1. Controller
Tiziano Mazzoleni – Düsseldorf – e-mail: info@tizianomazzoleni.com
2. Categories of data processed
- Data you submit via the contact form (name, e-mail, message).
- Technical browsing data (IP address, user-agent) in server logs.
- Data collected by Spotify when you play the embedded player (see “Third-party services”).
3. Purposes and legal bases
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Responding to contact-form requests | Legitimate interest of the Controller (lit. f) |
| Site security / operation (server logs) | Legitimate interest (lit. f) |
| Playing Spotify content (only after cookie consent) | User consent (lit. a) |
4. Recipients
- Hostinger International Ltd. (hosting & e-mail) – Data-Processing Agreement in place.
- Spotify AB (media embed); data exchanged only after cookie consent.
5. Retention
- Incoming e-mails: 12 months.
- Technical logs: 30 days.
6. International transfers
No routine transfers outside the EEA. Servers are located in the Netherlands. Spotify may process data in non-EU countries under its Standard Contractual Clauses.
7. Data-subject rights
Access, rectification, erasure, restriction, objection, portability (Art. 15-22 GDPR). Requests: info@tizianomazzoleni.com. You may lodge a complaint with the Italian Supervisory Authority.
8. Security measures
HTTPS, server firewall, updated WP stack, limited log retention, internal data-breach procedure compliant with Art. 33 GDPR.