Privacy Policy

LAST UPDATED: APRIL 2026

Sections

  1. 1. Data Controller
  2. 2. Data we collect
  3. 3. Purposes of processing
  4. 4. Legal basis
  5. 5. Data sharing
  6. 6. International transfers
  7. 7. Retention
  8. 8. Your rights
  9. 9. Security
  10. 10. Website tracking
  11. 11. Changes to this policy
  12. 12. Contact

1. Data Controller

Emme Works S.r.l. is the Data Controller for personal data collected through this website and during client engagements.

Emme Works S.r.l.
[Registered address to be provided]
[VAT / Company register]
Email: [email protected]

2. Data we collect

We collect personal data when you:

  • Submit a contact form, request a portfolio, or book a call through the website
  • Exchange emails with our team
  • Sign a proposal or engage us as a client
  • Visit our website (technical and usage data, covered in the Cookies Policy)

The categories of data we may collect include: name, email address, company name, job role, phone number (if provided), project details, correspondence, invoicing details, and technical data such as IP address, browser type, and pages visited.

3. Purposes of processing

We process personal data to:

  • Respond to inquiries and provide requested information
  • Deliver services agreed under a Proposal or contract
  • Issue invoices and manage accounting obligations
  • Comply with legal obligations (tax, anti-money-laundering, record-keeping)
  • Send occasional service-related updates or newsletters (only with explicit opt-in)
  • Improve the website and monitor its performance

We rely on the following legal bases under Article 6 of the GDPR:

  • Contract performance for processing necessary to deliver services you requested or engaged us for
  • Legitimate interest for direct business communication, website analytics, and responding to unsolicited inquiries
  • Consent for newsletter subscriptions, optional tracking cookies, and any marketing communication
  • Legal obligation for invoicing, tax, and record retention

5. Data sharing

We do not sell personal data. We share data only with carefully selected processors who help us operate:

  • Email and calendar providers (e.g., Google Workspace)
  • CRM and booking platforms (e.g., Go High Level at [brand.emmeworks.it])
  • Website analytics services (see Cookies Policy)
  • Accounting and invoicing software
  • Legal and tax advisors, where required

All processors are bound by data processing agreements consistent with GDPR requirements.

6. International transfers

Some processors operate outside the European Economic Area (EEA). When data is transferred outside the EEA, we rely on Standard Contractual Clauses approved by the European Commission or equivalent safeguards.

7. Retention

We retain personal data only for as long as necessary to fulfil the purposes above:

  • Contact inquiries: up to twenty-four (24) months from last interaction, then deleted
  • Client project data: ten (10) years from the end of the engagement, in line with Italian civil and tax law
  • Invoicing records: ten (10) years, as required by Italian law
  • Newsletter subscribers: until unsubscription, then promptly deleted

8. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (right to be forgotten)
  • Object to processing based on legitimate interest
  • Request data portability
  • Withdraw consent at any time (without affecting the lawfulness of previous processing)
  • Lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali, www.gpdp.it)

To exercise these rights, contact us at [email protected].

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, and disclosure. These include encrypted storage, access controls, and staff confidentiality obligations.

10. Website tracking

This website may use analytics and behavioural tracking tools, including Google Analytics, Microsoft Clarity, and Meta (Facebook) Pixel. These tools collect technical and usage information such as pages visited, referral source, device type, and anonymised interaction patterns.

Tracking is activated only after you grant consent through the cookie banner. See the Cookies Policy for details and opt-out options.

11. Changes to this policy

We update this Privacy Policy when our practices change or when required by law. The “Last updated” date at the top of this page reflects the most recent version.

12. Contact

For any privacy question or data request, contact us at [email protected].