Skip to main content

Privacy Policy

Last updated: March 13, 2026

Privacy Policy on the processing of personal data
Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR)

1. Data Controller

Mediterranea Design Studio Via Crispi, 14 — Cava de' Tirreni (SA), Italy

VAT No.: 06352430653

Email: info@mediterraneadesign.com

Phone: +39 331 805 7009

2. Personal Data Collected

The website collects personal data exclusively in the following cases:
a) Contact Form

When the user fills out the contact form, the following data is collected:

- First and last name (required)
- Email address (required)
- Phone number (optional)
- Subject of the request (required)
- Message (required)
- URL of the page from which the form is submitted

b) Newsletter Subscription
When the user subscribes to the newsletter, the following is collected:

- Email address (required)

c) Browsing data
During normal browsing, the servers hosting the site may automatically record:

- IP address
- Browser type and operating system
- Date and time of the request
- Pages visited

This data is used exclusively to ensure the technical functioning of the site and is stored in the server logs for the strictly necessary time.

d) Data collected via analytics and marketing cookies
With the user’s consent, data is collected via Google Analytics and Google Ads regarding:
- Browsing behavior (pages visited, session duration, navigation paths)
- Geographic location (anonymized)
- Device, browser, and operating system used
- Interactions with advertising campaigns (clicks, conversions)

For more details, please refer to the Cookie Policy.

3. Purposes and Legal Basis for Processing
The personal data collected is processed for the following purposes:
Responding to requests submitted via the contact form
Legal basis: consent of the data subject (Art. 6(1)(a) of the GDPR).
Sending the newsletter
Legal basis: consent of the data subject (Art. 6, para. 1, letter a) of the GDPR).
Statistical analysis of web traffic
Legal basis: consent of the data subject (Art. 6, para. 1, letter a) of the GDPR), expressed via the cookie banner.
Marketing and advertising conversion tracking
Legal basis: consent of the data subject (Art. 6(1)(a) of the GDPR), expressed via the cookie banner.
Technical operation of the website and security
Legal basis: legitimate interest of the Data Controller (Art. 6(1)(f) of the GDPR).

Providing data for the contact form and the newsletter is optional. However, failure to provide data marked as mandatory will make it impossible to process the request or complete the subscription.

4. Methods of Processing
Personal data is processed using electronic tools and according to procedures strictly related to the purposes indicated. Appropriate technical and organizational security measures are in place to protect the data from unauthorized access, loss, destruction, or alteration.

The data is not subject to automated decision-making processes or profiling.

5. Disclosure and Transfer of Data
Personal data may be disclosed to the following third parties, who act as Data Processors pursuant to Article 28 of the GDPR:

Vercel Inc. — Website hosting and distribution. Headquarters: United States. Safeguards: EU-US Data Privacy Framework and Standard Contractual Clauses.
Brevo (Sendinblue) — Newsletter management. Location: France (EU). No transfers outside the EU.
Supabase Inc. — Infrastructure and content storage. Location: United States. Safeguards: EU-US Data Privacy Framework and Standard Contractual Clauses.
Google LLC — Traffic analytics (Google Analytics) and advertising conversion tracking (Google Ads), via Google Tag Manager. Location: United States. Safeguards: EU-US Data Privacy Framework and Standard Contractual Clauses. Privacy Policy: https://policies.google.com/privacy

Under no circumstances are data sold, transferred, or disclosed to third parties for marketing purposes.

6. Retention Period
- Contact form data — Retained for as long as necessary to process the request and, thereafter, for up to 12 months.
- Newsletter data (email) — Retained until the user unsubscribes.
- Server access logs — In accordance with the hosting provider’s policies (up to 30 days).
- Google Analytics data — Retained for a maximum of 26 months (Google Analytics default setting).
- Google Ads data — Retained in accordance with Google’s policies (maximum 90 days for conversion cookies).

7. Rights of the Data Subject
As a data subject, you have the right to:

- Access (Art. 15 GDPR): obtain confirmation of whether your data is being processed and access your data
- Rectification (Art. 16 GDPR): have inaccurate or incomplete data corrected
- Erasure (Art. 17 GDPR): to have your data erased, where the conditions apply
- Restriction (Art. 18 GDPR): to have processing restricted
- Data Portability (Art. 20 GDPR): to receive your data in a structured, machine-readable format
- Objection (Art. 21 GDPR): object to the processing of your data
- Withdrawal of consent: withdraw your consent at any time, without affecting the lawfulness of processing based on consent given prior to withdrawal

To exercise your rights, you may submit a request to:
info@mediterraneadesign.com

You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

8. Cookies
For information on the use of cookies, please consult the Cookie Policy.

9. Changes to this Privacy Policy
The Data Controller reserves the right to make changes to this policy at any time. Changes will be published on this page with an indication of the date of the last update.