Last updated: April 8, 2026
This Privacy Policy describes how personal data is collected and processed when you visit gilbertotaccari.com (the “Site”). It is issued in compliance with Article 13 of the EU General Data Protection Regulation (GDPR — Regulation (EU) 2016/679).
1. Data Controller
The Data Controller for this Site is:
Gilberto Taccari Contact: him@gilbertotaccari.com
No Data Protection Officer (DPO) has been appointed. The Site is a personal website operated by a natural person and does not meet the thresholds for mandatory DPO appointment under Article 37 GDPR (it does not carry out large-scale processing of special categories of data, nor does it engage in systematic monitoring of individuals).
2. Data Processing Purposes and Legal Basis
2.1 Website Analytics (Google Analytics 4)
Purpose: Statistical analysis of site traffic and user behaviour (e.g., pages viewed, session duration, referral source) in order to understand how the Site is used and to improve its content.
Data processed: Anonymised IP address, browser type, device type, operating system, pages visited, session duration, referral URL, and approximate geographic location (city level).
Legal basis: Your explicit consent (Article 6(1)(a) GDPR), freely given via the cookie consent banner powered by Cookiebot.
You may withdraw your consent at any time — see Section 7.
2.2 Technical Hosting (GitHub Pages)
Purpose: Serving the Site’s content to your browser.
Data processed: Standard server access logs may be collected by GitHub, Inc. as the hosting provider. The Data Controller does not have direct access to these logs.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) in making the Site available.
3. Third-Party Services and Data Recipients
3.1 Google Analytics 4
The Site uses Google Analytics 4 (GA4), a web analytics service provided by Google LLC. GA4 collects anonymised usage data as described in Section 2.1.
GA4 is only activated after you grant consent via the Cookiebot banner. IP anonymisation is enabled.
3.2 Cookiebot (Consent Management Platform)
The Site uses Cookiebot, a consent management platform provided by Cybot A/S, to collect and manage your cookie preferences. Cookiebot may process a hashed (anonymised) identifier derived from your IP address to register your consent record.
3.3 GitHub Pages
The Site is hosted on GitHub Pages, a service provided by GitHub, Inc. (a subsidiary of Microsoft Corporation). GitHub may collect access logs including IP addresses as part of its infrastructure operation.
4. International Data Transfers
4.1 Google Analytics 4 — Transfer to the United States
When you consent to analytics cookies, your data is transferred to Google LLC, headquartered in the United States. This constitutes an international transfer of personal data outside the European Economic Area (EEA) within the meaning of Chapter V GDPR (Articles 44–49).
Current transfer mechanism: The transfer relies on the adequacy decision for the EU–US Data Privacy Framework (DPF), adopted by the European Commission on 10 July 2023 (Decision (EU) 2023/1795). Google LLC is certified under the DPF.
Note: The EU–US DPF is subject to ongoing legal review, including a potential challenge before the Court of Justice of the European Union (CJEU). If the adequacy decision is invalidated, this Privacy Policy will be updated promptly to reflect the new transfer mechanism. Users are encouraged to monitor this page.
Italian Garante note: In June 2022, the Italian Data Protection Authority (Garante) issued a ruling finding that use of Google Analytics in its then-current configuration violated GDPR due to unlawful US data transfers. The DPF currently provides a valid legal basis for these transfers. The situation is actively monitored.
4.2 GitHub Pages — Transfer to the United States
GitHub, Inc. is based in the United States. The transfer of server log data is covered by GitHub’s participation in the EU–US Data Privacy Framework and its Data Protection Agreement.
5. Data Retention
| Service | Data | Retention Period |
|---|---|---|
| Google Analytics 4 | User and event data | 2 months (GA4 default; configurable in GA4 settings) |
| Cookiebot | Consent records | Up to 12 months |
| GitHub Pages | Server access logs | Per GitHub’s Privacy Statement |
You may request deletion of your data at any time — see Section 6.
6. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights, which you may exercise by contacting the Data Controller at the address in Section 1:
- Right of access (Art. 15): Obtain confirmation of whether your data is being processed and receive a copy of it.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
- Right to erasure — “Right to be forgotten” (Art. 17): Request deletion of your personal data, subject to legal retention obligations.
- Right to restriction of processing (Art. 18): Request that processing be restricted in certain circumstances.
- Right to data portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format, and transmit it to another controller. This right applies where processing is based on consent (Art. 6(1)(a)) and carried out by automated means.
- Right to object (Art. 21): Object to processing based on legitimate interests.
- Right to withdraw consent (Art. 7(3)): Withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
- Right to lodge a complaint (Art. 77): Lodge a complaint with a supervisory authority — in Italy: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Roma (IT).
7. Withdrawal of Consent
You can change or withdraw your cookie consent at any time by clicking the “Cookie Settings” link in the footer of this Site. This will reopen the Cookiebot consent banner where you can update your preferences.
Withdrawing consent will not affect the lawfulness of any processing that took place before the withdrawal.
8. Cookie Policy
A detailed list of the cookies used on this Site, including their names, categories, durations, and providers, is maintained by Cookiebot and is accessible directly from the consent banner. The cookie list is updated automatically whenever the Site’s cookie inventory changes.
This Privacy Policy covers the purposes and legal bases for cookie-based processing. For the full technical cookie inventory, refer to the Cookiebot-generated report available in the consent banner.
9. Changes to This Policy
This Privacy Policy may be updated periodically to reflect changes in applicable law, Site functionality, or third-party services. The “Last updated” date at the top of this page will be revised on every update.