Privacy policy
This Privacy Policy describes how Davide Falzone (data controller) collects, uses and stores personal data gathered through this website, in compliance with GDPR (EU Regulation 2016/679).
1. Data controller
The controller of personal data collected through this website is Davide Falzone (Italian Tax Code: FLZDVD90M29F205S), hereinafter also "the Controller", operating under the brand ALPHA DAVIS.
To exercise the rights set forth in GDPR Articles 15-22 (access, rectification, erasure, restriction, objection, portability) or for any inquiry regarding the processing of personal data, the Controller can be contacted at: davidefalzonework@gmail.com.
2. Categories of data collected
Contact form: name, email, request subject, message, optional company, indicative budget, project type and preferred language.
Technical data: IP address (hashed SHA-256 with server-side salt, never stored in clear), browser user agent, submission timestamp, evidence of consent given to the form (timestamp + policy version in force at the moment of consent, GDPR Art. 7 demonstrability).
3. Purposes and legal basis
Responding to contact requests: processing based on the data subject's explicit consent (GDPR Art. 6.1.a), given upon submission of the form.
Site security: processing based on the controller's legitimate interest (GDPR Art. 6.1.f) for abuse prevention purposes (rate limiting, IP hashing).
4. Retention period
Contacts received via the form: 24 months from receipt, unless converted into an active client (in which case the specific contractual terms of the professional relationship apply).
Server application logs: 30 days.
Technical cookies: see Cookie Policy.
5. Recipients and sub-processors
Hetzner Online GmbH — hosting provider (servers in Falkenstein or Helsinki, European Union). GDPR-compliant processing, DPA available.
Resend, Inc. — outbound transactional email provider (admin notifications of new contacts). Based in the USA: DPA + Standard Contractual Clauses pursuant to GDPR Art. 46 apply. No message content data is exposed to the provider beyond what is necessary to deliver the admin notification.
6. Data subject rights
Pursuant to GDPR Articles 15-22, the data subject has the right to: access their data, obtain its rectification, erasure or restriction of processing, object to processing, receive the data in a structured format (portability).
Exercising these rights is free of charge and is done by writing to the controller at the email address indicated in section 1.
7. Complaint to the Supervisory Authority
Should the data subject consider that the processing of their data infringes the GDPR, they may lodge a complaint with the Italian Supervisory Authority for the protection of personal data (garanteprivacy.it).
8. Changes to the policy
Any substantial changes to this policy will be notified to users by re-requesting consent through the cookie banner. The current version of the document is indicated at the bottom of this page.