Privacy Policy

1) Legal references

• Regulation (EU) 2016/679 (GDPR)
• Directive 2002/58/EC (ePrivacy) and national implementing laws
• Italian Legislative Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018
• EDPB guidelines and decisions of the Italian supervisory authority (Garante)

2) Data processed, sources and methods

Categories of personal data

• Browsing data and technical logs: IP address, user-agent, access date/time, requested URLs, referrer, application errors, technical security information and telemetry from hosting, CDN and security systems to deliver the Website and prevent abuse.
• Contact data provided voluntarily: any personal data included in communications sent toinfo@egomnia.com(e.g. name, surname, email address, content of the request, attachments).
• Aggregated analytics data: Website usage metrics collected in a privacy‑friendly way via Vercel Analytics, without cookies and without user‑level tracking.

Data sources

• Directly from the data subject (emails sent to Egomnia).
• Automatic collection via technical systems of the Website and hosting/security infrastructure.
• We do not enrich data from third‑party databases for the purposes of the Website.

Processing methods

Data are processed with IT/telematic tools and, where necessary, paper; we apply principles of minimization, integrity and confidentiality. Staff are instructed and authorized; suppliers act as processors under Art. 28 GDPR based on contractual agreements.

3) Purposes and legal bases

4) Storage periods

• Technical and security logs: for the time strictly necessary to ensure operations and security; generally up to 30 days, unless longer retention is needed to ascertain abuse or comply with legal obligations.
• Email communications: for the time necessary to process the request and, if applicable, for further administrative/legal needs; indicatively up to 24 months, unless disputes or longer legal retention.
• Aggregated analytics: statistical data not attributable to the user do not imply a personal retention period.

5) Security measures

We adopt appropriate technical and organizational measures under Art. 32 GDPR, including: TLS encryption in transit, access control and segregation, minimization policies, infrastructure hardening, logging and monitoring, incident handling procedures, periodic audits and staff training. No decisions are made solely on automated processing producing legal effects (Art. 22 GDPR). No profiling via the Website.

6) Recipients and categories of recipients

• Technical and hosting/privacy‑friendly analytics providers: particularly Vercel Inc. (hosting and Vercel Analytics) as processor. The updated list of processors is available upon request atinfo@egomnia.com.
• Controller’s staff and collaborators, expressly authorized and instructed.
• Public or judicial authorities, where required by law or legitimate orders.

7) Transfers outside the EU/EEA

Provision of the Website and related technical services may involve transfers outside the European Economic Area (e.g. United States) by providers (e.g. Vercel Inc.). Such transfers occur based on appropriate safeguards under Arts. 44–49 GDPR, such as Standard Contractual Clauses (SCC), supplementary measures and, where necessary, transfer impact assessments. Further information available upon request at info@egomnia.com.

8) Data subjects’ rights

• Right of access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17) and restriction (Art. 18).
• Right to data portability (Art. 20), where technically applicable.
• Right to object (Art. 21) to processing based on legitimate interest.
• Right to withdraw consent (Art. 7.3) when processing is based on consent (not applicable at present for the Website).
• Right not to be subject to solely automated decisions (Art. 22), where applicable.

How to exercise rights

You can exercise your rights by writing to info@egomnia.com. The Controller responds within 30 days of the request, extendable up to 2 months in case of complexity. Identity verification may be required. Exercising rights is in principle free of charge; costs may be charged only for manifestly unfounded or excessive requests.

9) Complaint to the Supervisory Authority

Data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged infringement. In Italy, the competent authority is the Garante per la protezione dei dati personali – website: garanteprivacy.it – PEC: protocollo@pec.gpdp.it – updated contacts are available on the institutional website.

10) Minors

The Website is intended for users aged 14 and older. Any communications sent by minors should occur with the assistance of a parent/guardian.

11) Cookies and related tools

For information about cookies and related technologies used by the Website, see ourCookie Policy.

12) DPO and updates to this notice

As of the last update, Egomnia has not appointed a Data Protection Officer (DPO). Any updates and the DPO appointment will be published on this page. This notice may be modified for regulatory or technical adjustments; changes will be effective upon publication.

13) Controller’s contacts

Egomnia S.p.A. – Via Angelo Bargoni 8-78, 00153 Rome (RM), Italy – VAT 11790971003 – Email:info@egomnia.com