Privacy Policy

1. Data Controller and Contact Information

The data controller for personal data is:

EVIZE Studio by Lorenzo Mercugliano (hereinafter "EVIZE Studio", "we" or "the Controller")

Website: evizestudio.com

Email: [email protected]

Phone: +39 366 596 130

No Data Protection Officer (DPO) has been appointed. For any questions regarding the processing of personal data, please contact us using the details above.

2. Purposes of Processing

EVIZE Studio processes personal data collected through the website evizestudio.com for the following purposes:

• Responding to enquiries submitted through the contact form on the website.
• Providing information about the services offered (advertising campaign creation and product imagery).
• Ensuring the proper technical operation and security of the website.

3. Scope of Application

This privacy policy applies to all individuals who visit the website evizestudio.com and/or interact with EVIZE Studio through the contact form. The website does not require user registration or account creation.

4. Personal Data Collected

4.1 Data Voluntarily Provided by the User

Through the contact form on the website, the user may voluntarily provide the following personal data:

• First and last name
• Email address

Submitting the contact form is a voluntary action. The data entered in the form is sent directly via email to the Controller and is not stored in any database, server or storage system on the website. The only copy of the data resides in the Controller's email inbox.

4.2 Data Collected Automatically by the Infrastructure

The website is hosted on Cloudflare Pages and uses Cloudflare Workers for server-side logic and Cloudflare R2 for storing the website's images. Firebase (Google LLC) is used as a database for website content (text, service descriptions, portfolio) and does not collect or store any personal data from users.

As part of normal operations, Cloudflare may automatically collect technical data such as IP address, browser type, operating system and access logs for network security and performance purposes.

4.3 Data Collected by Third-Party Services (Embeds)

The website may embed content from third-party services such as YouTube, Vimeo, Meta (Instagram/Facebook) and TikTok in order to showcase work produced by EVIZE Studio or content developed for clients and published by them. These embeds are not used for advertising or marketing purposes.

Embeds are blocked by default and are only loaded after the user has given consent through the cookie management banner (Cookiebot). If the user does not consent to non-essential cookies, the embeds are not displayed and no data is transmitted to third-party services.

5. Legal Basis for Processing

The processing of personal data is based on the following legal grounds, pursuant to Article 6 of Regulation (EU) 2016/679 (GDPR):

• Consent (Art. 6.1.a): for the activation of non-essential cookies and the loading of third-party embed content.
• Legitimate interest (Art. 6.1.f): for the technical operation of the website and platform security.

The submission of the contact form by the user constitutes a voluntary action expressing the wish to be contacted; the processing of the data provided is therefore based on the performance of pre-contractual measures taken at the request of the data subject (Art. 6.1.b).

6. Data Storage and Protection

6.1 Hosting Infrastructure

The website evizestudio.com is hosted on Cloudflare Pages, with server-side logic managed by Cloudflare Workers. Images and visual assets are stored on Cloudflare R2 (object storage). Cloudflare's servers are distributed globally via its CDN network, with nodes also located in the European Union. Cloudflare is GDPR-compliant and adheres to the EU-US Data Privacy Framework.

6.2 Content Database

Firebase (Google LLC) is used exclusively as a database for website content (text, service descriptions, portfolio). Firebase does not collect or store any personal data from website users. The Firebase servers used are located in the European Union (europe-west region).

6.3 Contact Form Data

Personal data provided through the contact form (first name, last name, email) is sent directly via email to the Controller at the time of submission and is not saved on any database or storage system on the website. Storage occurs exclusively in the Controller's email inbox.

Data is retained for the time strictly necessary to respond to the user's request and, subsequently, for the period required by any applicable legal obligations.

7. Third-Party Service Providers

The following third-party services are integrated into the website. Embed services (YouTube, Vimeo, Meta, TikTok) only collect data after the user consents to non-essential cookies via Cookiebot. Embeds are used solely to display content created by EVIZE Studio or developed for clients, and not for advertising purposes.

Cloudflare (Pages, Workers, R2)

Provider: Cloudflare Inc.

Purpose: Website hosting, server-side logic, image storage, security and CDN.

Data collected: IP address, device ID, operating system and version, access logs.

Privacy Policy: cloudflare.com/privacypolicy

Firebase

Provider: Google LLC

Purpose: Database for website content (no user personal data).

Data collected: No personal data from users.

