(pursuant to EU Regulation 2016/679 "GDPR" and current Italian legislation)
Last updated: May 28, 2025
This policy describes how the personal data of users who visit the website ivancristina.com (hereinafter "Site") or interact with the Data Controller through the indicated contact channels or other Google Workspace tools are processed. The Data Controller, established in Italy (European Union), applies the protections provided by Regulation (EU) 2016/679 (hereinafter "GDPR") to all processing of personal data carried out, including those relating to data subjects located outside the European Union.
Ivan Cristina Sole Proprietorship (Ditta individuale) Via Imperatore Federico 118, 90143 Palermo (PA), Italy VAT Number (Partita IVA): 07056530822 Email address for privacy-related matters: privacy@ivancristina.com
A. Data processed during Site Navigation
Data processed by the Google Sites platform: This Site is hosted on the Google Sites platform. The platform itself, provided by Google LLC, automatically collects minimal technical information necessary for its operation and security during navigation (e.g., portions of IP addresses, browser type, technical logs). This data is managed by Google LLC as the platform provider and independent Controller, according to its own privacy policies.
Data processed via Web Security and Optimization Services (Cloudflare): This Site uses services provided by Cloudflare, Inc. ("Cloudflare") to enhance security, performance (via CDN - Content Delivery Network), and reliability, and for DNS management. When you visit this Site, Cloudflare may process on behalf of the Controller data such as: visitor IP addresses, HTTP/S request logs (including URLs, user agent, referrer, timestamps), DNS query data, information on security threats and filtered traffic (e.g., from WAF or anti-DDoS systems), and data collected by specific cookies set by Cloudflare for security and operational purposes.
B. Data Voluntarily Provided by the User (via Google Workspace)
When a user voluntarily contacts the Controller outside of this Site (e.g., by sending an email to the published @ivancristina.com addresses), the personal data provided (e.g., name, email, content) is processed by the Controller Ivan Cristina using tools from the Google Workspace suite:
Gmail: for managing email.
Google Drive and Google Docs/Sheets/Slides: for storing and managing documents. (Note: Google Calendar is not used for appointments with external users; Google Forms are not used on the Site).
A. For data processed by the Google Sites platform (point 2.A, first bullet):
Purpose: Ensuring technical operation and security of the Site (Google's processing).
Legal Basis: Legitimate interest of the provider (Google LLC) and the Site Controller (Art. 6.1.f GDPR); for Google's independent processing, refer to its policies.
B. For data processed via Cloudflare (point 2.A, second bullet):
Purposes:
To protect the Site from cyber threats (DDoS attacks, malicious traffic, bots).
To optimize Site performance and accelerate content loading (CDN).
To provide reliable DNS services.
Legal Basis (for the Controller): Legitimate interest (Art. 6.1.f GDPR) to ensure the security, integrity, availability, and performance of the website.
Controller's Declaration: It is confirmed that this website (ivancristina.com) does not implement or directly use additional tools for traffic analysis (other than those potentially provided by Cloudflare and described herein, cookies other than essential technical ones from Google Sites and functional/security cookies from Cloudflare (described in the Cookie Policy), nor does it embed other third-party services (e.g., maps, videos, social plugins).
C. For data voluntarily provided via Google Workspace (point 2.B):
Purposes: To respond to requests, manage communications, provide services, comply with contractual/legal obligations, protect rights.
Legal Basis: Performance of pre-contractual measures/contract (Art. 6.1.b), Legal obligation (Art. 6.1.c), Legitimate interest (Art. 6.1.f).
Google Sites Data: Processed electronically by Google LLC.
Cloudflare Data: Visitor data is processed through Cloudflare's global network. Cloudflare acts as a Data Processor on behalf of the Controller for this data, in accordance with the Data Processing Addendum (DPA). Cloudflare may also process some aggregated/operational data as an independent Controller (see their policies).
Google Workspace Data: Processed by the Controller using Google Workspace (Gmail, Drive, Docs). Google LLC acts as the Data Processor (Google Workspace DPA).
Smart Features: Workspace services used (including Gmail) have active smart features (e.g., Smart Compose) that process content to provide these functionalities, according to Google's policies.
Google Sites and Cloudflare Data: Retained by Google LLC and Cloudflare, Inc. according to their respective policies and DPAs (for data processed as Processors).
Google Workspace Data: For non-contractual requests: time needed for response/follow-up (e.g., 12-24 months). For contracts: 10 years for legal/tax obligations (Italian law).
Google Vault: The Controller uses Google Vault for archiving/eDiscovery/legal retention of Workspace data, which may thus be retained longer for legal compliance or rights protection.
Recipients:
Google LLC (for Google Sites and Google Workspace, as provider and Processor).
Cloudflare, Inc. (for security and CDN services, as Processor).
Other parties if required by law or specifically authorized Processors (e.g., accountant).
Workspace Data Region: Primary Workspace data is stored "at rest" in Europe (EEA).
Transfers Outside EEA:
Google Workspace and Cloudflare: For global operations, data may be processed/transferred outside the EEA (especially to the USA). Such transfers are based on GDPR safeguards (e.g., Standard Contractual Clauses - SCCs, supplemented by additional measures). Refer to Google's and Cloudflare's documentation.
Data subjects can exercise their rights (Art. 15-22 GDPR) by sending a request (Italian or English) to privacy@ivancristina.com. Complaints to the Italian DPA (www.gpdp.it). (Detailed text of rights unchanged from the previous draft, but the user should be aware that for data processed by Cloudflare as a Processor, the exercise of rights is through the Controller).
The Data Controller reserves the right to make changes to this privacy policy. Please consult this page regularly, referring to the date of the last update.
Personal Data: Any information relating to an identified or identifiable natural person.
Data Subject: The natural person to whom the Personal Data refer (the user).
Data Controller: Ivan Cristina, who determines the purposes and means of processing.
Data Processor: Who processes personal data on behalf of the Controller (e.g., Google for Workspace, Cloudflare for CDN/security services).
Processing: Any operation on personal data (collection, storage, use, etc.).
GDPR: Regulation (EU) 2016/679.
Cookie: Small text files stored on the user's device.
EEA: European Economic Area (EU + Iceland, Liechtenstein, Norway).
SCC: Standard Contractual Clauses for data transfers outside the EEA.
Google Vault: Google Workspace service for eDiscovery and archiving.
CDN (Content Delivery Network): A geographically distributed network of servers to speed up the delivery of web content.