Privacy policy and request for consent to the processing of personal data Site under the UE Reg. 2016/679

In compliance with the obligations established by the EU Reg. 2016/679 and by the Legislative Decree 101/2018 amending and supplementing the Legislative Decree 196/2003, regarding the processing of personal data, the Customers/Visitors are hereby informed that Elisa Caltabiano, based in Milan, in via Cola di Rienzo n. 57, VAT number 08948740967, hereinafter “the Professional”, in the capacity of owner of the site, will process the Customers/Visitors’ personal data which have been or will be disclosed to the Professional.
The processing of personal data will be carried out in compliance with the regulations in force and under the following conditions.


This website data processing, pursuant to and for the purposes of EU Reg. 2016/679, is based on the principles of lawfulness, fairness and transparency and is carried out for specific, explicit and legitimate purposes.
The data for which processing authorization is requested are always appropriate, relevant and limited to what is necessary, with respect to the purposes for which they are processed, in compliance with the principle of data minimization.

1. Purpose of data processing

The processing of personal data is aimed exclusively at achieving the following purposes:
a) to fulfill any type of obligation required by laws or regulations in force;
b) for operational and management requirements;
c ) to monitor the traffic to the company’s website and the use of the services provided with this site;
d) to monitor how the relations with Customers/Visitors and/or the risks connected to them are progressing, for their satisfaction and to improve such relations;
e) to fulfill the requests and contractual obligations stipulated with the Customers/Visitors;

2. Legal basis of processing

The legal basis for the processing of the Customers/Visitors’ personal data is users give their consent for one or more specific purposes with a specific action that does not imply the performance of a contract (as an example – and not limited to – : request for information); the performing of a contract, if the Customers/Visitors has entered into a contractual and legally binding agreement with the Professional.

3. Methods of processing

The processing of data may consist, in addition to their collection, in their registration and conservation. At the request of the Customers/Visitors they will be modified, communicated to another Data Controller or deleted. All the previous actions will be carried out with the aid of paper, computers and/or IT enabled tools and following organizational procedures and modes to guarantee the security and confidentiality of the data.
In particular, all the technical, IT, organizational, logistical and procedural security measures provided for by EU Reg. 2016/679 will be adopted, in such a way that the minimum level of data protection required by law is guaranteed.
In addition, due to the processing and storage methods carried out, access to data is allowed only to the persons authorized by the Professional as better specified below.

4. Retention time

ersonal Data shall be processed and stored for as long as required by the purpose they have been collected for. The Customers/Visitors may, at any time, exercise the rights referred to in art. 10 of the current policy.
The duration of the processing for data relating to the performance of contracts and invoicing is limited to 10 years as required by the regulations on record-keeping and liability.

5. Types of data collected

The data collected by the Professional, in the case of performance of a contract, are those necessary to the action requested by the Customers/Visitors:

  • First name;
  • Last name;
  • Email address;
  • Shipping address in case of purchase of physical goods;

The data needed for the sole purpose of collecting contact information (and which are not needed for performing of a contract) are:

  • First name;
  • Email address;

6.Data transfer

The provision of data is necessary for the execution of the action requested by the Customers/Visitors to the Professional.
The Customers/Visitors certainly has the right not to grant said authorization and/or revoke it at any time, however such refusal could compromise the regular development of the relationship with the Professional and, in particular, the impossibility of providing the requested services.

7. Communication and dissemination of data

Processing for the purposes referred to in point 1 with third-parties may only take place where:
a) processing is necessary for compliance with a legal obligation to which the Professional is subject;
b) provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof.
c) processing is related to a task that is carried out in the public interest or in the exercise of official authority.
The personal data collected for the achievement of the aforementioned purposes may be communicated, as far as their specific competence is concerned, to public and private subjects, natural and/or legal persons also for commercial and/or information systems management purposes (eg: e-mail clients or subjects who carry out specific marketing tasks on behalf of the Professional) and/or payment systems, including external subjects who carry out specific tasks on behalf of the Professional.
In particular, the data may be disclosed to the following categories of subjects: banking institutions and companies whose services are connected to payment management, law firms, consultancy and commercial firms, public authorities or administrations to comply with the obligations established by the law.
The data will be disclosed to collaborators and employees of the Professional, specifically authorized, within their own competences.
Apart from the aforementioned cases, personal data will not be disclosed, disseminated, sold or otherwise transferred to third parties for illegal purposes or purposes not connected to the purposes of the processing and, in any case, without informing the Customers/Visitors concerned and acquiring their consent, where required by law.

