Privacy & Cookie Policy

Last updated: August 23, 2025
Version: 1.5
Language: en-US

Introduction

This policy combines in a single document the Privacy Policy and Cookie Policy for the website synthetici.com and its subdomains, in compliance with:

Regulation (EU) 2016/679 (GDPR)
Italian Legislative Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018
Italian Data Protection Authority Guidelines on cookies and other tracking tools (June 10, 2021)

The objective is to provide users with clear and transparent information regarding:

personal data processing methods
use of cookies and tracking tools
purposes and legal bases for processing
retention periods
data subject rights

Scope of Application

This policy applies to all sites and subdomains related to synthetici.com.

1. Data Controller

Name/Company name: Lorenzo Toscano
Address: P.O. Box 80 – Savona Centro Post Office
Email: [email protected]

No Data Protection Officer (DPO) has been appointed, as the conditions set forth in Article 37 GDPR do not apply.

2. Processing Principles

The Controller processes personal data in accordance with the principles set out in Article 5 GDPR:

Lawfulness, fairness and transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation
Integrity and confidentiality
Accountability (Controller's responsibility)

3. Categories of Data Processed

3.1 Data voluntarily provided by the user

If you contact us via email or through any forms, we collect the information you choose to share with us, such as:

email address
first and last name (if present in the signature)
message content

3.2 Data collected automatically

During navigation, the following data is collected:

IP address (where possible masked or anonymized)
browser user-agent
date and time of request (timestamp)
requested URL

3.3 Cookies and tracking tools

Cookies can be categorized as follows:

Necessary/Technical/Essential (always active): essential for the technical functioning of the site (e.g., cookie-consent).
Preferences (optional): store user choices (language, theme).
Analytics (optional): collect aggregated and anonymized statistics on site usage.
Marketing/Profiling (optional): used for external content (e.g., Substack, social media, videos).

Current situation

Not all subdomains of synthetici.com use cookies:

The main domain synthetici.com does not use any cookies.
The subdomain blog.synthetici.com uses:
- technical cookies for consent (cookie-consent, cookie-consent-lang), necessary to store the user’s choices regarding cookies and language preferences for the use of the site;
- Substack iframe for Substack subscription. This external content may result in the use of non-necessary cookies (e.g., analytics, preferences, marketing) managed directly by Substack Inc..
  The activation of the Substack iframe is in any case subject to explicit consent through the banner for Preferences type cookies.

Should additional subdomains be activated with the use of cookies or third-party services, this policy will be updated with the necessary clarifications.

4. Purposes, Legal Bases and Retention

Purpose	Legal basis	Data processed	Retention
Site operation and security	Art. 6(1)(f) – legitimate interest	Technical logs	7 days (up to 6 months for security needs)
Cookie preference storage	Art. 6(1)(f) – legitimate interest	Consent status	6 months
Response to email inquiries	Art. 6(1)(b) – pre-contractual measures	Email, name, message content	12 months from response
Statistical analysis (if activated)	Art. 6(1)(a) – consent	Anonymized browsing data	max 14 months
Marketing/Profiling (Substack)	Art. 6(1)(a) – consent	Substack cookies	variable duration, managed by Substack

5. Third-Party Content and Services

Some external content or services are integrated via iframe or scripts:

Cloudflare Inc. (CDN, DDoS protection – USA/EU, SCCs and Data Privacy Framework)
Contabo GmbH (Hosting – Germany, EU)
Substack Inc. (newsletter/blogging platform – USA, transfers based on SCCs)

6. Extra-EEA Transfers

Some technical data may be transferred to servers located in the United States.
Such transfers occur only when supported by GDPR-compliant legal instruments, such as Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework.

7. Security

The Controller adopts appropriate technical and organizational measures to protect personal data, in accordance with Article 32 GDPR, including:

use of secure protocols (e.g., HTTPS/TLS);
protection systems against unauthorized access and cyber attacks;
backup and disaster recovery procedures;
regular system and software updates;
limited logging and monitoring, anonymized where possible;
application of minimization and confidentiality principles.

