/

privacyprivacyprivacy

The data controller is Matteo Chieppa, Turin, Italy. For any request regarding your data (access, rectification, erasure, restriction, portability, objection, or withdrawal of consent), contact mchp@matteochieppa.com. We do not use automated decision-making or profiling that produces legal effects or significantly affects you in a similar way.

Contact form: when you use the contact form, we collect the name, email address, and message you provide, plus the subject if selected. We use this data solely to respond to your request.

Technical and access data: for security and operation, we may log IP address, browser type (User-Agent), path visited, referrer, and access time. Cloudflare Turnstile (if enabled on the contact form) may process data for spam and bot prevention; see Cloudflare's privacy policy for details.

We do not sell your data. We do not share your data with third parties for their marketing.

Visit log: for security and operation we keep a short-lived in-memory log of recent page access (IP, path, User-Agent, referrer, language preference). This log is not persisted to disk, is limited in size (last 2000 entries), and is lost on server restart. It is not shared with third parties.

If you subscribe to the newsletter, we collect your email address. We use Resend to send emails and manage the mailing list. By subscribing, you receive a welcome email and periodic updates. You can unsubscribe at any time via the link in each email or by contacting us. The legal basis is your consent; you may withdraw it at any time.

If you consent to analytics cookies, we collect first-party usage data: page path, referrer, approximate time on page, scroll depth, outbound link clicks (domain only), and UTM parameters when present in the URL. A session identifier is stored in the browser (sessionStorage) for the duration of the session so we can associate page views with the same visit. This data is only collected after you give consent via the cookie banner; it is not collected if you decline. The legal basis is your consent (GDPR Art. 6(1)(a)). You may withdraw consent at any time via the "Cookie preferences" link in the footer. Separately, we collect basic error diagnostics (JavaScript error messages and stack traces) for site operation and security under legitimate interest (GDPR Art. 6(1)(f)); this does not include behavioural profiling. All data is sent to our own infrastructure and is not used for advertising or shared with third parties for marketing.

We process your data to: (1) respond to your contact requests and run the newsletter (consent or contract performance); (2) collect analytics data to improve the site (consent — you can accept or decline via the cookie banner); (3) collect error diagnostics and operate/secure the site, prevent abuse (legitimate interest); (4) comply with legal obligations. Where we rely on legitimate interest, you may object; we will then reassess unless we have compelling legitimate grounds.

Contact form data is kept only as long as needed to handle your request and then deleted or anonymised. Newsletter data is kept until you unsubscribe and for a short period thereafter for accounting and dispute resolution. Visit log and server logs are not persisted; in-memory data is lost on restart. Analytics data is only collected when you give consent and is retained according to our internal retention policy and not longer than necessary for the stated purposes. If you withdraw consent, no new analytics data is collected from that point.

You have the right to access your data, to rectification, to erasure ("right to be forgotten"), to restriction of processing, to data portability, and to object. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise your rights, contact mchp@matteochieppa.com. We will respond within the time limits set by applicable law (e.g. one month under GDPR).

You have the right to lodge a complaint with a supervisory authority. In Italy: Garante per la protezione dei dati personali (garanteprivacy.it). In other EU/EEA countries: the supervisory authority of your place of residence or work.

We may use services (e.g. hosting, email delivery, security) that process data outside the European Economic Area. Where we do, we rely on adequacy decisions (e.g. where the country is recognised as adequate) or appropriate safeguards (e.g. standard contractual clauses, binding corporate rules). Resend (email) and Cloudflare (security/CDN) may process data in the United States under appropriate safeguards. You may request details and a copy of the safeguards by contacting us.

We may update this policy to reflect changes in practice or law. The "Last updated" date below will change. We encourage you to review this page periodically. Material changes may be communicated via the site or, where appropriate, by email.