Privacy Policy of David Fisicaro

2. Data Controller

David Fisicaro
Musician – Freelance Professional
Address: Via Bellini, 27 – 51100 Pistoia (PT), Italy
Tax Code: FSCDVD83A11G491W
VAT Number: 02082580479
Email: blindmojodave@gmail.com
Phone: +39 339 244 2249

The Data Controller is responsible for the collection and processing of your personal data through the Website.

3. Data Protection Officer (DPO)

Given the nature and size of the professional activity, no Data Protection Officer (DPO) has been appointed.

For any matter regarding the processing of your personal data, you may contact the Data Controller directly using the contact details provided above.

4. Types of Data Collected

During your navigation and interaction with my Website, I may collect the following categories of personal data:

4.1 Data voluntarily provided by the user

• Identification data: first name, last name
• Contact data: email address, phone number
• Data communicated via email or WhatsApp: messages, information requests, communication contents

4.2 Data collected automatically

• Browsing data: IP address, browser type, operating system, pages visited, duration of visit, navigation path
• Cookies and tracking technologies: as described in the Cookie Policy, I use technical and analytical cookies
• Statistical data: number of visits, traffic sources, user behavior on the Website

4.3 Data obtained from third parties

• Social media: if you interact with my content on YouTube or Instagram displayed on the Website, data may be collected according to the privacy policies of those respective services

5. Purposes and Legal Basis of Processing

Your personal data is processed for the following purposes and on the following legal bases:

5.1 Technical and functional purposes of the Website

(Legal basis: Legitimate interest – Art. 6(1)(f) GDPR)

• To ensure the proper functioning of the Website
• To manage IT security and prevent fraud
• To resolve technical issues
  Retention period: for the duration of the session or as long as necessary for the specific technical purpose

5.2 Management of contact requests

(Legal basis: Performance of pre-contractual measures – Art. 6(1)(b) GDPR)

• To respond to your information requests via email or WhatsApp
• To provide information about my musical services
• To manage collaboration, concert, or musical project requests
• To manage the pre-contractual relationship
  Retention period:
• 24 months from receipt of the request for contacts not converted into collaborations
• 10 years from the end of the relationship for professional collaborations (for fiscal and legal obligations)

5.3 Provision of professional services

(Legal basis: Contract performance – Art. 6(1)(b) GDPR)

• To perform the agreed musical services
• To manage contractual relationships and collaborations
• To store documents and materials related to projects on Google Drive
• To comply with administrative, accounting, and fiscal obligations
  Retention period: 10 years after the end of the relationship (D.P.R. 600/1973)

5.4 Communications via Google Meet

(Legal basis: Pre-contractual or contractual measures – Art. 6(1)(b) GDPR)

• To conduct video calls and meetings with clients, collaborators, or potential clients
• To discuss musical projects and collaborations
  Retention period: recordings, if made, are stored for the duration of the specific project and in any case no longer than 24 months

5.5 Statistical analysis and improvement of the Website

(Legal basis: Consent – Art. 6(1)(a) GDPR)

• To analyze web traffic through Google Analytics 4 and Matomo
• To collect aggregated statistics on user behavior
• To improve user experience and optimize content
  Retention period:
• Google Analytics 4: up to 26 months
• Matomo: up to 13 months

5.6 Legal obligations

(Legal basis: Legal obligation – Art. 6(1)(c) GDPR)

• To comply with fiscal, accounting, and administrative obligations
• To respond to requests from competent authorities
• To retain documentation according to applicable laws
  Retention period: according to the terms provided by fiscal and accounting laws (usually 10 years)

6. Processing Methods

Personal data is processed by electronic and paper means, following logic strictly related to the purposes indicated, and with the adoption of appropriate security measures to guarantee confidentiality, integrity, and availability of the data.

Data is processed at my professional office and at the servers of third-party service providers used (see section 8).

7. Data Recipients

Your personal data may be communicated or made accessible to the following categories of recipients:

7.1 Data Controller

David Fisicaro, as a freelance professional, personally processes the data for the purposes described above.

7.2 Service providers (Data Processors)

Data may be shared with third parties providing services on my behalf, including:

Hosting and infrastructure services:

• TopHost (or other provider) – Website hosting
• Google LLC – Google Drive for document and material storage

Communication services:

• Google LLC – Gmail for email communications, Google Meet for video conferences
• WhatsApp (Meta Platforms Ireland Limited) – Messaging service

Analytics services:

• Google LLC – Google Analytics 4
• Matomo (self-hosted) – Analytics
• Meta Platforms Ireland Limited – Facebook Pixel

Multimedia content services:

• Google LLC – YouTube for embedded videos and channel API

These entities are designated as Data Processors under Article 28 GDPR and process data solely according to my instructions.

7.3 Professionals and consultants

Accountants, fiscal consultants, legal advisors, or other professionals assisting me, bound by professional secrecy and confidentiality obligations.

