Privacy notice

Privacy & Cookie Policy

Information notice on the processing of personal data pursuant to art. 13 of EU Regulation 2016/679 (GDPR), the Italian regulation on the protection of personal data (D.Lgs. 196/2003 and subsequent amendments) and, for users residing in Switzerland, the Swiss Federal Data Protection Act (nLPD).

Last updated: June 6, 2026

1. Data Controller

The Data Controller for personal data collected through this site is Dr. Paolo Nuzzolillo, practicing as a nutritionist, with offices in:

  • Via Guido Rossa 1, 20013 Magenta (MI), Italy
  • Corso Elvezia 22, 6900 Lugano, Switzerland

VAT: 10713790961

For any request regarding the processing of personal data or the exercise of the rights described below, you can write to:

2. Data collected, purposes, and legal bases

2.1 Contact form

The form on /en/contacts does not send data to this site: on confirmation it opens your email client with a pre-filled message addressed to the Data Controller's mailbox. The data you choose to send us via that email are:

  • Full name
  • Email address
  • Phone number (optional)
  • Service of interest
  • Message text

Purpose: to respond to your request for information or a nutritional consultation.

Legal basis: execution of pre-contractual measures taken at your request (art. 6, par. 1, letter b of the GDPR).

Retention period: the received email is kept in the Data Controller's mailbox for up to 24 months from the last contact, unless you request earlier deletion.

2.2 Mailing list subscription

When you subscribe to our free resources through the form on /en/start-here, we collect:

  • Email address
  • Technical data automatically logged by the service provider (IP address, browser type, country, subscription date and time)

Purpose:

  • To send you the free resource you requested
  • To send you periodic editorial updates on nutrition, wellness, and the Data Controller's initiatives

Legal basis: your explicit consent, given by checking the appropriate box at subscription (art. 6, par. 1, letter a of the GDPR).

Retention period: until you request removal from the mailing list, which you can do at any time by clicking the "unsubscribe" link present in every email you receive.

2.3 Browsing data

The server hosting this site (Hetzner VPS, Caddy web server) automatically logs some technical data for each request:

  • Visitor IP address
  • User-agent (browser and operating system type)
  • URLs requested and date/time of requests

Purpose: infrastructure protection (attack mitigation, abuse prevention), technical diagnostics.

Legal basis: legitimate interest of the Data Controller in maintaining the security and availability of the service (art. 6, par. 1, letter f of the GDPR).

Retention period: limited to security and diagnostic needs, typically no longer than 30 days.

2.4 Cookies

See section 5. Cookie Policy.

3. Data recipients and extra-EU transfers

Your personal data may be communicated to the following parties, as data processors duly appointed pursuant to art. 28 of the GDPR, exclusively for the purposes described above:

  • MailerLite (MailerLite Limited, Bridge House, Bridge Street, Dublin, Ireland): email marketing service provider managing the mailing lists. Primary servers in the EU (Lithuania) and United States.
  • VPS provider (Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany): hosting of the entire site infrastructure (public frontend and editorial CMS). Servers located in the EU (Germany).
  • Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA): email service provider (Gmail) used by the Data Controller to receive and manage emails sent via the contact form.

Transfers to third countries (extra-EU): the MailerLite and Google services may involve the transfer of data to servers located in the United States of America. Both providers participate in the "EU-U.S. Data Privacy Framework", which the European Commission has recognized as adequate to ensure a level of protection of personal data substantially equivalent to that of the European Union (Adequacy Decision of July 10, 2023, pursuant to art. 45 of the GDPR).

Your data is never sold, traded, or shared with third parties for purposes other than those indicated in this notice.

4. Your rights

Pursuant to articles 15-22 of the GDPR, as a data subject you can exercise the following rights at any time:

  • Right of access (art. 15): obtain confirmation of the existence of processing and receive a copy of your personal data.
  • Right to rectification (art. 16): request correction of inaccurate data or completion of incomplete data.
  • Right to erasure ("right to be forgotten", art. 17): request deletion of your personal data in the cases provided by law.
  • Right to restriction (art. 18): request that the processing be limited to specific purposes.
  • Right to portability (art. 20): receive your data in a structured, commonly used, and machine-readable format.
  • Right to object (art. 21): object, for reasons related to your particular situation, to processing based on the legitimate interest of the Data Controller.
  • Right to withdraw consent: withdraw at any time the consent given, without affecting the lawfulness of processing carried out before withdrawal.

How to exercise your rights: write to paolonuzzolillonutrizionista@gmail.com specifying the right you wish to exercise. You will receive a response within 30 days of receiving the request.

Complaint to the Supervisory Authority: should you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (Piazza Venezia 11, 00187 Rome, www.garanteprivacy.it).

5. Cookie Policy

This site uses two categories of cookies and similar technologies (including the browser's localStorage).

5.1 Technical cookies (always active)

Strictly necessary for the site to function. They do not require prior consent, in compliance with Directive 2002/58/EC ("ePrivacy") and the general decision of the Italian Data Protection Authority of May 8, 2014.

Name Purpose Duration
cookie-consent-v1 Stores your cookie choice (essentials or all) 1 year (localStorage)

5.2 Third-party cookies (only after consent)

These are activated only if you accept cookies via the banner that appears on your first visit to the site.

Cookie Provider Purpose
ml_* and related cookies MailerLite User identification for proper display of the email form and conversion tracking

For MailerLite's complete cookie policy: mailerlite.com/legal/cookie-policy.

5.3 How to manage cookies

On your first visit to the site, a banner lets you choose between two options:

  • Accept all: technical cookies + third-party cookies (MailerLite)
  • Essentials only: technical cookies only; the email subscription form may not be visible

How to revoke consent or change your choice: you can remove the cookie-consent-v1 entry by clearing your browser's localStorage and reloading the page, or by clearing the site's cookies from your browser settings. On your next visit, the banner will be shown again.

All essential site features (navigation, blog reading, phone and email contact) continue to work even without third-party cookies.

6. Data security

We adopt appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, alteration, or destruction, in particular:

  • Encrypted transmission (HTTPS/TLS 1.2+) for all communications
  • Data access limited to authorized personnel only
  • Periodic backups and disaster recovery procedures
  • Regular updates of software components

However, no electronic transmission or storage system can be considered 100% secure. We invite you not to share through this site any data that is not strictly necessary for the request you intend to make.

7. Minors

The services offered through this site are not intended for minors under 16 years of age. The Data Controller does not knowingly collect personal data of minors without the prior consent of those exercising parental responsibility. Should such data come to our attention, we will promptly delete it.

8. Changes to this privacy notice

This notice may be updated to reflect changes in the services offered, technical infrastructure, or regulatory adjustments. The date of the last update is indicated at the top of the document.

Any substantial changes will be communicated to you via email (if you are subscribed to the mailing list) and through a prominent notice on the site. We invite you to consult this page periodically.

9. For users residing in Switzerland

For users residing in Switzerland, in addition to the GDPR, the Swiss Federal Data Protection Act (nLPD) of September 25, 2020, in force since September 1, 2023, applies.

The rights guaranteed by the nLPD (information, access, rectification, deletion, objection, portability) are substantially equivalent to those provided by the GDPR and can be exercised by writing to the same email address indicated above.

The competent supervisory authority for Switzerland is the Federal Data Protection and Information Commissioner (FDPIC), www.edoeb.admin.ch.

10. Applicable law and competent jurisdiction

This notice is governed by Italian law. For any dispute regarding the processing of personal data, the Court of Milan shall have exclusive jurisdiction, without prejudice to mandatory consumer protection provisions.

Legal references