Privacy Policy

Last updated: June 2026

Note for the owner: sections highlighted in orange must be completed with the studio's real details before publishing this page.

1. Data Controller

The data controller is Main S.R.L., registered at [FULL ADDRESS], VAT No. [VAT NUMBER].

For any request regarding your personal data, contact us at: [PRIVACY CONTACT EMAIL]

2. Data collected and purposes

a) Booking form

When you submit a booking request we collect: full name, email address, phone number, service type, preferred date, and an optional message.

Purpose: managing photography/video service booking requests.
Legal basis: Art. 6(1)(b) GDPR — pre-contractual measures at the data subject's request.

b) Contact form

We collect: full name, email address, phone number (optional), subject, and message.

Purpose: responding to enquiries.
Legal basis: Art. 6(1)(f) GDPR — legitimate interest of the controller in handling received communications.

c) Admin area

Access to the restricted admin area requires email/password authentication. Session cookies are used solely for this purpose and do not affect public site visitors.

3. Cookies and similar technologies

This site does not use profiling cookies, analytics, or third-party tracking tools.

Only strictly necessary technical cookies are used — exclusively to maintain the admin authentication session. These cookies do not collect personal data from public visitors and do not require consent under the ePrivacy Directive.

4. Data processors

Data is processed by third-party providers bound by GDPR-compliant data processing agreements:

  • Supabase Inc. — database, authentication and file storage (EU servers available).
  • Vercel Inc. — site hosting (US; transfers covered by EU Standard Contractual Clauses).
  • Resend Inc. — booking notification emails (only if email service is active).

Data is never sold or shared with third parties for commercial or marketing purposes.

5. Retention

Booking and contact data is retained for as long as necessary to deliver the requested service and, afterwards, for the period required by Italian accounting and fiscal obligations ([e.g. 10 years]).

Data relating to enquiries that did not result in a booking is deleted within [e.g. 12 months] of receipt.

6. Your rights

Under the GDPR you have the right to:

  • Access your personal data;
  • Rectify inaccurate or incomplete data;
  • Erase your data (right to be forgotten), within the limits permitted by law;
  • Restrict processing in certain cases;
  • Receive your data in a portable format;
  • Object to processing based on legitimate interest.

To exercise any of these rights, write to: [PRIVACY CONTACT EMAIL]

You also have the right to lodge a complaint with the Italian supervisory authority: Garante per la protezione dei dati personali www.garanteprivacy.it

7. Changes to this policy

This policy may be updated periodically. The date at the top of the page reflects the last revision. We will post a notice on the site in case of material changes.