1. Data Controller
The Data Controller is Daniele Antonio Iunco, owner of the company GiDiNet di Iunco Daniele Antonio, VAT ID 03239430964, e-mail: info@gidinet.com, hereinafter "GiDiNet".


2. Personal Data Collected
"Personal data" means any information relating to a natural person, company, or organization provided by the user through registration on the website and the purchase of services.
Data is collected via the registration form on gidinet.com and the order form available in the reserved area. By registering, the user provides the information necessary for account creation and for fulfilling tax and administrative obligations related to service purchases.
To identify the requester, provide the requested services, and ensure access security, the following data may be processed: name, surname, business name, tax code, VAT number, email address, postal address, phone number, fax (optional), purchasing contact name (optional and only for companies or organizations), IP address used during registration, access, purchase, and service use.
IT systems and software used for site operation automatically acquire technical information, including: client IP address or hostname, requested URL, HTTP method used, response code, page processing time, bytes transferred, browser and operating system type. These data are used to compile anonymous usage statistics, identify technical issues, detect unauthorized access attempts, or cyberattacks.

GiDiNet Email Service and Logs
For the email service, GiDiNet collects and retains transmission logs as required by Legislative Decree No. 109 of May 30, 2008, Art. 3. These data are processed to provide the service, detect unauthorized access or cyberattacks, and for crime detection and prevention purposes.


3. Mandatory Nature and Consequences of Refusal to Provide Data
All required data are necessary for registration and purchase of services, as well as for fulfilling related obligations. Failure to provide the data or consent to processing will make it impossible to provide the services.


4. Recipients of Personal Data
Personal data may be disclosed to parties authorized under applicable regulations. In the case of domain registration and maintenance services, data may be disclosed to competent authorities, including those outside the EU.

Domain Registration and Maintenance Service:
When purchasing domain registration services, GiDiNet acts as an intermediary between the user, the registry, and any third-party provider, forwarding the necessary data. Data may be published in the WHOIS database according to the registry's policies, unless otherwise specified in the order form. Processing is necessary pursuant to Art. 6(1)(b) and (c) of GDPR.

PEC Service:
For certified email (PEC) services, GiDiNet acts as intermediary with Aruba PEC S.p.A., to whom user data will be transmitted. The user must accept Aruba's service terms via a specific subscription form. Processing is also necessary under Art. 6(1)(b) and (c) of GDPR.


5. Geographical Scope of Processing
Data is processed mainly within the European Union. Exceptions apply to domain data managed by non-EU registries (gTLDs and ccTLDs), which may also be processed outside the EEA.


6. Data Retention
Data processed for tax and administrative purposes is retained for 10 years, as required by law, and cannot be deleted earlier.
Data processed for service provision is retained until service cancellation or expiry.
Data entered during registration, if not linked to any order, is retained until manually deleted by the user via the control panel.
Data used for newsletter delivery is retained until the user unsubscribes, which can be done at any time via the control panel.


7. Purpose of Data Processing
Data is processed, based on contractual necessity and/or consent, for the following purposes:
- activation and management of requested services;
- compliance with legal obligations;
- detection of fraudulent or unlawful behavior;
- protection of GiDiNet's rights in legal proceedings;
- detection and prevention of crimes.

If the user registers for the newsletter, data may be used for promotional communication. If GiDiNet uses third-party services for technical delivery, personal data will not be shared: messages will be generated using anonymous variables, and the actual sending will be handled directly by GiDiNet.


8. Cookies
Cookies are data files stored by the user’s browser on their device.

Public Area:
While browsing the public section of the website, session cookies may be used to store language preferences, navigate between content sections, or complete registration. These are technical cookies and are deleted when the browser is closed.

Reserved Area:
Accessing the reserved area requires session cookies and other technical cookies to:
- recognize the logged-in user;
- store shopping cart contents and activate any promotions;
- enable automatic login if requested.
The session cookie is deleted when the browser is closed. Other technical cookies remain until manual logout, if automatic login was enabled.

No profiling or third-party cookies are used.
The site contains no advertising or external content.

What happens if cookies are disabled?
Disabling cookies may prevent registration, access to the reserved area, or the correct functioning of cookie-dependent features.


9. Profiling
Personal data is not used for profiling purposes.
No automated decision-making, including profiling, is performed.


10. Data Subject Rights
The data subject may exercise the following rights under the GDPR:
- access to personal data;
- rectification or erasure of data;
- restriction of processing (Art. 18 GDPR);
- data portability;
- withdrawal of previously given consent.

If data processing is necessary for service provision, the user may request cancellation of the service before objecting or requesting data erasure.
Pursuant to Art. 77 of GDPR, the data subject has the right to lodge a complaint with the competent supervisory authority if they believe the processing violates applicable law.


11. Policy Updates
This policy, in effect since May 25, 2018, governs how GiDiNet processes personal data.
Legal or service changes may require updates to this policy. Users are encouraged to visit this page periodically.

Last update: 22/05/2018

Attached Documents
- Privacy policy for gTLD and ccTLD domains managed via PublicDomainRegistry
- Privacy policy for gTLD and ccTLD domains managed via KeySystems GmbH