Facebook Pinterest Instagram Tiktok Linkedin

Privacy policy

Privacy Policy

Effective date: November 13, 2023
Last updated: July 26, 2025

 
1. Data controller

The Data Controller for personal data collected through the website www.siasstudio.com is:

  • Data Controller: Sias Studio di Sias Marisa
  • Registered office: Androna Campo Marzio, 2 – 34123 Trieste (TS) – Italy
  • Other operational units:
    • Via Nazionale, 43/10 – 33010 Tavagnacco (UD) – Italy
    • Via Villa, 11/1 – 33076 Pravisdomini (PN) – Italy
  • VAT number: 01799600935
  • Tax code: SSIMRS80B54I904C
  • Trieste companies register registration: no. 137930
  • Email: info@siasstudio.com
  • PEC (certified email): marisasias@pec.marisasias.com
  • Phone: +39 346 5204060
 
2. Types of Personal Data Collected

This section describes which personal data is collected through the website.

  • Data provided directly by the user:
    • Via the ‘Contact me‘ form: first name and last name, email address, subject of the message (optional), and message content.
    • Via the ‘Get a quote‘ form: first name and last name, email address, phone number (optional), company name (optional), the type of service requested (e.g., logo design, packaging design, web design, etc.), a brief description of the idea/request, file upload (optional, max 1 file – 14MB), estimated budget, and how the user found the service.
    • Newsletter subscription: email address. Subscription can occur via the dedicated subscription form, which requires double opt-in, or by checking the relevant option on contact and quote request forms, in this case without double opt-in. Mailchimp is used for newsletter management.
    • User account registration and service purchase (via checkout page):
      • Billing details: customer type (private or company), a checkbox if an electronic invoice is required (optional), if required, national ID / tax ID (for private individuals) – company tax ID / VAT number (for companies) must be entered, first name, last name, company name (optional), country/region, address (street and house number, apartment/staircase), postcode/ZIP, town/city, province, phone, email address. This data is necessary for account management and order fulfillment and for issuing any requested invoice.
    • Data for project/service customization: specific information provided by the client after purchasing the service, via order notes or email with reference to the order number (e.g., business name, tagline, texts, specific images, design instructions, website content, etc.).
    • Blog comments: comment content, name, email address (will not be published), and optional website address.
    • Direct website reviews/testimonials: star rating, textual review content, name/nickname, email, review date.
  • Automatically collected data (navigation/usage data):
    • IP address, browser type, operating system, pages visited on the site, access times, time spent on certain pages, and other statistics related to site interaction. This data can also be collected through the integration of third-party content (e.g., Instagram feed, Google Maps) and social sharing buttons.
    • For a more detailed treatment of how cookies and other tracking technologies collect this data, please refer to my Cookie Policy.
  • Payment Data:
    • Information related to payment (e.g., credit card details) is not directly collected or stored by siasstudio.com. It is handled exclusively by external and secure payment service providers (PayPal, Credit/Debit Cards (VISA, Mastercard, Amex), Bank Transfer, Apple Pay, Google Pay), who act as independent Data Controllers or Processors according to their specific privacy policies.
  • Reviews/testimonials from external platforms: review/testimonial content, reviewer’s name or nickname, date, platform of origin (Google, Facebook, Etsy).
 
3. Purposes and Legal Bases for Processing

This section explains the reasons why data is collected and the legal bases that legitimize such processing, in accordance with the General Data Protection Regulation (GDPR) and other applicable global regulations.

  • Purpose: provision of requested services (graphic design, web design, printing) and management of orders/quotes.
    • Legal bases: processing is necessary for the performance of a contract to which the Data Subject is party or for the performance of pre-contractual measures taken at the Data Subject’s request.
    • Data involved: contact data, project-related data (including customization data), billing details.
  • Purpose: responding to requests and communications sent via contact forms, quote requests, or other channels.
    • Legal bases: performance of pre-contractual measures (if the request precedes the establishment of a contract) or Legitimate Interest of the Data Controller (to respond to general inquiries and provide support).
    • Data involved: contact data, message content.
  • Purpose: user account management (if the user creates an account on the site).
    • Legal bases: performance of a contract (when the user registers for an account).
    • Data involved: account identification and access data.
  • Purpose: sending newsletters and direct marketing communications related to siasstudio.com products, services, or promotions.
    • Legal bases: consent of the Data Subject (obtained through voluntary newsletter subscription). The user has the right to withdraw consent at any time.
    • Data involved: email address. Mailchimp is used for newsletter management.
  • Purpose: publishing and moderating blog comments.
    • Legal bases: consent of the Data Subject (when the user decides to leave a comment). Legitimate Interest of the Data Controller (to moderate content, prevent spam, and ensure a safe and respectful environment).
    • Data involved: name, email, comment content, IP address.
  • Purpose: collection and publication of direct website reviews/testimonials.
    • Legal bases: consent of the Data Subject (when the user decides to leave a review, accepting the publication terms).
    • Data involved: star rating, review content, name/nickname, email, date.
  • Purpose: collection and publication of reviews/testimonials from external platforms on a dedicated section of the site.
    • Legal bases: consent of the Data Subject (when the review contains identifiable personal data and has not been previously published anonymously), or Legitimate Interest of the Data Controller to showcase public feedback on the services offered (if the data is already publicly available and the processing is in line with the Data Subject’s expectations).
    • Data involved: review/testimonial content, reviewer’s name or nickname, date, platform of origin.
  • Purpose: use of completed projects for the Data Controller’s portfolio.
    • Legal bases: consent of the Data Subject (specific to the publication of the project in the portfolio, to be acquired separately at the time of the project agreement).
    • Data involved: project details, images/graphics, client name (if included in the consent for publication).
  • Purpose: statistical analysis of site usage, improvement of user experience, optimization of offered services, and technical site management.
    • Legal bases: legitimate Interest of the Data Controller (to understand how the site is used and make improvements based on aggregated and, where possible, anonymized data).
    • Data involved: navigation data (often aggregated/anonymized, collected via services like Google Analytics).
  • Purpose: fulfillment of legal, accounting, and tax obligations; fraud prevention and protection of the Data Controller’s rights in court.
    • Legal bases: legal obligation (e.g., keeping accounting records, invoicing) and Legitimate Interest of the Data Controller (for site security, protection against illicit activities, and defense in legal proceedings).
    • Data involved: all data necessary to fulfill such obligations.
 
