emywedding.it

Privacy Policy

 

1. Data Controller

The Data Controller is:
Emy Conti – Wedding Planner Syracuse
Email: info@emywedding.it
Phone: +39 334 226 6789
Business address: Syracuse, Sicily, Italy.

 

2. Scope and applicability

This privacy notice describes how personal data is collected and processed through the website emywedding.it, including pages related to consultation bookings, contact forms, gallery, services, and any other module or service available on the site.

 

3. Types of data collected

The data processed may include, for example:

  • Identification and contact data: first name, last name, email, phone number, wedding year, message submitted via form;
  • Browsing data: IP address, browser type, pages visited, timestamp, server logs (technical data necessary for site security and operation);
  • Marketing/analytics data: data collected through cookies and third-party tools (e.g., Google Analytics, Meta Pixel) if consent has been provided;
  • Any other data the user voluntarily shares in messages or during consultation.
 
 

4. Purposes of processing and legal bases

Data is processed for the following purposes:

  1. Managing contact requests and consultation bookings (providing the requested service, pre-contractual measures): legal basis Art. 6(1)(b) GDPR.
  2. Legal and tax compliance (retention of accounting and tax records): legal basis Art. 6(1)(c) GDPR.
  3. Sending promotional communications or newsletters (only if explicit consent is given): legal basis Art. 6(1)(a) GDPR.
  4. Anonymous statistical analysis to improve the website and services (Google Analytics or similar tools, with possible anonymization): legal basis legitimate interest Art. 6(1)(f) GDPR, unless otherwise required or subject to consent when using non-anonymized tools.
  5. Profiling and personalized advertising through third-party cookies (e.g., Meta Pixel, remarketing): legal basis consent Art. 6(1)(a) GDPR.
 
 

5. Processing methods and security measures

Processing is carried out using manual, IT, and telematic tools, strictly related to the purposes stated. Appropriate technical and organizational measures are applied to ensure confidentiality, integrity, and availability of data, including controlled access, regular backups, use of secure protocols (HTTPS), and system updates.

5.1 Automated Processing and Profiling

This website does not carry out automated decision-making processes or profiling that produce legal effects concerning the user, except for cookie-based profiling tools, which are activated only with the user’s prior consent.

5.2 Data Concerning Minors

The services provided by this website are not intended for users under 16 years of age. Should data from minors be inadvertently collected, it will be promptly deleted once identified.

 

6. Data retention period

  • Contact data and communications: retained for as long as needed to fulfill the request or, in case of a contractual relationship, for the duration of the relationship and subsequently for the periods required for tax and accounting obligations (e.g., 10 years if applicable).
  • Marketing data: retained until withdrawal of consent by the data subject or for the period stated in this notice (maximum 24 months unless otherwise justified).
  • Logs and security data: retained for the time strictly necessary for security, fraud prevention, and incident management (variable period, documented by the Controller).
 
 

7. Disclosure and categories of recipients

Data may be shared with:

  • Service providers necessary for website operation (hosting provider, email provider, booking platform providers);
  • Consultants and collaborators working on behalf of the Controller (e.g., tax, legal, technical advisors);
  • Public or judicial authorities where required by law.

All entities processing data on behalf of the Controller act as Data Processors and operate under documented instructions in compliance with the GDPR.

7.1 Data Processing Location

Data processing connected with the web services of this site takes place at the Controller’s operational office and at the data centers of service providers hosting or technically supporting the website.
All providers are selected for their compliance with GDPR and adequate security standards.

 

8. Transfers to non-EU countries

Some third-party services (e.g., Google, Meta/Facebook) may involve data transfers to non-EU countries (e.g., the United States). Where such transfers occur, the Controller ensures they are carried out in compliance with the GDPR using safeguards (Standard Contractual Clauses – SCCs, adequacy decisions, or other appropriate technical/contractual measures).

 

9. Data subject rights

The data subject may exercise the rights provided under Articles 15–22 of the GDPR, including:

  • Right of access (Art. 15);
  • Right to rectification (Art. 16);
  • Right to erasure (“right to be forgotten”, Art. 17);
  • Right to restriction of processing (Art. 18);
  • Right to object (Art. 21);
  • Right to data portability (Art. 20), where applicable;
  • Right to withdraw consent (without affecting the lawfulness of processing based on consent before withdrawal).

To exercise these rights, the data subject may contact the Controller at: emy.conti91@outlook.it.

 

10. Complaints

The data subject has the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) if they believe that the processing is not compliant with applicable law.

 

11. Changes to this notice

The Controller reserves the right to update this notice based on legal changes, supervisory authority requirements, or service modifications. Any updates will be published on this page with the date of revision indicated.

Last updated: October 2025