Privacy Policy

• Papaip OÜ
• Registered address: Sepapaja tn 6, 15551 Tallinn, Estonia
• Registry code: 17048933
• VAT code: EE102767306
• Data Protection contact: fabrizio@fabrizioscoglio.com

Contact form: name, company, email, website (optional), and message content.

Newsletter: email address.

Automatically collected via server logs: IP address, browser user-agent, referring URL, timestamp of visit.

Analytics (only if you accept analytics cookies): pseudonymised identifiers, pages visited, events, device category, and approximate location derived from IP (the full IP is not stored by Google Analytics 4).

• Responding to contact inquiries — Art. 6(1)(b) GDPR: performance of a contract or pre-contract measures.
• Sending newsletter emails — Art. 6(1)(a) GDPR: consent, which can be withdrawn at any time.
• Measuring Site usage via analytics — Art. 6(1)(a) GDPR: consent collected via the cookie banner.
• Maintaining security and preventing abuse — Art. 6(1)(f) GDPR: legitimate interest.
• Meeting legal, accounting, and tax obligations — Art. 6(1)(c) GDPR: legal obligation.

We rely on the following processors under Art. 28 GDPR:

• Vercel Inc. — website hosting (United States; EU-US Data Privacy Framework).
• Cloudflare, Inc. — CDN and edge routing (United States; Standard Contractual Clauses).
• Resend, Inc. — transactional email for contact form and newsletter (United States; Standard Contractual Clauses — Resend is not certified under the EU-US Data Privacy Framework).
• Google Ireland Limited — Google Analytics 4 (EU data centre; onward transfers to the US covered by the EU-US Data Privacy Framework).
• Consently (consently.net) — cookie consent management.

We do not sell personal data and we do not share data with third parties for their own marketing purposes.

Some processors are located outside the European Economic Area, primarily in the United States. Transfers rely on the EU-US Data Privacy Framework where the processor is certified, or on Standard Contractual Clauses approved by the European Commission.

• Contact form submissions: 24 months from the last contact, then deleted.
• Newsletter subscribers: until the user unsubscribes.
• Server logs: up to 30 days.
• Analytics data: 14 months (Google Analytics 4 default).
• Accounting and tax records: for the period required by Estonian law (currently 7 years).

Under GDPR you have the right to:

• Access your personal data (Art. 15).
• Correct inaccurate data (Art. 16).
• Request erasure (Art. 17).
• Restrict processing (Art. 18).
• Data portability (Art. 20).
• Object to processing based on legitimate interest (Art. 21).
• Withdraw consent at any time, without affecting prior processing.

To exercise any right, email fabrizio@fabrizioscoglio.com. We respond within one month.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI), Tatari 39, 10134 Tallinn — www.aki.ee.

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

The Site is not directed to children under 16 and we do not knowingly collect personal data from minors.

We may update this policy to reflect changes in our services or applicable law. The "Last updated" date at the top reflects the most recent revision.