4. Processing methods

Personal data is processed using IT and telecommunication tools, and, where necessary, manual methods (e.g., paper archives). siasstudio.com adopts adequate technical and organizational security measures to prevent data loss, illicit or incorrect use, and unauthorized access, ensuring a level of security commensurate with the risks.

 
5. Recipients of Personal Data (Sharing)

Collected personal data may be shared, where strictly necessary for the indicated purposes, with the following categories of subjects:

  • Marisa Sias: as the Data Controller, she has direct access to all client data.
  • Accountant: data is shared with Marisa Sias’s accountant exclusively for administrative purposes and tax and accounting compliance.
  • Technical and hosting service providers: for the operation and maintenance of the website.
  • Payment service providers: PayPal, Credit/Debit Cards (VISA, Mastercard, Amex), Bank Transfer, Apple Pay, Google Pay for secure financial transaction management.
  • Analytics service providers: [e.g., Google Analytics] for traffic and site interaction analysis.
  • Marketing and advertising service providers: [e.g., Facebook] for managing advertising campaigns and measuring their effectiveness.
  • Email marketing service providers: for sending newsletters and other communications (specifically Mailchimp for the newsletter).
  • Third-party integration service providers: include services for embedding content (e.g., Instagram feed, Google Maps) and for social media sharing functionality (e.g., sharing buttons for Facebook, Pinterest, X, LinkedIn, WhatsApp, Email, etc.). These entities may collect data directly from users’ browsers when content is loaded or buttons are interacted with.
  • Consultants and professionals: legal consultants, auditors, for tax, legal, and accounting compliance (in addition to the accountant).
  • Judicial or Administrative Authorities: in case of legal obligation or to protect the Data Controller’s rights.

These subjects, depending on their role, will act as data processors (if they process data on behalf of the Controller) or as independent controllers, always in accordance with applicable law.

 
6. Transfers of Data Outside the EU

www.siasstudio.com is an ecommerce operating globally, therefore the processing of data and the use of certain third-party services (e.g., cloud service providers, international analytics or marketing platforms, including social media and integration service providers) may involve the transfer of personal data outside the European Union (EU) or the European Economic Area (EEA), to countries that may not offer the same level of data protection.

Such transfers will always take place in accordance with the provisions of the GDPR and other applicable regulations, for example on the basis of Standard Contractual Clauses approved by the European Commission, the provider’s participation in recognized guarantee mechanisms (e.g., the Data Privacy Framework for transfers to the USA, if applicable), or other suitable legal bases provided by the Regulation.

 
7. Data Retention Period

Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected, or for the period required by specific regulations.

  • Data for order/contract fulfillment: for the duration of the contract and subsequently for the period required by tax and civil laws (e.g., 10 years from the cessation of the service) for legal and accounting compliance purposes.
  • Data for newsletter: until the user withdraws their consent to subscribe.
  • Data for comments: until the user requests removal, or until the Data Controller decides to remove them for moderation reasons.
  • Data related to direct reviews/testimonials: for as long as the review is published on the site, or until a specific removal request by the Data Subject.
  • Data related to reviews/testimonials from external platforms: for as long as the review is published on the site, or until a specific removal request by the Data Subject.
  • Data related to client projects: for the time necessary for the Data Controller to manage the portfolio (if consented by the client), for legal and tax purposes, or until a specific deletion request by the client. The specific duration will be determined by the nature of the project and applicable legal obligations.
  • Navigation data (analytics): for periods defined by the analytics service settings (e.g., Google Analytics, typically 14 or 26 months for user and event data).
  • Data for legal or defense purposes: for the time necessary to comply with legal obligations or to protect the Data Controller’s rights in court.
 
8. Data Subject Rights

In accordance with the GDPR and applicable regulations, users may exercise, at any time, the following rights by sending a clear and specific request to the email address info@siasstudio.com or marisasias@pec.marisasias.com:

  • Right of access: obtain confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, access to the data and information regarding the processing.
  • Right to rectification: obtain the rectification of inaccurate personal data concerning them and the completion of incomplete data.
  • Right to erasure (“right to be forgotten”): obtain the erasure of personal data concerning them, under certain conditions.
  • Right to restriction of processing: obtain the restriction of processing of personal data.
  • Right to object to processing: object to the processing of personal data based on legitimate interest or for direct marketing purposes.
  • Right to data portability: receive the personal data provided, in a structured, commonly used and machine-readable format, and transmit those data to another controller without hindrance.
  • Right to withdraw consent: withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint: lodge a complaint with a supervisory authority (in Italy, the Garante per la protezione dei dati personali, or the competent authority in their country of residence).
 
9. Changes to the Privacy Policy

This Privacy Policy may be subject to changes and updates to reflect any changes in regulations or data processing practices. Users are therefore invited to consult it regularly. Any significant changes will be communicated appropriately.

 
10. Contacts

For any questions or requests regarding this Privacy Policy or the processing of personal data, you can contact the Data Controller:

Subscribe to my newsletter to receive updates on new blog posts, exclusive resources and special offers.

You're almost there!

Just one more click

Check your inbox and confirm your subscription.

Close