Privacy Policy

Effective Date: 4th of June 2025

This Privacy Policy describes how personal data is collected, used, stored, disclosed and transferred when you interact with nicolafriuli.com (the "Site").

1. Data Controller

I, Nicola Friuli, serve as the Data Controller for this Site and take your privacy very seriously. Your trust is fundamental to me, and I am committed to handling your personal data with the utmost care, transparency, and respect.

Name:: Nicola Friuli
Email:: hello@nicolafriuli.com
P. IVA:: IT03929140543

If you ever have questions, concerns, or simply wish to learn more about how your data is used, please do not hesitate to reach out.

2. Data I Collect

The information that I collect depends on your interactions with the Site, the choices that you make, your location, and applicable laws. I may collect or receive information directly from you, such as your name and email address when you or your organisation send an enquiry. In other cases, I receive information through your use of my service providers, such as IP address and telemetry data.

2.1. Enquiry Data

Personal data you voluntarily provide when contacting me and exploring potential collaboration.

How do I collect this data?: Voluntarily submitted by you via the Site’s contact form or by e-mail.
Purposes of Processing:: To read, record and respond to your enquiries, and to evaluate any request for professional services.
Legal Bases for Processing:: Consent, Performance of a Contract, Legitimate Interests.

2.2. Service Generated Data

Technical metadata produced by hosting and security infrastructure to protect the Site’s operation.

How do I collect this data?: Automatically captured by the hosting provider of the Site.
Purposes of Processing:: To detect and block abusive or excessive requests, enforce rate limits, and ensure service availability and integrity.
Legal Bases for Processing:: Legitimate Interests.

2.3. Telemetry Data

Anonymised statistical and telemetry information as well as aggregated, de-identified information about how you use my Site.

How do I collect this data?: Automatically captured by Cloudflare Web Analytics.
Purposes of Processing:: To measure audience size, analyse user behaviour trends, and optimise the Site’s content and performance. Site performance optimisation, Capacity and resource planning.
Legal Bases for Processing:: Legitimate Interests.

3. Data Security

I use reasonable and appropriate administrative, technical, and physical safeguards designed to protect the data that I have about you from unauthorised or unlawful access, use, modification, destruction, loss, alteration and/or disclosure.

I require third parties acting on my behalf or with whom I disclose your information to provide security measures in accordance with industry standards and in compliance with contractual obligations, their privacy and security obligations, and any other appropriate confidentiality and security measures. I am not responsible for the privacy and security practices of such third parties outside of the information I receive from or disclose to them.

4. Data Retention

I retain your data for the minimum necessary period to fulfil my legal and contractual obligations, develop my Site, resolve disputes and enforce my rights, for legitimate business purposes.

When I no longer have an ongoing legitimate business need to process your data, I will either delete or anonymise it. When I choose to anonymise information, I strive to make sure that the information cannot be linked back to you or any specific user. If deletion is not possible (e.g., backups), I will store it securely.

5. Data Disclosure

I disclose data as necessary to provide the Site, as required by law, or as part of my business practices. I only disclose data on a need-to-know basis where appropriate safeguards and contractual arrangements are in place and as described below.

5.1. Third-Party Service Providers

I may disclose your personal data with third-party service providers that require access to information to support operations and delivery of my Site and Services. The third parties that I disclose your data with may include:

Professional services advisors to protect and manage my business interests.
Cloud providers to provide data hosting, data storage and content delivery network services.
Billing and payment providers to authorise, record, settle and clear transactions.
Customer support providers to respond and resolve Customer inquiries and support requests.
Security, abuse, and fraud service providers to monitor and protect the Services and Customers from illegal, deceptive, or malicious activity.
Domain registrars, registries and other domain name service providers for the purposes of domain registration and listing via the WHOIS protocol.
Corporate and information technology services to facilitate business operations and communications.
Analytics companies to review and report on my marketing activities and services.
Any other suppliers, sub-contractors, partners, vendors, and other service providers acting on my behalf.

