Privacy Policy

This website is operated by:

Giovanni Colonnelli
Via Fontana 21
20122 Milan – Italy
Email: info@leongcollin.com

Giovanni Colonnelli is the Data Controller pursuant to Regulation (EU) 2016/679 (GDPR).

Types of data collected

This website collects the following personal data through its forms:

• Name (optional)
• Email address
• Message content (contact form)
• Book preview selection (if chosen)
• Marketing consent status (if provided)

Purpose of processing

Personal data are processed for the following purposes:

A) Service delivery (legal basis: Art. 6(1)(b) GDPR)

• Reply to messages sent through the contact form
• Send preview materials requested by the user
• Maintain correspondence with users who explicitly request contact

B) Marketing communications (legal basis: Art. 6(1)(a) GDPR - explicit consent)

• Send newsletters about new book releases and updates
• Send promotional emails about books by Leon G. Collin
• Inform users about special offers, events or content related to the author's work

Important: Marketing emails are sent ONLY to users who have explicitly consented by checking the optional marketing checkbox on the form. Consent can be withdrawn at any time by clicking the "Unsubscribe" link in any email or by contacting info@leongcollin.com.

Legal basis

• Article 6(1)(b) GDPR – Performance of a service requested by the data subject (contact form responses, preview delivery)
• Article 6(1)(a) GDPR – Explicit consent given by the user (for marketing communications, if checkbox selected)

Data processing method

Data are processed through the following services:

• FormSubmit (https://formsubmit.co) – transmits form data to the email inbox
• Gmail (Google LLC) – email hosting for info@leongcollin.com
• Mailchimp (Intuit Inc.) – email marketing platform used exclusively for users who have consented to receive marketing communications

No automated profiling is performed. Marketing emails are sent based solely on explicit user consent.

Data retention

Contact form data

Personal data from contact forms are stored in the email inbox of the Data Controller and retained until the user requests deletion.

Marketing email addresses

Email addresses of users who have consented to marketing are stored in Mailchimp and retained according to the following criteria:

• Until the user unsubscribes via the link in any email
• Until the user requests deletion by contacting info@leongcollin.com
• Maximum 3 years of inactivity (no email opens or clicks), after which the address is automatically deleted

After unsubscription or deletion request, email addresses are permanently removed from Mailchimp within 30 days.

Data recipients

Personal data are accessible by:

• Data Controller – Giovanni Colonnelli
• Data processors:
  • FormSubmit – form message transmission
  • Gmail (Google LLC) – email hosting
  • Mailchimp (Intuit Inc.) – email marketing platform (only for users who consented to marketing)

No other third parties receive the data. No data are sold, rented or shared for purposes other than those stated above.

International data transfers

FormSubmit, Gmail and Mailchimp may process data on servers located outside the European Economic Area (primarily in the United States). These providers operate under:

• Standard Contractual Clauses approved by the European Commission
• GDPR-compliant safeguards and security measures
• Mailchimp's Data Processing Addendum (DPA) ensuring GDPR compliance

User rights

Under Articles 15–22 GDPR, users have the right to:

• Access their personal data
• Request correction or deletion
• Restrict or object to processing
• Request data portability
• Withdraw consent at any time (this does not affect the lawfulness of processing prior to withdrawal)

To exercise these rights, users may:

• Send a request to: info@leongcollin.com
• Click the "Unsubscribe" link at the bottom of any marketing email (for marketing consent withdrawal only)

Right to lodge a complaint

Users may lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali – www.garanteprivacy.it).

Data security

Appropriate technical and organizational measures are applied to prevent unauthorized access, disclosure or loss of data, including:

• Encrypted data transmission (HTTPS/TLS)
• Access controls and authentication
• Regular security updates and monitoring
• GDPR-compliant data processors with certified security standards

Changes to this policy

This policy may be updated to reflect changes in data processing practices or legal requirements. The current version is always published on this page. Users are encouraged to review this policy periodically.

Last update: February 2026