Privacy Policy

In accordance with EU Regulation 2016/679 (GDPR)

Last updated: December 1, 2025

This Privacy Policy describes how personal data of users visiting the website fabriziofrixaphotographer.com (hereinafter "Website") is collected, used, and protected.

The Website is owned by Fabrizio Frixa, who operates in compliance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and Italian privacy laws (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018).

1. Data Controller

The Data Controller is:

As this is a personal non-commercial website, VAT number or physical address are not required.

For any request regarding the processing of personal data, you can contact the Data Controller at the email address above.

1.2 Data Protection Officer (DPO)

Pursuant to Art. 37 of the GDPR, the Data Controller has not appointed a Data Protection Officer as the mandatory conditions provided by the regulations do not apply:

  • Processing is not carried out by a public authority or body
  • Core activities do not consist of processing operations requiring regular and systematic monitoring on a large scale
  • Core activities do not consist of large-scale processing of special categories of data (Art. 9 GDPR) or data relating to criminal convictions (Art. 10 GDPR)

For any request regarding data protection, please contact the Data Controller directly at info@fabriziofrixaphotographer.com

2. Types of Data Collected

The Website collects and processes the following categories of personal data:

2.1 Browsing Data (Log Files)

During normal browsing, the hosting server (Hostinger) automatically collects some technical data necessary for the Website to function, including:

  • IP address: unique identifier of the device used
  • Browser and operating system: information about the software used for browsing
  • Date and time of access: timestamps of visits
  • Pages visited: URLs of requested resources
  • Referrer: origin of the visit (e.g., search engine)

This data is temporarily stored in server logs for security, technical maintenance, and aggregate statistical analysis purposes. It is not used for profiling or individual tracking.

2.2 Data Transmitted to Third Parties

The Website uses external services that may involve the transmission of personal data to third parties:

Google Fonts

The Website uses fonts provided by Google Fonts (Playfair Display and Lato). When a user visits the Website, the browser makes a request to Google servers to download the fonts, transmitting:

  • User's IP address
  • User-Agent (browser and device information)
  • Referrer (Website URL)

Google may use this data in accordance with its Privacy Policy. The legal basis for processing is the legitimate interest of the Data Controller in ensuring proper display of content (Art. 6(1)(f) GDPR).

2.3 Data Not Collected

The Website does not collect the following types of data:

  • Data voluntarily provided through contact forms (the Website does not have data collection forms)
  • Profiling or tracking cookies
  • Data related to registrations, user accounts, or newsletters
  • Payment data or commercial transactions
  • Precise geolocation data

2.4 Processing of Minors' Data

The Website is not directed to minors under 16 years of age and the Data Controller does not knowingly collect personal data from minors.

In the event that the Data Controller becomes aware of having accidentally collected personal data from a minor without parental consent, the Data Controller will promptly delete such data.

If a parent or guardian believes that a minor has provided personal data without their consent, they may contact the Data Controller at info@fabriziofrixaphotographer.com to request immediate deletion.

3. Purpose and Legal Basis of Processing

Personal data is processed for the following purposes and legal bases:

PurposeLegal Basis (GDPR Art. 6)
Provision of Website viewing servicePerformance of pre-contractual measures / Legitimate interest (Art. 6(1)(b) and (f))
IT security and fraud preventionLegitimate interest of the Data Controller (Art. 6(1)(f))
Technical maintenance and Website optimizationLegitimate interest of the Data Controller (Art. 6(1)(f))
Aggregate statistical analysis (without individual identification)Legitimate interest of the Data Controller (Art. 6(1)(f))
Compliance with legal obligations (e.g., log retention for authority orders)Legal obligation (Art. 6(1)(c))

Important note: The Website does not carry out profiling activities, direct marketing, transfer to third parties for commercial purposes, or automated processing with legal effects on users.

4. Data Retention Period

Personal data is retained for the time strictly necessary for the purposes for which it was collected:

  • Server log files: retained for 90 days from the date of recording, except where longer retention is necessary for the investigation of computer crimes or by court orders, in which case retention is extended until the conclusion of the proceedings
  • Data transmitted to Google Fonts: managed by Google according to their retention policies

After these periods, the data will be deleted or anonymized irreversibly, unless otherwise required by law.

5. Communication and Disclosure of Data

Personal data collected through the Website may be communicated to the following parties:

5.1 Data Processors

  • Hostinger International Ltd - Hosting and server management provider (based in Lithuania, EU). Hostinger Privacy Policy
  • Google LLC - Google Fonts service provider (based in USA, extra-EU data transfer based on EU-US Adequacy Decision or Standard Contractual Clauses). Google Privacy Policy

5.2 Other Categories of Recipients

Data may be communicated to:

  • Public authorities: in case of legitimate requests from law enforcement, judicial, or administrative authorities
  • Consultants and professionals: lawyers, accountants, IT consultants, in compliance with confidentiality obligations

5.3 No Public Disclosure

Personal data is not publicly disclosed (i.e., not made public or communicated to unidentified parties).

