Privacy Policy

Last updated: 15 March 2026

This Privacy Policy explains how Prismlight Analytics handles your personal data when you visit our website or interact with our services. We comply fully with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Italian data protection law.

1. Who Is Responsible for Your Data

The data controller is:

AUFRAL di Ana Alexandru Rome, Italy VAT: IT-16514071006 REA: RM-1660328

General contact: [email protected] Privacy enquiries: [email protected]

2. What We Collect and When

We collect personal data only when there is a clear purpose, and only through the channels described below.

2.1 Contact Form

When you submit our contact form, we collect:

  • Name
  • Email address
  • Company name (optional)
  • Phone number (optional)
  • Service of interest (optional)
  • Message content
  • Newsletter opt-in preference
  • Privacy consent confirmation
  • Hashed IP address (SHA-256 — we never store your raw IP)
  • Submission timestamp

2.2 Newsletter

When you subscribe, we collect:

  • Email address
  • Name (optional)
  • Preferred language
  • Hashed IP address (SHA-256)
  • Subscription and confirmation timestamps

2.3 Cookie Consent

When you interact with the cookie banner, we record:

  • An anonymous hashed visitor identifier
  • Your consent choices (analytics, marketing)
  • Hashed IP address and user agent (both SHA-256)
  • Cookie policy version at the time of consent
  • Consent timestamp

2.4 Analytics (consent required)

If you opt in to analytics cookies, Google Analytics collects anonymised usage data: pages visited, session duration, referral source, device type, and approximate location. This data is tied to randomly generated identifiers — never to your name or email.

2.5 Marketing (consent required)

If you opt in to marketing cookies, Facebook Pixel tracks your interactions with our site to support advertising and conversion measurement on Meta's platform.

3. Why We Process Your Data

Purpose Legal Basis (GDPR Art. 6(1))
Responding to contact form submissions Pre-contractual steps (b)
Sending newsletters you subscribed to Consent (a)
Analytics cookies (Google Analytics) Consent (a)
Marketing cookies (Facebook Pixel) Consent (a)
Recording cookie consent Legitimate interest in compliance (f)
Preventing spam and protecting the site Legitimate interest (f)

4. What We Do With Your Data

  • Respond to your enquiries.
  • Send newsletters you have opted into and confirmed.
  • Analyse anonymised site usage to improve content and experience (only with consent).
  • Run targeted advertising on third-party platforms (only with consent).
  • Maintain consent records for regulatory compliance.
  • Protect the website from abuse and security threats.

We never sell, rent, or trade your personal data.

5. How Long We Keep It

Data Retention
Contact form submissions 24 months from submission
Newsletter subscribers (active) Until you unsubscribe
Newsletter subscribers (after unsubscribe) 6 months, then permanently deleted
Cookie consent records 36 months from consent date

Deletion is handled by automated purge jobs. No manual intervention required.

6. Who We Share Data With

We share data with the following third parties only where necessary and, where required, only after you have given consent.

Google Analytics

  • Provider: Google Ireland Limited
  • Purpose: anonymised website usage analytics
  • Legal basis: your consent (analytics cookies)
  • Privacy policy: policies.google.com/privacy

We use Google Analytics consent mode v2. By default, both ad_storage and analytics_storage are set to denied. They are updated only when you grant consent.

Facebook Pixel

  • Provider: Meta Platforms Ireland Limited
  • Purpose: advertising conversion tracking and audience building
  • Legal basis: your consent (marketing cookies)
  • Privacy policy: facebook.com/privacy/policy

The Facebook Pixel script is not loaded at all until you grant marketing consent.

Email Service Provider

We use a third-party provider to deliver newsletters and transactional emails. Only your email address and name are shared, solely for delivery.

We do not share your data with any other third party for their own marketing.

7. Cookies

For full details on the cookies we use, see our Cookie Policy.

8. International Transfers

Some third-party providers (Google, Meta) may transfer data outside the EEA. Where this happens, appropriate safeguards are in place:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • The EU-US Data Privacy Framework, where applicable

You can request a copy of the relevant safeguards by emailing [email protected].

9. How We Protect Your Data

  • All data encrypted in transit (TLS/HTTPS) and at rest
  • IP addresses stored only as irreversible SHA-256 hashes
  • Parameterised database queries — no SQL injection surface
  • Rate limiting on form submissions
  • Server-side validation on all user input
  • Access restricted to authorised personnel only
  • Regular security patching
  • Application logs configured to exclude plaintext personal data

10. Your Rights

Under the GDPR, you have the right to:

  • Access (Art. 15) — request a copy of the data we hold about you
  • Rectification (Art. 16) — correct inaccurate or incomplete data
  • Erasure (Art. 17) — request deletion where there is no compelling reason to keep it
  • Restriction (Art. 18) — limit how we process your data in certain circumstances
  • Portability (Art. 20) — receive your data in a structured, machine-readable format
  • Object (Art. 21) — object to processing based on legitimate interests
  • Withdraw consent (Art. 7(3)) — withdraw consent at any time, without affecting the lawfulness of processing before withdrawal

To exercise any right, email [email protected]. We will respond within 30 days.

Newsletter

Unsubscribe at any time via the link in every email, or contact us directly.

Cookies

Change your preferences at any time using the Cookie Settings button in the site footer.

11. Children

Our website is not directed at anyone under 16. We do not knowingly collect data from children. If you believe we have, contact [email protected] and we will delete it promptly.

12. Complaints

If you believe we have violated the GDPR, you may lodge a complaint with:

Garante per la Protezione dei Dati Personali Piazza Venezia 11, 00187 Rome, Italy Website: garanteprivacy.it Email: [email protected] PEC: [email protected]

You may also complain to the supervisory authority in the EU Member State where you live or work.

13. Changes

We may update this policy as our practices, legal obligations, or services evolve. Material changes will be reflected in the "Last updated" date above. We encourage you to check this page periodically.

14. Contact

General enquiries: [email protected] Privacy enquiries: [email protected]