PRIVACY POLICY

Information pursuant to Art. 13 of the EU Regulation 2016/679 (GDPR)

This Privacy Policy describes how the personal data of visitors to the website tomoprojects.com is collected, used, and protected. Privacy protection is a priority for us, and we are committed to processing data transparently and securely.

DATA CONTROLLER

Tommaso Fantoni

VAT NO.: 07440790967

Address: via Bigli 22, 20121 – Milan (MI), Italy

Tel: +39 02 76015370

E-mail: info@tomoprojects.com

TYPES OF DATA COLLECTED AND PURPOSES

The site collects data in the following ways:

  • Navigation Data (Log Files): As is standard for most websites, we collect technical information such as IP addresses, browser type, Internet Service Provider (ISP), date and time stamps, and referring/exit pages.

    • Purpose: Statistical analysis (in anonymous form), website security, and fraud prevention.

    • Legal Basis: Legitimate interest of the Data Controller (Art. 6.1.f GDPR).

  • Cookies: The site uses technical cookies (necessary for operation) and third-party analytical cookies (e.g., Google Analytics) to monitor site navigation.

    • Purpose: Improving the user experience and analyzing site performance.

    • Legal Basis: Consent of the data subject (Art. 6.1.a GDPR), expressed through the cookie banner.

  • Data Provided Voluntarily (Contact): The optional and voluntary sending of emails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, as well as any other personal data included in the message.

    • Purpose: To respond to requests for information or quotes.

    • Legal Basis: Execution of pre-contractual or contractual measures (Art. 6.1.b GDPR).

DATA RETENTION PERIOD

Data will be kept only for the time strictly necessary for the purposes for which it was collected:

  • Navigation Data: Deleted automatically after a few days (unless required for the investigation of cybercrimes).

  • Contact Data: Retained for the time necessary to process the request and for any subsequent legal obligations (e.g., invoicing).

  • Cookies: Please refer to our specific Cookie Policy for the duration of individual cookies.

DATA TRANSFER OUTSIDE THE EU

The use of third-party services such as Google Analytics may involve the transfer of personal data to Google's servers in the United States. This transfer occurs on the basis of the Data Privacy Framework or Standard Contractual Clauses approved by the European Commission, ensuring an adequate level of data protection.

DATA SUBJECT'S RIGHTS (Arts. 15-22 GDPR)

At any time, users can exercise the following rights by sending an email to info@tomoprojects.com:

  1. Right of Access: Obtain confirmation as to whether or not personal data concerning them is being processed.

  2. Right to Rectification: Request the correction of inaccurate or incomplete data.

  3. Right to Erasure (Right to be Forgotten): Request the deletion of data under certain circumstances.

  4. Right to Restriction of Processing: Request the blocking of processing in the event of disputes.

  5. Right to Data Portability: Receive their data in a structured, commonly used, and machine-readable format.

  6. Right to Object: Object to processing for legitimate reasons or for direct marketing purposes.

  7. Right to Lodge a Complaint: If the user believes that the processing violates the GDPR, they have the right to lodge a complaint with the Supervisory Authority (in Italy, the Garante per la Protezione dei Dati Personali - www.garanteprivacy.it).

NATURE OF DATA PROVISION

The provision of navigation data is strictly necessary for the consultation of the website. The provision of data to send requests via email is optional, but refusal will make it impossible for the Data Controller to respond to your inquiries. Consent for statistical cookies is optional and can be revoked at any time via your browser settings or the site's cookie banner.

SECURITY MEASURES

All data is protected through the use of security protocols (HTTPS/SSL), firewalls, antivirus software, and password-protected access procedures to prevent data loss, illicit use, or unauthorized access.