Privacy & GDPR
Privacy Policy
Last updated: May 31, 2026 — Italian version: /privacy
This privacy notice describes how personal data is processed for users visiting performadigital.it and/or purchasing products and services from Performa Digital, in accordance with the EU General Data Protection Regulation (Regulation EU 2016/679 — GDPR) and the Italian Personal Data Protection Code (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018).
1. Data controller
The data controller is DFM Digital Solutions S.R.L.S. (trading as “Performa Digital”), with registered office in Modena (MO), Italy, VAT number IT04233950361.
For any request regarding the processing of personal data, contact the controller at info@performadigital.it.
2. Personal data collected
Depending on the interaction, the following categories of data may be collected:
- Navigation data: IP address, browser type, operating system, pages visited, date and time, referrer. Automatically collected by servers and technical cookies.
- Data submitted via contact form: name, email, optional company, phone, message and selected interests. Voluntarily provided by the user.
- Purchase data: first name, last name, email, billing address, VAT or tax code, payment data (handled entirely by Stripe, see § 6). Provided for contract performance and tax compliance.
- AI chat data: messages sent to the virtual assistant and corresponding replies, stored in aggregate form for service improvement.
- Analytics & marketing cookies (with consent): pseudonymized identifiers for traffic measurement and ad conversion. Details in Cookie Policy.
3. Purposes and legal bases
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Site delivery and technical operation | Legitimate interest (Art. 6(1)(f)) |
| Reply to enquiries via contact form | Pre-contractual measures at user’s request (Art. 6(1)(b)) |
| Performance of purchase contract and invoicing | Contract performance (Art. 6(1)(b)) and legal tax obligations (Art. 6(1)(c)) |
| Transactional emails (plugin delivery, support) | Contract performance (Art. 6(1)(b)) |
| Aggregate traffic statistics (Google Analytics) | Consent (Art. 6(1)(a)) |
| Ad conversion measurement | Consent (Art. 6(1)(a)) |
4. Processing methods
Data is processed by electronic means with appropriate technical and organisational measures to ensure security and confidentiality. No automated decision-making or profiling producing legal effects on the data subject is carried out.
5. Data retention
- Navigation data: up to 14 months (Google Analytics default).
- Contact form submissions: 24 months from receipt, unless they evolve into a contractual relationship.
- Purchase and invoicing data: 10 years, as required by Italian tax retention obligations.
- Payment webhook logs: 90 days in Vercel technical logs.
6. Recipients and external processors
Data may be shared with the following providers, appointed as processors under Art. 28 GDPR:
- Vercel Inc. (USA) — hosting, edge functions, logs. Vercel privacy policy
- Stripe Payments Europe Ltd. (Ireland) — payments, invoicing, anti-fraud. Stripe privacy policy
- Resend Inc. (USA) — transactional emails. Resend privacy policy
- Google Ireland Ltd. (Ireland) — Google Analytics 4, Tag Manager, Ads. Google privacy policy
- Anthropic PBC (USA) — generative AI models powering the assistant chat (via Vercel AI Gateway). Anthropic privacy policy
7. Transfer of data outside the EU
Some providers are established in the United States. Data transfers are carried out on the basis of the Standard Contractual Clauses approved by the European Commission (Decision 2021/914) and, where available, adherence to the EU-US Data Privacy Framework (EU adequacy decision of July 10, 2023).
8. Data subject rights
Under Articles 15-22 GDPR, the user has the right to:
- obtain confirmation of the existence of personal data concerning them and access such data;
- request rectification or erasure;
- obtain restriction of processing;
- object to processing based on legitimate interest or for marketing purposes;
- receive data in a structured format (portability);
- withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal;
- lodge a complaint with the Italian Data Protection Authority.
To exercise these rights, send a request to info@performadigital.it with the subject “GDPR Request”. We will respond within 30 days.
9. Cookies
For details on types, purposes and duration of cookies used, see the Cookie Policy.
10. Changes
This notice may be updated. The date of the last update is shown at the top. Material changes will be notified by email to registered customers. Periodic review is recommended.
This notice has been drafted in line with guidelines from the Italian Data Protection Authority and the European Data Protection Board (EDPB). It does not replace specific legal advice.