Privacy Policy

Last updated: March 2026

1. Controller Information

This website is operated by Marino Festuccia, a freelance photographer based in Rome, Italy (hereinafter "the Controller").

For any privacy-related inquiry, you may contact: Email: marfes.q@gmail.com

2. Scope

This Privacy Policy explains how personal data is collected, used, and protected when you visit this website or contact the Controller for professional inquiries, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR) and applicable Italian data protection law.

3. Data Collected and Purposes

3.1 Browsing Data

When you visit this website, the hosting infrastructure (Squarespace Inc.) automatically collects certain technical data, including IP addresses, browser type, operating system, referring URLs, and pages visited. This data is processed solely for the purpose of ensuring the correct functioning of the website and for aggregate statistical analysis.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).

3.2 Contact Form and Email Inquiries

When you reach out through the contact form or via email, the Controller collects the information you voluntarily provide (typically: name, email address, and message content). This data is used exclusively to respond to your inquiry and, where applicable, to manage a professional engagement.

Legal basis: Pre-contractual measures or performance of a contract (Art. 6(1)(b) GDPR); legitimate interest for general inquiries (Art. 6(1)(f) GDPR).

3.3 Cookies

This website uses technical and analytical cookies. No profiling or marketing cookies are used.

  • Technical cookies are strictly necessary for the website to function and do not require consent.

  • Analytical cookies (managed by Squarespace) collect anonymous, aggregated data about visitor behaviour. Where required by applicable law, these are activated only upon your consent.

You may manage or withdraw your cookie preferences at any time through your browser settings or the cookie banner displayed on your first visit.

4. Data Retention

Data Category Retention Period Browsing / server logs Up to 12 months Contact form submissions Until the inquiry is resolved, or up to 24 months if a professional relationship is established Email correspondence Up to 5 years for contractual or fiscal purposes

Data will be deleted or anonymised once the applicable retention period expires, unless a longer period is required by law.

5. Data Sharing and Transfers

The Controller does not sell, rent, or trade personal data with third parties.

Data may be shared with the following categories of recipients, strictly to the extent necessary:

  • Squarespace Inc. (website hosting and analytics) — based in the United States. Data transfers are governed by Standard Contractual Clauses approved by the European Commission, in accordance with Art. 46 GDPR.

  • Professional collaborators (e.g., second photographers, assistants) — only when strictly required for the execution of a specific assignment, and subject to confidentiality obligations.

  • Public authorities — where required by law or a binding legal order.

6. Your Rights

Under the GDPR, you have the following rights with respect to your personal data:

  • Right of access (Art. 15): You may request a copy of the personal data held about you.

  • Right to rectification (Art. 16): You may request the correction of inaccurate or incomplete data.

  • Right to erasure (Art. 17): You may request the deletion of your data where no legal basis for retention exists.

  • Right to restriction of processing (Art. 18): You may request that processing be limited in certain circumstances.

  • Right to data portability (Art. 20): Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.

  • Right to object (Art. 21): You may object to processing based on legitimate interest at any time.

  • Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of the above rights, please contact the Controller at the address listed in Section 1. Requests will be handled within 30 days. In complex cases, this period may be extended by a further two months, with prior notice.

7. Right to Lodge a Complaint

If you believe your data has been processed in violation of applicable law, you have the right to lodge a complaint with the competent supervisory authority.

For users based in Italy:

Garante per la Protezione dei Dati Personali Website: www.garanteprivacy.it Email: garante@gpdp.it

8. Security

The Controller adopts appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or alteration. However, no method of transmission over the internet is entirely secure, and absolute security cannot be guaranteed.

9. Changes to This Policy

This Privacy Policy may be updated periodically to reflect changes in applicable law or in the Controller's data processing practices. The date at the top of this page indicates when it was last revised. Continued use of the website following any update constitutes acceptance of the revised policy.

This policy applies exclusively to this website. It does not cover third-party websites that may be linked from this site.