Privacy Policy
Privacy Policy
This privacy policy is provided pursuant to EU Regulation 2016/679 (GDPR) for those who consult the website https://www.nicfab.eu. Please note that this privacy policy applies only to this website and not to other websites that may be consulted by the user via links.
Data Controller
The “data controller” for the processing of data relating to identified or identifiable persons who access and browse this website is Nicola Fabiano (privacy [at] nicfab.eu).
Purpose and legal basis of processing
The processing of personal data resulting from consultation of the website is based on the following purposes and related legal bases:
| Aspect | 1. Navigation data (web server logs) | 2. Web analytics statistics (Matomo cookieless) | 3. Voluntary communications via email |
|---|---|---|---|
| Purpose | IT security, prevention of unauthorized access, detection of attack attempts, and monitoring of correct website functioning | Collection of aggregate statistics to understand website usage, improve user experience, and optimize content | Respond to requests sent spontaneously by the user via email |
| Legal basis | Art. 6, para. 1, lett. f) GDPR | Art. 6, para. 1, lett. f) GDPR | Art. 6, para. 1, lett. b) GDPR |
| Retention | Maximum 7 days (automatic deletion) | 12 months (in aggregate and anonymous form) | Time strictly necessary, no more than 30 days from the response |
Data processed
Navigation data
Access to this website and browsing within it occurs through the use of a web browser. The IT systems responsible for the operation of this website acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. Some data necessary for browsing the internet, by their very nature, could allow users to be identified through processing and associations with data held by third parties. In particular, this refers to IP addresses (anonymized) or domain names of computers used by users who connect to this website, addresses in URI (Uniform Resource Identifier) notation of requested resources, request time, browser type and operating system used, etc.
Such data are used solely for the purpose of obtaining anonymous statistical information on the use of the website, to check its correct functioning, and to ensure system security. Web server log data are kept for a maximum of 7 days, after which they are automatically deleted. The data could be used to ascertain responsibility in the event of computer crimes against the website, upon request of the Judicial Authority.
Data voluntarily provided by the user
The optional, explicit, and voluntary sending of email to the addresses indicated on this website entails the acquisition of the sender’s address, necessary to respond, as well as any other personal data contained in the message. Such data are processed exclusively to respond to sent messages and to fulfill any related requests. Failure to provide personal data for communications or to send any requests prevents their fulfillment. Data are kept for the period strictly necessary for the purposes for which they are processed, no more than 30 days from the response.
Cookies
This website does not use tracking, profiling, or advertising cookies.
The commenting system (Comentario), which is self-hosted on our servers within the European Union, may use a functional session cookie solely to manage user authentication when posting comments. This cookie is strictly necessary for the service requested by the user and is therefore exempt from the obligation to obtain prior consent under Art. 5, para. 3 of the ePrivacy Directive (2002/58/EC) and Art. 122 of the Italian Privacy Code (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018).
Web analytics are collected through Matomo in a completely cookieless configuration: no cookie or other information is stored on or read from the user’s device.
Managing cookies in browsers
Although this website does not install tracking cookies, users can verify and manage any cookies installed by other websites through their browser settings:
Cookies from external platforms
In case of sharing the contents of this website on social platforms, the collection and use of information by third parties unrelated to this site are governed by their respective privacy policies, which are referenced:
Matomo Web Analytics
This website uses Matomo to collect aggregate and anonymous browsing statistics (as specified in the purpose table).
Privacy-first configuration implemented
- ✓ Completely cookieless: no cookie or identifier is stored on the user’s device
- ✓ IP address anonymization (last 2 bytes masked, e.g. 192.168.xxx.xxx)
- ✓ Aggregate data not traceable to individual users
- ✓ No sharing with third parties
- ✓ Matomo server hosted in the European Union, self-hosted on our infrastructure
Since no cookie or other information is stored on or read from the user’s device, the collection of anonymous aggregate statistics does not fall within the scope of Art. 5, para. 3 of the ePrivacy Directive and does not require prior consent. The legal basis for this processing is the legitimate interest of the data controller (Art. 6, para. 1, lett. f) GDPR) in understanding website usage to improve content and user experience.
Privacy by Design
This website has adopted a privacy-first approach ensuring:
- ✓ No tracking cookies: web analytics operate in fully cookieless mode
- ✓ No consent banners required: since no information is stored on the user’s device, no ePrivacy consent is needed
- ✓ Strong anonymization: IP addresses masked, aggregate data only
- ✓ No profiling or advertising: no user profiles are created
- ✓ Total transparency: this policy describes the exact technical configuration in use
- ✓ Regulatory compliance: full adherence to GDPR, ePrivacy Directive, and Italian Privacy Code
- ✓ Minimization principle: only strictly necessary data is collected
Browsing statistics are collected through Matomo in cookieless configuration with strong anonymization, in full compliance with the principle of personal data minimization (Art. 5, para. 1, lett. c) of the GDPR).
Recipients
Personal data collected by this website as a result of consultation are not communicated to recipients or categories of recipients.
Personal data retention period
Data collected by the website are kept for the following periods:
- Web server logs: maximum 7 days, then automatic deletion
- Matomo analytics data: 12 months in aggregate and anonymous form
- Email requests: time strictly necessary to fulfill the request, no more than 30 days from the response
The retention periods comply with the principle of storage limitation (Art. 5, para. 1, lett. e) of the GDPR).
Transfer of data to non-EU countries
This website does not share data with services located outside the European Economic Area (EEA).
All servers and services used (hosting, Matomo analytics, commenting system) are located in the European Union, ensuring full compliance with GDPR provisions on international transfers.