8. Place

The Customers/Visitors’ personal data is processed at the Professional’s operating offices and in any other places where the parties involved in the processing are located. The data will not be transferred to countries or international organizations not belonging to the European Union that do not guarantee an adequate level of protection, pursuant to art. 45 EU Reg. 2016/679, based on an adequacy decision by the EU Commission.
The Customer/Visitor is also informed that, for the purposes of providing the services of this site, through plug-ins or other IT elements released by third parties, it is possible that the transferring of personal data to countries or international organizations outside the EU may be necessary; Including those countries for which the EU Commission has not adopted any adequacy decision pursuant to art. 45 GDPR. In this case, the transfer will take place only in the presence of adequate guarantees provided by the recipient country or organization, pursuant to art. 46 GDPR and provided that the data subjects have enforceable rights and effective remedies.
In the absence of an adequacy decision by the Commission, pursuant to art. 45 GDPR, or adequate guarantees, pursuant to art. 46 GDPR, including binding corporate rules, the cross-border transfer will take place only under one of the conditions indicated by art. 49 GDPR.

9. Rights of the interested party

Pursuant to and for the purposes of art. 15 and ss. of EU Reg. 2016/679, the Customers/Visitors have the right to ask the Data Controller, as better identified in the following art. 12 of this privacy statement:

  • access to any of their own personal data
  • to correct, change or integrate inaccurate or incomplete data
  • to delete the personal data which is no longer necessary and for which consent has been revoked or for which there is no other legal basis for processing (so-called Right to be forgotten)
  • to restrict the processing of their data, under the circumstances indicated by art. 18. of the aforementioned Regulation.

The Customers/Visitor salso have the right to receive their data and have it transferred to another Controller in a structured, commonly used and machine readable format (so-called “data portability”); they also have the right to object to processing of their data, at any time and for any reasons regarding their particular situation.
The Customers/Visitors’ requests, regarding their rights referred to in art. 15 and ss. of the EU Reg. 2016/679, will be fulfilled without undue delay by the Data Controller and in any case within 30 days.
The above rights can be exercised either directly or through a person in charge, in the forms provided for by the EU Reg. 2016/679
In any case, the data will be processed in such a way as to guarantee the security, integrity and confidentiality of the data in compliance with the organizational, physical and logical measures established the law in force.

10. Right to lodge a complaint

Without prejudice to any administrative or judicial appeal, the Customers/Visitors who deem that the processing violates the EU Regulation 2016/679, have the right to claim a complaint before their competent data protection authority.

11. Right to compensation and liability

Anyone who suffers material or immaterial damage caused by a violation of the EU Reg. 2016/679 has the right to obtain compensation from the Data Controller only if it is proven that the latter has failed to comply with the legal obligations.
The Data Controller shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.

12. Data Controller and Owner

Elisa Caltabiano

13. Consent to processing

We remind the Customers/Visitors that consent to processing of their personal data in the modes and for the purposes described above is optional.
In case of objection to processing of their data, the Professional will not be able to process personal data with thus being unable to provide the requested services.

14. Additional information

The Customers /Visitors are informed that the site is connected to the online classes platform “Teachable” and to the platform called “SendOwl”.
For the privacy policy and data processing of the aforementioned sites, we advise to view their own privacy policies.
We inform Customers/Visitors that, through the website it is possible to share articles and images on the social media platforms called “Facebook”, owned by Facebook Inc, “Linkedin” owned by Microsoft Corporation, ” Pinterest” owned by Cold Brew Labs Inc.
For the privacy policy and data processing of the aforementioned sites, we advise to view their own privacy policies.
This site also makes use of so-called navigation cookies.
For more information about it, it is advisable to view the related policy.

Last updated March 2021