Back to home

Privacy Policy

Last updated: March 10, 2026

1. Data Controller

The Data Controller is Attila&Co., Via Guerrazzi 1, 20145 Milan (Italy). Privacy contact: attila@attila.it.

2. Scope

This notice explains how personal data are processed through attila.it, including institutional pages, legal pages, and restricted-area access features.

3. Types of data processed

Processed personal data may include:

  • technical and navigation data (e.g., IP address, technical logs, browser/device data);
  • data voluntarily provided by users (e.g., emails sent to addresses shown on the site);
  • data required for restricted-area login and management (e.g., login email, credentials, session tokens);
  • technical browsing preferences (e.g., language stored in the browser);
  • information related to cookie-consent management through a dedicated CMP platform.

4. Purposes and legal bases

Data are processed for:

  • technical operation and IT security of the site (legal basis: legitimate interest);
  • handling requests received by email or contact channels (legal basis: pre-contractual measures or legitimate interest);
  • login, authentication, and protection of the restricted area (legal basis: contract performance or pre-contractual measures);
  • compliance with legal obligations (legal basis: legal obligation);
  • cookie-preference and consent-proof management, where required (legal basis: legal obligation and/or consent).

Providing technical data required for site operation is necessary. For consent-based processing, consent can always be withdrawn.

5. Processing methods

Data are processed with IT tools and appropriate technical and organizational safeguards. No automated profiling with legal or similarly significant effects under Art. 22 GDPR is carried out.

6. Recipients and third-party services actually used

For site operation, data may be processed by external providers, including:

  • infrastructure and hosting providers;
  • CookieYes (cookie consent management): Privacy Policy;
  • jsDelivr (CDN for technical libraries): Privacy Policy.

7. Extra-EEA transfers

Some technical providers may process data outside the EEA. Appropriate GDPR safeguards are applied (e.g., Standard Contractual Clauses).

8. Retention period

Data are retained only as long as necessary. In particular:

  • technical logs and data: for periods proportionate to security, monitoring, and operations;
  • restricted-area data: for the duration of the relationship and session/security technical timelines;
  • data related to user requests: for the time needed to respond;
  • cookie consent evidence: according to legal obligations and CMP retention settings.

9. Data subject rights

Data subjects may exercise rights under Arts. 15-22 GDPR: access, rectification, erasure, restriction, objection, portability, and withdrawal of consent. You may also lodge a complaint with the Italian supervisory authority (www.garanteprivacy.it).

10. Minors

The website is not intentionally directed to children under 14.

11. Google Analytics

The website uses Google Analytics for statistical purposes, in accordance with user preferences expressed through the CMP.

12. Changes to this notice

This notice may be updated at any time. Updates are published on this page with the last-update date.

13. Contacts

For any privacy-related request: attila@attila.it.

Accessibility statement

This website has been designed to make digital content accessible to the widest possible audience, in line with WCAG 2.1 Level AA.

Feedback and contacts

attila@attila.it

Updates
  • Last updated: 13/03/2026