Privacy Policy

Responsible Entity

The responsible entity (Controller) for the data processing regulated in this Privacy Policy is Matteo Castello, acting as a private individual operating a personal professional portfolio (hereinafter "I", "me", or "the Controller").

My contact details are:

Matteo Castello Vicenza, Italy

mcaste.work@gmail.com

Last updated: May 5, 2026

This Privacy Policy describes how Matteo Castello ("I", "me", "my") collects, uses, and protects personal data when you visit and interact with mcaste.com (the "Website"). This policy is provided in compliance with Regulation (EU) 2016/679 (the "GDPR") and applicable Italian data protection law (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018).

1. Data Controller

The data controller responsible for the processing of personal data collected through this Website is:

Matteo Castello
Multimedia Designer — Italy
Contact email: mcaste.work@gmail.com

This Website is a personal professional portfolio. It is not operated on behalf of any company or commercial entity.

2. Personal Data Collected

I collect personal data only when you actively provide it through the contact form, and a limited set of fully anonymous, aggregated technical data is collected for analytics purposes.

2.1 Contact form

When you submit the contact form on this Website, the following data is collected:

  • Your name (or the name you choose to provide)

  • Your email address

  • The content of your message

  • Any other information you voluntarily include in the message

Providing this data is necessary to receive and respond to your inquiry. If you do not wish to provide it, you may contact me directly at the email address listed in section 1.

2.2 Analytics data

This Website uses Framer Analytics, the privacy-first analytics tool built into the Framer hosting platform. Framer Analytics does not use cookies, does not generate persistent identifiers, and does not collect or process personal data that can identify you.

The data collected through Framer Analytics is fully anonymized and aggregated, and includes:

  • Page views and navigation paths

  • Approximate country of visit (derived from IP, not stored)

  • Device type and browser type

  • Referral source (the website you came from, if any)

This data cannot be traced back to an individual user.

2.3 No other tracking

This Website does not use Google Analytics, Meta Pixel, advertising trackers, heatmaps, session recording tools, or any other third-party tracking technology. No advertising or behavioral profiling takes place.

3. Purposes and Legal Bases of Processing

DataPurposeLegal basis (GDPR Art. 6)Contact form dataResponding to your inquiry and any follow-up communicationArt. 6(1)(b) — pre-contractual measures taken at your request, and Art. 6(1)(f) — legitimate interest in managing professional communicationAnalytics dataUnderstanding aggregate website usage to improve content and performanceArt. 6(1)(f) — legitimate interest in operating and improving the Website. Since the data is anonymous and non-identifying, this interest does not override your rights

I do not process personal data for marketing purposes, automated decision-making, or profiling.

4. Data Retention

Contact form messages are retained for as long as necessary to respond to your inquiry and manage any related professional follow-up. In any case, messages are deleted no later than 24 months after the last interaction, unless a longer retention is required to comply with a legal obligation or to defend a legal claim.

Analytics data is processed and retained by Framer in aggregated, anonymized form according to the retention period associated with the active site plan.

You may request earlier deletion at any time (see section 7).

5. Recipients of Personal Data

Your personal data is not sold, rented, or shared with third parties for marketing purposes. It may be processed by the following service providers, acting as data processors under Article 28 GDPR:

  • Framer B.V. (Amsterdam, Netherlands) — provider of the website hosting platform, contact form infrastructure, and built-in analytics. Framer's privacy practices are described at framer.com/legal/privacy-policy.

  • Bunny.net (Ljubljana, Slovenia) — provider of the content delivery network (CDN) used to host and serve video assets embedded on the Website. Bunny.net's privacy practices are described at bunny.net/privacy.

These providers are bound by data processing agreements that ensure compliance with the GDPR.

I may also disclose personal data when required by law, by a competent authority, or to defend my legal rights.

6. International Data Transfers

Some of the service providers listed above may store or process data on infrastructure located outside the European Economic Area (EEA). Where such transfers occur, they are governed by appropriate safeguards under Articles 44–49 GDPR, including the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, supplementary measures.

The primary processing locations are within the EEA (Netherlands, Slovenia).

7. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data I hold about you (Art. 15)

  • Rectify inaccurate or incomplete data (Art. 16)

  • Erase your data ("right to be forgotten") (Art. 17)

  • Restrict the processing of your data (Art. 18)

  • Receive your data in a structured, machine-readable format and transmit it to another controller (data portability, Art. 20)

  • Object to processing carried out on the basis of legitimate interest (Art. 21)

  • Withdraw consent at any time, where processing is based on consent (this does not affect the lawfulness of processing carried out before withdrawal)

To exercise any of these rights, please contact me at mcaste.work@gmail.com. I will respond within one month, as required by Article 12(3) GDPR. The exercise of these rights is free of charge.

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), Piazza Venezia 11, 00187 Rome, Italy — www.garanteprivacy.it — or with the supervisory authority of the EU Member State where you reside or work.

8. Cookies

This Website does not use tracking cookies or non-essential cookies. Framer Analytics, used for traffic measurement, operates without cookies. For this reason, no cookie consent banner is displayed.

If technical cookies strictly necessary for the operation of the site are set by the hosting platform (for example, session or security cookies), they fall under the exemption provided by Article 5(3) of the ePrivacy Directive (2002/58/EC) and do not require prior consent.

9. Security

Reasonable technical and organizational measures are in place to protect personal data against unauthorized access, alteration, disclosure, or destruction. Hosting and CDN providers maintain industry-standard security certifications (Framer is ISO 27001 and SOC 2 certified).

No method of transmission over the internet is fully secure, and absolute security cannot be guaranteed.

10. Minors

This Website is not directed to individuals under the age of 16. I do not knowingly collect personal data from minors. If you believe a minor has provided personal data through the contact form, please contact me so that the data can be deleted promptly.

11. Changes to This Privacy Policy

This Privacy Policy may be updated to reflect changes in the Website, the services it relies on, or applicable law. The "Last updated" date at the top of this page indicates when the most recent revision was made. Substantial changes will be made evident on the Website.

12. Contact

For any question regarding this Privacy Policy or the processing of your personal data, contact:

Matteo Castello
Email: mcaste.work@gmail.com