This document describes how the personal data of users who visit the Programma Socrate® website are managed.
The processing of personal data is carried out in compliance with Regulation (EU) 2016/679 (GDPR) and the applicable national data protection legislation.
1. Data Controller
The Data Controller is Matteo Massi, with registered office at Via G. Montanelli 28 50053 Empoli (FI) Italia, email: info@programmasocrate.com.
2. Types of data collected
The website collects exclusively the following personal data:
- Data provided through the contact form: name, email address, and message content, voluntarily provided by the user.
- Email address for newsletter subscription, collected through the email marketing service MailerLite.
No browsing data, profiling data, or traffic analysis or tracking tools are used.
3. Purposes of processing
Personal data are processed exclusively for the following purposes:
- responding to requests submitted via the contact form;
- forwarding and managing email communications;
- sending newsletters and informational or promotional communications, subject to the user’s prior consent.
4. Legal basis for processing
The processing of personal data is based on:
- the data subject’s consent (Art. 6(1)(a) GDPR), given by submitting the contact form or subscribing to the newsletter;
- the legitimate interest of the Data Controller in responding to user requests (Art. 6(1)(f) GDPR).
5. Methods of processing
Data are processed using IT and telematic tools, adopting appropriate security measures to ensure the confidentiality and integrity of personal data.
6. Data communication and recipients
Personal data will not be disclosed.
They may be communicated exclusively to third parties acting as Data Processors, including:
- Google LLC (e.g. Google Workspace / Gmail), used for forwarding and managing email communications from the contact form;
- MailerLite, for managing subscriptions and sending the newsletter.
These entities process personal data in compliance with the GDPR and based on specific contractual agreements.
7. Data retention
- Data submitted via the contact form will be retained for the time necessary to handle the request.
- Newsletter-related data will be retained until consent is withdrawn, which may occur at any time via the unsubscribe link included in each communication.
8. Data subject’s rights
Users may exercise their rights under Articles 15–22 of the GDPR at any time, including:
- access, rectification, or erasure of personal data;
- restriction of or objection to processing;
- data portability;
- withdrawal of consent.
Requests should be sent to: [Data Controller contact email].
9. Transfer of data abroad
Personal data may be processed by providers (e.g. Google and MailerLite) that use servers located outside the European Economic Area.
Such transfers are carried out in compliance with the safeguards provided by the GDPR, including the Standard Contractual Clauses approved by the European Commission.
10. Changes to this policy
The Data Controller reserves the right to amend this Privacy Policy at any time.
Any changes will be published on this page together with the date of update.