Privacy Policy
Last updated: 1 May 2026
1. Data Controller
Garnebo, Via Respighi 16, 40033 Casalecchio di Reno (BO), Italy — P.IVA IT04239601208
Contact: info@garnebo.com
2. What data we collect and why
| Activity | Data collected | Legal basis | Retention |
|---|---|---|---|
| Quote request form | Full name, phone, email, property address, estimated area (m²), description of works, preferred contact method, preferred language | Art. 6(1)(b) GDPR — pre-contractual measures | Email inbox up to 24 months. CloudWatch logs auto-deleted after 30 days. |
| Analytics (GA4) | Anonymised usage data (pages visited, session duration, referral source). IP addresses anonymised before storage. | Art. 6(1)(a) GDPR — consent via cookie banner | 14 months (Google). Processing only after cookie consent. |
| WhatsApp / email contact | Name, phone or email, message content | Art. 6(1)(b) GDPR — pre-contractual measures | Duration of business relationship, deleted on request. |
We do not use your data for automated profiling, direct marketing, or sale to third parties.
3. Sub-processors
| Processor | Service | Location | DPA |
|---|---|---|---|
| Amazon Web Services EMEA SARL | API Gateway, Lambda compute, SES email delivery, CloudWatch logging | eu-central-1 (Frankfurt, Germany — EU) | aws.amazon.com/agreement |
| Google LLC | Google Analytics 4 (anonymised analytics) | USA (Standard Contractual Clauses apply) | business.safety.google/adsprocessorterms |
All processors are contractually bound to process your data only on our instructions and in compliance with GDPR.
4. Your rights (Art. 15–22 GDPR)
Under GDPR Articles 15–22 you have the right to: access your data, rectify it, have it erased, restrict processing, receive it in a portable format, object to processing, and withdraw consent for analytics cookies via the cookie banner at any time without affecting prior processing.
To exercise any right email info@garnebo.com. We will respond within 30 days.
5. Supervisory authority
You have the right to lodge a complaint with the Italian supervisory authority:
Garante per la Protezione dei Dati Personali
Piazza Venezia 11, 00187 Roma — www.garanteprivacy.it
6. Changes to this policy
We may update this policy when our services or legal obligations change. Material changes will be communicated via a notice on the website. The "Last updated" date at the top reflects the current version.