Privacy Policy

Legal · Privacy
Data ControllerRobert Sillo / scriptsandstyles.dev
VATIT 02627350461
RegulationGDPR — EU 2016/679
Last updatedFebruary 22, 2026
01

Data controller identity

The Data Controller for this website and all personal data collected through it is:

  • Robert Sillo
  • Operating under: SILLO ROBERT
  • Partita IVA: IT 02627350461
  • Website: scriptsandstyles.dev
  • Contact: hello@scriptsandstyles.dev

As Data Controller, Robert Sillo determines the purposes and means of processing your personal data, in accordance with EU Regulation 2016/679 (GDPR) and applicable Italian data protection legislation (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018).

02

What data we collect

We collect personal data only through the contact form on this website. No data is collected through account registration, purchases, or newsletter subscriptions, as these features do not exist on this site.

The contact form collects the following information:

Field

Type

Required

Full name

Personal identifier

Yes

Company name

Organisational identifier

Yes

Email address

Contact data

Yes

Website URL

Professional reference

Yes

Service interest, budget range, and timeline

Project qualification data

Yes

Project description and additional notes

Free-text content

Yes

We also collect technical data automatically through analytics tools. See Section 6 (Cookies and Tracking) for full details.

03

What data we collect

We process personal data for the following purposes, each with a specific legal basis under Article 6 GDPR:

The contact form collects the following information:

Purpose

Legal basis

Responding to your enquiry and evaluating project fit

Art. 6(1)(b) — pre-contractual measures at the request of the data subject

Managing the client relationship if an engagement proceeds

Art. 6(1)(b) — performance of a contract

Storing client project data in a project management tool (kitchen.co) if onboarded

Art. 6(1)(b) — performance of a contract

Analysing website usage to improve content and user experience

Art. 6(1)(a) — consent (obtained via cookie banner)

Compliance with applicable legal obligations

Art. 6(1)(c) — legal obligation

We do not process your data for marketing purposes, profiling, or automated decision-making. We do not sell, rent, or share personal data with third parties for their own commercial purposes.

04

How your data flows

When you submit the contact form, here is exactly what happens to your data:

The contact form collects the following information:

  • The form is processed by the Bricks Builder native form handler running on this WordPress installation, hosted on servers within the European Economic Area.
  • Your submission is sent to our email address (hello@scriptsandstyles.dev) and is not stored in the WordPress database. No third-party email marketing platform is involved.
  • Your email is received and managed through our email provider. No automated CRM tagging or tracking occurs at this stage.
  • If we proceed to a paid engagement, relevant project data is entered into kitcrm.com for project management purposes. You will be informed of this at the point of onboarding.
  • If we do not proceed, your data is retained only in our email inbox and deleted in accordance with the retention periods below.
05

Third-party processors & sub-processors

We use the following third-party services that may process personal data on our behalf. Each operates under its own GDPR-compliant data processing terms:

The contact form collects the following information:

Service

Purpose

Data transferred

Location

WordPress / Bricks Builder
Self-hosted

Website CMS and form handling

Form submission data (processed in transit, not stored in DB)

EEA (hosting dependent)

kitchen.co

Project management for active clients only

Name, company, email, project details

Refer to kitchen.co privacy policy

Google Analytics
Google Ireland Ltd.

Website usage analytics

Anonymised browsing data, IP (anonymised), session data

EEA / USA (Standard Contractual Clauses)

Microsoft Clarity
Microsoft Ireland Operations Ltd.

Session recording and heatmaps for UX analysis

Anonymised interaction data, mouse movements, scroll behaviour

EEA / USA (Standard Contractual Clauses)

Google Analytics is configured with IP anonymisation enabled. Microsoft Clarity automatically masks sensitive input fields. Neither service is used to identify individual users or build personal profiles for advertising purposes.

All transfers to the United States are governed by Standard Contractual Clauses (SCCs) as provided under Article 46 GDPR.

