Privacy Policy
Last updated: March 2026
1. Data Controller
Olga Design
Riva del Garda (TN), Trentino-South Tyrol, Italy
VAT: IT02847690221
Email: privacy@rendersubito.it
2. Data Collected
2.1 Registration data
- Name or company name
- Email address
- Phone number (optional)
- Agency name (B2B)
2.2 Order data
- Property photographs uploaded for processing
- Style instructions and preferences
- Order and delivery history
2.3 Payment data
Payments are processed by Stripe, Inc. RenderSubito does not store credit card numbers.
2.4 Navigation data
- IP address (anonymised), browser type, pages visited, technical cookies
2.5 Photo data
Photos may contain personal items and EXIF metadata. Processing solely for service delivery.
3. Purpose of Processing
| Purpose | Legal basis |
|---|---|
| Service delivery (rendering/staging) | Art. 6(1)(b) GDPR — Contract performance |
| Order and payment management | Art. 6(1)(b) GDPR |
| Service communications | Art. 6(1)(b) GDPR |
| Legal/tax compliance | Art. 6(1)(c) GDPR |
| Service improvement and statistics | Art. 6(1)(f) GDPR — Legitimate interest |
We do not use data for: automated profiling, direct marketing (without consent), sale to third parties, AI model training with client photos.
4. Processing Methods
Data is processed using IT systems, strictly purpose-bound.
4.1 AI photo processing
Photos are processed via AI APIs (sub-processors) in compliance with the EU AI Act (2024/1689) and Legge 132/2025. Every image is verified by a designer and marked «Virtual Staging».
5. Data Retention
| Data type | Retention period |
|---|---|
| Uploaded photos | 30 days after delivery, then deleted |
| Account data | Contract duration + 12 months |
| Tax/billing data | 10 years (Italian tax law) |
| Navigation logs | Session duration |
| Support communications | 24 months |
6. Data Transfers
6.1 Recipients
- Stripe, Inc. (USA) — payment processing
- Supabase, Inc. (USA) — database
- Cloudflare, Inc. (USA) — file storage
- AI service providers — image processing
6.2 International transfers
Based on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs).
7. Your Rights
Under GDPR Articles 15-22, you have the right to:
- Access (Art. 15)
- Rectification (Art. 16)
- Erasure (Art. 17)
- Restriction (Art. 18)
- Portability (Art. 20)
- Objection (Art. 21)
- Withdraw consent (Art. 7)
Contact: privacy@rendersubito.it (response within 30 days).
Right to lodge complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
8. Cookie Policy
We use only technical cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| Session | Authentication | Session |
| Language preference | Language selection | 12 months |
| Cookie consent | Banner consent | 12 months |
No profiling, advertising or tracking cookies. See Cookie Policy.
9. Security Measures
- SSL/TLS encryption for all communications
- At-rest encryption for stored data
- Secure authentication
- Access restricted to authorised staff
- Regular encrypted backups
- Data breach notification within 72 hours (Art. 33 GDPR)
10. Legal References
- GDPR (Regulation EU 2016/679)
- Italian Privacy Code (D.lgs. 196/2003)
- EU AI Act (2024/1689)
- Italian AI Law (Legge 132/2025)
11. Contact
Olga Design — RenderSubito
Email: privacy@rendersubito.it
Location: Riva del Garda (TN), Italy
12. Changes
RenderSubito reserves the right to update this policy. Material changes will be communicated by email to registered users.