1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and the Italian Data Protection Act (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018) is:

Darwin's GmbHAltenmarktgasse 139042 Brixen (BZ), Italy

Represented by: Leon Dapoz

Email: info@darwins.euPEC: darwins@pec.itP.IVA/ VAT ID: IT03317010217

2. General Information on Data Processing

The protection of your personal data is very important to us. We generally process the personal data of our website visitors only to the extent necessary to provide a fully functional website and our content and services. The processing of personal data generally takes place only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by law.

3. Legal Basis for Processing

• Consent (Art. 6(1)(a) GDPR): To the extent that we obtain your consent for processing operations.
• Performance of a contract (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract.
• Legal obligation (Art. 6(1)(c) GDPR): Where processing is required by law.
• Legitimate interest (Art. 6(1)(f) GDPR): Where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and where the interests, fundamental rights, and freedoms of the data subject do not override those interests.

4. Hosting and Content Delivery

4.1 Webflow

Our website is hosted on the Webflow platform. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. When you visit our website, Webflow automatically collects information in server log files, which your browser transmits automatically. This includes:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the page accessed
• Referrer URL (previously visited page)
• Browser and operating system used

Webflow uses servers located in the United States. Data is transferred to the United States in accordance with the EU-US Data Privacy Framework. For more information, please see Webflow’s Privacy Policy: https://webflow.com/legal/privacy

Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in ensuring the stable and secure operation of the website).

5. Contact Form and Inquiries

If you contact us via the contact form on our website, the information you provide will be processed for the purpose of handling your inquiry. The following information is collected:

• Name
• Company
• Email address
• phone number
• Number of employees
• Desired power
• Your message

The data is collected via Webflow Forms and then forwarded to us via the automation platform Make (formerly Integromat).

Legal basis: Article 6(1)(b) of the GDPR (pre-contractual measures) and Article 6(1)(f) of the GDPR (legitimate interest in responding to inquiries).

Retention period: The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case once the relevant conversation has ended and there are no legal retention requirements that prevent its deletion.

6. Sending emails via Brevo

We use the Brevo service (formerly Sendinblue) to send automated emails (e.g., confirmation emails following a contact request). The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo processes your email address and name on our behalf for the purpose of sending emails. We have a data processing agreement with Brevo in accordance with Article 28 of the GDPR.

Legal basis: Article 6(1)(b) of the GDPR (performance of a contract or pre-contractual measures) and Article 6(1)(f) of the GDPR (legitimate interest in professional email communication).

7. Automation via Make

We use the automation platform Make (Make.com, Celonis SE, Thomas-Dehler-Straße 27, 81737 Munich, Germany) to automatically process form data. Make acts as a data processor and processes the data submitted via the contact form exclusively in accordance with our instructions.

Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in the efficient processing of inquiries).

8. Web Analytics

8.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies and similar technologies that are stored on your device and enable the analysis of website usage.

By default, Google Analytics 4 does not use full IP addresses. IP anonymization takes place within the EU/EEA before data is transmitted to Google’s servers. The information generated by this technology regarding your use of this website is generally transmitted to a Google server in the United States and stored there. This transmission is based on the EU-US Data Privacy Framework.

We use Google Analytics 4 to analyze how our website is used and to generate reports on website activity. The data collected includes, among other things:

• Page views and scroll depth
• Duration
• Clicks on CTAs and portfolio items
• Form submissions
• Traffic sources (referrers, UTM parameters)
• Approximate location (city/region)
• Device and browser information

8.2 Google Tag Manager

This website uses Google Tag Manager, a service provided by Google Ireland Limited. Google Tag Manager itself does not set cookies or collect personal data. It is used solely to manage and deploy other tags (e.g., Google Analytics), which may collect data. Google Tag Manager does not access this data.

Legal basis for Section 8: Article 6(1)(a) of the GDPR (consent). Google Analytics is activated only after you have given your explicit consent via our cookie consent banner.

Withdrawal: You can withdraw your consent at any time via the cookie consent banner. You can also prevent Google Analytics from collecting data by installing Google’s browser add-on: https://tools.google.com/dlpage/gaoptout

9. Google Search Console

We use Google Search Console to analyze and optimize our visibility in Google Search. Search Console processes aggregated and anonymized data on search queries, clicks, and impressions. No personal data of individual users is collected or stored.

10. Social Media Integrations

Our website embeds content from social media platforms (particularly Instagram). When this content is displayed, a connection is established with the respective provider’s servers. This notifies the provider that you have visited our website. Additionally, other data (e.g., IP address, browser information) may be transmitted to the provider.

Instagram: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Privacy Policy: https://privacycenter.instagram.com/policy

Legal basis: Article 6(1)(a) of the GDPR (consent). This feature will only be enabled after you have given your consent via the cookie consent banner.

11. Cookies and Consent Management

Our website uses cookies. Cookies are small text files that are stored on your device. Some cookies are technically necessary for the website to function (e.g., session cookies). Other cookies are used to analyze your user behavior or for marketing purposes.

Technically necessary cookies are stored in accordance with Article 6(1)(f) of the GDPR. All other cookies are set only with your explicit consent (Article 6(1)(a) of the GDPR). This is done via our cookie consent banner, which appears when you first visit the website.

You can withdraw your consent at any time by accessing the cookie settings again via the banner or by deleting cookies in your browser settings.

12. SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential information. You can tell that the connection is encrypted when the address bar in your browser changes from "http://" to "https://" and when you see the lock icon in your browser's address bar.

13. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR): You have the right to request information about your personal data that we process.
• Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate data or the completion of your data.
• Right to erasure (Art. 17 GDPR): You have the right to request the erasure of your data, provided that there are no legal obligations requiring its retention.
• Right to restriction of processing (Art. 18 GDPR): You have the right to request that the processing of your data be restricted.
• Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21 GDPR): You have the right to object to the processing of your data at any time, provided that the processing is based on Art. 6(1)(f) GDPR.
• Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw your consent at any time. The lawfulness of the processing carried out prior to the withdrawal remains unaffected.

14. Right to file a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates the GDPR.

The regulatory authority responsible for us is:

Data Protection OfficerPiazza Venezia, 1100187 Rome, ItalyEmail: garante@gpdp.itPEC: protocollo@pec.gpdp.itWebsite: https://www.garanteprivacy.it

15. Transfer of Data to Third Countries

Some of the services we use are based in the United States (Google, Webflow). Data transfers to the United States are based on the European Commission’s adequacy decision pursuant to the EU-US Data Privacy Framework (DPF). In the absence of an adequacy decision, we use Standard Contractual Clauses (SCCs) pursuant to Article 46(2)(c) of the GDPR as a safeguard.

16. Retention period

Personal data is stored only for as long as is necessary for the respective processing purpose. If there are legal retention requirements (e.g., tax and commercial law obligations under Italian law), the relevant data will be blocked until the retention period expires and then deleted.

17. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in the legal landscape or modifications to our services and data processing practices. The most current version is always available on our website.

‍