Privacy Policy pursuant to EU Regulation 2016/679 (“GDPR”)

Pursuant to Article 12 of the GDPR, we inform you that your data is processed in accordance with the provisions set forth therein, and in particular as follows.

Data Controller
The data controller is Cristiano Filippini Music Productions – Via Cecchi n°62 – 61121 Pesaro (PU).

Data provided by the data subject
We store the data you have voluntarily provided via paper documents, email or through the website, including for example: first name, last name, email address, phone number.
Data received via email (including data submitted through forms on the website) may also contain the IP address of the sender and/or their mail server, which is therefore stored alongside the other data.
We also store cookies, for which please refer to the relevant section of this website.
If you are under 16 years of age, you may not provide us with any personal data, and in any case we accept no liability for any false declarations you may provide. Should we become aware of any untruthful statements, we will proceed with the immediate deletion of any personal data acquired.

Automatically collected data
The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s response (success, error, etc.) and other parameters relating to the user’s operating system and computing environment. These data are used solely for the purpose of obtaining anonymous statistical information about the use of the website and to monitor its correct functioning, and are deleted immediately after processing. The data could be used to establish liability in the event of hypothetical cybercrimes against the Website or third parties: save for this eventuality, web contact data are not currently stored permanently, unless specifically requested by the user.

Purposes of processing
Specifically, your personal data is processed for the following purposes and legal bases:

  • without your prior consent for service purposes, and in particular for:
    – the performance of a contract or the fulfilment of pre-contractual obligations
    – managing and maintaining the websites
    – providing, administering and managing all services requested by you, including where necessary the related invoicing, sending of service communications and assistance
    – carrying out aggregate statistical analyses on an anonymous basis
  • the pursuit of a legitimate interest of the Data Controller:
    – managing complaints and disputes, recovering debts, preventing fraud and unlawful activities
    – sending you commercial communications to the email address you have provided, if you are already our customer, relating to services and products similar to those you have already used. Every email sent will allow you, by clicking on the appropriate link, to opt out of further communications.
  • compliance with legal obligations
  • only upon express consent, where provided on the website or via email, for marketing purposes.

Methods and security of processing
The processing of data (collection, recording, storage and use) is carried out in both analogue and digital format.
Data is collected in accordance with the security measures required by the GDPR, selected by the data controller taking into account the state of the art and the costs of implementation, as well as the nature, subject matter, context and purposes of the processing, and also the risk of varying likelihood and severity to the rights and freedoms of natural persons.

Nature of data provision
The provision of data is necessary solely for the purpose of delivering the requested service. Any refusal to provide data will make it impossible to perform the requested service.
The optional, explicit and voluntary sending of emails to the addresses indicated on this website will result in the subsequent acquisition of the sender’s address, which is necessary in order to respond to requests, as well as any other personal data included in the message. The information provided will not be disclosed to parties not involved in its processing.

Duration of processing
Data will be processed for the time necessary to perform the requested service.
In the case of pre-contractual requests, data will be retained on the basis of legitimate interest for a maximum period of 3 years, solely for the purpose of completing the requested process.
Invoices, accounting documents and transaction-related data are retained in accordance with statutory requirements (estimated at 10 years) plus an additional 12 months for the time needed to close the relationship.
Data collected for marketing purposes is retained for no longer than 12 months from the end of the relationship.

Disclosure of data
The data may be accessed by sales staff, labour consultants responsible for accounting, technicians, programmers and administrative staff duly appointed for this purpose, as well as administrative and judicial bodies and authorities by virtue of legal obligations.
A list of appointed persons may be requested in person.
Collected data will not be transferred or sold to external companies.
Data provided via email or stored in the website database is stored on European servers.

Rights of the data subject

  1. Access. The data subject has the right to obtain confirmation as to whether or not personal data concerning them is being processed and, if so, to obtain access to the personal data and to the following information:
    a. where the data is not collected directly from the data subject, the source of the personal data;
    b. the purposes of the processing;
    c. the categories of personal data;
    d. the recipients or categories of recipients to whom the personal data has been or will be disclosed;
    e. the retention period or the criteria used to determine it;
    f. the existence of automated decision-making processes (profiling).
  2. Withdrawal. The data subject may at any time withdraw consent to the processing of their personal data previously given.
  3. Rectification, erasure and restriction. The data subject has the right to obtain:
    a. the rectification of inaccurate personal data concerning them, or the completion of incomplete data, without undue delay;
    b. the erasure of personal data concerning them without undue delay, subject to legal obligations;
    c. the restriction of processing in the event that one of the conditions set out in Article 18 of the GDPR applies;
    d. confirmation that the operations referred to in points [a-b-c] have been communicated, including as regards their content, to those to whom the data has been disclosed or disseminated, except where this proves impossible or involves a disproportionate effort relative to the right being protected.
  4. Objection. The data subject has the right to object, in whole or in part:
    a. on legitimate grounds to the processing of personal data concerning them, even where such data is relevant to the purpose of collection;
    b. to the processing of personal data concerning them for the purpose of sending advertising or direct sales material, or for carrying out market research or commercial communications.
  5. Portability. The data subject has the right to receive their personal data, knowingly and actively provided or generated through use of the service, in a structured, commonly used and machine-readable format, and to transmit it to another data controller without hindrance.
  6. Complaint. The data subject may lodge a complaint with the competent data protection supervisory authority or take legal action.

To exercise these rights, you may send a recorded delivery letter to:
Cristiano Filippini Music Productions – Via Cecchi n°62 – 61121 Pesaro (PU)
or an email to info@cristianofilippini.com.

You are advised to use the form made available by the Italian data protection authority.

Requests are handled free of charge and processed by the data controller as promptly as possible, and in any case within one month.

Last updated: 19/03/2026.