SCROLL
IT / EN Let's talk about your project
Web DevelopmentBusiness WebsitesE-CommerceLanding PagesWebsite Redesign
Software & AppsCustom Web AppsERP & Management SystemsCustom CRMOdoo System Integration
Infrastructure & CloudManaged VPS ServerManaged HostingServer Configuration
MarketingSEO & PositioningGoogle & Social Ad CampaignsSocial Media ManagementEmail Marketing
Brand IdentityLogo DesignCorporate IdentityNaming & Brand Strategy
IT SupportHelpdesk & SupportSystems Maintenance
AI AgentsChatbots & Virtual AssistantsBusiness Process AutomationCustom AI Agents
Not sure where to start?

Tell us about your project and we'll guide you.

Book a free call
Solutions for Startups & New BusinessesSolutions for Growing SMEsEnterprise SolutionsE-Commerce Solutions
Contattaci
HomeServices Solutions About UsBlogContact
IT / EN
Let's talk about your project
Services
WEB DEVELOPMENTBusiness WebsitesE-CommerceLanding PagesWebsite Redesign
SOFTWARE & APPSCustom Web AppsERP & Management SystemsCustom CRMOdoo System Integration
INFRASTRUCTURE & CLOUDManaged VPS ServerManaged HostingServer Configuration
MARKETINGSEO & PositioningGoogle & Social Ad CampaignsSocial Media ManagementEmail Marketing
BRAND IDENTITYLogo DesignCorporate IdentityNaming & Brand Strategy
IT SUPPORTHelpdesk & SupportSystems Maintenance
AI AGENTSChatbots & Virtual AssistantsBusiness Process AutomationCustom AI Agents
Solutions
Solutions for Startups & New Businesses
Solutions for Growing SMEs
Enterprise Solutions
E-Commerce Solutions

Home / Privacy Policy

Privacy Policy

Last updated: 27 February 2026

Note: This is an English-language adaptation of the original Italian privacy notice, prepared for international visitors. It is not a legally certified translation. For the official version, please refer to the Italian original. This document does not constitute legal advice.

This privacy notice describes how personal data of users visiting the website uretech.it is collected, used and protected, in accordance with EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018.

1. Data Controller

URETECH di Fontanella Federico (sole trader)
VAT No.: IT 04134771205
Via Antonio Zucchi, 42/A — 40068 San Lazzaro di Savena (BO), Italy
Email: [email protected]

The Data Controller is responsible for the protection of personal data collected through the site and ensures that processing is carried out in compliance with applicable law.

2. Data Collected and Purposes of Processing

The following describes the categories of personal data collected, the purposes of processing, the legal basis and retention periods for each processing activity.

a) Contact Form (AI Chatbot)

  • Data collected: name, email address, company, phone number, message, services requested, indicative budget, project timeline, notes generated by artificial intelligence.
  • Purpose: to respond to the user's commercial enquiries and provide personalised quotes based on information provided during the conversation.
  • Legal basis: legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) in responding to enquiries from prospective clients, and pre-contractual measures at the data subject's request (Art. 6(1)(b) GDPR).
  • Retention: data is retained for a maximum period of 24 months from the date of the request, after which it is deleted or anonymised.
  • Note: conversations via the chatbot are analysed by third-party AI services (OpenAI, Anthropic) to generate project summaries and assist in preparing quotes. Data transmitted to AI providers is limited to the conversation content and does not include direct contact details (email, phone).

b) Newsletter

  • Data collected: email address.
  • Purpose: sending commercial communications, service updates, technology news and editorial content.
  • Legal basis: explicit consent of the data subject (Art. 6(1)(a) GDPR), given at the time of subscription.
  • Retention: data is retained until the data subject withdraws consent.
  • Right to withdraw: the user may withdraw consent and unsubscribe from the newsletter at any time via the unsubscribe link included in every email, or by contacting the Data Controller at [email protected].

c) Careers (Job Applications)

  • Data collected: first name, surname, email address, mobile number, preferred work location, curriculum vitae (PDF format).
  • Purpose: assessment of applications received for open or future positions.
  • Legal basis: consent of the data subject (Art. 6(1)(a) GDPR) and pre-contractual measures at the data subject's request (Art. 6(1)(b) GDPR).
  • Retention: data is retained for a maximum period of 24 months from the date the application is received, unless the candidate requests otherwise. After this period, data is securely deleted.
  • Security: CVs are stored in encrypted form on secure servers, with access restricted exclusively to authorised personnel involved in the recruitment process.

