Privacy Policy

The data controller (Titolare del trattamento) under Article 4(7) of Regulation (EU) 2016/679 (GDPR) is:

Matthew John Gavioli, trading as This Edition
Sestiere Santa Croce 664A, 30135 Venezia (VE), Italy
VAT (P.IVA): 04669450274
Tax code (Codice Fiscale): GVLMTH83H06Z700O
PEC: thisedition@pec.it
Email: matt@thisedition.co

No Data Protection Officer (DPO) has been appointed, as appointment is not mandatory under Article 37 GDPR given the scale and nature of processing. All privacy-related requests can be addressed to the controller at the addresses above.

This policy describes how personal data is processed when you visit thisedition.co (and any subdomain), contact the controller by phone, email or post, or otherwise interact with the controller in a professional capacity. The policy is issued under Articles 13 and 14 of the GDPR and Legislative Decree no. 196/2003 as amended by Legislative Decree no. 101/2018 (the Italian Data Protection Code, "Codice Privacy").

The site is offered as a business-to-business communication. The controller does not knowingly collect personal data from persons under 18 years of age.

The controller processes only the data strictly necessary for the purposes listed below. Each purpose corresponds to a specific legal basis under Article 6(1) GDPR.

a) Browsing data. When you visit the site, the hosting infrastructure automatically records technical data — IP address, browser type and version, operating system, referrer URL, requested pages, response times and error codes. This data is processed for the purpose of delivering the site, maintaining security, preventing abuse and producing aggregated, non-identifying technical statistics. Legal basis: legitimate interest in operating and securing the site (Art. 6(1)(f) GDPR). Retention: server access logs are retained for no more than 30 days, unless required for longer for the investigation of a security incident or to comply with a legal obligation.

b) Contact form and direct correspondence. When you submit the contact form, send an email, or call the numbers published on the site, the controller processes the data you provide (first name, last name, email address, service of interest, indicative budget, free-text message). The data is used only to respond to your enquiry and, where appropriate, to assess and pursue a possible professional engagement. Legal basis: performance of pre-contractual measures requested by you (Art. 6(1)(b) GDPR); where the message goes beyond a contractual context, your consent (Art. 6(1)(a) GDPR). Retention: enquiries are retained for up to 24 months from the last meaningful interaction, after which they are deleted unless they have become part of an active client relationship governed by a separate retention schedule. When you submit the contact form, your message is transmitted over TLS to the controller's Google Workspace mailbox via SMTP (smtp.gmail.com) and stored in that mailbox for the retention period stated above. An automated acknowledgement email is sent to the address you provided, for the sole purpose of confirming receipt of your enquiry; this acknowledgement is not a marketing communication and you will not be added to any mailing list.

c) Embedded video playback. Portfolio pages may embed video content served through Mux. When a video is loaded, the Mux player processes your IP address and limited playback telemetry (e.g. resolution, buffering events) for the purposes of streaming and quality measurement. Legal basis: legitimate interest in delivering video content (Art. 6(1)(f) GDPR). See the Cookie Policy for details.

d) Cookies and similar technologies. See the dedicated Cookie Policy, which forms an integral part of this notice and lists each cookie set on the site, its provider, purpose, type and retention period.

The controller does not process special categories of personal data (Art. 9 GDPR) and does not engage in automated decision-making or profiling that produces legal or similarly significant effects on you (Art. 22 GDPR).

Personal data is accessible only to the controller and to a limited number of external suppliers acting as data processors under Article 28 GDPR. Each processor has signed a data processing agreement with the controller and processes data only on documented instructions. The current list of processors is:

Vercel Inc. — site hosting, edge delivery and infrastructure logs. Headquartered in the United States; data may be processed on servers located inside and outside the European Economic Area. Transfers outside the EEA are governed by the European Commission's Standard Contractual Clauses incorporated by reference in Vercel's Data Processing Addendum.

Mux, Inc. — video encoding, streaming and player analytics for portfolio video content. Headquartered in the United States. Transfers outside the EEA are governed by the Standard Contractual Clauses incorporated in Mux's Data Processing Addendum.

Google Ireland Limited — provider of Google Workspace, used to host the controller's mailbox and to relay outgoing mail generated by the contact form. Personal data is processed within the European Economic Area. Any onward transfer to Google LLC in the United States is governed by the Standard Contractual Clauses incorporated in the Google Workspace Data Processing Amendment.

Personal data may additionally be disclosed to public authorities, professional advisors (such as accountants or legal counsel) or judicial bodies where disclosure is required by law or necessary to establish, exercise or defend a legal claim. The controller does not sell personal data to third parties and does not share it for third-party marketing purposes.

Where personal data is transferred outside the European Economic Area, the controller relies on the safeguards set out in Article 46 GDPR — in particular, the European Commission's Standard Contractual Clauses (Decision 2021/914), combined with appropriate supplementary technical and organisational measures where required by the destination country's legal regime. A copy of the safeguards in place for a given transfer can be requested from the controller using the contact details above.

Under Articles 15 to 22 GDPR you have the right, at any time and free of charge, to:

Requests can be sent to matt@thisedition.co or, for formal correspondence, to thisedition@pec.it. The controller will respond without undue delay and in any event within one month of receipt of the request, in accordance with Article 12(3) GDPR.

If you believe that the processing of your personal data infringes the GDPR or applicable Italian law, you have the right to lodge a complaint with the Italian Data Protection Authority:

Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma, Italy
Tel: +39 06 696771
Email: protocollo@gpdp.it
PEC: protocollo@pec.gpdp.it
Web: www.garanteprivacy.it

You also have the right to bring a judicial action before the competent ordinary court under Article 79 GDPR.

The controller has put in place technical and organisational measures appropriate to the risk of the processing, including encryption of data in transit (TLS), access controls on third-party services, principles of least privilege and minimisation of data collection. No method of transmission over the internet or method of electronic storage is, however, completely secure.

The provision of personal data through the contact form or direct correspondence is voluntary. However, refusal to provide essential data (such as a valid email address and a description of your enquiry) will make it impossible for the controller to reply to your request.

This policy may be updated to reflect changes in the way data is processed or in applicable law. The current version is always available at this URL with the date of last update shown at the top of the page. For material changes, a prominent notice will be displayed on the site for a reasonable period.