Effective date: 3 July 2026
This Privacy Policy explains how personal data are processed in connection with the website totaliweb.com (the “Site”) and the services offered through it, in accordance with Regulation (EU) 2016/679 (“GDPR“) and Italian Legislative Decree 196/2003 as amended.
1. Data controller
The data controller is:
- Antonio Maraucci (Totaliweb)
- Via Matera Pasquale 14, 80026 Casoria (NA), Italy
- VAT number (P.IVA): 09286091211
- Email: info@totaliweb.com
2. What data we collect
2.1 Contact and form data
When you use our contact or consultation forms, subscribe to communications or write to us by email, we collect the data you provide: name, email address, phone number (if given), company details and the content of your message.
2.2 Account data
If you register a client account, we process your login identifiers, profile details and the history of your interactions with our client area.
2.3 Orders and payments
When you purchase a service we process order details, billing data and tax identifiers. Card payments are handled entirely by Stripe: card data are entered directly into Stripe’s systems and we never receive or store your full card number. We only receive confirmation of payment, the payment method type and partial identifiers (e.g. last four digits) needed for administration.
2.4 Technical logs
Our servers and security systems automatically record technical data such as IP addresses, request timestamps, requested URLs, response codes and browser/device information, used to operate and secure the Site.
2.5 Acceptance logs and anti-fraud evidence
When you place an order or accept our Terms and Conditions, we record acceptance evidence: IP address, timestamp, browser user agent, device fingerprint and checkbox acceptance logs. The legal basis for this processing is our legitimate interest (art. 6(1)(f) GDPR) in preventing fraud and in establishing, exercising and defending legal claims — in particular in the event of payment disputes or chargebacks, where these records may be submitted as evidence to payment providers, banks and judicial authorities. These records are retained for up to the applicable statutory limitation periods.
2.6 Cookies
Information on the cookies and similar technologies used by the Site is available in our Cookie Policy, where you can also manage your preferences.
2.7 Analytics
Where analytics tools that require consent are used, they are activated only after your consent given through the cookie banner, and can be withdrawn at any time via the Cookie Policy page.
3. Purposes and legal bases
- Responding to enquiries and providing quotes — legal basis: pre-contractual measures taken at your request (art. 6(1)(b) GDPR).
- Concluding and performing contracts, including account management, delivery of services and support — legal basis: performance of a contract (art. 6(1)(b) GDPR).
- Invoicing, accounting and tax obligations — legal basis: legal obligation (art. 6(1)(c) GDPR).
- Fraud prevention, acceptance evidence and defence of legal claims (including chargeback disputes) — legal basis: legitimate interest (art. 6(1)(f) GDPR).
- Site security and technical logs — legal basis: legitimate interest in the security and continuity of our systems (art. 6(1)(f) GDPR).
- Marketing communications and newsletters — legal basis: consent (art. 6(1)(a) GDPR), which you can withdraw at any time.
- Non-essential cookies and analytics — legal basis: consent (art. 6(1)(a) GDPR).
4. Recipients and processors
Personal data may be shared with the following categories of recipients, appointed where required as data processors under art. 28 GDPR:
- Hosting and infrastructure providers that host the Site and our systems;
- Stripe, as payment service provider, which processes payment data under its own privacy terms;
- Email and communication providers used to send transactional and, with consent, marketing messages;
- Automation and AI providers — we use automation tools (such as n8n) and AI providers (such as Anthropic and OpenAI) to support content generation and internal workflows. We do not use our clients’ personal data to train AI models, and only the data strictly necessary for the specific task is processed;
- Professional advisers (accountants, lawyers), banks and public authorities where required by law or for the defence of legal claims.
We do not sell personal data to third parties.
5. Transfers outside the EU/EEA
Some of the providers listed above may process data in countries outside the European Economic Area (for example, the United States). In such cases, transfers take place on the basis of an adequacy decision of the European Commission where available, or subject to appropriate safeguards such as the Standard Contractual Clauses (SCC) approved by the European Commission, supplemented where necessary by additional technical and organisational measures. You may request further information or a copy of the applicable safeguards at info@totaliweb.com.
6. Retention periods
- Enquiry and quote data: up to 24 months from the last contact, unless a contract is concluded.
- Contract, order and billing data: 10 years, in line with civil-law and tax record-keeping obligations (art. 2220 of the Italian Civil Code).
- Acceptance logs and anti-fraud evidence: up to the expiry of the applicable statutory limitation periods for contractual claims.
- Technical and security logs: typically up to 12 months, unless needed for an ongoing security investigation.
- Marketing data: until consent is withdrawn or, in any case, following prolonged inactivity.
At the end of the applicable period, data are deleted or irreversibly anonymised.
7. Provision of data
The provision of data marked as required in our forms, or needed for invoicing and payment, is necessary to respond to your request or to conclude and perform the contract: without it, we cannot provide the requested Service. The provision of data for marketing purposes and the acceptance of non-essential cookies are always optional, and refusing them has no effect on the availability of the Services.
8. Security measures
We adopt technical and organisational measures appropriate to the risk (art. 32 GDPR), including encrypted connections (HTTPS/TLS), hardened server configurations, access controls and least-privilege credentials, security monitoring of our systems, and contractual data-protection obligations imposed on our providers. No system can guarantee absolute security, but we review our measures regularly and update them as technology and threats evolve.
9. Minors
The Site and the Services are addressed to adults and to businesses. We do not knowingly collect personal data from persons under 18 years of age; if we become aware of such data, we will delete them promptly.
10. Your rights
Under arts. 15–22 GDPR you have the right to: access your personal data; obtain rectification of inaccurate data; obtain erasure (“right to be forgotten”) where applicable; restrict processing; receive your data in a portable format; object to processing based on legitimate interest, including for direct-marketing purposes; and withdraw consent at any time without affecting the lawfulness of prior processing.
You can exercise these rights by writing to info@totaliweb.com. You also have the right to lodge a complaint with the Italian supervisory authority, the Garante per la Protezione dei Dati Personali (www.garanteprivacy.it), or with the supervisory authority of your place of residence.
11. Automated decision-making
We do not carry out any profiling or automated decision-making that produces legal effects concerning you or similarly significantly affects you (art. 22 GDPR). Anti-fraud records are reviewed by a human before any consequential decision is taken.
12. Updates to this policy
This Privacy Policy may be updated to reflect changes in our services, providers or legal requirements. The current version, with its effective date, is always published on this page. Significant changes will be highlighted on the Site.
13. Contact
For any question about this Privacy Policy or the processing of your personal data, or to exercise your rights, please write to info@totaliweb.com or to Antonio Maraucci, Via Matera Pasquale 14, 80026 Casoria (NA), Italy. We will respond within one month of receiving your request, as required by art. 12 GDPR.
This document is reviewed and updated periodically. Last update: 3 July 2026.