Prodhero Logo

Legal

Privacy Policy

Last updated: March 16, 2025

This policy describes how the personal data of users who visit the site prodhero.com is collected, used and protected. prodhero.com.

1

Data Controller

The data controller for personal data is:

Name: Matteo Masoomi Lari

City: Turin, Italy

Email: business@prodhero.com

For any privacy-related requests you can write to the email address indicated above.

2

Personal data collected and collection methods

The site collects personal data only in an explicit and informed manner, through the following channels:

Contact form

Through the contact form available on the Contact page, the following are collected: name, email address, type of service requested and message. This data is sent directly via email to the controller through the Nodemailer service and is not stored on a database.

Newsletter form

Those who subscribe to the newsletter provide their email address and give explicit consent to processing for the sending of updates on PRODHERO projects and content.

Navigation data

Like all websites, during navigation some technical data is automatically acquired (IP address, browser type, operating system, pages visited, date and time of access). This data is used exclusively in aggregated and anonymized form for statistical purposes, only with the user's prior consent.

3

Purposes of processing

  • Management of contact requests: to respond to questions and quote requests sent through the form.
  • Newsletter: to send updates on PRODHERO projects and news, only with explicit prior consent.
  • Aggregate statistics: to understand how users navigate the site to improve the experience, only with prior consent to analytics processing.
  • Site security: to prevent fraud, spam and abuse through technical tools.
4

Legal bases for processing

Explicit consent (art. 6.1.a GDPR)

Analytics cookies (Google Analytics 4) and newsletter subscription.

Performance of a contract or pre-contractual measures (art. 6.1.b GDPR)

To respond to requests submitted through the contact form.

Legitimate interest (art. 6.1.f GDPR)

Site security and abuse prevention.

5

Third-party tools and providers

The site uses the following third-party tools. For each, the nature of the processing and any transfer to non-EU countries is indicated.

Google Analytics 4

Provider: Google LLC (USA)

Purpose: Anonymized navigation statistics. Activated only with the user's explicit prior consent. Anonymized IP.

Data transfer: Data transferred to USA β€” protected by Standard Contractual Clauses (SCC) and Google Ads Data Processing Terms.

Provider privacy policy β†’

Vercel Analytics

Provider: Vercel Inc. (USA)

Purpose: Aggregate visitor analysis without the use of cookies and without collection of personally identifiable data. Does not require cookie consent, but is documented for transparency.

Data transfer: Data transferred to USA β€” protected by Vercel DPA and Standard Contractual Clauses.

Provider privacy policy β†’

Vercel Speed Insights

Provider: Vercel Inc. (USA)

Purpose: Collection of performance metrics (Web Vitals: LCP, FID, CLS). No personally identifiable data, no cookies.

Data transfer: Data transferred to USA β€” protected by Vercel DPA.

Provider privacy policy β†’

Nodemailer (via SMTP provider)

Provider: Configured with the controller's email provider

Purpose: Sending notification emails generated by the contact form. Form data (name, email, message) passes through this channel and is not stored on a database.

Data transfer: Depends on the configured SMTP provider.

6

Retention periods

  • Contact form data: not stored on a database; passes via email and is subject to the retention policies of the email client.
  • Newsletter data: retained until consent is revoked (unsubscription).
  • Analytics data (GA4): retained according to GA4 settings (default: 14 months); activated only with prior consent.
  • Consent preference cookie: stored for 12 months in the user's browser (localStorage).
7

Data subject rights

Pursuant to arts. 15–22 of the GDPR, you have the right to:

Access

obtain confirmation of processing and a copy of your data.

Rectification

correct inaccurate or incomplete data.

Erasure

request the removal of data ("right to be forgotten").

Restriction

restrict processing under certain circumstances.

Portability

receive your data in a structured format.

Objection

object to processing based on legitimate interest.

Withdrawal of consent

withdraw consent given at any time.

Complaint

lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).

To exercise your rights, write to business@prodhero.com. We will respond within 30 days.

8

Changes to this policy

This policy may be updated periodically. In case of substantial changes, the "Last updated" date at the top of the page will be updated accordingly. We invite you to consult this page periodically.

PRODHERO Β· Turin, Italy Β· business@prodhero.com

Cookie Policy β†’