This Privacy Policy describes how Atherya collects, uses, and protects the personal data of users of atherya.io, in accordance with Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended.
1. Data Controller
The data controller is:
2. What data we collect
We collect only the data you voluntarily provide via the contact form:
- Company name
- Email address
- Company type (industry sector)
- Number of machines (operational information)
- Message (free text you choose to write)
For security and spam prevention, the system also automatically records:
- IP address of origin
- Country of origin (national level, not precise geolocation)
- Date and time of submission
We do not use tracking cookies, third-party analytics, advertising pixels, or profiling tools. The site does not install any cookies beyond those strictly necessary for technical functioning.
3. Purpose and legal basis
The collected data is processed exclusively to:
- Respond to your contact request — legal basis: your explicit consent (art. 6.1.a GDPR) given via the acceptance checkbox at form submission.
- Protect the system from automated abuse — legal basis: legitimate interest of the controller in system security (art. 6.1.f GDPR).
Data is not used for marketing, newsletters, profiling, or disclosure to third parties.
4. How we process the data
Data is processed electronically, protected by encryption in transit (HTTPS/TLS), and accessible only to authorized Atherya personnel. No automated decision-making or profiling is performed.
5. Where your data is stored
Data submitted via the form is transmitted to our transactional email provider Resend (Resend.com, operating on AWS infrastructure with servers in Ireland — EU region), which processes it on our behalf exclusively to deliver the message to our contact@atherya.io inbox.
The site is hosted on Cloudflare Pages with global CDN. Traffic is handled via Cloudflare's network in accordance with its GDPR commitments (data processing agreement available at cloudflare.com/trust-hub).
We do not transfer your data outside the European Economic Area.
6. Data retention
We retain messages received via the form for the time necessary to manage your request, and for a maximum of 24 months from submission, unless you become our customer (in which case the contractual terms of the business relationship apply) or you request earlier deletion.
7. Your rights
At any time you may exercise the rights guaranteed by articles 15–22 GDPR by writing to contact@atherya.io:
- Access — know what data we process about you
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Restriction — request suspension of processing
- Portability — receive your data in a structured format
- Objection — object to processing
- Withdrawal of consent — withdraw at any time (without affecting the lawfulness of processing already carried out)
You also have the right to lodge a complaint with the Italian Data Protection Authority (garanteprivacy.it) if you believe the processing of your data violates applicable law.
8. Changes to this policy
Atherya reserves the right to update this Privacy Policy to reflect organizational, technical, or regulatory changes. The "Last updated" date above indicates the latest revision. Substantive changes will be communicated via email to users who have already contacted us.
9. Contact
For any questions about the processing of your personal data, write to contact@atherya.io.