PRIVACY POLICY

This notice describes how Quota 4000 (the "Site") collects, uses and protects users' personal data, in compliance with EU Regulation 2016/679 (GDPR) and applicable Italian law.

1. DATA CONTROLLER

The data controller is Amedeo Guffanti. Contact: privacy@quota4000.com.

2. DATA COLLECTED

• Registration data: name, email, avatar (via Google/Meta OAuth)
• Booking data: name, email, phone, preferences
• Reviews: text and multi-dimensional ratings
• School messages: content sent via contact forms
• Technical data: IP, user-agent, technical cookies
• Cookie consent log: anonymous identifier (UUID), daily-rotating hash of IP (SHA-256, non-reversible), consent categories chosen, language, user-agent, policy version and timestamp. Retained as proof of consent under GDPR art. 7 §1.

3. PURPOSES

• Manage registration, login and personal area
• Process bookings and forward them to selected schools
• Publish reviews (after moderation) and aggregate school ratings
• Send messages to schools for direct requests
• Send editorial communications (newsletter) only with explicit consent
• Comply with legal and security obligations

4. LEGAL BASIS

Processing is based on: contract performance (bookings), explicit consent (newsletter, reviews), legitimate interest (security, anti-fraud) or legal obligations.

5. DATA RETENTION

• User account: until deletion requested by the user
• Bookings: 24 months from creation
• