Privacy Policy

This Privacy Policy describes how AFFLU S.r.l. ("AFFLU", "we", "us", or "our") collects and processes personal data when you visit and interact with our website (afflu.eu) (the “Website”). This information is provided pursuant to Article 13 of Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") to ensure you understand our practices regarding your personal data and your rights under the law.

1. Data Controller
The Data Controller responsible for processing your personal data is AFFLU S.r.l., a company registered in Italy with registered office at Piazza Santiago del Cile, 8, 00197 Rome (RM), Italy (VAT No. 18294811007). You may contact the Data Controller by emailing privacy@afflu.eu.

2. Types of Personal Data Collected
When you browse the Website and use our contact services, we may collect the following categories of personal data:
(a) Data you provide voluntarily
If you fill out the contact form on the Website, you voluntarily provide personal data such as name and surname, email address, job title, and the content of your message. We may also process personal data if you contact AFFLU directly by email using the addresses published on the Website.
(b) Browsing data
Our IT systems and software procedures used to operate the Website may, during their normal operation, acquire certain data whose transmission is implicit in the use of Internet communication protocols. This category includes, for example, IP addresses, domain names of the devices used by users, time of request, and other parameters relating to the user’s operating system and IT environment. These data are used only to obtain anonymous statistical information on the use of the Website, to check its correct functioning, and/or for security purposes.
(c) Cookies and tracking technologies
The Website uses cookies and similar technologies, including third-party cookies, to collect information (e.g., preferences and interaction data). The use of such tools—especially for analytics and marketing purposes via Google Analytics cookies and Meta and TikTok pixels—is subject to the user’s consent. For more details on the cookies used by the Website and their specific purposes, please see our separate Cookie Policy.

Note: Providing data through the contact form is optional; however, failure to enter mandatory fields (such as name, surname, email address and message) will make it impossible to send the request or receive a response.

3. Purposes and Legal Bases for Processing
We process personal data for the following purposes and on the legal bases indicated:
(a) Handling requests for information or contact
Personal data provided by the user (via the contact form or email) are used to take charge of and respond to requests, and to provide the information or assistance requested.
Legal basis: performance of pre-contractual measures taken at the user’s request (Art. 6(1)(b) GDPR) and/or the Data Controller’s legitimate interest in managing communications with users (Art. 6(1)(f) GDPR).
(b) Marketing purposes (sending commercial communications)
With the user’s optional consent, AFFLU may use contact data (e.g., email address) to send newsletters, promotional communications, or updates about the Data Controller’s services and initiatives. The user may withdraw consent or object to further communications at any time.
Legal basis: consent (Art. 6(1)(a) GDPR).
(c) Traffic analysis and Website improvement
With the user’s consent through analytics cookies (where not anonymized), browsing data collected in aggregated form may be used for statistical analysis of Website usage, in order to improve content and services.
Legal basis: consent (Art. 6(1)(a) GDPR).
(d) Remarketing and targeted advertising
With the user’s specific consent through profiling/marketing cookies (e.g., Meta Pixel and TikTok Pixel), browsing data may be used to show personalized advertisements on social platforms and/or to measure the effectiveness of the Data Controller’s advertising campaigns.
Legal basis: consent (Art. 6(1)(a) GDPR).
(e) Legal obligations and protection of rights
Where necessary, data will be processed to comply with legal/regulatory obligations and/or to protect the Data Controller’s rights in judicial or out-of-court proceedings.
Legal basis: legal obligation (Art. 6(1)(c) GDPR) and/or the Data Controller’s legitimate interest in protecting its rights (Art. 6(1)(f) GDPR).

4. Processing Methods
Personal data are processed mainly using electronic and IT tools, adopting appropriate security measures to prevent unauthorized access, disclosure, alteration or loss of data. Data are processed only by personnel expressly authorized by AFFLU and/or by external service providers appointed as Data Processors.

