Personal data processing
Privacy & Cookies
This notice describes how we process personal data collected on examphora.it and through subscription to the pre-launch mailing list. It is drafted in compliance with EU Regulation 2016/679 (GDPR).
1. Data controller
The data controller is Centro Nazionale di Studi Classici, sponsor of the exAmphorā project, with registered office in Italy. Contact: info@grecolatinovivo.it.
2. Data we collect
We process the following categories of data:
- Email address, when you sign up to the mailing list. Stored encrypted on Resend Inc. servers.
- IP address and browser user-agent, collected automatically at signup, for security, anti-spam rate-limiting, and — only with marketing consent — advertising campaign attribution.
- Subscription language (it/en/fr/de/es), to send you the launch announcement in your language.
- Cookies and technical identifiers, detailed in the Cookies section below.
We do not collect special categories of data (health, religion, politics, biometric) nor data of minors.
3. Purposes of processing
- Pre-launch mailing list subscription: we will write you once, on the day the crowdfunding campaign goes live, to give you access to early bird pricing. We do not send newsletters or other promotional communications.
- Anonymous traffic analytics (only with analytics consent): to understand how the site performs, via Google Analytics 4 in IP-anonymized mode.
- Advertising campaign measurement (only with marketing consent): to assess the performance of ads on Meta (Facebook/Instagram) via Pixel and Conversion API.
- Security and abuse prevention: temporary IP logs to rate-limit automated requests and OTP brute-force attempts.
4. Legal basis
Processing is based on the data subject's explicit consent (art. 6(1)(a) GDPR), given by:
- completing the signup form and confirming the email address via OTP code, for the mailing list;
- clicking "Analytics only" or "Accept all" on the cookie banner, for analytics/marketing processing.
Security logs (IP/user-agent for rate-limiting) rely on our legitimate interest (art. 6(1)(f) GDPR) to protect the service from abuse.
5. Recipients and third-party services
We rely on the following providers, each appointed as external data processor under art. 28 GDPR:
| Provider | Function | Location | Safeguards |
|---|---|---|---|
| Resend Inc. | Transactional email delivery (OTP code, launch email) | United States | SCC + EU-US DPF |
| Vercel Inc. | Website hosting and serverless functions | United States | SCC + EU-US DPF |
| Meta Platforms Ireland Ltd. | Meta Pixel + Conversion API for campaign measurement | Ireland (EU) | EU-internal processing |
| Google Ireland Ltd. | Google Analytics 4 (anonymized mode) | Ireland (EU) | EU-internal processing |
We do not sell, trade or share your data with third parties for purposes other than those described here.
6. Retention periods
- Subscriber email: retained until the data subject requests deletion, or within 24 months of the last documented interaction with the project.
- IP/user-agent logs: 30 days from collection (then deleted).
- Analytics cookies: 2 years from last visit.
- Marketing cookies: 90 days.
- Unconfirmed signup data (users not completing OTP): deleted after 15 minutes (JWT token expiry).
7. Data subject rights
At any time, you may exercise the following rights by writing to info@grecolatinovivo.it:
- Access to your data
- Rectification of inaccurate data
- Erasure (right to be forgotten)
- Restriction of processing
- Portability of data in a structured format
- Objection to processing
- Withdrawal of consent, at any time, without affecting the lawfulness of prior processing
You also have the right to lodge a complaint with a supervisory authority. The Italian authority is the Garante per la protezione dei dati personali.
8. Transfers outside the EU
Transfers to US-based providers (Resend, Vercel) take place under the Standard Contractual Clauses adopted by the European Commission and these providers' adherence to the EU-US Data Privacy Framework, which provides a level of protection equivalent to that of the EU.
9. Changes to this notice
This notice may be updated. Material changes will be communicated by email if you are subscribed to the mailing list; in any case, the date of last update is shown at the top of this page.
Cookies
Cookie policy
A. What cookies are
Cookies are small text files that the website stores on your device to enable its functioning, remember your preferences, measure traffic anonymously and — only with your consent — measure the effectiveness of advertising campaigns.
B. Categories of cookies used
Technical and functional (always active)
Required for the website to function; no consent needed.
| Name | Purpose | Duration | Provider |
|---|---|---|---|
exa_consent_v2 | Stores your cookie choice (analytics, marketing) | 1 year | examphora.it |
Analytics (with consent "Analytics only" or "Accept all")
Measure traffic in aggregated, anonymous form via Google Analytics 4. IP anonymized. No advertising personalisation.
| Name | Purpose | Duration | Provider |
|---|---|---|---|
_ga | Distinguishes unique users (anonymous) | 2 years | |
_ga_* | GA4 session state | 2 years |
Marketing (only with "Accept all" consent)
Measure the effectiveness of advertising campaigns on Meta (Facebook/Instagram). Used to optimise ad audiences and reconstruct conversions via the Conversion API.
| Name | Purpose | Duration | Provider |
|---|---|---|---|
_fbp | Browser identifier for campaign attribution | 90 days | Meta |
_fbc | Facebook Click ID (only set if you arrive from an FB ad) | 90 days | Meta |
C. Managing your consent
When you first visit the site, you see a banner with three choices:
- Essential only: no analytics, no marketing
- Analytics only: GA4 active, marketing off
- Accept all: everything active
You may change your choice at any time. To reset your choice and see the banner again: open the browser console (cmd+option+I on Mac, F12 on Windows) and run localStorage.removeItem('exa_consent_v2'), then reload the page.
D. Disabling cookies in your browser
All major browsers allow you to refuse or delete cookies. See your browser's specific documentation (Safari, Chrome, Firefox, Edge). Disabling technical cookies may compromise the site's functionality.
E. Contact
For any questions related to this policy: info@grecolatinovivo.it.