Privacy Policy

Information on the processing of personal data pursuant to Art. 13 of Regulation (EU) 2016/679 (GDPR).

Dear User, AtWorkStudio S.r.l. processes personal data in compliance with Regulation (EU) 2016/679 ("GDPR") and applicable national legislation. This privacy notice applies exclusively to the website www.atworkstudio.it.

A. Categories of data

The data processed includes technical browsing data and data voluntarily provided by the user.

a. Automatically collected data

The IT systems operating the website automatically collect data whose transmission is implicit in the use of Internet protocols: IP addresses, domain names, URIs of requested resources, date and time of the request, HTTP method, response size, status code and parameters relating to the user's operating system and environment.

b. Data provided via the contact form

Completing the contact form on the website involves the collection of the name, email address and message content entered by the user. This data is processed to respond to the user's request and is also managed through a ticketing platform (Zendesk) to ensure traceability and proper handling of the request.

c. Data provided via email

Voluntarily sending emails to the addresses listed on the website involves the collection of the sender's address and any personal data contained in the communication.

d. Cookies

We are committed to not using profiling cookies, analytics cookies or third-party cookies. Only strictly necessary technical cookies may be used for the operation of the service. For this reason, the website does not require any cookie consent banner.

e. Analytics

The website uses Plausible Analytics, a privacy-first web analytics tool that is cookie-less and GDPR-compliant. Plausible does not collect personal data, does not track individual visitors and does not use persistent identifiers. Only aggregated, anonymous metrics are collected (pages visited, referrer, device, country) for the sole purpose of measuring site usage. No cookie consent banner is required. Data is processed on EU servers by Plausible Insights OÜ (Estonia).

f. Plug-ins and external tools

The website does not embed plug-ins, social buttons or external tracking tools. Some pages with interactive tools make calls to third-party services for their operation:

  • Online DIG(/dig): DNS queries are performed via Google's public resolver (dns.google). Google receives the visitor's IP address and the queried domain name. No data is stored on our servers.
  • Password Checker(/password-checker): the data breach check uses the Have I Been Pwned API with k-anonymity protocol. Only the first 5 characters of the SHA-1 hash of the password are sent — the password itself is never transmitted. The service receives the visitor's IP address. Strength analysis and password generation are performed entirely in the browser, with no external communication.

B. Data Controller

The Data Controller is AtWorkStudio S.r.l., with registered office at Corso Giuseppe Garibaldi 14, 29121 Piacenza (PC), Italy, VAT IT01356200335. You can contact the Controller via the contact form.

C. Source of personal data

Personal data is collected directly from the data subject during browsing, via the contact form on the website or via communications sent to the published email addresses.

D. Purpose and legal basis

Browsing data

Processed to ensure the technical operation of the website and the security of the infrastructure. Legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR).

Contact form and email data

Processed to respond to the data subject's requests. Legal basis: consent of the data subject (Art. 6(1)(a) GDPR) expressed by ticking the checkbox before submitting the form, and performance of pre-contractual measures (Art. 6(1)(b) GDPR).

E. Data recipients

Data may be processed by providers of technical services appointed as Data Processors pursuant to Art. 28 GDPR. Data is not disclosed or transferred to third parties. The main Data Processors are:

  • Microsoft Corporation— provider of the hosting platform (Azure Static Web Apps) and the CDN (Azure Front Door) on which the website is hosted. Microsoft processes technical browsing data (logs, IP addresses) as part of the service delivery.
  • Zendesk, Inc.— ticketing platform used to manage requests submitted via the contact form. Zendesk processes data exclusively on behalf of the Controller for the purpose of managing and tracking support requests.

F. Transfer to third countries

The website is hosted on Microsoft Azure Static Web Apps, a global service that distributes static content (HTML, CSS, images) via the Azure CDN (Azure Front Door). Static content and technical browsing data (logs, IP addresses) may be processed on Microsoft infrastructure nodes outside the European Union as part of the normal service delivery. Microsoft Corporation participates in the EU-U.S. Data Privacy Framework (DPF) and the contractual relationship is governed by the Microsoft Products and Services Data Protection Addendum, which includes the Standard Contractual Clauses (SCCs) approved by the European Commission.

With regard to the Zendesk ticketing platform, data provided via the contact form may be transferred to the United States. The transfer is based on Zendesk's participation in the EU-U.S. Data Privacy Framework (DPF), pursuant to the European Commission's adequacy decision of 10 July 2023, and the Standard Contractual Clauses (SCCs) provided for in Art. 46 GDPR.

The Controller has carried out a Transfer Impact Assessment (TIA) to evaluate the impact of the transfers described above. Documentation is available upon request.

G. Retention period

Technical browsing logs generated by the Azure infrastructure are retained for a maximum of 90 days, in accordance with Microsoft Azure's standard retention policies.

Data provided via the contact form or email is retained for the time necessary to respond to the request and, subsequently, within the limits provided by applicable law or for legal protection purposes.

H. Data subject rights

The data subject may exercise at any time the rights provided for by Articles 15 et seq. of the GDPR:

  • Right of access to personal data
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it)

To exercise your rights, please contact the Controller via the contact form.

I. Mandatory nature of data provision

The provision of browsing data is necessary for the operation of the website. The provision of data via the contact form is optional: failure to provide it will prevent us from responding to your request.

J. Processing methods

Personal data is processed using IT and electronic tools, adopting technical and organisational measures adequate to ensure a level of security appropriate to the risk, in compliance with Art. 32 GDPR. The Controller's management system is certified ISO/IEC 27001, 27017, 27018 and ISO 9001.

K. Updates

This privacy notice applies exclusively to the website www.atworkstudio.it. The Controller reserves the right to update it in the event of regulatory or technical changes. The latest version is always available on this page.

Last updated: 16 April 2026 (v17)