8. Retention Periods

Personal data is retained only for the time strictly necessary for the purposes for which it is collected, in accordance with the storage limitation principle (Art. 5(1)(e) GDPR).

Data type	Indicative period	Notes
Contabo server logs	normally 7 days, extendable up to 6 months for security needs or investigations	compliant with Italian DPA guidelines
Cloudflare logs	normally 7 days, extendable for security needs
Consent cookie	6 months	new consent will be requested upon expiration
Contact emails	up to 12 months from request closure	unless further retention for legal obligations
Encrypted backups	up to 30 days	exclusively for disaster recovery purposes
Consent records (UUID, timestamp)	up to 24 months	for GDPR accountability

9. Data Subject Rights

Under Articles 15-22 GDPR, users have the right to:

access their data
request rectification or erasure
obtain processing restriction
exercise the right to data portability
object to processing
withdraw consent at any time

How to exercise your rights

Send an email to [email protected] with subject "Exercise of privacy rights".
The Controller will respond within 30 days (extendable to 60 for complex cases).

Complaints

You may lodge a complaint with the Italian Data Protection Authority: garanteprivacy.it.

10. Minors

In Italy, consent to online data processing is valid from 14 years of age (Art. 2-quinquies Legislative Decree 196/2003).
For users under this age, parental or guardian consent is required.

11. Cookie Policy (Details)

11.1 General principle

No non-technical (i.e., non-necessary) cookies are installed before explicit user consent.

11.2 Cookie categories

Necessary (always active): ensure site functionality (e.g., session, security, consent cookies).
Preferences (optional): store user choices such as language or theme.
Analytics (optional): collect anonymous statistics on site usage.
Marketing/Profiling (optional): used for third-party content such as social media, maps, or videos.

11.3 Active cookies list

Name	Purpose	Duration	Category	Domain
cookie-consent	Storage of cookie preferences	6 months	Necessary	blog.synthetici.com
cookie-consent	Stores the user’s selected language preference	1 year	Necessary	blog.synthetici.com

cookie-consent-lang remembers the user’s choice of the site language and is only used to:

avoid requiring the user to reselect the language on each visit;
ensure the correct display and use of the content.

The synthetici.com site does not use cookies and therefore no user consent is required for browsing. Should cookies or tracking tools be introduced in the future, this policy will be updated and explicit consent will be requested via an appropriate banner.

Third-party cookies (Substack)

Substack iframes may install preference, analytics, or marketing cookies on Substack domains.
These cookies are managed directly by Substack Inc. and activated only upon user consent.
For more information: Substack Privacy Policy.

12. Consent Management and Withdrawal

You can modify or withdraw consent via the "Cookie" icon at the bottom right of the site.
Withdrawal is immediate and takes effect in real time.
You can also configure your browser to block or delete cookies (see guides: Chrome, Firefox, Safari).

13. Versioning and Modifications

Version 1.4 – August 23, 2025: general review and first release.
Any substantial modification will involve:
- version number update
- re-presentation of cookie banner
- notification to users of major changes

14. Quick Contacts

Privacy email: [email protected]
Cookie management: available on every page via "Cookie" icon at bottom right

15. Appendix: Substack Cookies

The subdomain blog.synthetici.com integrates Substack Inc. iframes for newsletter subscription.
Iframe activation occurs only upon explicit consent, as Substack may install Necessary, Preferences, Analytics, and Marketing/Profiling cookies on its own domains.

These cookies are managed directly by Substack and not by the synthetici.com site Controller. For more information, please consult the Substack Privacy Policy.

You may withdraw consent to Marketing cookies at any time via the "Cookie" icon at the bottom right: without consent, the Substack iframe will not be loaded.

← Back to Home