7.4 Public authorities

When required by law, data may be communicated to public authorities, law enforcement, tax authorities, or judicial bodies.

8. Data Transfer Outside the EU

Some of the services used involve transferring your personal data to countries outside the European Economic Area (EEA), particularly the United States of America.

Such transfers are carried out based on adequate safeguards under the GDPR, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• EU–US Data Privacy Framework (DPF) for certified companies
• Other appropriate safeguards under Articles 44–49 GDPR

Main services involving extra-EU data transfers:

• Google LLC (USA) – Google Analytics 4, Gmail, Google Drive, Google Meet, YouTube

You may request further information about the applied safeguards by contacting me at blindmojodave@gmail.com.

9. Data Retention Period

Personal data will be retained only for as long as necessary to achieve the purposes for which it was collected:

After the retention period, data will be deleted or anonymized irreversibly, unless further retention is necessary to comply with legal obligations or to establish, exercise, or defend legal claims.

10. Data Subject Rights

In accordance with GDPR (Articles 15–22), you have the right to:

10.1 Right of access (Art. 15 GDPR)

Obtain confirmation of whether personal data concerning you exists and receive a copy of such data, along with information about its processing.

10.2 Right to rectification (Art. 16 GDPR)

Request the correction of inaccurate personal data or the completion of incomplete data.

10.3 Right to erasure / Right to be forgotten (Art. 17 GDPR)

Obtain the deletion of your personal data when:

• They are no longer necessary for the purposes for which they were collected
• You have withdrawn consent and there is no other legal basis
• You object to the processing and there are no overriding legitimate grounds
• The data have been unlawfully processed
• Deletion is required to comply with a legal obligation

10.4 Right to restriction of processing (Art. 18 GDPR)

Obtain restriction of processing when:

• You contest the accuracy of the data
• The processing is unlawful but you oppose deletion
• The data are no longer needed but you require them to defend a legal claim
• You have objected to processing pending verification

10.5 Right to data portability (Art. 20 GDPR)

Receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller without hindrance.

10.6 Right to object (Art. 21 GDPR)

Object to the processing of your personal data for reasons related to your particular situation when the processing is based on the legitimate interest of the Controller.

10.7 Right to withdraw consent (Art. 7(3) GDPR)

Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

10.8 Right to lodge a complaint

You have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data violates the GDPR.

Supervisory Authority:
Garante per la Protezione dei Dati Personali
Piazza Venezia, 11 – 00187 Rome, Italy
Tel. +39 06 696771
Email: garante@gpdp.it
PEC: protocollo@pec.gpdp.it
Website: www.garanteprivacy.it

How to exercise your rights
To exercise your rights, you may contact the Data Controller:

Email: blindmojodave@gmail.com
Phone: +39 339 244 2249
Postal address: Via Bellini, 27 – 51100 Pistoia (PT), Italy

The Data Controller will respond to your request without undue delay and, in any case, within one month of receipt. This period may be extended by two months if necessary, taking into account the complexity and number of requests.

11. Data Security

The Data Controller adopts appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Art. 32 GDPR.

Implemented security measures include:

• Use of encrypted connections (HTTPS/SSL) for data transmission
• Authentication and access control systems
• Regular backups of data stored on Google Drive
• Use of antivirus software and firewalls
• Periodic updates of systems and applications
• Pseudonymization and encryption of data when appropriate
• Secure storage of documents on protected cloud platforms

Despite these measures, no Internet transmission or electronic storage system is completely secure. I am committed to protecting your personal data but cannot guarantee absolute security of information transmitted through my Website.

12. Cookies and Tracking Technologies

The Website uses cookies and similar tracking technologies. For detailed information on which cookies are used, for what purposes, and how to manage your preferences, please refer to my Cookie Policy.

13. Links to Third-Party Websites

My Website may contain links to third-party websites (YouTube, Instagram, or other music platforms). I am not responsible for the privacy practices of such external sites. I invite you to read the privacy policies of each website you visit.

14. Minors

This Website is not specifically intended for minors under 18 years of age, and I do not knowingly collect personal data from minors. If I become aware that I have collected personal data from a minor without parental consent, I will take steps to delete such information as soon as possible.

15. Changes to This Privacy Policy

I reserve the right to modify or update this Privacy Policy at any time to reflect changes in my services, applicable laws, or data processing practices.

All changes will be published on this page, indicating the “Last update” date at the top of the document. In case of substantial changes requiring new consent, I will inform you by email or through a notice on the Website.

You are encouraged to periodically review this page to stay informed about how I protect your personal data.

16. Contacts

For any questions, clarification requests, or to exercise your rights regarding personal data processing, you may contact me:

David Fisicaro
Via Bellini, 27 – 51100 Pistoia (PT), Italy
Tax Code: FSCDVD83A11G491W
VAT Number: 02082580479
Email: blindmojodave@gmail.com
Phone: +39 339 244 2249

I will be happy to respond to all your requests and provide any additional information you may need.