Privacy Policy

1. Data Controller

Classicum is the data controller responsible for your personal data.

2. Types of Data Collected

We collect only the data necessary to provide our services and communicate with you

• Contact Data: Email address and First Name (collected via Newsletter or Waitlist forms)
• Usage Data: Anonymous analytics via Vercel/Google to improve site performance (IP address, browser type, pages visited).

3. Data Retention

We retain your data only as long as necessary for the purposes outlined:

• Newsletter subscribers: Until you unsubscribe. You can unsubscribe at any time via the link in our emails
• Transactional records: 10 years as required by Italian tax and accounting law (D.P.R. 633/1972)
• Analytics data: 26 months (Vercel Analytics default retention period).

4. Cookies & Tracking

We use cookies and similar technologies to enhance your experience

Types of Cookies Used:

• Essential Cookies: Required for the website to function (session management, language preference). Duration: Session or up to 1 year
• Analytics Cookies (Vercel Analytics): Anonymized performance metrics. Duration: 24 hours to 26 months
• Third-Party Cookies: When you interact with embedded content (Google Maps, Eventbrite), those services may set their own cookies.

You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.

5. International Data Transfers

Some of our service providers process data outside the European Economic Area (EEA):

• Vercel Inc. (USA): Website hosting and analytics. Compliant via EU-US Data Privacy Framework
• Supabase Inc. (USA): Database and authentication. Compliant via Standard Contractual Clauses (SCCs)
• Google LLC (USA): Maps integration. Compliant via EU-US Data Privacy Framework.

We ensure appropriate safeguards are in place through adequacy decisions, SCCs, or certification schemes as required by GDPR Articles 45-46.

6. Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. All decisions regarding your data are made by humans.

7. Your Rights (GDPR)

Under the General Data Protection Regulation (EU) 2016/679, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ('right to be forgotten')
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise these rights, contact us at classicumit@gmail.com. We will respond within 30 days

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it.

8. Storage & Data Processors

Your data is processed by the following categories of processors:

• Hosting: Vercel Inc. (website delivery)
• Database: Supabase Inc. (PostgreSQL database)
• Email: Our SMTP provider for transactional emails
• Ticketing: Eventbrite/GetYourGuide (ticket purchases)

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest.

9. Contact

For any privacy-related inquiries, contact the Data Controller: