Privacy Policy pursuant to Regulation (EU) 2016/679 (GDPR)
This Privacy Policy describes how we collect, use, store and protect your personal data in accordance with European Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.
1. Data Controller
momento Email: doreen@momento-roma.com
2. Data Protection Officer (DPO)
For any questions regarding the processing of your personal data, you can contact the Data Controller at the email address above.
3. Personal Data Collected
3.1 Data voluntarily provided by the user
Through the contact form on the website, we collect the following data:
- First and last name
- Email address
- Phone number (optional)
- Message/information you provide
3.2 Data automatically collected
Through the analytics and marketing services listed below, the following data is automatically collected:
- Anonymized IP address
- Navigation data (pages visited, time spent, referrer)
- Device data (browser, operating system)
- Approximate geographic location data
4. Processing Purposes and Legal Basis
Your personal data is processed for the following purposes:
| Purpose | Legal Basis | Data Categories |
|---|---|---|
| Responding to information requests | Pre-contractual measures (Art. 6.1.b GDPR) | Contact form data |
| Managing bookings and contracts | Contract execution (Art. 6.1.b GDPR) | Contact form data |
| Direct marketing (future) | Explicit consent (Art. 6.1.a GDPR) | Contact form data, navigation data |
| Website performance analysis | Explicit consent (Art. 6.1.a GDPR) | Anonymized navigation data |
| Remarketing and ad targeting on advertising platforms (future) | Explicit consent (Art. 6.1.a GDPR) | Navigation data, device identifiers |
5. Third-Party Tools Used
5.1 Google TagManager
- Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Purpose: Centralized management of tracking tags
- Privacy Policy: https://policies.google.com/privacy
- Cookie Policy: https://policies.google.com/technologies/cookies
5.2 Google Analytics (via Google TagManager)
- Provider: Google LLC
- Purpose: Analysis of website usage statistics
- Data Collected: Session duration, pages viewed, approximate location, device information
- Method: Data is anonymized before storage; IP address is truncated before being sent to Google
- Privacy Policy: https://policies.google.com/privacy
- Opt-out: https://tools.google.com/dlpage/gaoptout
5.3 Google Search Console
- Provider: Google LLC
- Purpose: Monitoring of site indexing and improvement of search engine rankings
- Data Collected: Search queries, rankings, crawl data
- Privacy Policy: https://policies.google.com/privacy
5.4 Meta Pixel (future use)
- Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
- Purpose: Remarketing, conversion analysis, advertising targeting on Facebook and Instagram
- Data Collected: Actions taken on the site, navigation data, device identifiers
- Privacy Policy: https://www.facebook.com/privacy/policy/
- Consent: Consent will be requested when the service is activated
6. Data Transfer to Third Countries
Personal data may be transferred to third countries (primarily the United States) in accordance with Standard Contractual Clauses approved by the European Commission and/or the EU-US Data Privacy Framework. Google LLC and Meta Platforms Ireland adhere to their respective data protection frameworks.
7. Data Retention Period
| Data Category | Retention Period |
|---|---|
| Contact form data | 2 years from last interaction |
| Analytics data (anonymized) | 14 months |
| Log data | 12 months |
| Consents | Until consent is withdrawn |
8. Data Subject Rights
Pursuant to Articles 15-22 of the GDPR, you have the right to:
- Access (Art. 15 GDPR) - Obtain confirmation that your personal data is being processed and request a copy
- Rectification (Art. 16 GDPR) - Request correction of incorrect or incomplete data
- Erasure (Art. 17 GDPR) - Request deletion of your data (“right to be forgotten”)
- Restriction (Art. 18 GDPR) - Request restriction of processing
- Portability (Art. 20 GDPR) - Receive your data in a structured, commonly used format
- Objection (Art. 21 GDPR) - Object to processing for direct marketing purposes
- Withdrawal of consent (Art. 7.3 GDPR) - Withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal
To exercise your rights, send a written request to: info@momentophotography.com
You also have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).
9. Mandatory Data Provision
Providing data through the contact form is necessary to provide you with the requested information. Failure to provide data will make it impossible to respond to your request.
10. Automated Decision-Making
We do not use automated decision-making pursuant to Article 22 of the GDPR that produces legal effects or significantly affects you.
11. Changes to the Privacy Policy
We reserve the right to modify this Privacy Policy at any time. Changes will be published on this page with the date of last revision. In case of substantial changes, we will inform you through a prominent notice on the website.
Last revised: March 4, 2026
This policy complies with Regulation (EU) 2016/679 (GDPR) and Italian data protection legislation.