure and optimize website performance, identify technical issues and ensure a fast and smooth browsing experience. Data is collected anonymously.

Base giuridica: Legitimate interest (Art. 6.1.f GDPR)

Not required

Site Security and Maintenance

To ensure website security, prevent cyber attacks, resolve technical issues and optimize performance through analysis of server technical logs.

Base giuridica: Legitimate interest (Art. 6.1.f GDPR)

Not required

Payment Processing

To process subscription payments, ensure secure transactions compliant with PCI-DSS standards.

Base giuridica: Contract execution (Art. 6.1.b GDPR)

Not required

Legal Compliance

To comply with obligations under laws and regulations (e.g., retention of commercial communications, responses to requests from competent authorities).

Base giuridica: Legal obligation (Art. 6.1.c GDPR)

Not required

Legal Basis for Processing

The processing of your personal data collected through this site is based on:

Execution of Pre-contractual Measures

Processing is necessary to respond to your requests for information and quotes before the conclusion of a possible contract (Art. 6.1.b GDPR).

Legitimate Interest

Processing is necessary for the legitimate interest of the Data Controller, such as managing communications with customers, improving the website through anonymous analytics and IT system security (Art. 6.1.f GDPR).

Data Recipients

Your personal data collected through this site may be communicated to the following categories of recipients:

Anonymous Analytics Services (Privacy-first Analytics Platform)

Finalità: Collection of anonymous and aggregate statistics on site navigation to improve user experience.

Sede: United States

Privacy-first: does not use cookies, does not track users individually, collects only aggregate and anonymous data

Our analytics platform is designed to respect user privacy: data is anonymized at source, individual visitors cannot be identified and no tracking cookies are used.

Performance Monitoring Services (Performance Monitoring Platform)

Finalità: Collection of anonymous performance metrics to optimize speed and browsing experience.

Sede: United States

Privacy-first: does not use cookies, collects only anonymous technical metrics

Our performance monitoring platform collects exclusively technical performance data, without identifying users.

Payment Infrastructure (Stripe Inc.)

Finalità: Secure processing of payments for subscriptions and services.

Sede: United States and European Union

PCI-DSS Level 1 Certification, Standard Contractual Clauses, end-to-end encryption

Hosting Infrastructure and Cloud Services

Finalità: Website hosting, database and cloud infrastructure to ensure site availability and performance.

Sede: European Union and United States

GDPR compliant with Standard Contractual Clauses (SCC) for extra-EU transfers

We use professional hosting providers that guarantee high standards of security and GDPR compliance.

Consultants and Professionals

Finalità: Support for legal, tax and administrative compliance (accountants, lawyers).

Sede: Italy

They access data only when strictly necessary and are bound by professional secrecy.

Public Authorities

Finalità: Communication upon request of competent authorities for legal compliance (Data Protection Authority, Law Enforcement, Tax Agency).

Sede: Italy

All external suppliers who process data on our behalf are appointed as Data Processors pursuant to Art. 28 GDPR and are contractually obliged to ensure data security and confidentiality. We DO NOT sell, rent or transfer your data to third parties for commercial or marketing purposes.

Extra-EU Data Transfers

Some of the technological services we use involve the transfer of data to countries outside the EU, particularly the United States. These transfers occur in compliance with the safeguards provided by GDPR:

Anonymization and Minimization

For analytics services, data is anonymized at source and collected in aggregate form, eliminating the possibility of identifying individual users.

Standard Contractual Clauses (SCC)

Standard contractual clauses approved by the European Commission that guarantee an adequate level of protection for data transferred to countries outside the EU.

Data Processing Agreement (DPA)

Binding agreements with service providers that specify responsibilities, security measures and data subject rights.

PCI-DSS Compliance

Stripe is PCI-DSS Level 1 certified, the highest level of payment security compliance.

End-to-end Encryption

All payment data is encrypted during transmission and storage.

Encryption and Technical Security

All transferred data is protected by TLS/SSL encryption in transit and encryption at rest on servers, ensuring that only authorized parties can access it.

We constantly monitor developments in regulations on international data transfers and are committed to adopting the most appropriate measures to ensure the protection of your personal data.

Data Retention Period

Personal data collected through this site is retained for the time strictly necessary for the purposes for which it was collected:

Anonymous Analytics Data

Retained in aggregate and anonymous form without time limits, as they do not allow identification of individual users

Performance Metrics

Retained in aggregate and anonymous form without time limits

Server Technical Logs

Maximum 90 days, used exclusively for security, diagnostics and technical problem resolution

Payment Data

10 years from the transaction (Italian tax obligations - D.P.R. 600/1973)

After the retention period, data will be securely deleted or made irreversibly anonymous. You can request early deletion of your data at any time, except for legal obligations that require their retention.

For further information:

Contact us at info@exvulcano.com or by phone at +39 380 192 1594