Privacy Policy

Transparency and personal data protection

Last updated: December 21, 2025

1. Data Controller

The data controller is DevelopingIdeas APS (Social Promotion Association), located at Piazza Degasperi 14, 38051 Borgo Valsugana (TN), Italy.

Email: [email protected]

2. Types of Data Collected

This website and related services collect and process the following categories of personal data:

2.1 Navigation Data

  • IP Address and technical information (browser type, operating system, screen resolution)
  • Pages visited, date and time of access, visit duration
  • Automatically collected data by web servers for proper site functioning

2.2 Voluntarily Provided Data (Contact Form)

Through the contact form on the site, users can provide:

  • Full name
  • Email address
  • Message subject
  • Message content

2.3 Data Collected via Google reCAPTCHA v3

To protect the contact form from spam and abuse, we use Google reCAPTCHA v3, which collects:

  • IP address
  • Browser and device information
  • Site interaction data (mouse movements, clicks)
  • Google cookies

This data is transmitted to Google LLC for spam risk analysis. Privacy Policy di Google

2.4 Data Collected via AI Assistant

The AI assistant (chatbot) is a service managed by DevelopingIdeas APS that collects:

  • Questions and messages sent by the user
  • Conversation history during the session
  • Session technical data (session ID, timestamps)

Conversations are processed via OpenAI API. Data sent to OpenAI is not used for model training.

2.5 Cookies

The site uses exclusively:

  • Technical cookies: necessary for site functioning and cookie consent management
  • Google reCAPTCHA cookies: necessary for anti-spam protection

We do not use profiling cookies, advertising cookies or analytics cookies.

3. Purposes and Legal Basis of Processing

FinalitàBase giuridica
Respond to requests submitted via contact formPerformance of pre-contractual measures (Art. 6(1)(b) GDPR)
Protection from spam and abuse (reCAPTCHA)Legitimate interest of the controller (Art. 6(1)(f) GDPR)
Provide AI assistant serviceUser consent (Art. 6(1)(a) GDPR)
Ensure proper site functioningLegitimate interest of the controller (Art. 6(1)(f) GDPR)
Comply with legal obligationsLegal obligation (Art. 6(1)(c) GDPR)

4. Data Processors and Recipients

To provide our services, we use the following external data processors:

  • Resend (Plus Five Five, Inc.) - Email sending service for contact form. Location: San Francisco, California (USA). Collects: sender/recipient email, message content. Security measures: TLS encryption, PCI-DSS compliance for payments. Retention: until account deletion or user request (Privacy Policy)
  • Google LLC - Anti-spam protection via reCAPTCHA v3. Location: Mountain View, California (USA). Collects: IP address, site interactions, device/browser data, cookies. Purpose: fraud and abuse detection, service security. International transfers: USA protected by EU-US Data Privacy Framework and Standard Contractual Clauses. Retention: variable according to purposes, some data deletable by user via Google Account. (Privacy Policy)
  • OpenAI - AI inference via API. EU Controller: OpenAI Ireland Limited, Dublin. Collects: chatbot conversations, user content, account data (if applicable). API content is not used for model training. Retention: only for the time necessary for service. (Privacy Policy)
  • Vercel Inc. - Website hosting and infrastructure. Location: Covina, California (USA). Collects: IP address, access logs, device information, performance metrics. International transfers: USA protected by EU-US Data Privacy Framework and Standard Contractual Clauses. Retention: until service termination or according to technical/legal needs. Security measures: data encryption in transit, access controls, security monitoring. (Privacy Policy)

5. Data Retention

Personal data is retained for the time necessary for the purposes for which it was collected. Specifically:

  • Contact form: received messages are retained without predefined time limits, unless explicit deletion request from the data subject
  • Navigation logs: retained for technical and security needs, without predefined time limits
  • Chatbot conversations: retained without predefined time limits, unless explicit deletion request from the data subject
  • Consent cookies: 12 months

Users can request deletion of their personal data at any time by exercising the right to erasure (Art. 17 GDPR).

6. Data Subject Rights

In accordance with Articles 15-22 of GDPR, users have the right to:

  • Access: obtain confirmation of the existence of their data and receive a copy
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of data (right to be forgotten)
  • Restriction: restrict processing in certain circumstances
  • Portability: receive their data in a structured, machine-readable format
  • Objection: object to processing for legitimate reasons
  • Consent withdrawal: withdraw consent at any time
  • Complaint: file a complaint with the Data Protection Authority

To exercise these rights, send a request to: [email protected]

7. Data Security

DevelopingIdeas APS adopts appropriate technical and organizational measures to protect personal data from unauthorized access, loss, destruction or accidental disclosure, including:

  • Communication encryption (HTTPS/TLS)
  • Anti-spam protection with reCAPTCHA
  • Limited data access to authorized personnel only
  • Regular data backups

8. Privacy Policy Changes

DevelopingIdeas APS reserves the right to modify or update this privacy policy. Changes will be published on this page with indication of the last update date. We recommend checking this page periodically.

9. Contact

For any questions, clarifications or requests regarding personal data processing and this policy, contact:

DevelopingIdeas APS
Piazza Degasperi 14
38051 Borgo Valsugana (TN), Italy
Email: [email protected]

Italian Data Protection Authority
Sito web: www.garanteprivacy.it