5.2. Legal or Public Authorities

I may disclose your personal data when:

It is reasonably necessary to comply with any applicable law or regulation;
I am required by law to comply or respond to any court order, legal process, government and/or regulatory request;
Necessary to enforce agreements and this Privacy Policy;
Necessary to protect the security or integrity of my Site and Services;
Necessary to protect against harm to the rights, property, or safety of Nicola Friuli, its agents and affiliates, you, or the public as required or permitted by law; or
Necessary to respond to an emergency which I believe in good faith requires me to disclose information to assist in preventing the death or serious bodily injury of any person.

5.3. Any Other Party with Your Consent

I may disclose your personal data with other parties only if you have given explicit consent.

6. Your Privacy Rights

Depending on where you are located, you may have certain rights in connection with your personal data that I obtain.

6.1. EEA and UK

EEA and UK Data Privacy Laws grant individuals certain rights in connection with the personal data that I collect, as described below.

Right of Access:: You have the right to request access and receive certain information about how I use your personal data and with whom I share it.
Right to Rectification:: You have the right to request correction of your personal data where it is inaccurate or incomplete.
Right to Data Portability:: You have the right to request a copy of your personal data in a structured, machine-readable format and to ask me to share this data with another entity.
Right to Erasure:: You have the right to request deletion of your personal data:
Where you believe that it is no longer necessary for me to hold your personal data;

Where I am processing your personal data based on legitimate interests and you object to such processing and I cannot demonstrate an overriding legitimate ground for the processing;

Where you have provided your personal data to me with your consent and you wish to withdraw your consent and there is no other ground under which I can process your personal data; or

Where you believe your personal data is being unlawfully processed by me.
Right to Restriction of Processing:: You have the right to ask me to stop any active processing of your personal data:
Where you believe your personal data is inaccurate and while I verify accuracy;

Where I want to erase your personal data as the processing is unlawful, but you want me to continue to store it;

Where I no longer need your personal data for processing, but you require me to retain the data for the establishment, exercise, or defence of legal claims; or

Where you have objected to the processing your personal data based on my legitimate interests and I am considering your objection.
Right to Object:: You can object to the processing of your personal data based on my legitimate interests. I will no longer process your personal data unless I can demonstrate an overriding legitimate purpose.
Objection to Marketing, Automated Decision Making, and Profiling:: You have the right to object to the processing of your personal data for marketing communications, automated decision making and profiling. I will stop processing your personal data for that purpose.
Right to Withdraw Consent:: You have the right to withdraw consent where you have provided your consent for me to process your personal data.

6.2. United States

US Data Privacy Laws grant individuals certain rights in connection with the personal data that I collect, as described below.

Right to Access:: You have the right to request access and receive certain data that I have collected about you.
Right to Know:: You have the right to know the categories and specific pieces of your personal data I have collected in the previous 12 months.
Right to Rectify or Update:: You have the right to request correction of your personal data where it is inaccurate or incomplete.
Right to Delete or Limit:: You have the right to request that I delete or limit the processing of your personal data.
Right to Object:: You have the right to object to the processing of your personal data as allowed by applicable laws.
Right to Withdraw Consent:: You have the right to withdraw consent where you have provided your consent for me to process your personal data.
Right to Request Information:: You have the right to request information about the collection, sale, and disclosure of your personal data from the previous 12 months.
Right to Opt-out of the Sale of Information:: You have the right to opt-out of the sale of personal data I have collected about you.
Right to Opt-out of the Sharing of Information for Cross-contextual Advertising Purposes:: You have the right to opt out of sharing data for cross-contextual advertising purposes.
Right to Non-Discrimination:: You have the right to not receive discriminatory treatment for exercising any of your rights. I do not treat anyone differently for exercising any of the rights described above.
Right to Data Portability:: You have the right to request a copy of your personal data in a structured, commonly-used, machine-readable format to facilitate the transfer to another company when technically feasible.

7. Minimum Age

The Site is intended for a professional audience and is not directed or intended for use by individuals under the age of 18. I do not knowingly collect personal data from anyone under the age of 18. If you are a parent or guardian and you become aware that your child has provided me with personal data, please contact me for immediate deletion.

8. Changes to the Privacy Policy

I may update the Privacy Policy to reflect changes in practices or legal requirements. I encourage you to review this page whenever you interact with the Site to stay informed.

9. Contact Me

For any questions about privacy or to exercise your rights, please email me at hello@nicolafriuli.com.