Privacy Policy

This privacy policy describes how we collect, use, and protect the personal data of users who visit the website www.liftyup.com (hereinafter, the "Website"), in accordance with Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.

1. Data Controller

The Data Controller is:

2. Legal Basis for Processing

The processing of personal data is based on the following legal grounds under Art. 6 of the GDPR:

• Legitimate interest (Art. 6(1)(f) GDPR) — for technical cookies necessary for the functioning of the Website and for storing language preferences.
• Consent (Art. 6(1)(a) GDPR) — for analytics cookies (Google Analytics) and for sending communications. Consent can be withdrawn at any time.
• Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR) — for processing data provided through the contact form in order to respond to user inquiries.

3. Types of Data Collected

a) Navigation data

The computer systems used to operate the Website automatically collect certain data during normal operation, which is inherent to internet communication protocols:

• IP address
• Browser type and operating system
• Pages visited and time spent
• Referring website (referrer)
• Date and time of the visit

b) Voluntarily provided data

Through the contact form on the Website, users may voluntarily provide the following data:

• First and last name
• Email address
• Phone number
• Message content

c) Data collected through analytics cookies

With user consent, Google Analytics 4 (ID: G-X48PM76SBZ) collects anonymous and aggregated browsing data, including: pages visited, session duration, site interactions, generic demographic data, and device used. For more information about cookies, please see our Cookie Policy.

4. Purposes of Processing

Personal data is processed for the following purposes:

• Website functionality — ensuring the correct technical functioning of the Website, including storing language preferences.
• Responding to inquiries — managing and responding to requests sent through the contact form.
• Statistical analysis — analyzing Website usage in anonymous and aggregated form to improve content and user experience.
• Service improvement — using collected data to optimize our services and develop new features.

5. Processing Methods

Personal data is processed using automated tools (e.g., computer procedures and electronic platforms) for the time strictly necessary to achieve the purposes for which it was collected. Specific technical and organizational security measures are adopted to prevent data loss, unlawful or improper use, and unauthorized access, in accordance with Art. 32 of the GDPR.

6. Data Retention Period

Personal data is retained for the time necessary to achieve the purposes for which it was collected:

7. International Data Transfers

Some of the third-party services used by the Website involve the transfer of personal data to countries outside the European Union, particularly the United States of America:

• Google Analytics (Google LLC, USA) — The transfer is protected by Google's participation in the EU-US Data Privacy Framework (DPF), which ensures an adequate level of data protection under Art. 45 of the GDPR. Google Privacy Policy
• Resend (Resend Inc., USA) — Service used for sending emails from the contact form. The transfer is protected by Standard Contractual Clauses (SCCs) under Art. 46 of the GDPR.

8. Data Subject Rights

Under Articles 15-22 of the GDPR, the data subject has the right to:

• Access (Art. 15) — obtain confirmation as to whether personal data concerning them is being processed and, if so, obtain access to such data.
• Rectification (Art. 16) — obtain the rectification of inaccurate personal data or the completion of incomplete data.
• Erasure (Art. 17) — obtain the erasure of personal data (right to be forgotten), in cases provided for by the GDPR.
• Restriction (Art. 18) — obtain the restriction of processing in cases provided for by the GDPR.
• Portability (Art. 20) — receive personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
• Objection (Art. 21) — object at any time to the processing of their personal data.
• Complaint (Art. 77) — lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali — www.garanteprivacy.it).

9. How to Exercise Your Rights

To exercise the rights listed above, the data subject may send a written request to the Data Controller at the following email address: hello@liftyup.com.

The request will be fulfilled within 30 days of receipt, unless extended by a further 60 days in case of complexity or high number of requests, as provided for by Art. 12(3) of the GDPR.

10. Privacy Policy Updates

The Data Controller reserves the right to modify this privacy policy at any time. Changes will be published on this page with an indication of the last update date. Users are advised to periodically check this page to be informed of any updates.