Privacy

How we handle your data

A plain-language explanation of what data we collect, why, how long we keep it and your rights. Compliant with EU Regulation 2016/679 (GDPR).

Last updated

7 June 2026

Pursuant to Articles 13 and 14 of EU Regulation 2016/679 (GDPR), EraOne Solutions informs users about the processing of personal data collected through the website eraone.it and related services.

1. Data controller

The data controller is Gianmarco Pacetti — Italian self-employed IT consultant trading as EraOne Solutions, with registered office at Via Acqua del Lauro, 5 · Palinuro (SA).

Italian VAT 06329840653
Italian fiscal code PCTGMR07B01L628L
Email: info@eraone.it
Certified email (PEC): gianmarco.pacetti@pec.it
Phone: +39 327 169 2122

No Data Protection Officer (DPO) has been appointed since the conditions of Art. 37 GDPR are not met. The controller handles all data subject requests directly.

2. Categories of data collected

Browsing data: IP address, user agent, pages visited, request date and time, browser, device.
Data voluntarily provided via the contact form: name, email, optional phone, company, sector, budget, urgency, message.
Customer portal account data: name, email, encrypted password, access and activity data.
Cookies: see the Cookie Policy for the full list.

3. Purposes and legal basis

Reply to requests received via form/email — basis: pre-contractual measures at your request (Art. 6.1.b GDPR).
Service delivery and management of contractual relationships including the customer portal — basis: contract performance (Art. 6.1.b GDPR).
Legal obligations (tax, accounting, anti-money laundering) — basis: legal obligation (Art. 6.1.c GDPR).
IT security and fraud prevention — basis: legitimate interest of the controller (Art. 6.1.f GDPR).
Aggregate traffic analytics — basis: consent (Art. 6.1.a GDPR), via optional analytical cookies.

4. Processing methods

Data is processed with IT and electronic tools, with technical and organisational measures appropriate to ensure security, integrity and confidentiality (Art. 32 GDPR): in-transit encryption (HTTPS/TLS), password hashing (bcrypt), role-based access control, encrypted backups, access monitoring.

5. Retention period

Form contact data: 24 months from the last interaction, unless a contractual relationship is established.
Contractual and tax data: 10 years from the end of the relationship (Art. 2220 Italian Civil Code).
Customer portal accounts: for the duration of the relationship and until a deletion request is received.
Access logs: 12 months.
Analytical cookies: see the Cookie Policy for durations.

6. Recipients (external processors)

Data may be communicated to the following providers acting as processors under Art. 28 GDPR:

Vercel Inc. (USA) — site hosting and CDN. Extra-EU transfer covered by Standard Contractual Clauses.
Neon Inc. (USA, EU region) — managed PostgreSQL database. Data hosted on EU instances.
Resend Inc. (USA) — transactional email delivery. Extra-EU transfer covered by SCC.
OpenAI Ireland Ltd. (EU) — AI assistant features (only when enabled by admin). Requests are not used for training.
Google Ireland Ltd. (EU) — Google Analytics (only with prior consent), Google Fonts loaded locally.

7. Extra-EU transfer

Some providers (Vercel, Resend) are based in the United States. Transfer is carried out on the basis of Standard Contractual Clausesapproved by the European Commission (Decision EU 2021/914) and additional contractual safeguards, in accordance with the Schrems II judgment (CJEU C-311/18).

8. Data subject rights

You can exercise the rights provided by Arts. 15–22 GDPR at any time:

right of access (Art. 15)
rectification of inaccurate data (Art. 16)
erasure ("right to be forgotten", Art. 17)
restriction of processing (Art. 18)
data portability (Art. 20)
objection to processing (Art. 21)
withdrawal of consent at any time

To exercise your rights write to info@eraone.it. We will reply within 30 days of receipt.

9. Right to lodge a complaint

You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) if you believe that the processing infringes GDPR (Art. 77).

10. Automated decision-making

We do not use automated decision-making or significant profiling under Art. 22 GDPR.

11. Changes to this policy

This Privacy Policy may be updated. The date of the last update is shown at the top. Changes will be posted on the site and — if substantial — communicated directly to registered users.

1. Data controller

The data controller is Gianmarco Pacetti — Italian self-employed IT consultant trading as EraOne Solutions, with registered office at Via Acqua del Lauro, 5 · Palinuro (SA).

Italian VAT 06329840653

Italian fiscal code PCTGMR07B01L628L

Email: info@eraone.it

Certified email (PEC): gianmarco.pacetti@pec.it

Phone: +39 327 169 2122

No Data Protection Officer (DPO) has been appointed since the conditions of Art. 37 GDPR are not met. The controller handles all data subject requests directly.

2. Categories of data collected

Browsing data: IP address, user agent, pages visited, request date and time, browser, device.

Data voluntarily provided via the contact form: name, email, optional phone, company, sector, budget, urgency, message.

Customer portal account data: name, email, encrypted password, access and activity data.

Cookies: see the Cookie Policy for the full list.

3. Purposes and legal basis

Reply to requests received via form/email — basis: pre-contractual measures at your request (Art. 6.1.b GDPR).

Service delivery and management of contractual relationships including the customer portal — basis: contract performance (Art. 6.1.b GDPR).

Legal obligations (tax, accounting, anti-money laundering) — basis: legal obligation (Art. 6.1.c GDPR).

IT security and fraud prevention — basis: legitimate interest of the controller (Art. 6.1.f GDPR).

Aggregate traffic analytics — basis: consent (Art. 6.1.a GDPR), via optional analytical cookies.

5. Retention period

Form contact data: 24 months from the last interaction, unless a contractual relationship is established.

Contractual and tax data: 10 years from the end of the relationship (Art. 2220 Italian Civil Code).

Customer portal accounts: for the duration of the relationship and until a deletion request is received.

Access logs: 12 months.

Analytical cookies: see the Cookie Policy for durations.

6. Recipients (external processors)

Data may be communicated to the following providers acting as processors under Art. 28 GDPR:

Vercel Inc. (USA) — site hosting and CDN. Extra-EU transfer covered by Standard Contractual Clauses.

Neon Inc. (USA, EU region) — managed PostgreSQL database. Data hosted on EU instances.

Resend Inc. (USA) — transactional email delivery. Extra-EU transfer covered by SCC.

OpenAI Ireland Ltd. (EU) — AI assistant features (only when enabled by admin). Requests are not used for training.

Google Ireland Ltd. (EU) — Google Analytics (only with prior consent), Google Fonts loaded locally.

8. Data subject rights

You can exercise the rights provided by Arts. 15–22 GDPR at any time:

right of access (Art. 15)

rectification of inaccurate data (Art. 16)

erasure ("right to be forgotten", Art. 17)

restriction of processing (Art. 18)

data portability (Art. 20)

objection to processing (Art. 21)

withdrawal of consent at any time

To exercise your rights write to info@eraone.it. We will reply within 30 days of receipt.