Privacy Policy

Privacy Policy

Last updated: 9 September 2025

This Privacy Policy explains how we process personal data collected through this website in compliance with Regulation (EU) 2016/679 (“GDPR”) and applicable ePrivacy rules.

1) Data Controller

SOC. COOP. SINERGIE A R.L.
(Project Coordinator – Future Chronicles)
Email: info@sinergiecoop.it

2) Types of data processed

  • Contact form data: name, email address and message content (plus minimal technical metadata required for delivery).
  • Technical/navigation data: server logs, IP address, user-agent and similar telemetry processed for security and diagnostics.
  • Statistics data (Google Analytics 4): aggregated usage statistics, collected only after your consent via the cookie banner (see Section 4).

3) Purposes and legal bases

  • Responding to requests via the contact form – Legal basis: performance of pre-contractual measures at your request (Art. 6.1.b GDPR) and/or legitimate interest in handling enquiries (Art. 6.1.f GDPR).
  • Website security and fraud prevention (e.g. log analysis, incident response) – Legal basis: legitimate interest (Art. 6.1.f GDPR).
  • Statistics and audience measurement (Google Analytics 4) – Legal basis: consent (Art. 6.1.a GDPR) and applicable ePrivacy rules for non-essential cookies/trackers.

4) Cookies and tracking

This site uses a consent management system provided by Complianz. Non-essential cookies (e.g. for analytics) are set only after your consent. You can review or change your preferences at any time by clicking on “Manage cookie preferences” in the footer.

For the detailed list of cookies and vendors, please see our Cookie Policy.

Google Analytics 4 (GA4) is used to collect aggregated statistics, only after consent. IP addresses are not shown in GA4 reports and EU-focused safeguards are enabled. Event data is retained for 14 months.

5) Provision of data

  • Contact form: required to reply; without it, we cannot process your request.
  • Analytics: optional; the site remains fully usable without consent.

6) Recipients and processors

Personal data may be processed, under our instructions, by service providers acting as data processors (Art. 28 GDPR), including:

  • website hosting and IT maintenance provider;
  • email service provider for handling contact messages;
  • Google Ireland Limited (for Google Analytics 4).

These providers process data based on agreements that ensure GDPR compliance.

7) International transfers

In the context of Google services, data may be transferred outside the European Economic Area (EEA), including to the United States. Such transfers rely, where applicable, on the EU–U.S. Data Privacy Framework and/or on the European Commission’s Standard Contractual Clauses (SCCs), together with appropriate safeguards.

8) Data retention

  • Contact form requests: retained for 12 months after the request is closed (unless longer retention is needed to protect our rights).
  • Security/technical logs: retained for 30 days, unless longer is necessary to investigate incidents.
  • GA4 analytics data: event data retained for 14 months.

9) Your rights

You have the right to request access to your personal data, rectification, erasure, restriction of processing, objection to processing, and data portability, as well as the right to withdraw consent at any time (where consent is the legal basis). Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

10) How to exercise your rights

To exercise your rights or for any privacy-related question, please contact: info@sinergiecoop.it. We will respond without undue delay and within the time limits set by the GDPR.

11) Complaints

If you believe that the processing of your personal data infringes data protection laws, you can lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) (Piazza Venezia 11, 00187 Rome – www.garanteprivacy.it) or with the competent authority in your EU country of residence.

12) Security

We implement appropriate technical and organisational measures to protect personal data (e.g. TLS/HTTPS, server hardening, access controls, monitoring), in line with Art. 32 GDPR.

13) Children

This website is intended for a general audience and is not directed at children. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us to request deletion.

14) External links

This website may contain links to external websites. We are not responsible for their content or data processing practices, which are subject to their own privacy notices.

15) Changes to this notice

We may update this Privacy Policy for legal or technical reasons. Where appropriate, material changes will be communicated. Please check this page periodically to stay informed of the latest version.