Privacy Policy: firebase.google.com/support/privacy

Cookiebot

Provider: Usercentrics A/S

Purpose: Cookie consent management.

Data collected: IP address (anonymised), consent given, date and time of consent.

Privacy Policy: cookiebot.com/en/privacy-policy

YouTube

Provider: Google Ireland Ltd.

Purpose: Displaying studio and client content (only with cookie consent).

Data collected: Device ID, IP address, operating system and version, browser and language, interaction logs.

Privacy Policy: business.safety.google/privacy

Vimeo

Provider: Vimeo.com, Inc.

Purpose: Displaying studio and client content (only with cookie consent).

Data collected: Address and city, device ID, IP address, operating system and version, browser and language, browser fingerprint, approximate IP-based location, interaction logs.

Privacy Policy: vimeo.com/privacy

Meta (Instagram / Facebook)

Provider: Meta Platforms Ireland Ltd.

Purpose: Displaying studio and client content (only with cookie consent).

Data collected: Device ID, IP address, browser and language, operating system and version, browser fingerprint, approximate IP-based location, interaction logs, third-party cookies.

Privacy Policy: facebook.com/privacy/explanation

TikTok

Provider: TikTok Technology Ltd.

Purpose: Displaying studio and client content (only with cookie consent).

Data collected: Device ID, IP address, browser and language, operating system and version, approximate IP-based location, interaction logs, third-party cookies.

Privacy Policy: tiktok.com/legal/privacy-policy

Data sharing with third-party providers is carried out under the protection of Data Processing Agreements (DPAs) that ensure compliance with the GDPR and applicable regulations.

8. Data Subject Rights

Under the GDPR, users have the following rights regarding their personal data:

• Right of access (Art. 15): request access to your personal data and information about how it is processed.
• Right to rectification (Art. 16): request the correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): request the deletion of data when it is no longer necessary.
• Right to restriction (Art. 18): request the restriction of processing under certain conditions.
• Right to data portability (Art. 20): receive your data in a structured, commonly used and machine-readable format.
• Right to object (Art. 21): object to the processing of your data.
• Right to withdraw consent (Art. 7.3): withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to lodge a complaint (Art. 77): lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

To exercise your rights, contact: [email protected] or +39 366 596 130. We will respond within 30 days as required by applicable law.

9. Cookies and Tracking Technologies

The website evizestudio.com uses cookies and tracking technologies. Consent management is handled by Cookiebot (Usercentrics A/S), a platform compliant with the GDPR and the ePrivacy Directive.

Types of Cookies

• Essential cookies: required for the basic operation of the website (security, navigation, Cookiebot consent management). Do not require consent.
• Performance and analytics cookies: collect anonymous information about website usage to improve performance. Require consent.
• Functional cookies: enable advanced personalisation and preference storage. Require consent.
• Third-party cookies (embeds): set by embedded services (YouTube, Vimeo, Meta, TikTok) when the user consents to their display. Require consent.

Consent Management

On the first visit, the website automatically displays the Cookiebot banner which allows users to: accept all cookies, reject non-essential cookies, or customise preferences by category.

Users can change their preferences at any time via the Cookiebot icon located in the bottom-left corner of every page. If non-essential cookies are rejected, third-party embed content will not be visible and no data will be transmitted to the respective providers.

10. Marketing and Communications

EVIZE Studio does not use data collected through the website for direct marketing purposes. We do not send newsletters, promotional emails or unsolicited commercial communications. The embed content on the website (Instagram, Facebook, YouTube, Vimeo, TikTok) is used exclusively to showcase work produced by the studio or content developed for clients, and not for advertising or profiling purposes.

11. Data Breach Notification Procedures

In the event of a data breach that poses a risk to the rights and freedoms of data subjects, EVIZE Studio has established GDPR-compliant procedures:

• Supervisory authority: notification within 72 hours of becoming aware of the breach, as required by Art. 33 of the GDPR.
• Data subjects: notification without undue delay where the breach is likely to result in a high risk to the rights and freedoms of natural persons (Art. 34 GDPR).

To report a concern: [email protected] or +39 366 596 130.

12. Updates and Changes

This privacy policy may be updated periodically to reflect regulatory changes or developments in the Controller's activities. In the event of significant changes, we will inform users via a notice on the website, indicating the effective date of the updated policy.

13. Contact

For any questions about this privacy policy:

• Email: [email protected]
• Phone: +39 366 596 130
• Website: evizestudio.com