Privacy and Cookie Policy

Last updated: 9 April 2025

Data Controller

Pursuant to Regulation (EU) 2016/679 (GDPR), Legislative Decree 196/2003 and subsequent amendments, as well as the Guidelines of the Italian Data Protection Authority and the opinions issued by the EDPB, we inform you that the Data Controller of the personal data collected through this website is:

Liana Mosca, Via Guastalla 10124 Turin (Italy, C.F.: MSCLNI68H51Z133E, VAT: 09889740016, Email: lianamosca.office@gmail.com, Website: https://lianamosca.it
Data Protection Officer (DPO): Liana Mosca

The Data Controller guarantees that users' personal data are processed in accordance with the principles of lawfulness, correctness, transparency, accuracy, integrity, security and confidentiality, in compliance with the principle of accountability (Art. 5(2) GDPR).

General principles of processing

Processing complies with the principles of lawfulness, fairness, transparency, minimisation, accuracy, limitation of storage, integrity, confidentiality and accountability. The Controller shall take appropriate technical and organisational measures to prevent unauthorised access, alteration, destruction or dissemination of personal data.

Precautionary note: While not currently using advanced artificial intelligence tools or invasive biometric technologies, the Data Controller reserves the right to use automated tools and emerging technologies in the future, which will in any case be subject to specific supplementary information and subject to explicit consent, where required by current legislation.

Types of data processed

Navigation data

Information collected automatically by computer systems, such as: IP address, browser type, operating system, system log, user agent, timestamp, source and destination URL, interaction parameters.

Data provided voluntarily

Data transmitted by the user through contact forms, registration, comments, reviews, email or subscription to services: first name, last name, email address, contact details, username, messages, preferences, attachments.

Data collected through automated tools

Cookies, tags, pixels, scripts, SDKs, analytical and advertising tools, embedded content, chatbots, captcha, behavioural biometric technologies (e.g. mouse movement tracking, typing times), social plugins, automated profiling tools.

Nota cautelativa: Cautionary note: The site does not currently collect biometric data in the strict sense (e.g. facial or voice recognition), but may use anonymous behavioural metrics for user experience optimisation purposes. Any future development in this sense will be preceded by an informative update and request for consent.

Exclusion of liability for third-party tools: If, by means of plug-ins or embedded tools, data are processed by third parties that cannot be controlled directly by the Data Controller (e.g. social networks, external widgets), the liability relating to the independent processing carried out by them shall fall exclusively on the respective supplier, within the limits of the regulations in force.

Data for e-commerce purposes

Identification, fiscal and contractual data related to purchases, shipments, invoicing, after-sales service, order management and related requests.

Purposes of the processing

  • Provision of the requested services and functionalities
  • Response to requests and management of communications
  • Fulfilment of legal, tax and regulatory obligations
  • Management of orders, contracts and commercial transactions
  • Statistical analysis, security and fraud prevention
  • Direct marketing, sending newsletters, commercial promotion
  • Profiling, remarketing, behavioural advertising
  • Personalisation of content and suggestions

Algorithmic transparency note: Should tools based on artificial intelligence or automated decision-making processes with legal or significantly similar effects be activated in the future, the user will be informed in advance about the logic, the expected consequences, and the possibility of obtaining human intervention.

De-indexing and the right to be forgotten: In accordance with national and European jurisprudence, the user has the right to request the removal or de-indexing of content that concerns him or her, when it is obsolete, inaccurate or damaging to personal dignity, also by means of a specific request to the search engines or to the Owner.

Legal basis for processing

  • Express consent (art. 6, lett. a GDPR)
  • Execution of contractual or pre-contractual obligations (lett. b)
  • Fulfilment of legal obligations (lett. c)
  • Legitimate interest of the Data Controller or third parties (lett. f), within the limits of balancing with the fundamental rights and freedoms of the data subject
  • In the absence of consent, the data will not be processed for any further purposes

Further notice: Consent, where required, can never be considered validly given by means of pre-set check-boxes (opt-out): an explicit, free and informed act by the user (opt-in) is required.

Single acceptance mechanism of the information notice and cookies

In accordance with the technical configuration of this site, interaction with the initial banner constitutes full and unconditional acceptance of the entire information notice, without the possibility of selective options. The user who intends to browse the site, click on links, scroll through the pages or access the contents, expressly accepts what is set out in this extended information notice, without reservation, being aware that the continuation of browsing constitutes full consent even for future developments in compliance with the regulations. Users who do not wish to accept the conditions described above are invited to cease browsing immediately.

Processing methods and security

Data are processed by electronic means and, where necessary, on paper, adopting appropriate security measures (encryption, access control, backup, anti-intrusion systems). No fully automated decision-making processes producing legal or significantly similar effects are adopted, except with specific information and consent.

Advance notice: In anticipation of future technologies, the site undertakes to keep its security system up-to-date, adopting the latest international standards for personal data protection and compliance audits.

Retention periods

Personal data are retained for a period proportionate to the purposes for which they were collected and in any case for as long as necessary to ensure the fulfilment of legal, fiscal and contractual obligations. Data processed for promotional purposes are kept for a maximum of 24 months, unless consent is renewed. Data processed for contractual or tax purposes may be kept for up to 10 years in accordance with Art. 2220 of the Civil Code and tax provisions.

Data recipients

The data may be disclosed to duly authorised third parties, including:

  • Providers of digital services, hosting, CMS and WordPress plugins
  • Tax, accounting and legal consultants
  • Payment platforms and banking operators (e.g. Stripe, PayPal)
  • Providers of email marketing, CRM and statistical tracking systems
  • Social media and advertising platforms
  • Public authorities and judicial bodies, in fulfilment of legal obligations

Each third party is bound by contracts or equivalent legal acts governing its duties as Data Processor or Co-Processor, in accordance with Articles 26 and 28 of the GDPR.

Data transfer abroad

Personal data may only be transferred to third countries outside the European Economic Area (EEA) where the conditions set out in Articles 44-49 of the GDPR are met, including:

  • European Commission's adequacy decision
  • Standard Contractual Clauses (SCC)
  • Binding Corporate Rules (BCR)
  • Other appropriate safeguards recognised at European level

Such transfers will only take place to providers that guarantee an adequate level of protection.

Rights of the data subject

You may exercise at any time, with regard to your personal data, the rights provided for in Articles 15 et seq. of the GDPR:

  • Access to personal data
  • Rectification and updating
  • Deletion (right to be forgotten)
  • Limitation of processing
  • Opposition to processing, including automated processing
  • Portability of data
  • Revocation of consent previously given, without prejudice to the lawfulness of the processing carried out before the revocation
  • Complaint to the Italian Data Protection Authority

Jurisdiction and updates

For any dispute relating to the interpretation or application of this policy, or in any case related to the processing of personal data, the Court of the registered office of the Data Controller shall have exclusive jurisdiction. Users residing in the European Union may alternatively apply to the courts of their State of residence or domicile, pursuant to EU Regulation 1215/2012.

The Data Controller reserves the right to modify this policy at any time, in particular to adapt it to regulatory, technological or functional changes to the site. Any substantial modification will be communicated to the user via banner, email (if applicable) or public notice. The updated version will always be available on this page.

Document drafted in compliance with the highest national and European regulatory standards, in accordance with the principle of accountability and according to criteria of prevention, transparency and enhanced security.