IMDB CDA

Privacy Policy

PRIVACY NOTICE PURSUANT TO ART. 13 GDPR

Welcome to www.morellifrancesco.com. This notice describes how personal data of users who visit and use the site's services is processed.

1. Data Controller

The Data Controller is:
Name: Francesco Morelli
Address: Via ALBERTO LOLLIO 5, 44121 Ferrara (FE), Italy
Privacy Contact Email: [email protected]
Tax Code: MRLFNC01H29D548R

2. Navigation Data and IT Security

The IT systems operating this website automatically collect certain personal data during normal use, as part of Internet communication protocols (e.g. IP addresses, device parameters, request timestamps).
This data is used for:

  • Anonymous statistics: Monitoring the correct functioning of the website.
  • Security: Investigating potential cybercrimes and protecting the site from attacks (e.g. SPAM, DDoS). The site may use traffic analysis technologies (e.g. Cloudflare or Firewalls) that filter anomalous requests under the Legitimate Interest of the Controller (Art. 6.1.f GDPR).

3. Hosting Infrastructure and CDN

To ensure maximum performance and security, this website uses an architecture that may include:

  • Hosting / Origin Server: The site is hosted on infrastructure (VPS/Dedicated) managed by OVHcloud (France/EU), acting as Data Processor. Servers are located within the European Economic Area (EEA), in compliance with GDPR security standards.
  • CDN and Security Network: Traffic to this site may be filtered and distributed by Cloudflare, Inc. (USA/Global) or similar services acting as "Reverse Proxy" to protect against DDoS attacks. Although Cloudflare is a US company, it adheres to the Data Privacy Framework (DPF), ensuring adequate protection levels for data transfers (IP addresses and system logs) necessary for security.

4. Local Resources and No Tracking

Unlike most websites, this site is designed following the Privacy by Default principle:

  • No Google Fonts: Typefaces are self-hosted on our server. No calls are made to Google servers.
  • No Analytics Services: We do not use Google Analytics or any other tracking or statistical measurement tools that install cookies or track user browsing behavior.
  • No Embedded Content: We do not embed videos (YouTube/Vimeo) or maps (Google Maps) directly in pages to avoid third-party tracking. Links to such platforms are simple external hyperlinks.

5. Anti-Spam Protection (Without Profiling)

To protect contact forms from automated submissions (bots), we use a privacy-friendly system:

  • Honeypot Technique: Invisible fields in the form that, if filled in (by bots), automatically block the submission without processing personal data.

6. External Links

The site contains hyperlinks to external websites (e.g. Google Maps for directions, social networks, partner sites). By clicking these links, the user leaves this domain. The Controller is not responsible for data processing carried out by these external sites, which are governed by their respective privacy policies.
Social buttons on this site are simple static links and do not use third-party cookies until clicked.

7. Voluntarily Provided Data

Through the forms on this site, the following personal data is collected:

  • Name
  • Email
  • Phone
  • Subject
  • Message

Purpose: Responding to information requests, support, or pre-contractual inquiries.
Legal Basis: Performance of pre-contractual measures taken at the request of the data subject (Art. 6.1.b GDPR).

The user undertakes not to send sensitive or judicial data (e.g. health data, political opinions) through the contact form, as they are not necessary for the purposes of the service.

8. Cookie Policy and Tracking Tools

This site does not use profiling or marketing cookies.
Only technical cookies or session identifiers strictly necessary for network communication and security are used. In compliance with current regulations, the installation of such technical tools does not require prior user consent (no cookie banner required).

9. Processing and Storage Methods

Data sent by users (via email or form) is managed through email systems. Storage takes place on the servers of the Controller's email provider, protected by adequate security measures. No data is stored in any website database.

10. Retention Period

Data will be retained according to the principle of storage limitation (Art. 5 GDPR):

  • Contact requests (Leads): Data will be deleted 12 months after the last interaction or closure of the request, if no contractual relationship follows.
  • Administrative/Client data: If a contractual relationship is established, data will be retained for 10 years due to civil and fiscal legal obligations.

11. Place of Processing and Data Transfers

Data processing takes place at the server locations indicated in section 3 (EU/France).
For email management, the Controller may use providers (e.g. Google/Microsoft) that operate globally. In such cases, data transfers to Third Countries (e.g. USA) comply with the Data Privacy Framework (DPF) or Standard Contractual Clauses (SCC) approved by the European Commission.
Data may also be shared with tax consultants, accountants, or legal advisors for accounting and administrative obligations arising from any contractual relationship.
Such parties act, as applicable, as appointed Data Processors or independent Data Controllers.

12. Data Subject Rights

At any time, you may exercise your rights under Articles 15-22 of the GDPR (access, rectification, erasure, restriction, portability, objection) by sending a request to the Controller's email address. You also have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).

Last updated: March 2026