Privacy
policy
How we collect, use and protect your personal data.
Privacy notice on the processing of personal data pursuant to Articles 13-14 of EU Regulation 2016/679 (GDPR), for visitors of the website https://sulko.pages.dev, clients and suppliers. Data Controller: Panajotis Angjelos Sulce (SULKO). DPO: not appointed — the conditions requiring mandatory appointment under Art. 37 GDPR do not apply.
01 Introduction
This document is adopted by Panajotis Angjelos Sulce, sole proprietor of the individual business operating under the trade name "SULKO" (hereinafter also "the Controller"), as part of its personal data protection management system, in implementation of the accountability principle set out in Article 5(2) of Regulation (EU) 2016/679.
In carrying out its software development-on-commission activity, the Controller processes personal data mainly relating to website visitors, prospects, clients and suppliers, and such processing must constantly be guided by the principles of lawfulness, fairness, transparency, minimization, accuracy, storage and purpose limitation, integrity and confidentiality.
Although this is a small individual business, Regulation (EU) 2016/679 nonetheless requires the adoption of technical and organizational measures appropriate to the risk and the keeping of adequate documentation, as good accountability practice even in the absence of a specific size-based obligation.
In compliance with Articles 13 and 14 of the GDPR, Panajotis Angjelos Sulce, as Data Controller, informs users of the website https://sulko.pages.dev and its clients/suppliers about how their personal data is processed.
02 Regulatory framework
This document falls within the following regulatory framework, to which full reference is made for anything not expressly covered herein:
- Regulation (EU) 2016/679 (GDPR), on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
- Italian Legislative Decree No. 196 of June 30, 2003 (Data Protection Code), as amended by Legislative Decree No. 101 of August 10, 2018;
- Directive 2002/58/EC (ePrivacy) and its national implementing legislation, on electronic communications and cookies;
- Measure of the Italian Data Protection Authority (Garante) of June 10, 2021, No. 231, on cookies and other tracking tools;
- Guidelines and opinions of the European Data Protection Board (EDPB);
- Articles 2050 and 2220 of the Italian Civil Code and applicable civil/tax law on liability and document retention.
03 Relevant definitions (Art. 4 GDPR)
For the purposes of this document, and unless the context requires otherwise, the terms below have the meaning assigned to them by Article 4 of Regulation (EU) 2016/679:
| Term | Definition |
|---|---|
| Personal data | Any information relating to an identified or identifiable natural person ("data subject"). |
| Processing | Any operation, whether or not by automated means, performed on personal data. |
| Data Controller | The natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. |
| Data Processor | The natural or legal person which processes personal data on behalf of the Controller, based on an agreement under Art. 28 GDPR. |
| Data subject | The identified or identifiable natural person to whom the personal data relates. |
| Consent | Any freely given, specific, informed and unambiguous indication of wishes by which the data subject agrees to the processing of their data. |
| Personal data breach | A security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. |
| Recipient | The natural or legal person, public authority, agency or other body to which personal data is disclosed. |
| Supervisory authority | The competent independent public authority; for Italy, the Garante per la protezione dei dati personali. |
04 Data Controller
| Field | Information |
|---|---|
| Controller | Panajotis Angjelos Sulce |
| Trade name | SULKO |
| Registered office | Via Rossini 1, 22073 Como (CO), Italy |
| VAT number | 00000000000 |
| Phone | +39 327 013 3417 |
| sulko.development@gmail.com | |
| PEC (certified email) | Not available |
| Website | https://sulko.pages.dev |
| DPO | Not appointed — the conditions requiring mandatory appointment under Art. 37 GDPR do not apply |
05 Data collected and purposes of processing
5.1 Data provided through the contact form
Through the form on the Contact page, we collect: name, email, company, reason for the request, and message. This data is processed solely to respond to the user's request and, should the relationship continue, for the pre-contractual phase with a potential client. Emails are sent via the Resend service; they are received in the Controller's Gmail inbox.
5.2 Browsing data and cookies
The website, hosted on Cloudflare Pages, automatically collects some technical browsing data (e.g. IP address, browser type, pages visited). Consent for non-technical cookies is managed via Cookiebot: for full details, see the Cookie Policy published on the site.
5.3 Client and supplier data
As part of the performance of a software development or supply contract, we process identification, tax, and contact data, as well as bank details necessary for wire-transfer payments.
06 Purposes and legal bases of processing
| Purpose of processing | Legal basis (Art. 6 GDPR) |
|---|---|
| Responding to requests sent through the contact form | Art. 6(1)(b) — pre-contractual measures at the data subject's request |
| Performance of the software development/supply contract | Art. 6(1)(b) — Performance of a contract |
| Mandatory tax, accounting and legal obligations | Art. 6(1)(c) — Legal obligation |
| Technical management of the website and security (hosting, abuse protection) | Art. 6(1)(f) — Legitimate interest of the Controller |
| Non-technical analytics/functionality cookies | Art. 6(1)(a) — Consent, collected via Cookiebot |
07 Recipients and external data processors
Data may be disclosed to the following parties, acting either as independent controllers or as processors under specific agreements/contractual terms:
| Party | Role |
|---|---|
| Resend, Inc. | Sending emails generated by the website's contact form |
| Google LLC (Gmail) | Receiving and managing the Controller's email inbox |
| Cloudflare, Inc. | Hosting and delivery of the website (Cloudflare Pages) |
| Cybot A/S (Cookiebot) | Management of the cookie banner and consents |
| Any accountant/accounting firm | Tax and accounting obligations |
Some of these providers (Resend, Google, Cloudflare, Cookiebot) may process data outside the European Economic Area, in particular in the United States. In such cases, the transfer takes place based on the safeguards provided for in Chapter V of the GDPR (e.g. Standard Contractual Clauses and/or adherence to recognized adequacy frameworks).
08 Retention period
- Data collected via the contact form: 12 months from the closing of the request, unless a contractual relationship is established;
- Client and supplier data: 10 years, for tax and civil-law retention obligations;
- Browsing and cookie data: as specified in the Cookie Policy.
09 Rights of data subjects
| Right | GDPR reference |
|---|---|
| Access to processed data | Art. 15 |
| Rectification of inaccurate data | Art. 16 |
| Erasure ("right to be forgotten") | Art. 17 |
| Restriction of processing | Art. 18 |
| Data portability | Art. 20 |
| Objection to processing | Art. 21 |
| Withdrawal of consent | Art. 7(3) |
To exercise these rights, data subjects can write to sulko.development@gmail.com. They also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
10 Changes to this notice
This Privacy Policy may be updated to reflect regulatory, organizational, or tooling changes on the website. Last revised: 07/13/2026.
11 Final provisions
Effectiveness and commencement
This document is effective from its date of publication and remains in force until a subsequent amendment or revocation by the Controller.
Update and review
The document is subject to periodic review, generally at least annually, as well as whenever significant regulatory, organizational or technological changes occur (e.g. new tools used on the site); every revision is tracked in the relevant history.
Governing law and jurisdiction
This document is governed by Italian law; for any dispute concerning its interpretation, validity or execution, the Court of Como has jurisdiction, without prejudice to the mandatory jurisdiction provided by law for the protection of consumers.
Severability clause
The invalidity, nullity or ineffectiveness of any single clause does not affect the validity and effectiveness of the remaining provisions.