Privacy & Cookie Policy

Last updated: March 22, 2026

This policy describes how personal data of users visiting www.alessandro-dandrea.com (hereinafter, "the Website") is processed, and outlines the tracking technologies (cookies) in use.

1. Data Controller

Lievito di Alessandro D'Andrea
Viale Salvador Allende 13, 40064 Ozzano dell'Emilia (BO), Italy
VAT: IT04167081209
Email: alessandro.b.dandrea@gmail.com

2. Personal Data Collected

2.1 Data collected automatically

While browsing the Website, the following data is collected automatically through integrated third-party services:

IP address
Usage data (pages visited, session duration, interactions)
Browser and operating system information
Approximate geolocation data (city, metropolitan area, region, country)
Tracking tools (technical cookies)

2.2 Data provided voluntarily by the user

No data is collected through contact forms or registrations. Any data communicated via email by the user will be processed solely to respond to the request.

3. Purposes of Processing

Personal data is processed for the following purposes:

Traffic optimization and distribution: ensuring adequate performance and content delivery via CDN (Cloudflare).
Spam and bot protection: filtering malicious traffic and protecting the Website from automated attacks (Cloudflare Bot Management).
Compliance with legal obligations: retaining data where required by applicable law.

4. Third-Party Services

Cloudflare (CDN and traffic optimization)

Provider: Cloudflare, Inc. — United States
Cloudflare filters the Website's traffic to optimize performance and content distribution. Personal data processed includes tracking tools and usage data.

Cloudflare Privacy Policy

Cloudflare Bot Management (anti-bot protection)

Provider: Cloudflare, Inc. — United States
A service for detecting and managing malicious bots. It analyzes Website traffic to filter automated requests.

Data processed: usage data, device and browser information, geolocation data, page interactions.

5. Cookies and Tracking Technologies

5.1 What are cookies

Cookies are small text files stored on the user's device by websites. They allow the site to function properly and to collect information about browsing activity.

5.2 Cookies used by the Website

This Website uses only strictly necessary technical cookies for its operation, managed by Cloudflare. No profiling, marketing, or analytics cookies are used.

Cookie	Provider	Purpose	Duration
`_cfuvid`	Cloudflare	Visitor identification for bot management	Session
`cf_clearance`	Cloudflare	Security challenge clearance verification	30 minutes

5.3 How to manage cookies

You can control and delete cookies through your browser settings:

Blocking technical cookies may impair the proper functioning of the Website.

6. Legal Basis for Processing

The processing of personal data is based on the following legal grounds under the GDPR (EU Regulation 2016/679):

Legitimate interest (Art. 6.1.f): traffic optimization and bot protection.
Legal obligation (Art. 6.1.c): compliance with regulatory requirements.
Consent (Art. 6.1.a): where applicable for specific purposes.

7. Data Transfers

Personal data may be transferred to the United States through Cloudflare, Inc. services. Such transfers are carried out in compliance with GDPR safeguards, including Standard Contractual Clauses (SCCs) and supplementary measures adopted by the provider.

8. Data Retention

Personal data is retained only for the time strictly necessary to fulfill the purposes for which it was collected. Technical cookies have the durations specified in the table in Section 5.2. Once the retention period expires, data is deleted or anonymized.

9. User Rights

Under the GDPR, users have the right to:

Access: obtain confirmation of processing and access to their data.
Rectification: request correction of inaccurate or incomplete data.
Erasure: request deletion of personal data ("right to be forgotten").
Restriction: obtain restriction of processing in certain cases.
Portability: receive their data in a structured format and transfer it to another controller.
Objection: object to processing based on legitimate interest.
Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of prior processing.
Complaint: lodge a complaint with the Italian Data Protection Authority (Garante).

To exercise your rights, write to: alessandro.b.dandrea@gmail.com

The Data Controller will respond within 30 days of receiving the request.

10. Information for Users in Switzerland

Under the Swiss Federal Act on Data Protection (FADP), users in Switzerland enjoy the following additional rights:

Right to access personal data.
Right to object to processing, including requesting restriction, erasure, or prohibition of disclosure to third parties.
Right to data portability.
Right to rectification of inaccurate data.

11. Information for Users in Brazil

Under the LGPD (Lei Geral de Proteção de Dados), users in Brazil have the right to:

Obtain confirmation of processing and access their data.
Request rectification, anonymization, blocking, or deletion of data.
Obtain data portability.
Withdraw consent at any time.
Lodge a complaint with the ANPD (National Data Protection Authority).

Requests will be answered within 15 days.

12. Information for Users in the United States

This section applies to residents of: California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Maryland, Minnesota, and Montana.

Under applicable state privacy laws, users may:

Know and access their personal data.
Request correction of inaccurate data.
Request deletion of personal data.
Obtain a copy of their data.
Opt out of the sale of personal data.
Not be discriminated against for exercising their rights.

Users in California: right to opt out of sharing data for cross-context behavioral advertising and to request limitation of the use of sensitive personal information.

Requests will be answered within 45 days.

13. Data Security

The Data Controller implements appropriate technical and organizational security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data. Processing is carried out using electronic tools with procedures strictly related to the stated purposes.

14. Changes to This Policy

The Data Controller reserves the right to amend this policy at any time. The updated version will be published on this page with the date of the last update. In case of substantial changes, users will be informed accordingly.

15. Definitions

Personal Data: any information that, directly or indirectly, identifies or makes identifiable a natural person.
Usage Data: information collected automatically during browsing (IP address, URI, timestamp, browser, operating system, pages visited).
Cookie: small text files stored in the user's browser.
Tracking Tool: any technology (cookies, web beacons, scripts, fingerprinting) that enables the collection of information on the user's device.
Data Controller: the natural or legal person who determines the purposes and means of personal data processing.
Data Processor: the natural or legal person who processes personal data on behalf of the Data Controller.

16. Contact

For any questions regarding this policy or the processing of personal data:

Lievito di Alessandro D'Andrea
Viale Salvador Allende 13, 40064 Ozzano dell'Emilia (BO), Italy
Email: alessandro.b.dandrea@gmail.com