Privacy Policy

Our Privacy Policy.

How we process your personal data, your rights and how to exercise them.

Last updated: January 2025. Prepared pursuant to Arts. 13 and 14 of EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended.

1. Data Controller

The Data Controller is ProContentSEO, registered at Via Mura di Piombo, 43, 80011 Acerra (NA), Italy. Contact email: info@procontentseo.com. Phone: +39 081 520 9754. The Controller has not appointed a Data Protection Officer (DPO) as it does not fall within the categories described in GDPR art. 37.

2. Data collected and how

We collect the following categories of personal data:

a) Data provided directly by the user

  • First and last name (at checkout)
  • Email address (at checkout or contact form)
  • Phone number (at checkout, optional in contact form)
  • Country of residence (at checkout)
  • Content of contact or support messages
  • Access to client SEO tools (Search Console, GA4) if provided for service delivery

b) Technical data collected automatically

  • IP address (anonymised if Analytics is enabled with consent)
  • Browser type and version
  • Operating system
  • Pages visited and visit duration (Analytics consent only)
  • Traffic source (direct, referral, organic)

Payment data: We do not directly collect or process payment data (card number, CVV, IBAN). Payment is made entirely on checkout.stripe.com, a PCI-DSS Level 1 environment managed by Stripe, Inc. Stripe only transmits to us the payment confirmation, the amount, and a transaction identifier.

3. Purposes and legal basis of processing

Purpose Data involved Legal basis
Delivery of purchased service Name, email, country, project data Contract performance (art. 6(1)(b) GDPR)
Handling contact requests Name, email, message Legitimate interest (art. 6(1)(f) GDPR)
Tax and accounting compliance Name, email, amount paid Legal obligation (art. 6(1)(c) GDPR)
Traffic analysis (with consent) Anonymised browsing data Consent (art. 6(1)(a) GDPR)
Commercial communications (newsletter) Email Consent (art. 6(1)(a) GDPR)

4. Retention period

  • Contractual data (clients): 10 years from the end of the contractual relationship, pursuant to Italian tax obligations.
  • Contact requests not converted into clients: 24 months from receipt.
  • Analytics data: 14 months (default GA4 configuration with IP anonymisation).
  • Server technical logs: 12 months.
  • Cookie preferences (localStorage): until cleared by the user.

5. Sharing with third parties and international transfers

Your data is shared with:

  • Stripe, Inc. (USA) – Payment processing. Stripe participates in the EU-US Data Privacy Framework and is PCI-DSS Level 1 certified. Stripe privacy policy.
  • Google LLC (USA) – Google Analytics (with consent, anonymised IP), Google Workspace for email and document management. Google participates in the EU-US Data Privacy Framework. Google privacy policy.
  • Hosting service providers: the server is hosted in data centres located in Europe (EU/EEA).

We do not sell, rent, or transfer your personal data to third parties for marketing or profiling purposes without explicit consent.

6. Your rights

Pursuant to GDPR arts. 15-22, you have the following rights:

  • Right of access (art. 15): receive a copy of your data and information about the processing.
  • Right to rectification (art. 16): correct inaccurate or incomplete data.
  • Right to erasure/right to be forgotten (art. 17): request data deletion (subject to legal retention obligations).
  • Right to restriction (art. 18): restrict processing in certain circumstances.
  • Right to data portability (art. 20): receive data in a structured, machine-readable format.
  • Right to object (art. 21): object to processing based on legitimate interest or for direct marketing purposes.
  • Right to withdraw consent: withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise your rights, write to info@procontentseo.com stating your full name and the right you wish to exercise. We will respond within 30 days, with a possible extension of up to 60 further days in particularly complex cases.

7. Right to lodge a complaint

If you believe that the processing of your personal data violates GDPR or Italian law, you have the right to lodge a complaint with the Italian Data Protection Authority: Via Isonzo, 21/b, 00198 Rome. Website: www.garanteprivacy.it. Email: garante@gpdp.it.

8. Data security

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, destruction, or disclosure: data transmission via HTTPS/TLS, system access with two-factor authentication, data access limited to strictly necessary staff, storage on EU-hosted servers, no storage of payment data on our systems.

9. Changes to this policy

This policy may be updated periodically to reflect changes in data processing practices or applicable law. For substantial changes, active clients are informed by email with at least 30 days notice. The date of the last update is indicated at the top of the page.