Skip to main content

Legal

Privacy Policy

Last updated: May 2026

1. Data Controller

Pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR"), the Data Controller of personal data collected through the website www.uebb.it is UEBB di De Benedetto Giacomo (sole proprietorship), with registered office at Via M.V. Staurenghi, 34 — 21100 Varese (VA), Italy. VAT IT03890950128. Legal representative: Giacomo De Benedetto.
Email: info@uebb.it
Tel: +39 351 471 4171

2. Data Protection Officer (DPO)

The Controller is not required to appoint a Data Protection Officer pursuant to Article 37 of the GDPR, as the activities carried out do not fall within the cases requiring such appointment. For any request concerning the protection of personal data, please write to info@uebb.it.

3. Categories of personal data processed

We process the following categories of personal data:

  • Contact data provided by the user through the contact form: name, email address, company, content of the message
  • Browsing data automatically collected by the IT systems and software procedures running the website: IP address, browser identifier (user agent), operating system, pages visited, date and time of access, referrer
  • Data collected via cookies: technical (necessary) cookies and, with explicit consent, third-party analytics cookies — see the Cookie Policy for details

4. Purposes of processing and legal bases

Each purpose is independently supported by a specific legal basis under Article 6 GDPR:

  • Responding to inquiries received via the contact form and managing correspondence with the user: pre-contractual measures taken at the request of the data subject (Art. 6.1.b GDPR)
  • Ensuring the operation, IT security and diagnostics of the website, preventing abuse and attacks: legitimate interest of the Controller in protecting its infrastructure (Art. 6.1.f GDPR)
  • Measuring site usage in aggregated and anonymized form via third-party analytics cookies: explicit consent of the data subject given through the cookie banner (Art. 6.1.a GDPR), freely revocable at any time
  • Complying with obligations under laws, regulations or tax and accounting rules: legal obligation to which the Controller is subject (Art. 6.1.c GDPR)

5. Retention periods

Personal data is retained only for as long as strictly necessary for the purposes for which it was collected, according to the following criteria:

  • Data collected through the contact form: 24 months from the last interaction, unless an ongoing commercial relationship extends retention according to applicable contractual and tax obligations
  • Server access logs: 12 months, unless longer retention is needed for IT security or incident investigation purposes
  • Data collected via Google Analytics 4: 14 months (the minimum value allowed by GA4), after which it is automatically deleted by the provider
  • Cookie consent record logs (timestamp, choice made, policy version, cryptographic hash of IP+user agent): 24 months from the consent action, used solely as evidence under Article 7.1 GDPR
  • Data retained for tax and accounting obligations: 10 years pursuant to Article 2220 of the Italian Civil Code

6. Methods of processing

Data is processed by electronic means, with technical and organizational measures appropriate to ensure its confidentiality, integrity and availability (Art. 32 GDPR). Communications in transit to and from the site are protected by TLS. No fully automated decision-making or profiling producing legal effects on the data subject is performed within the meaning of Article 22 GDPR.

7. Categories of recipients

Personal data may be communicated to the following recipients, designated as Data Processors pursuant to Article 28 GDPR where applicable:

  • Google LLC (Mountain View, California, USA) — provider of Google Analytics 4 used for aggregated measurement of site usage
  • Resend, Inc. (San Francisco, California, USA) — provider of the transactional email service used to deliver to the Controller the inquiries received from the contact form
  • Hosting and technical infrastructure providers of the site
  • External consultants (accountant, legal advisors, IT service providers) for mandatory regulatory and technical compliance
  • Public authorities, where required by legal obligations or judicial orders

8. Transfers of data outside the European Union

Some providers we rely on (in particular Google LLC and Resend, Inc.) are based in the United States of America. Transfers of personal data to such recipients are made in accordance with Articles 44 et seq. GDPR, on the basis of the EU-US Data Privacy Framework (European Commission adequacy decision of 10 July 2023) to which the providers adhere, and on a residual basis under the Standard Contractual Clauses approved by the European Commission pursuant to Article 46 GDPR.

9. Rights of the data subject

Pursuant to Articles 15-22 GDPR, you may exercise the following rights at any time:

  • Access your personal data and information about how it is processed (Art. 15 GDPR)
  • Rectify inaccurate data or complete incomplete data (Art. 16 GDPR)
  • Erase your data ("right to be forgotten") in the cases provided for (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability in a structured, commonly used and machine-readable format (Art. 20 GDPR)
  • Object to processing based on the legitimate interest of the Controller (Art. 21 GDPR)
  • Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7.3 GDPR)
  • Lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali, www.garanteprivacy.it) where the data subject considers the processing infringes the GDPR (Art. 77 GDPR)

10. How to exercise your rights

To exercise the rights listed above or for any clarification, you can write to info@uebb.it. The Controller will respond without undue delay and in any case within 30 days of receiving the request, pursuant to Article 12.3 GDPR. The deadline may be extended by a further two months where necessary, taking into account the complexity and number of requests.

11. Changes to this Privacy Policy

The Controller reserves the right to update this Privacy Policy at any time, providing notice via the website. The date of the last revision is shown at the top of this document. Users are invited to consult this page periodically.