How we process personal data under the GDPR and with which providers (data processors).
The controller is TIMAGI Capital Project Management L.L.C. (License No. 1083112 · Register No. 2396399), Fahidi Heights Building, Al Hamriya, Office No. 1503-07, Dubai, United Arab Emirates. Privacy contact: hello@davidefrancogallo.com.
This addendum covers processing carried out through:
We may process:
Handling requests and providing services (contract/pre-contractual measures, Art. 6.1.b); legal obligations (Art. 6.1.c); newsletter and communications (consent, Art. 6.1.a); security (legitimate interest, Art. 6.1.f).
Data is processed on our behalf by selected providers, bound by appropriate contractual safeguards:
As the Company is based in Dubai, data may be transferred outside the European Economic Area in compliance with Chapter V of the GDPR, with appropriate safeguards (e.g. Standard Contractual Clauses and supplementary measures).
We adopt appropriate technical and organisational measures: encryption in transit (HTTPS), restricted access and data minimisation.
For the duration of the relationship and then for the periods required by law. Consent-based data is kept until withdrawal.
You can exercise access, rectification, erasure, restriction, portability, objection and withdrawal of consent by writing to hello@davidefrancogallo.com, and lodge a complaint with the competent authority (in Italy, the Garante).
In the event of a personal data breach, we notify the competent authority within 72 hours where required and inform data subjects when there is a high risk to their rights.
Informational document, to be validated by a legal advisor/DPO.