privacy policy
Last updated: 16/03/2026, version 1.0
This Privacy Policy explains how Granstudio S.p.A. ("Granstudio", "we", "us", or "our") collects, uses, and protects personal data when users visit the website https://www.granstudio.com (the "Website").
This policy is provided in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and applicable Italian data protection laws.
data controller
The data controller responsible for processing personal data is:
Granstudio S.p.A.
Via Giovanni Pacini 53
10154 Turin
Italy
Legal email:
granstudio@legalmail.it
For privacy inquiries, users may contact us at the above address.
Personal Data We May Collect
1 — Technical and navigation data
Certain data may be collected automatically during normal operation of the Website, including:
IP address
browser type and version
operating system
referring URLs
date and time of access
pages visited
device information
These data are used to ensure proper functioning of the Website and for security purposes.
2 — Communications sent by email
Users may contact Granstudio via publicly available email addresses.
When users send emails, Granstudio may process:
name
email address
company affiliation (if provided)
contact details contained in the message
attachments and documents voluntarily sent by the user
any other information included in the communication
Since communications occur through external email providers, Granstudio cannot control the security practices of third-party email services used by the sender.
Users should avoid sending sensitive personal data unless necessary.
3 — Data Voluntarily Provided
Users may voluntarily provide personal data when:
contacting Granstudio for business inquiries
requesting information about services
submitting partnership or collaboration proposals
sending job applications or portfolios
sending unsolicited communications
Such data are processed solely for responding to the request or evaluating the communication.
Purposes of Data Processing
Personal data may be processed for the following purposes:
1 — Website Operation
To ensure the correct functioning, maintenance, and security of the Website.
Legal basis: legitimate interest (Art. 6(1)(f) GDPR)
2 — Responding to communications
To respond to emails, requests, or inquiries received from users.
Legal basis: legitimate interest or pre-contractual measures (Art. 6(1)(b) GDPR)
3 — Business and professional communications
To evaluate collaboration proposals, partnership inquiries, or service requests.
Legal basis: pre-contractual measures
4 — Legal compliance
To comply with legal obligations or protect legal rights.
Legal basis: legal obligation (Art. 6(1)(c) GDPR)
5 — Future newsletter communications
If Granstudio offers newsletter subscriptions in the future, personal data will be processed only with explicit user consent.
Legal basis: consent (Art. 6(1)(a) GDPR)
Users may withdraw consent at any time.
cookies and tracking technologies
The Website may use cookies and similar technologies.
Cookies may include:
strictly necessary cookies required for website functionality
analytics cookies used to understand website usage
preference cookies
Detailed information about cookies is available in the Cookie Policy published on this Website.
data retention
Personal data will be retained only for the time necessary to fulfill the purposes for which they were collected.
Typical retention periods include:
Navigation data: retained for limited periods necessary for system security and analysis.
Email communications: retained as long as necessary to respond to inquiries and manage professional relationships.
Business communications: retained for the duration of the business relationship or potential collaboration.
Where required by law, certain data may be retained for longer periods.
data sharing
Personal data may be shared with:
IT service providers responsible for website hosting and maintenance
professional advisors where necessary
legal authorities when required by law
All third parties process data only where necessary and in accordance with applicable data protection regulations.
Granstudio does not sell personal data.
international data transfer
Some service providers used in connection with the Website may process data outside the European Economic Area (EEA).
Where this occurs, Granstudio ensures appropriate safeguards are in place, such as:
European Commission adequacy decisions
Standard Contractual Clauses (SCCs)
These safeguards ensure that personal data remain protected in accordance with GDPR requirements.
data security
Granstudio implements appropriate technical and organizational measures designed to protect personal data from:
unauthorized access
loss
misuse
alteration
unauthorized disclosure
However, no internet transmission or electronic storage system can be guaranteed to be completely secure.
data subject rights
Under the GDPR, users have the following rights:
Right of access: to obtain confirmation whether personal data are processed and receive a copy.
Right to rectification: to correct inaccurate or incomplete data.
Right to erasure: to request deletion of personal data where applicable.
Right to restriction of processing: to limit processing under certain conditions.
Right to data portability: to receive personal data in a structured, machine-readable format.
Right to object: to processing based on legitimate interests.
Right to withdraw consent: where processing is based on consent.
Requests may be sent to: