Short version: We collect only what we need. We do not sell your data. We use Stripe to process payments securely we never see or store your card details. You have the right to access, correct, or delete your data at any time.
1. Who We Are
Giacomo Grisanzio is a business mentoring service operated by Giacomo, based in Italy. We serve clients globally including Europe, Africa, Asia, and the Americas.
Data Controller: Giacomo, operating as Giacomo Grisanzio
Contact: hello@giacomogrisanzio.com
2. What Data We Collect
Data you provide
- Name, email address, WhatsApp number when you submit the contact form or book a call
- Location (city, country) when provided voluntarily
- Business information shared during calls, sessions, or via WhatsApp
- Billing name and email when you make a payment (card details are processed by Stripe we never see them)
- Login credentials for the client portal (email and password)
Data collected automatically
- Basic analytics: pages visited, time on site, browser type, device type, country
- IP address (anonymised where possible)
- Cookie data see our Cookie Policy
Payment data
- Payments are processed by Stripe a PCI DSS Level 1 certified payment processor
- We receive a transaction confirmation and your billing name and email
- We never store, see, or have access to your card number, CVV, or banking details
- Stripe's privacy policy: stripe.com/privacy
3. Why We Collect It
| Purpose | Legal Basis |
|---|
| Responding to enquiries and booking diagnostic calls | Legitimate interest / Pre-contract |
| Delivering the program you purchased | Contract performance |
| Processing your payment via Stripe | Contract performance |
| Sending session materials, recordings, and portal access | Contract performance |
| Sending relevant updates about new programs | Consent unsubscribe any time |
| Improving the website | Legitimate interest |
| Legal and financial record keeping | Legal obligation |
4. How We Store Your Data
- Contact and client data is stored securely and accessible only to Giacomo
- Payment transaction records are stored by Stripe on PCI-compliant infrastructure
- Session communications via WhatsApp are subject to WhatsApp's own privacy policy
- We use SSL/TLS encryption on all web pages
Retention periods
- Contact enquiries: 2 years from last contact
- Client and payment records: 7 years (financial record-keeping requirement)
- Marketing consent records: until withdrawn
- Analytics data: 26 months
5. Who We Share Data With
We do not sell your data. We share it only where necessary:
- Stripe payment processing. PCI DSS Level 1 compliant. stripe.com/privacy
- Email service providers to send confirmations and materials (GDPR compliant)
- Video conferencing tools for live sessions (Zoom or similar)
- Legal authorities if required by applicable law
Your business information shared during sessions is strictly confidential. It is never shared with other clients or any third party.
6. International Data Transfers
As a global service, we work with clients and service providers across multiple regions. Where personal data is transferred outside your home country, we ensure appropriate safeguards are in place:
- European Economic Area (EEA): transfers comply with GDPR Chapter V, using Standard Contractual Clauses (SCCs) where required
- United States: service providers operating under EU-US Data Privacy Framework or equivalent SCCs
- Other countries: we ensure an adequate level of protection consistent with applicable data protection laws
7. Your Rights Global Overview
Depending on where you are located, you have specific rights regarding your personal data. We honour all of the following regardless of your location:
Universal rights (all users)
- Access: request a copy of the data we hold about you
- Correction: request correction of inaccurate data
- Deletion: request deletion of your data, subject to legal retention requirements
- Portability: receive your data in a machine-readable format
- Objection: object to processing for direct marketing at any time
European Union / EEA GDPR (Regulation 2016/679)
- All rights above, plus: right to restrict processing, right to withdraw consent
- Right to lodge a complaint with your national data protection authority
- EU Online Dispute Resolution: ec.europa.eu/consumers/odr
United Kingdom UK GDPR
- Same rights as EU GDPR apply
- Supervisory authority: Information Commissioner's Office (ICO) ico.org.uk
United States California (CCPA/CPRA)
- Right to know what personal information is collected and how it is used
- Right to delete personal information
- Right to opt out of sale of personal information (we do not sell data)
- Right to non-discrimination for exercising privacy rights
Africa: Country-Specific Compliance
- Nigeria (NDPR 2019 / Nigeria Data Protection Act 2023): We process Nigerian users' data only for the purpose for which it was collected. You have the right to request access, correction, and deletion of your personal data. We do not sell your data to third parties. Contact hello@giacomogrisanzio.com to exercise any right.
- South Africa (POPIA 2020): We are a responsible party in respect of your personal information as defined under POPIA. We process your data lawfully, minimally, and with appropriate security measures. You may request access or correction under PAIA. Our Information Officer can be reached at hello@giacomogrisanzio.com.
- Kenya (Data Protection Act 2019): We process personal data as a data controller and comply with the principles of the Kenya DPA. You have the right to access, rectify, and restrict processing of your personal data.
- All African clients receive equivalent protections regardless of whether their specific country's law is listed above.
India DPDPA 2023
- Right to access, correction, erasure, and grievance redressal
- We process data only for lawful purposes with appropriate consent or legitimate interest
To exercise any right, contact us at hello@giacomogrisanzio.com. We respond within 30 days.
8. Payments and Financial Data
- All payments are processed by Stripe, Inc. a PCI DSS Level 1 certified provider
- We never store your card number, expiry date, or CVV
- Transaction records (amount, date, billing name, email) are retained for 7 years for financial and legal compliance
- Refunds are processed through Stripe in accordance with our Terms & Conditions
- Stripe may transfer your payment data internationally see stripe.com/privacy
9. Cookies
We use cookies to improve your experience. See our full Cookie Policy for details and to manage your preferences.
10. Children
Our services are not directed at anyone under 18. We do not knowingly collect data from minors. If you believe we have done so, contact us immediately and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy as our services evolve or regulations change. The date at the top of this page shows when it was last updated. Significant changes will be communicated to active clients by email.