06

Cookies & tracking

This website uses cookies and similar tracking technologies. Cookies are small text files stored on your device when you visit a website. We use the following categories:

Category

Description

Consent required

Strictly necessary

Cookies required for the website to function — WordPress session cookies, security tokens, cookie consent preference storage.

No — exempt under ePrivacy Directive

Analytics

Google Analytics cookies (_ga, _gid, _gat) used to measure traffic and understand how visitors interact with the site. Data is anonymised.

Yes — consent required

Behavioural / UX

Microsoft Clarity cookies used for session recording and heatmap analysis. No personal data is stored. Input fields are automatically masked.

Yes — consent required

You can manage or withdraw your cookie consent at any time using the cookie preference panel accessible from the footer of this website. Withdrawing consent does not affect the lawfulness of any processing carried out prior to withdrawal.

You may also manage cookies directly through your browser settings. Instructions vary by browser — refer to your browser's help documentation for guidance.

07

How long we keep your data

We retain personal data only for as long as necessary for the purpose for which it was collected:

Data type

Retention period

Reason

Enquiry data (no engagement)

12 months from date of submission

To allow for follow-up within a reasonable business window

Client project data (active engagement)

Duration of engagement + 5 years

Legal and fiscal obligations under Italian law (Art. 2220 c.c.)

Invoice and payment records

10 years

Italian fiscal and accounting obligations

Analytics data (Google Analytics)

26 months (Google default, configurable)

Aggregated usage analysis

Session recording data (Microsoft Clarity)

30 days (Clarity default)

UX analysis and improvement

After the applicable retention period, data is permanently deleted or anonymised. You may request earlier deletion — see Section 8 for your rights.

08

Your rights under GDPR

As a data subject under GDPR, you have the following rights with respect to your personal data:

  • Right of access (Art. 15)
    You may request a copy of the personal data we hold about you
  • Right to rectification (Art. 16)
    You may request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17)
    You may request deletion of your data where no legal obligation requires us to retain it
  • Right to data portability (Art. 20)
    Where processing is based on consent or contract, you may request your data in a structured, machine-readable format.
  • Right to object (Art. 21)
    You may object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3))
    Where processing is based on your consent, you may withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us at hello@scriptsandstyles.dev. We will respond within 30 days of receiving your request, in accordance with Article 12 GDPR. In cases of complexity or volume, this period may be extended by a further two months — you will be informed if this is necessary.

We will not charge a fee for reasonable requests. We may ask you to verify your identity before processing your request.

09

Right to lodge a complaint

If you believe your personal data has been processed in violation of applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority.

The Italian supervisory authority is:

  • Garante per la protezione dei dati personali (Garante Privacy)
  • Piazza Venezia 11, 00187 Roma — Italy
  • Website: www.garanteprivacy.it
  • Email: garante@garanteprivacy.it
  • Phone: +39 06 69677 1

You also have the right to lodge a complaint with the supervisory authority of the EU member state where you are habitually resident or where you work.

10

Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage, in accordance with Article 32 GDPR. These measures include:

  • HTTPS encryption on all pages of this website
  • Contact form submissions transmitted over encrypted connections
  • No storage of form data in the WordPress database — data is transmitted to email only
  • Access to project management tools restricted to the Data Controller only
  • Regular review of third-party processor security practices

No method of transmission over the internet or electronic storage is 100% secure. While we take commercially reasonable precautions, we cannot guarantee absolute security. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the Garante Privacy within 72 hours and inform affected individuals without undue delay, as required by Article 33–34 GDPR.

11

Children's Data

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.

11

Changes to this policy

This website and its services are directed exclusively at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us at hello@scriptsandstyles.dev and we will delete it promptly.

We encourage you to review this page periodically. Your continued use of this website after any changes constitutes your acknowledgement of the updated policy. For significant changes affecting how we process your data, we will take reasonable steps to notify you directly where we hold your contact information.

09

Contact the Data Controller

For any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, contact us at:

  • Robert Sillo — scriptsandstyles.dev
  • Email: hello@scriptsandstyles.dev
  • We aim to respond to all privacy-related enquiries within 5 business days.