Privacy
Policy
Last updated: 6 June 2026
This notice describes how madnetai.it processes the personal data of users who visit the site or contact us by email. It is drawn up pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 ("GDPR") and Legislative Decree 196/2003 (Italian Data Protection Code) as amended.
Data
Controller
The Data Controller is:
- MadTools S.r.l.
- Registered office: Via Cesare Battisti, 1 — 24036 Ponte San Pietro (BG), Italy
- Operational office: Via Martiri della Libertà, 8 — 24040 Bonate Sotto (BG), Italy
- VAT / Tax Code: 04355620164
- REA No.: BG-456427
- Share capital: € 340,000.00 fully paid-up
- Legal representative: Daniele Marchetti
- Email: [email protected]
For any request relating to the processing of your data, please write to [email protected] with the subject line "Privacy — [type of request]".
What data
we collect
2.1 Browsing data (web server logs)
When you visit madnetai.it, our web server automatically records in its logs certain technical information necessary for the site to function:
- the IP address of the device from which you connect;
- browser type and operating system (user-agent);
- URLs requested, with date and time of access;
- the technical outcome of the request (HTTP response code).
These data are collected for the purposes of cyber security, abuse prevention, and technical diagnostics. They are not cross-referenced with other sources to build individual profiles and are not used for commercial or marketing purposes.
2.2 Data communicated voluntarily by email
If you write to us at [email protected], we collect and store:
- your email address;
- the content of the message and any attachments;
- any other personal data you choose to include in the communication.
The site does not contain contact forms: the only channel for writing to us is a mailto: link that opens your email client directly. Data reaches us only if you send it.
2.3 Data collected by third-party services
For the display of typographic characters, the site's pages load fonts from the Google Fonts service (domains fonts.googleapis.com and fonts.gstatic.com), managed by Google Ireland Limited for EEA users and by Google LLC for processing that may take place in the United States.
Loading the fonts means that the browser communicates your IP address, the Referer header, and the user-agent to Google. No cookies are set for profiling purposes, nor are persistent identifiers exchanged.
For more information on processing carried out by Google, please consult: policies.google.com/privacy.
Purposes
and legal bases
| Processing | Purpose | Legal basis |
|---|---|---|
| Web server logs | Security, abuse prevention, technical diagnostics | Legitimate interest of the Controller in keeping the site operational and secure — Art. 6(1)(f) GDPR |
| Emails received | Responding to enquiries, managing commercial correspondence, taking pre-contractual measures | Performance of pre-contractual measures at the request of the data subject — Art. 6(1)(b) GDPR; subsidiarily, legitimate interest in managing communications — Art. 6(1)(f) |
| Loading of Google Fonts | Graphical rendering of pages | Legitimate interest in the correct display of the site — Art. 6(1)(f) GDPR |
| Retention of communications for tax and accounting obligations | Compliance with legal obligations | Legal obligation — Art. 6(1)(c) GDPR (Presidential Decree 633/1972, Italian Civil Code Arts. 2214 et seq.) |
The provision of browsing data is a technically unavoidable consequence of using the web. The provision of an email address to contact us is voluntary but necessary in order to receive a reply.
How long
we retain data
- Web server logs: a maximum of 30 days, unless a longer retention period is required for investigations into security incidents or requests by authorities.
- Emails received at [email protected]: retained in the destination Gmail inbox for a maximum period of 24 months from the date of receipt, unless legal obligations or contractual requirements necessitate longer retention (generally 10 years for accounting records pursuant to Art. 2220 of the Italian Civil Code, 5 years for general commercial purposes). After that period, emails are archived offline or deleted.
- Google Fonts: processing by Google is governed by Google's privacy policy; loading is "transient" — request data are processed at the time of the visit.
