Privacy Policy
1. Data controller
The controller of personal data collected through the website keystoneweb.it is:
2. Categories of personal data collected
Personal data collected through this site include, by way of example only:
- Voluntarily provided data: name, email, phone number, message content submitted via contact forms.
- Navigation data: IP address, browser, operating system, pages visited, time on page, referrer.
- Cookies and similar technologies: details in the Cookie Policy.
3. Purposes of processing
Personal data is processed for the following purposes:
- Responding to information and contact requests (legal basis: pre-contractual measures — Art. 6.1.b GDPR).
- Compliance with legal, tax and accounting obligations (legal basis: legal obligation — Art. 6.1.c GDPR).
- Aggregate statistical analysis of traffic and site optimization (legal basis: consent — Art. 6.1.a GDPR).
- Direct marketing only upon explicit consent (legal basis: consent — Art. 6.1.a GDPR).
4. Method of processing
Data is processed with electronic tools and security measures suitable to prevent loss, unauthorized access and unlawful use. Data is stored on servers located within the European Economic Area.
5. Retention period
Data collected via contact forms is retained for the time necessary to respond, then archived for up to 24 months. Anonymized navigation data is retained for up to 26 months. Data related to tax obligations is retained for 10 years as required by law.
6. Communication and disclosure
Data may be disclosed to third parties only as required by law or for reasons strictly connected to the processing purposes, including:
- Technical service providers (hosting, email, CRM, analytics) acting as processors under Art. 28 GDPR.
- Legal, tax and professional advisors bound by confidentiality.
- Judicial or administrative authorities where required.
Data is never disseminated, sold, or transferred to third parties for commercial purposes.
7. Transfer outside the EU
Some services may involve transferring data to non-EU countries (in particular the United States):
- Cloudflare — website hosting and delivery.
- Google Analytics — traffic statistics (only with consent).
- Meta Platforms — Meta Pixel and Conversions API for advertising campaigns (only with marketing consent).
- FormSubmit — delivery of messages sent via the contact form.
Such transfers occur in compliance with GDPR via Standard Contractual Clauses approved by the European Commission or adequacy decisions (Data Privacy Framework).
8. Data subject rights
The data subject can exercise the rights under Articles 15-22 GDPR at any time:
- Access, rectification, erasure of one's data.
- Restriction and objection to processing.
- Data portability.
- Withdrawal of consent (without affecting the lawfulness of processing based on consent before withdrawal).
- Complaint to the Italian Data Protection Authority (garanteprivacy.it).
Requests should be addressed to info@keystoneweb.it.
9. Changes
The controller reserves the right to update this policy. Any changes will be published on this page with the latest revision date indicated.