5.4 Extra-EU Transfers

The use of Google Fonts involves the transfer of personal data to Google LLC (USA). This transfer occurs in compliance with the safeguards provided by the GDPR (Art. 44-49):

  • EU-US Data Privacy Framework: Google LLC is certified under the Data Privacy Framework, adopted by the European Commission with Adequacy Decision of July 10, 2023 (Decision C(2023) 4745). Verify certification: Data Privacy Framework Participant Search
  • Standard Contractual Clauses (SCC): Google has also adopted the Standard Contractual Clauses approved by the European Commission (Decision 2021/914). Documentation: Google Cloud SCC

6. Data Subject Rights

In accordance with Articles 15-22 of the GDPR, users have the right to:

6.1 Right of Access (Art. 15 GDPR)

Obtain confirmation of the existence of personal data concerning them and receive a copy thereof, together with information on processing purposes, data categories, recipients, retention period.

6.2 Right to Rectification (Art. 16 GDPR)

Request the correction of inaccurate personal data or the completion of incomplete data.

6.3 Right to Erasure (Art. 17 GDPR - "Right to be Forgotten")

Obtain the erasure of personal data when:

  • They are no longer necessary for the purposes
  • Consent has been withdrawn (where applicable)
  • The data has been unlawfully processed
  • There is a legal obligation to erase

6.4 Right to Restriction of Processing (Art. 18 GDPR)

Request the restriction of processing when:

  • The accuracy of the data is contested (for the period necessary for verification)
  • Processing is unlawful but erasure is opposed
  • Data is necessary for the establishment, exercise, or defense of legal claims

6.5 Right to Data Portability (Art. 20 GDPR)

Receive personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller (limited to cases where processing is based on consent or contract and occurs by automated means).

6.6 Right to Object (Art. 21 GDPR)

Object to the processing of personal data when it is based on the legitimate interest of the Data Controller (Art. 6(1)(f)). The Data Controller must cease processing unless demonstrating compelling legitimate grounds that override the interests of the user.

6.7 Withdrawal of Consent

Where processing is based on consent (Art. 6(1)(a)), users have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6.8 Right to Lodge a Complaint

Users have the right to lodge a complaint with the competent supervisory authority:

7. How to Exercise Your Rights

To exercise the above rights, users can send a written request to the Data Controller via:

The request must contain:

  • First name, last name, and email address of the requester
  • Specification of the right to be exercised
  • Any useful elements to identify the personal data subject to the request

The Data Controller will respond within 30 days of receiving the request (this period may be extended by a further 60 days in case of particular complexity, with motivated communication within the first month).

Note: Responses to requests are provided free of charge. In case of manifestly unfounded or excessive requests, the Data Controller may charge a reasonable fee or refuse to satisfy the request (Art. 12 GDPR).

8. Security Measures

The Data Controller adopts appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Art. 32 of the GDPR, including:

  • Encryption: HTTPS (SSL/TLS) connections for secure data transmission
  • Limited access: data is accessible only to the Data Controller and authorized Data Processors
  • Regular backups: regular security copies to prevent data loss
  • Security updates: timely patches and system updates
  • Monitoring: access logs and intrusion detection systems
  • Data breach procedures: in case of personal data breach, the Data Controller will notify the supervisory authority within 72 hours (Art. 33 GDPR) and, if necessary, data subjects (Art. 34 GDPR)

Despite the adoption of such measures, no IT system is completely secure. The Data Controller is committed to keeping protection measures up to date based on technological and regulatory developments.

9. Changes to the Privacy Policy

This Privacy Policy may be updated periodically to reflect:

  • Regulatory changes (e.g., new privacy laws)
  • Technological developments of the Website
  • Changes in third-party services used
  • Improvements in data protection practices

In case of substantial changes, the Data Controller will communicate them via:

  • Prominent notice on the Website homepage
  • Update of the date at the top of this page

We recommend periodically consulting this page to stay updated on how personal data is processed.

10. Contact Information

For any questions, requests for clarification, or exercise of rights regarding this Privacy Policy, you can contact the Data Controller:

Fabrizio Frixa

Email: info@fabriziofrixaphotographer.com

Website: fabriziofrixaphotographer.com

The Data Controller undertakes to respond to all requests in compliance with the deadlines provided by the GDPR.

Legal References

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)
  • Legislative Decree No. 196 of 30 June 2003 (Italian Privacy Code)
  • Legislative Decree No. 101 of 10 August 2018 (Provisions for adapting national legislation to GDPR provisions)
  • Italian Data Protection Authority Guidelines of 10 June 2021, No. 231 - Guidelines on cookies and other tracking tools