Privacy & Cookie Policy
This notice is provided under Articles 13 and 14 of Regulation (EU) 2016/679 ("GDPR"), of Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (the "Italian Privacy Code"), and of the Guidelines of the Italian Data Protection Authority (Garante per la protezione dei dati personali) of 10 June 2021 on cookies and other tracking tools.
1. Data Controller
The Data Controller is Amedeo Greco, acting as an independent professional under the trading name Amedeo Greco Filmmaker (hereinafter the "Controller").
Contact email: info@amedeogreco.com
Website: https://amedeogreco.com
VAT number: 03600610780
A Data Protection Officer (DPO) has not been appointed, as the requirements of Article 37 GDPR do not apply.
2. Categories of personal data processed
The Controller processes the following categories of personal data:
Contact data submitted through forms: name, email address, organisation (if any), and the free-text content of your message. Completing the form is optional: providing this data is only necessary if you intend to send your enquiry.
Browsing data: information automatically transmitted by internet protocols (IP address, user agent, pages visited, timestamps). Such data is processed in a minimised form and only for as long as necessary.
Data collected via technical cookies: session preferences, cookie-notice acknowledgement status, selected language. See section 9.
The site does not process special categories of personal data under Article 9 GDPR, nor judicial data under Article 10 GDPR. Please refrain from entering such data voluntarily into the free-text fields of the form.
3. Purposes of processing and legal basis
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Responding to enquiries submitted through the contact form | Letter (b), pre-contractual measures |
| Complying with legal obligations (e.g. tax, accounting) connected to any contractual relationship | Letter (c), legal obligation |
| Ensuring site security and preventing fraud or abuse (technical logs, anti-spam) | Letter (f), legitimate interest of the Controller |
| Installing technical and functional cookies | Article 122 of Italian Legislative Decree 196/2003, no consent required |
The Controller does not carry out marketing, profiling or newsletter activities using the data collected through the site. No profiling cookies or third-party tracking tools for advertising purposes are used.
4. How data is processed
Data is processed using electronic tools, with technical and organisational measures appropriate to the risk under Articles 25 and 32 GDPR: TLS encryption in transit, access controls, audit logging, periodic backups, and the principle of data minimisation. Data is not subject to automated decision-making or profiling under Article 22 GDPR.
5. Retention periods
Contact form data: up to 24 months from the last meaningful contact, after which it is deleted or anonymised unless a different legal obligation applies.
Browsing logs: up to 30 days, except for extended retention required to investigate IT offences (Art. 132 of Italian Legislative Decree 196/2003).
Data linked to any contractual relationship: 10 years from termination, in line with civil and tax obligations (Art. 2220 of the Italian Civil Code and Art. 22 of Presidential Decree 600/1973).
Technical cookies and preferences: see section 9 for details.
6. Recipients of the data
Data may be shared, strictly to the extent necessary, with the following categories of recipients, appointed as Data Processors under Article 28 GDPR where applicable:
Hosting and cloud infrastructure providers located within the European Economic Area (EEA).
Email and SMTP service providers.
Appointed professionals (tax advisors, lawyers) limited to compliance purposes.
Judicial and supervisory authorities, where required by law.
Data is not disseminated nor transferred to third parties for commercial purposes.
7. Transfers of data outside the EEA
The site embeds third-party video players (YouTube, operated by Google Ireland Limited; Vimeo, operated by Vimeo Inc.). These players are loaded only after the user explicitly clicks the video preview: until that point, no data is transmitted to the providers. By clicking the player, you accept that your browsing data (IP, device identifiers, any provider cookies) may be processed by these companies, including in countries outside the EEA (in particular the United States), in accordance with their respective privacy notices. For transfers to the United States, the providers have joined the EU-US Data Privacy Framework approved by the European Commission’s adequacy decision of 10 July 2023 (C(2023) 4745).
YouTube/Google privacy policy: https://policies.google.com/privacy
Vimeo privacy policy: https://vimeo.com/privacy
8. Your rights
You may exercise the rights granted by Articles 15 to 22 GDPR at any time, including in particular:
Access (Art. 15): obtain confirmation of processing and a copy of your personal data.
Rectification (Art. 16): correct inaccurate data or complete incomplete data.
Erasure (Art. 17, the "right to be forgotten").
Restriction of processing (Art. 18).
Portability (Art. 20): receive your data in a structured, commonly used and machine-readable format.
Objection to processing based on legitimate interest (Art. 21).
Withdrawal of consent at any time, without affecting the lawfulness of processing carried out before the withdrawal (Art. 7(3)).
To exercise these rights, send a written request to info@amedeogreco.com. The Controller will respond without undue delay and in any event within 30 days of receipt, extendable by a further 60 days in cases of particular complexity (Art. 12(3) GDPR).
You also have the right to lodge a complaint with the Italian Data Protection Authority (Art. 77 GDPR; www.garanteprivacy.it) or to seek judicial remedy (Art. 79 GDPR).
9. Cookie policy
This site uses only cookies and similar technologies that qualify as technical under Article 122 of Italian Legislative Decree 196/2003 and the Italian Data Protection Authority’s Guidelines of 10 June 2021:
| Cookie | Purpose | Duration | Consent |
|---|---|---|---|
amedeogreco_privacy_notice_seen | Stores acknowledgement of the cookie notice | 12 months | Not required |
NEXT_LOCALE | Stores the language selected by the user | Session | Not required |
| NextAuth session cookies | Restricted area only: authentication of the logged-in user | Session | Not required |
No profiling cookies, third-party analytics, marketing or advertising-tracking technologies are installed. Any cookies set by third-party video players are activated only after an explicit click on the player and are subject to the providers’ own notices (see section 7).
You can manage or disable cookies through your browser settings; disabling technical cookies may impair the proper functioning of the site.
The site also uses sessionStorage in your browser (keys sa.nav.*) to temporarily store the previous in-app navigation route during your session. This storage is cleared automatically when the tab is closed, is not shared with third parties, and serves a strictly functional purpose (providing context for messages submitted through the contact form). It does not require consent under Article 122 of Italian Legislative Decree 196/2003 nor under the Italian Data Protection Authority’s Guidelines of 10 June 2021.
10. Data security
The Controller adopts technical and organisational security measures appropriate to the risk (Art. 32 GDPR), including: end-to-end TLS 1.2+ transport, password hashing (bcrypt), rate limiting on public APIs, audit logs of operations, and encrypted periodic backups. In the event of a personal data breach, the Controller will issue the notifications required by Articles 33 and 34 GDPR.
11. Changes to this notice
The Controller reserves the right to amend this notice to reflect new legal, organisational or technological requirements. Updated versions will be published on this page; for material changes, a notice banner will be displayed.
Last updated: 30 May 2026.