Privacy Policy — Antonella Quacchia

1. Owner & Data Controller

Antonella Quacchia
Seidengasse 25/13
AT – 1070 Vienna, Austria
VAT: ATU78939605

Contact: antonella.quacchia@gmail.com

The Owner is responsible for determining the purposes and means of processing your personal data. For any privacy-related enquiry, please use the contact details above.

2. Types of Personal Data Collected

The Website collects the following categories of personal data:

Contact Data

First name, last name, and email address — provided voluntarily when you use the contact form.

Usage Data

Technical information automatically collected during your visit: IP address, browser type, operating system, pages visited, referring URL, timestamps.

Trackers

Cookies and similar technologies used to make the Website function correctly and to deliver third-party services (e.g. web fonts). See our Cookie Policy for details.

Unless stated otherwise, all fields in the contact form are mandatory. Failure to provide them may make it impossible to respond to your enquiry. Usage Data is collected automatically and cannot be withheld without disabling your browser's network access.

3. Legal Basis for Processing

Under Article 6 of the GDPR, we process your personal data on the following legal grounds:

Consent (Art. 6(1)(a) GDPR) — where you have freely given specific, informed consent (e.g. optional cookies).
Contract performance (Art. 6(1)(b) GDPR) — to respond to your enquiry or fulfil a pre-contractual request.
Legitimate interests (Art. 6(1)(f) GDPR) — for security, fraud prevention, and technical operation of the Website. Our legitimate interests do not override your fundamental rights and freedoms.
Legal obligation (Art. 6(1)(c) GDPR) — where we are required to process data by applicable law.

We will always indicate the specific legal basis in the relevant section below. You may request clarification at any time by contacting us.

4. Purposes of Processing

Personal data is collected and processed for the following purposes:

Responding to contact enquiries — processing messages sent through the contact form.
Delivering the Website — ensuring pages render correctly, including loading web fonts via Google Fonts.
Security & fraud prevention — detecting malicious or fraudulent access to the Website.
Legal compliance — complying with applicable legal obligations including data protection law.

5. Detailed Information on Services Used

Contact Form

First-party Legal basis: Contract / Legitimate interests

By filling in and submitting the contact form, you voluntarily provide your name and email address so we can respond to your enquiry. This data is transmitted securely and stored only as long as necessary to process your request.

Personal data processed: First name, last name, email address, and any information included in your message.
Retention: Deleted once the correspondence has concluded and no further legal obligation requires retention.
Recipients: Owner only. Email may be processed by our email service provider as a data processor acting on our instructions.

Google Fonts

Third-party (Google LLC) Legal basis: Legitimate interests

This Website loads web fonts from the Google Fonts service operated by Google LLC. When a page loads, your browser requests the font files from Google's servers. This causes Google to receive your IP address and browser/device information as part of the standard HTTP request.

Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Personal data processed: IP address, Usage Data (browser type, request data).
Data transfer: Data may be transferred to the United States. Google LLC is certified under the EU–US Data Privacy Framework, providing an adequate level of protection under Art. 45 GDPR.
Privacy policy: policies.google.com/privacy

6. Data Sharing & Third Parties

We do not sell, trade, or rent your personal data. Personal data may be shared only in the following limited circumstances:

Service providers (Data Processors): Third-party providers who assist in operating the Website (e.g. web hosting, email delivery) and who are contractually bound to process data only on our instructions and in accordance with GDPR.
Legal requirements: We may disclose data to competent authorities or courts where required by law or to defend legal claims.
Business transfers: If ownership of the Website changes, personal data may be transferred as part of the transaction, subject to equivalent privacy protections.

Where third parties act as independent data controllers (such as Google LLC for Google Fonts), their processing is governed by their own privacy policies.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, and no longer than required by law:

Contact enquiry data: Retained for the duration of the correspondence and deleted thereafter, unless a longer retention period is required by Austrian civil or commercial law (typically 7 years for business correspondence with legal relevance).
Usage Data / server logs: Typically retained for up to 90 days for security and operational purposes, then deleted or anonymised.
Consent records: Retained for the period required to demonstrate compliance (typically 3 years from the last interaction).

After the applicable retention period has expired, personal data is securely deleted or anonymised such that it can no longer be attributed to an identifiable individual. Rights relating to access, rectification, erasure and portability cannot be exercised in respect of data that has already been anonymised.

8. International Data Transfers

The Website is operated from Austria (European Union). In the ordinary course of providing services, personal data may be transferred to servers or service providers located outside the European Economic Area (EEA), including to the United States.

Any such transfer is carried out with appropriate safeguards in place, including:

Adequacy decision (Art. 45 GDPR): Where the European Commission has determined that the recipient country provides an adequate level of protection.
EU–US Data Privacy Framework: Applies to Google LLC (Google Fonts).
Standard Contractual Clauses (Art. 46(2)(c) GDPR): Where adequacy decisions do not apply, we rely on the European Commission's approved standard contractual clauses.

You may request further information on the safeguards applicable to any transfer by contacting us.

9. Your Rights under GDPR

As a data subject in the European Union, you have the following rights under the General Data Protection Regulation (Regulation (EU) 2016/679):

Right of access (Art. 15 GDPR)
You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of it along with information on the processing.
Right to rectification (Art. 16 GDPR)
You have the right to request the correction of inaccurate personal data and to have incomplete data completed.
Right to erasure / "right to be forgotten" (Art. 17 GDPR)
You have the right to request deletion of your personal data where, among other grounds, the data is no longer necessary for the purposes for which it was collected, or you withdraw consent.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request that we restrict processing of your data in certain circumstances, for example while the accuracy of data is contested.
Right to data portability (Art. 20 GDPR)
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to object (Art. 21 GDPR)
You have the right to object at any time to processing based on legitimate interests. If you object, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms.
Right to withdraw consent (Art. 7(3) GDPR)
Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
Right to lodge a complaint
You have the right to lodge a complaint with the competent supervisory authority. In Austria, this is the Datenschutzbehörde:
Barichgasse 40–42, 1030 Vienna · dsb.gv.at · dsb@dsb.gv.at

How to exercise your rights

To exercise any of the rights above, please contact us at antonella.quacchia@gmail.com. Requests are free of charge. We will respond within one month of receipt, or inform you of any extension up to a maximum of three months where the request is complex or numerous. We may need to verify your identity before processing your request.

10. Cookie Policy

This Website uses cookies and similar technologies. For complete information on what cookies are used, their purpose, and how to manage your preferences, please read our dedicated Cookie Policy.

11. Changes to this Policy

We reserve the right to update this Privacy Policy at any time. Changes will be published on this page with an updated "Last updated" date. Where changes are material, we will endeavour to notify Users by a prominent notice on the Website or by email where we hold your contact details.

We recommend checking this page periodically. Continued use of the Website after changes are published constitutes acceptance of the revised policy.

12. Definitions & Legal References

Personal Data: Any information relating to an identified or identifiable natural person ("data subject") — an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
Usage Data: Data collected automatically through use of the Website, including IP addresses, URI addresses, the time of the request, the method used to submit the request, the size of the file received in response, the numerical code indicating the status of the server's answer, the country of origin, browser and operating system, time spent per page, and path followed within the Website.
User: Any natural person using the Website.
Data Subject: The natural person to whom Personal Data refers.
Data Processor: A natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller, as described in this Privacy Policy.
Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data — here, Antonella Quacchia.
This Application / Website: The means by which Personal Data is collected and processed: antonella-quacchia.com.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Cookie: A small piece of data stored in the User's device (browser) and sent back to the Website on subsequent visits. Used for session management, preferences and analytics.