Privacy policy
Last updated: 8 July 2026
This page explains what personal data we collect when you visit prismawind.com or use our services, why we use it and what rights you have. We handle your data in line with Regulation (EU) 2016/679 (GDPR).
Data controller
The data controller is Matteo Feduzi (VAT no. 02721960413), the individual who runs the PrismaWind project. For any request about your data, write to us at [email protected].
What data we collect
We only collect the data we need, based on how you interact with the site:
- Browsing data. IP address, browser and device type, pages visited and access date, collected automatically by the site’s systems.
- Data collected by analytics and marketing tools. When you give consent, the tools listed below collect information about your browsing through cookies and similar identifiers: pages viewed, clicks, where the visit came from and, in the case of Microsoft Clarity, anonymous recordings of how you interact with the pages (heatmaps and session replays).
- Waiting list and communications. Your email and, if you provide it, your name, when you sign up to be notified when sales open and, only if you agree, to receive news and offers.
- Contact requests. The data you give us when you write (email and message content), so we can reply to your request.
- Purchases. The data needed to manage your order, licence, invoicing and payment, if you buy a plan or a product.
Why we use your data and on what basis
- To send you the opening notice and, if you have consented, marketing messages: the legal basis is your consent, which you can withdraw at any time.
- To measure how the site is used and show you relevant ads through the analytics and marketing tools: the legal basis is your consent, given through the cookie banner and withdrawable at any time.
- To manage purchases, licences and support: the legal basis is performance of the contract.
- To keep the site secure and working: the legal basis is our legitimate interest.
- To meet legal obligations, for example tax and accounting ones.
Cookies and tracking tools
We use technical cookies needed to run the site and, only after your consent, analytics and marketing tools that set cookies and collect data about your browsing. There are four:
- Google Analytics 4 (Google Ireland Ltd.) measures visits and how people use the site.
- Meta Pixel (Meta Platforms Ireland Ltd.) measures conversions and lets us show you ads across Meta’s platforms and advertising network, such as Facebook and Instagram.
- Microsoft Clarity (Microsoft Corporation) anonymously records how you interact with the pages, with heatmaps and session replays, to help us see what to improve.
- LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company) measures campaign conversions and enables remarketing on LinkedIn.
Before your consent, these tools can collect only anonymous, aggregated data that does not identify you; the functions that store cookies on your device or recognise you start after you choose from the banner. You can change your preferences from the cookie banner at any time. The full list of cookies, with duration and purpose, is in the cookie policy.
Who we share data with
We do not sell your data. We share it only with the providers that let us run the service, who process it on our behalf: the email platform (MailerLite), the hosting provider, the payment providers when you buy (Stripe and PayPal) and the providers of the analytics and marketing tools mentioned above (Google, Meta, Microsoft and LinkedIn). Each one processes data only for the purposes described here.
Transfers outside the European Union
Some providers, such as MailerLite, Meta, Google, Microsoft and LinkedIn, may process data in the United States or other countries outside the European Union. In those cases the transfer takes place with the safeguards required by the GDPR, such as the standard contractual clauses approved by the European Commission or the provider’s participation in the EU-US Data Privacy Framework.
How long we keep your data
Each piece of data stays with us only for as long as its purpose requires. How long depends on the legal basis:
- Data processed with your consent. The email on the waiting list, the marketing messages you opted into and the data collected by the analytics and marketing tools stay until you withdraw consent or unsubscribe; for third-party tools, each provider’s own retention periods also apply, listed in the cookie policy.
- Data processed for our legitimate interest. The technical logs we use to keep the site secure and running stay as long as that purpose requires; write to [email protected] if you want to know the retention period for a specific case.
- Contractual and tax data. Order, licence and billing data stay for the length of the contract and then for the period tax and accounting rules require, typically ten years.
If a law or an order from an authority requires us to keep data longer, we follow that requirement.
Your rights
Over the data we process, you have the same rights the GDPR grants to anyone in Europe. To exercise them, write to [email protected]: we reply within the legal timeframe, usually one month.
- Access. You can ask us to confirm whether we process your data and get a copy, including its origin, purpose and the categories of recipients.
- Rectification. If a piece of data is incomplete or wrong, you can ask us to correct it.
- Erasure. You can ask us to delete your data once it is no longer needed for the purpose it was collected for, when you withdraw consent or object to the processing, unless we must keep it under a legal obligation.
- Restriction. You can ask us to pause the use of a piece of data, for example while we verify an inaccuracy you flagged: in the meantime we only store it, without processing it further.
- Objection. When we process data for our legitimate interest, such as site security, you can object at any time; we stop unless we have legitimate grounds that override yours.
- Portability. For data we process with your consent or to perform a contract, you can ask to receive it in a machine-readable format or have it transferred to another provider.
- Withdrawing consent. You can withdraw it at any time, without affecting processing already carried out before the withdrawal.
- Complaint. If you believe we have mishandled your data, you can contact your national data protection authority or go to court.
Changes to this policy
We may update this notice over time. The date at the top of the page shows the last revision.