Privacy Policy

1 · Data Controller

The data controller is Tashi Paris, a sole trader (libero professionista) based in Bolzano (BZ), Italy — VAT no. (P.IVA) 03348700216.

For any privacy matter, including to exercise your rights, contact: tashi@tashiparis.com. No Data Protection Officer (DPO) is appointed, as one is not required for this activity.

2 · What data I collect

Data you provide via the contact form: your name, email address and the content of your message. Providing a name and email is necessary to reply; the message field is optional.

Technical and usage data collected automatically: IP address, browser type and settings, device information, referring pages, and timestamps, processed through my hosting provider's standard server logs and through cookieless analytics (anonymous, aggregated page-view metrics).

Functional browser storage: a small amount of data kept in your browser's local/session storage to make the site work (your language preference and short-lived interface state). This is not a cookie and is never transmitted to me.

I do not knowingly collect special categories of data (health, beliefs, etc.). Please do not include such data in your message.

3 · Purposes and legal bases

(a) To respond to your enquiry, provide quotes and take pre-contractual steps — legal basis: performance of pre-contractual measures at your request, Art. 6(1)(b) GDPR.

(b) To operate, secure, maintain and improve the website, prevent abuse and ensure technical stability — legal basis: my legitimate interest, Art. 6(1)(f) GDPR.

(c) To comply with legal, tax and accounting obligations where a working relationship begins — legal basis: legal obligation, Art. 6(1)(c) GDPR.

4 · Recipients and processors

Your data may be processed on my behalf by carefully selected providers acting as data processors under Art. 28 GDPR: Vercel Inc. (website hosting and cookieless analytics) and Resend (delivery of the email that carries your contact message to me).

If you click the booking link, you are directed to Cal.com, an independent service that acts as its own controller under its own privacy policy.

Your data is never sold, rented, or used for advertising, profiling, or automated decision-making.

5 · International transfers

Some processors above (e.g. Vercel, Resend, Cal.com) are based in the United States, so your data may be transferred outside the European Economic Area. Such transfers are safeguarded by the European Commission's Standard Contractual Clauses (SCCs) and/or an applicable adequacy mechanism, ensuring an equivalent level of protection. A copy of the safeguards can be requested at the contact address above.

6 · Retention

Contact messages and related correspondence are kept only for as long as needed to handle your request and any resulting engagement, and then deleted, typically within 24 months of the last contact unless a longer period is required by law (e.g. 10 years for accounting records under Italian law).

Server-log and analytics data are kept for short, provider-defined periods and in aggregated, non-identifying form.

7 · Security

The site is served over encrypted HTTPS. Appropriate technical and organisational measures are in place to protect your data against unauthorised access, loss or disclosure, taking into account the nature of the processing and current best practice.

8 · Your rights

Under Articles 15–22 GDPR you have the right to: access your data; rectify inaccurate data; erase data ('right to be forgotten'); restrict processing; data portability; object to processing based on legitimate interest; and withdraw any consent at any time without affecting prior processing.

To exercise any right, email tashi@tashiparis.com. I will respond without undue delay and within one month at the latest, free of charge in ordinary cases.

9 · Right to lodge a complaint

If you believe your data is processed unlawfully, you may lodge a complaint with the Italian Data Protection Authority — Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Roma, garanteprivacy.it — or with the supervisory authority of your habitual residence.

10 · Is providing data mandatory?

Providing data through the contact form is voluntary; however, without a name and a valid email I cannot reply to your enquiry. Technical data is processed automatically as a necessary part of delivering the website.

11 · Automated decisions, profiling and minors

No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place. The site is not directed at children under 16, and I do not knowingly collect their data.

12 · Changes to this policy

This policy may be updated to reflect changes in the site or the law. The current version and its date are always shown at the top of this page.