d) Browsing Data

  • Data collected: IP address, browser user agent, date and time of access.
  • Purpose: to ensure the correct technical operation of the website, infrastructure security and the application of rate-limiting mechanisms to protect against abuse.
  • Legal basis: legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) in ensuring site security and operability.
  • Retention: browsing data is not persistently stored in identifiable form, except where the user submits a form (in which case it is associated with the request for the applicable retention period).

3. Third-Party Services

The website uses third-party services for its operation. The following lists these services and their privacy implications for the user:

  • Google Fonts (Google LLC, USA): the site loads typefaces from Google's servers. During loading, the user's IP address is transmitted to Google's servers. More information: Google Privacy Policy.
  • CDN — Cloudflare and unpkg.com: the site uses content delivery networks (CDNs) to load JavaScript libraries (including Three.js, React, Lenis). The user's IP address is transmitted to these services during resource loading.
  • AI Providers — OpenAI (USA) and Anthropic (USA): the contents of chatbot conversations may be transmitted to these providers for analysis and generation of project summaries. Data transmitted is limited to the conversation content.
  • Webhook (if configured): data submitted via forms may be sent to external services via webhooks for business automation purposes (e.g., CRM, lead management, internal notifications).

4. International Data Transfers

Some of the third-party services listed above are based in the United States of America. Personal data may therefore be transferred outside the European Union, in particular to the USA, via the following services:

  • Google Fonts (Google LLC)
  • OpenAI
  • Anthropic

Such transfers take place with adequate safeguards under the GDPR, in particular through:

  • The EU-US Data Privacy Framework, for providers that have obtained certification;
  • Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.

The user may request further information on the safeguards adopted by contacting the Data Controller at [email protected].

5. Cookies

For detailed information on cookies used by the site, how they are managed and how to disable them, please refer to the Cookie Policy, accessible from the cookie banner displayed on first visit to the site or from the dedicated page.

6. Security Measures

The Data Controller adopts appropriate technical and organisational measures to ensure the security of personal data processed, including:

  • Rate limiting on all API endpoints to prevent abuse and automated attacks.
  • Validation and sanitisation of all inputs received via site forms.
  • Parameterised queries for protection against SQL injection attacks.
  • CSRF tokens (WordPress Nonce) for protection against Cross-Site Request Forgery attacks.
  • Protected CV storage in directories with restricted access and restrictive permissions.
  • HTTPS connection with SSL/TLS certificate for encryption of all data in transit.

7. Data Subject Rights

Under Articles 15–22 of the GDPR, the data subject has the right to:

  • Access (Art. 15): obtain confirmation of whether processing is taking place and access their personal data.
  • Rectification (Art. 16): obtain correction of inaccurate personal data or completion of incomplete data.
  • Erasure (Art. 17): obtain deletion of personal data in the cases provided for by law.
  • Restriction of processing (Art. 18): obtain restriction of processing in the cases provided for by law.
  • Data portability (Art. 20): receive personal data in a structured, commonly used and machine-readable format.
  • Object (Art. 21): object to the processing of personal data based on the Data Controller’s legitimate interest.
  • Withdraw consent: withdraw consent given at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

How to exercise your rights

The data subject may exercise their rights by sending a written communication to the Data Controller at: [email protected]

The Data Controller undertakes to respond to the request within 30 days of receipt.

The data subject also has the right to lodge a complaint with the competent supervisory authority:

Garante per la Protezione dei Dati Personali (Italian Data Protection Authority)
Website: www.garanteprivacy.it
Email: [email protected]
PEC: [email protected]

8. Changes to This Privacy Notice

The Data Controller reserves the right to make changes to this privacy notice at any time, by publishing the updated version on the website. Users are therefore invited to periodically consult this page to check for any updates.

Changes to this notice will take effect from the date of publication on the website.

Notice prepared in accordance with EU Regulation 2016/679 (GDPR) — Articles 13 and 14.
Last revised: 27 February 2026.