Davide Francogallo.
Documents

GDPR Addendum — Data Processing

Last updated: 5 July 2026 · Reg. (EU) 2016/679

How we process personal data under the GDPR and with which providers (data processors).

1. Data controller

The controller is TIMAGI Capital Project Management L.L.C. (License No. 1083112 · Register No. 2396399), Fahidi Heights Building, Al Hamriya, Office No. 1503-07, Dubai, United Arab Emirates. Privacy contact: hello@davidefrancogallo.com.

2. Scope

This addendum covers processing carried out through:

  • the davidefrancogallo.com site;
  • the Contact, Property Hunter, Private Collection and The Private Circle forms;
  • the newsletter and Monaco Access Score;
  • email communications.

3. Categories of data processed

We may process:

  • identification data: name;
  • contact data: email, phone/WhatsApp;
  • preferences and area of interest, messages you send;
  • technical and browsing data: IP address, browser, device, cookies.

4. Purposes and legal bases

Handling requests and providing services (contract/pre-contractual measures, Art. 6.1.b); legal obligations (Art. 6.1.c); newsletter and communications (consent, Art. 6.1.a); security (legitimate interest, Art. 6.1.f).

5. Data processors (Art. 28)

Data is processed on our behalf by selected providers, bound by appropriate contractual safeguards:

  • Vercel — site hosting;
  • Supabase — database and storage;
  • Brevo (Sendinblue) — email delivery;
  • OpenAI — AI assistance in drafting reply proposals.
  • No data is shared with third parties for marketing purposes.

6. Transfers outside the EU

As the Company is based in Dubai, data may be transferred outside the European Economic Area in compliance with Chapter V of the GDPR, with appropriate safeguards (e.g. Standard Contractual Clauses and supplementary measures).

7. Security measures

We adopt appropriate technical and organisational measures: encryption in transit (HTTPS), restricted access and data minimisation.

8. Retention

For the duration of the relationship and then for the periods required by law. Consent-based data is kept until withdrawal.

9. Data subject rights

You can exercise access, rectification, erasure, restriction, portability, objection and withdrawal of consent by writing to hello@davidefrancogallo.com, and lodge a complaint with the competent authority (in Italy, the Garante).

10. Data breaches

In the event of a personal data breach, we notify the competent authority within 72 hours where required and inform data subjects when there is a high risk to their rights.

Informational document, to be validated by a legal advisor/DPO.

Privacy NoticeCookie PolicyTerms & ConditionsGDPR AddendumCookie preferencesBack to site