Vai al contenuto principale

Privacy Policy

PURSUANT TO REGULATION (EU) 2016/679 ("GDPR") ARTICLES 13 AND 14

Last updated: January 20, 2026

This document ("Privacy Notice") provides information regarding the processing of data that you provide or that is otherwise available to our organization. This Privacy Notice is provided pursuant to EU Regulation 679/2016 ("GDPR") and subsequent national adaptation provisions.

1. Identity and Contact Details of the Data Controller

The Data Controller, pursuant to Articles 4 and 24 of EU Regulation 2016/679, is:

HackBit S.r.l. (Single-Member Company)
Via Enrico Berlinguer, 3
86100 - Campobasso (CB)
Italy
VAT Number: IT01938540703
Phone: +39 0874/1621772
Email: [email protected]
Certified Email (PEC): [email protected]

2. Data Protection Officer (DPO)

The Data Controller does not carry out activities that require the mandatory appointment of a Data Protection Officer pursuant to Article 37 of the GDPR.

3. Purposes and Legal Basis of Processing

Personal Data provided will be processed in compliance with the lawfulness conditions under Article 6 of EU Regulation 2016/679 for the purposes indicated below. Processing will be carried out in automated and manual form, using methods and tools designed to ensure maximum security and confidentiality.

3.1 Website Navigation

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)
Purpose: Activities strictly necessary for the operation of the website and the provision of the navigation service.
Retention period: Duration of the browsing session. For cookies, see the Cookie Policy.

3.2 Contact Form Submission

Legal basis: Performance of pre-contractual measures at the request of the data subject (Art. 6(1)(b) GDPR)
Purpose: To respond to requests for information and quotes submitted through the contact form.
Data collected: First name, last name, email, phone (optional), company (optional), message.
Retention period: 24 months from collection or until the request is concluded.

3.3 Statistical Analysis (Google Analytics)

Legal basis: Consent of the data subject (Art. 6(1)(a) GDPR)
Purpose: Analysis of website usage to improve user experience and content.
Data collected: Anonymized browsing data, pages visited, time spent, device used, geographic origin (country/region level).
Retention period: 14 months.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy Policy: policies.google.com/privacy

3.4 Anti-Spam Protection (Cloudflare Turnstile)

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)
Purpose: Protection of the contact form from automated abuse (bots and spam).
Data collected: Technical browsing data for human interaction verification.
Retention period: Duration of the session.
Provider: Cloudflare, Inc. (EU Representative: Cloudflare Portugal, Unipessoal Lda., Largo Rafael Bordalo Pinheiro 29, 1200-369 Lisbon, Portugal).
Privacy Policy: cloudflare.com/privacypolicy

3.5 Cookie Consent Management (Cookiebot)

Legal basis: Legal obligation (Art. 6(1)(c) GDPR)
Purpose: Management and documentation of cookie-related consents.
Retention period: 12 months.
Provider: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.
Privacy Policy: cookiebot.com/privacy-policy

4. Nature of Data Provision and Refusal

Except as specified for navigation data (necessary to allow website browsing), the user is free to provide their personal data. Providing data in the contact form is optional, but failure to provide it will make it impossible to respond to the request.

5. Categories of Personal Data Processed

5.1 Navigation Data

The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category includes:

  • IP addresses
  • Domain names of computers used
  • URI/URL addresses of requested resources
  • Date and time of the request
  • Method used to submit the request
  • Size of the response file
  • Parameters related to the user's operating system and computing environment

5.2 Data Voluntarily Provided by the User

Completing the contact form involves the acquisition of the following data:

  • First and last name
  • Email address
  • Phone number (optional)
  • Company name (optional)
  • Message/request

6. Recipients and Categories of Recipients

Personal data will not be disclosed. They may be communicated to:

  • Collaborators of the Data Controller, as persons authorized to process data
  • Service providers for information system management and hosting (Cloudflare, Google)
  • Professionals and consultants within the scope of their assignment
  • Public authorities, where required by law

7. Transfer of Data Abroad

Personal data is not transferred outside the European Union. The third-party service providers used are based in the European Union:

  • Google Ireland Limited (Ireland)
  • Cloudflare Portugal, Unipessoal Lda. (Portugal)
  • Usercentrics A/S - Cookiebot (Denmark)

8. Data Processing Methods

Personal Data processing will be carried out using manual, computerized, or telematic tools, suitable to guarantee security and confidentiality. There is no automated decision-making process.

Security measures adopted:

  • Encryption of communications (HTTPS/TLS)
  • Anti-spam protection with Cloudflare Turnstile
  • Periodic backups
  • Access control

8.1 Defense in Court

The User's Personal Data may be used by the Data Controller in court or in the preparatory stages of its possible establishment for defense against abuse in the use of this website or related services.

8.2 Response to "Do Not Track" Requests

This website supports "Do Not Track" requests. You can also manage cookie preferences through the consent management banner.

9. Data Subject Rights

Pursuant to Articles 15-22 of the GDPR, the data subject has the right to:

  • Access (Art. 15): obtain confirmation of processing and access to their data
  • Rectification (Art. 16): obtain correction of inaccurate data
  • Erasure (Art. 17): obtain deletion of data ("right to be forgotten")
  • Restriction (Art. 18): obtain restriction of processing
  • Portability (Art. 20): receive data in a structured and readable format
  • Objection (Art. 21): object to processing based on legitimate interest
  • Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of processing based on consent given before withdrawal

The above rights may be exercised by written request to:

The Data Controller will respond within one month of receiving the request. The deadline may be extended by two months in case of complex requests.

10. Right to Lodge a Complaint

The data subject has the right to lodge a complaint with the Italian Data Protection Authority if they believe that the processing of their data violates the GDPR.

Garante per la Protezione dei Dati Personali
Piazza Venezia, 11 - 00187 Rome, Italy
www.garanteprivacy.it

11. Changes to the Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time, informing Users on this page. Please check this page regularly, referring to the last update date indicated above.

12. Regulatory References

  • EU Regulation 2016/679 (GDPR)
  • Italian Legislative Decree 196/2003 (Italian Privacy Code) and subsequent amendments
  • Italian Legislative Decree 101/2018 (GDPR Adaptation)
  • Provisions of the Italian Data Protection Authority