To whom we disclose
data
Your data may be processed, as Data Processors pursuant to Art. 28 GDPR or as independent Controllers, by the following parties:
- Register.it S.p.A. (Bergamo, Italy): registrar of the domain name
madnetai.it. It processes data relating to domain registration (the Controller's registrant, administrative, and technical contacts) and has no access to visitors' browsing data. - Cloudflare, Inc. (San Francisco, California, United States): provides the Controller with authoritative DNS, reverse-proxy services via Cloudflare Tunnel — through which all inbound web traffic to the site passes — and the Cloudflare Email Routing service, which receives incoming correspondence addressed to
[email protected], applies DKIM signing, and forwards it to the destination inbox. In these capacities, Cloudflare may become aware of visitors' IP addresses, user-agents, and requested URLs, and may process metadata and email content for the time strictly necessary for routing. - Google LLC (Mountain View, California, United States): provides the Gmail service used as the final destination inbox for emails forwarded by Cloudflare Email Routing, where messages sent to
[email protected]are received, read, and stored. - Google Ireland Limited and Google LLC: for the provision of the Google Fonts service.
- Professional advisers (accountant, labour consultant, legal counsel) and public authorities, where required by law.
The site is hosted on the Controller's own internal server infrastructure: web server logs are stored on systems under the direct control of the Controller and accessible exclusively to authorised personnel.
Data are not disclosed to any other parties, nor made publicly available.
Transfer of data
outside the EU
Some third-party services used by the Controller involve the transfer of personal data to the United States of America. In particular:
- Cloudflare, Inc. — acting as operator of the authoritative DNS, Cloudflare Tunnel reverse proxy, and Email Routing service — processes visitors' browsing data and metadata of incoming emails to
[email protected]; - Google LLC — acting as provider of the Gmail service used as the final destination inbox — receives and stores the content of correspondence forwarded by Cloudflare Email Routing;
- Google LLC — via the loading of Google Fonts by the user's browser — receives IP address,
Refererheader, and user-agent.
These transfers are based on the following legal grounds:
- the EU-US adequacy decision of 10 July 2023 (Implementing Decision (EU) 2023/1795 — "EU-US Data Privacy Framework"), by virtue of which Cloudflare, Inc. and Google LLC are certified as compliant recipients on the list of organisations adhering to the DPF;
- subsidiarily and additionally, the standard contractual clauses approved by the European Commission (Implementing Decision (EU) 2021/914).
The server infrastructure hosting the site is internal to the Controller and located in Italy, exposed to the public exclusively through the Cloudflare Tunnel reverse proxy; web server logs are stored on the Controller's systems and are not transferred outside the EU.
The list of DPF-certified organisations is available at dataprivacyframework.gov.
Your
rights
At any time you may exercise the rights provided for under Articles 15 to 22 of the GDPR:
- access to personal data concerning you (Art. 15);
- rectification of inaccurate data (Art. 16);
- erasure ("right to be forgotten", Art. 17);
- restriction of processing (Art. 18);
- portability of data you have provided, in a structured, machine-readable format (Art. 20);
- objection to processing based on legitimate interest (Art. 21);
- withdrawal of consent at any time, where processing is based on consent, without prejudice to the lawfulness of processing carried out prior to withdrawal (Art. 7).
To exercise these rights, write to [email protected] stating your request in the subject line (e.g. "Data access", "Erasure"). We will respond within 30 days of receipt of the request, extendable by a further two months in the cases provided for under Art. 12(3) GDPR.
Complaint to the
Garante
If you believe that the processing of your data infringes the GDPR, you may lodge a complaint with the Italian supervisory authority:
- Italian Data Protection Authority (Garante per la protezione dei dati personali)
- Piazza Venezia, 11 — 00187 Rome
- Tel: (+39) 06.69677.1 — Fax: (+39) 06.69677.3785
- Email: [email protected] — PEC: [email protected]
- Web: garanteprivacy.it
Alternatively, you may contact the supervisory authority of the Member State in which you habitually reside.
Security
The site is hosted on the Controller's own internal server infrastructure, located in Italy. We apply appropriate technical and organisational measures to protect data from unauthorised access, loss, destruction, or alteration:
- TLS encryption (HTTPS) for all communications in transit;
- server access controls, restricted to authorised personnel;
- regular security updates to the operating system and software components;
- physical protection of hardware at the Controller's premises;
- periodic backups of relevant data.
Changes
This notice may be updated to reflect technical, organisational, or regulatory changes. The version in force is always the one published on this page, with the date of the last update shown at the top.
This document has been drawn up in accordance with Regulation (EU) 2016/679 (GDPR), Legislative Decree 196/2003 (Italian Data Protection Code), and applicable Italian legislation, updated as of 6 June 2026.