Privacy Policy
Pursuant to EU Regulation 2016/679 (GDPR) — Last updated: May 2026
Data Controller: Carla Maria Crescini — Studio Karishma
Via Teodoro Frizzoni, 28 – 24121 Bergamo (BG), Italy — VAT: IT04835780166
Email: info@studiokarishma.it — Tel: +39 351 795 8395
1. Data Collected
The website studiokarishma.it is a static presentation website. It does not actively collect personal data from users and has no contact forms that transmit information to remote servers. The website does not carry out any automated decision-making or profiling activities within the meaning of Art. 22 GDPR.
The only information stored locally on the user's device is the language preference (preferredLang), saved via the browser's localStorage. This data is never transmitted to the Data Controller or to any third party and is used exclusively to maintain a consistent language experience.
2. Purpose and Legal Basis
The language preference is stored on the basis of the Data Controller's legitimate interest (Art. 6(1)(f) GDPR) in providing a coherent browsing experience. No consent is required, as this is purely technical data that remains solely on the user's device.
3. Hosting and Infrastructure
The website is hosted on servers managed by Hostinger International Ltd. (UAB "Hostinger"), headquartered in Lithuania (EU). As a data processor, Hostinger automatically collects server access logs containing the visitor's IP address, date and time of request, pages visited, browser and operating system. This data is required for the security and proper operation of the hosting service.
The website also uses the CDN (Content Delivery Network) service of Cloudflare, Inc., integrated by default by Hostinger on all hosting plans. Cloudflare routes web traffic through its global edge nodes, which involves the temporary processing of the visitor's IP address. Cloudflare is headquartered in the United States and participates in the EU-US Data Privacy Framework, an adequacy mechanism approved by the European Commission (Implementing Decision 2023/1795). Server access logs are retained for the time strictly necessary for security and service operation purposes, according to each provider's policies (generally no longer than 30 days for Hostinger and 72 hours for Cloudflare under standard settings).
| Provider | Role | Location | Privacy Policy |
|---|---|---|---|
| Hostinger International Ltd. | Web hosting (data processor) | Lithuania (EU) | hostinger.com |
| Cloudflare, Inc. | CDN – content delivery network (data processor) | USA (covered by EU-US DPF) | cloudflare.com |
| Google LLC | Web fonts (Google Fonts) – processing of the user's IP address for font file download | USA (covered by EU-US DPF) | policies.google.com |
4. Third-Party Services
The website contains links and buttons to third-party platforms. By clicking these links, users access independent websites subject to their own privacy policies. The Data Controller is not responsible for data processing carried out by these parties.
| Service | Purpose | Third-party controller | Privacy Policy |
|---|---|---|---|
| Direct contact / bookings | Meta Platforms Ireland Ltd. | whatsapp.com | |
| Google Maps | Directions | Google LLC | policies.google.com |
| Social profile | Meta Platforms Ireland Ltd. | facebook.com | |
| Social profile | Meta Platforms Ireland Ltd. | instagram.com | |
| YouTube | Video channel | Google LLC | policies.google.com |
| Treatwell | Online bookings | Treatwell BV | treatwell.it |
5. Your Rights
Under Arts. 15–22 of the GDPR, you have the right to:
- Access your personal data (Art. 15)
- Request rectification of inaccurate data (Art. 16)
- Request erasure of your data (Art. 17 — “right to be forgotten”)
- Restrict processing (Art. 18)
- Object to processing based on legitimate interest (Art. 21)
- Request data portability (Art. 20)
- Withdraw consent at any time, where applicable
To exercise these rights, send a request to: info@studiokarishma.it. You will receive a response within 30 days.
6. Supervisory Authority
You have the right to lodge a complaint with the competent data protection authority. In Italy: Garante per la protezione dei dati personali (www.garanteprivacy.it).
7. Updates
This policy may be updated periodically to reflect regulatory or operational changes. The date of the last update is shown at the top of the page.