Privacy Policy

Website: https://www.antralux.com

pursuant to EU Regulation 2016/679 (GDPR)

Last updated: 06 March 2026

1. Data Controller

Field	Information
Company Name	SaFa Service srl
Website	https://www.antralux.com
Privacy Email	info@safaservice.com
Address	Via Galileo Ferraris 12 – 56121 – Pisa – ITALY
VAT Number	IT02246720508

The Data Controller is the company identified above. For any queries regarding the processing of your personal data, you may contact the Data Controller using the details provided above.

2. Categories of Personal Data Collected

2.1 Data provided voluntarily by the user

Through the contact form available on the website, the following personal data are collected:

First and last name
Email address
Phone number (if provided)
Message content and nature of the enquiry
Any other personal data voluntarily included in the message

2.2 Navigation data (automatically collected)

The IT systems and software procedures that manage the website automatically acquire, during normal operation, certain personal data whose transmission is inherent in the use of Internet communication protocols:

IP addresses
Browser type and device parameters
Internet service provider name
Date and time of visit
Pages visited and navigation path
Data collected via cookies and tracking technologies (see Cookie Policy)

3. Purposes and Legal Basis for Processing

Purpose	Legal basis (Art. 6 GDPR)
Responding to contact and support requests	Pre-contractual measures (Art. 6.1.b)
Statistical analysis of website traffic (analytics)	Consent of the data subject (Art. 6.1.a)
Profiling and marketing (third-party cookies)	Consent of the data subject (Art. 6.1.a)
Compliance with legal obligations	Legal obligation (Art. 6.1.c)
Defence of the Controller’s legal rights	Legitimate interest (Art. 6.1.f)

4. Cookies and Tracking Technologies

This website uses cookies and similar technologies. Cookies are small text files placed on the user’s device during browsing. For detailed information on the cookies used, their purposes, the third parties involved, and how to grant or withdraw consent, please refer to the full Cookie Policy available on the website.

In particular, the website may use:

Technical and functional cookies (necessary for the correct operation of the website)
Analytical cookies (e.g. Google Analytics) to measure visits and user behaviour
Profiling and marketing cookies (e.g. Google Ads, Meta Pixel, LinkedIn) for personalised advertising

5. Recipients and Data Transfers

5.1 Authorised recipients

Personal data may be shared with:

Employees and collaborators of the Data Controller, duly authorised to process data
Technical and IT service providers (hosting, email, management software)
Analytics and marketing service providers (Google LLC, Meta Platforms Inc., etc.)
Legal, tax and accounting advisors of the Data Controller
Public authorities, where required by law

5.2 International transfers

Some of the recipients listed above (e.g. Google LLC, Meta Platforms Inc.) may transfer data outside the European Economic Area (EEA). In such cases, the transfer takes place in compliance with the safeguards provided for by the GDPR (e.g. Standard Contractual Clauses approved by the European Commission, adequacy decisions).

6. Data Retention Period

Type of data	Retention period
Contact form data	24 months from receipt of the request
Navigation data / logs	12 months from collection
Analytical cookie data	Up to 24 months (configurable)
Profiling cookie data	Up to 12 months or until consent is withdrawn
Tax and accounting data	10 years (statutory obligation)

After these periods, data will be permanently deleted or anonymised.

7. Rights of the Data Subject

Pursuant to Articles 15–22 of the GDPR, data subjects have the right to:

Access: obtain confirmation as to whether personal data concerning them are being processed and, if so, access to such data (Art. 15)
Rectification: obtain the correction of inaccurate or incomplete data (Art. 16)
Erasure (‘right to be forgotten’): obtain the deletion of data in certain circumstances (Art. 17)
Restriction of processing: obtain the restriction of processing in certain cases (Art. 18)
Data portability: receive data in a structured, machine-readable format (Art. 20)
Objection: object to processing at any time, in particular with regard to direct marketing (Art. 21)
Withdrawal of consent: withdraw consent previously given at any time, without affecting the lawfulness of processing prior to withdrawal
Lodge a complaint: submit a complaint to the relevant supervisory authority

To exercise any of the above rights, data subjects may send a written request to the Data Controller at: privacy@antralux.com. The Data Controller will respond within 30 days of receipt.

8. Security Measures

The Data Controller implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

Data transmission via SSL/TLS encrypted connection (https)
Access to data restricted to authorised personnel only
Periodic updates to systems and security measures
Regular data backups

9. Children’s Privacy

This website is not intended for children under the age of 16. The Data Controller does not knowingly collect personal data from minors. Should it be discovered that data from minors has been collected without parental or guardian consent, such data will be deleted without delay.

10. Changes to this Privacy Policy

The Data Controller reserves the right to amend this Privacy Policy at any time, notifying users by publishing the updated version on the website. Users are encouraged to review this page regularly.

11. Supervisory Authority

In the event of a GDPR violation, data subjects have the right to lodge a complaint with their national data protection supervisory authority. If you are based in the EU, you may contact:

Contact	Details
Italian DPA (Garante)	www.garanteprivacy.it
EU Supervisory Authorities	edpb.europa.eu/about-edpb/board/members_en
Email (Italian DPA)	garante@gpdp.it
Phone (Italian DPA)	+39 06 696771