5. Data Retention
Personal data will be retained for a limited period of time, depending on the purpose of processing. In particular:
• Contact form and email communications: retained for the time necessary to properly manage the user’s request and for a subsequent period of up to 24 months from the final response, unless further interaction occurs (e.g., a contractual relationship) justifying longer retention.
• Marketing data: retained until the user requests deletion or withdraws consent. In the absence of withdrawal, the Data Controller may periodically review (typically every 24 months) whether data subjects remain interested in receiving marketing communications.
• Browsing/analytics data collected via third-party cookies: retained for the periods indicated in the Cookie Policy (for example, Google Analytics cookies may persist for up to 26 months, subject to user settings and configurations).
• Data processed for legal obligations: retained for the time required by applicable laws (for example, 10 years for invoices and accounting records under Italian law).
After the applicable retention period, personal data will be deleted or irreversibly anonymized, unless they must be retained further due to orders from authorities or to protect the Data Controller’s rights.

6. Data Recipients and Disclosure
Personal data will not be disseminated (i.e., made publicly available). However, for the purposes described above, data may be disclosed to third parties providing services instrumental to the Website and the Data Controller’s activities, including:
• IT and telematic service providers (e.g., hosting providers, Website maintenance, and the platform provider used to build/manage the Website), generally acting as Data Processors under Art. 28 GDPR;
• Any CRM platforms or email marketing services used to manage contacts and communications (if implemented in the future), generally acting as Data Processors;
• Analytics and advertising service providers (such as Google for Analytics and Meta/TikTok for advertising pixels), which—depending on their purposes and configurations regarding data collected via cookies and similar technologies—may act as independent Data Controllers and/or Data Processors. Details on roles, purposes and consent management are provided in the Cookie Policy;
• External consultants/professionals (e.g., legal or accounting advisors) where disclosure is necessary for consultancy or legal obligations;
• Public authorities and entities, only in cases provided for by law.
All external parties processing data on behalf of the Data Controller (as Data Processors under Art. 28 GDPR) are contractually bound to comply with data protection laws and AFFLU’s instructions. In any case, data will be disclosed only as necessary and in line with the stated purposes.

7. Your Rights as a Data Subject
As a data subject, you may exercise at any time the rights under Articles 15–22 GDPR, including:
• the right of access;
• the right to rectification;
• the right to erasure (“right to be forgotten”);
• the right to restriction of processing;
• the right to data portability;
• the right to object (including to direct marketing);
• the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
You may exercise your rights free of charge by contacting the Data Controller at privacy@afflu.eu. The Data Controller will respond within the time limits provided by law (generally within 30 days).
If you believe that processing violates applicable law, you also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) or to seek judicial remedies pursuant to Articles 77 and 79 GDPR.

8. Transfers of Data Outside the EU/EEA
Personal data are mainly processed within the European Union. However, in connection with the use of third-party providers and services (e.g., hosting, analytics tools, advertising tools and/or other IT providers), data may be transferred to, or be accessible from, countries outside the European Economic Area (EEA).
In such cases, AFFLU ensures that transfers take place in compliance with the conditions set out in Chapter V GDPR, for example:
• transfers to countries covered by an adequacy decision of the European Commission; and/or
• implementation of Standard Contractual Clauses (SCCs) approved by the European Commission, possibly supplemented by additional measures where necessary.

9. Automated Decision-Making
We do not carry out automated decision-making processes that produce legal effects or similarly significant effects on users, pursuant to Art. 22 GDPR. In particular, data are not subject to automated profiling by AFFLU without human intervention.

10. Links to Third-Party Websites/Services
The Website may contain links to third-party websites, platforms, social pages, or services (for example, links to social profiles, embedded tools, or pages containing case studies with external references). By clicking such links, you may be redirected to websites or services managed by third parties acting as independent data controllers. AFFLU is not responsible for the privacy practices of such third parties; users are invited to review their respective privacy notices.

11. Changes to this Privacy Policy
AFFLU may update this Privacy Policy over time, including to reflect legal changes or changes in processing activities carried out through the Website. The updated version will be published on this page and will indicate the date of the latest update.
Except where required by law, AFFLU will not provide individual notices to users in the event of updates.

Last updated: January 2026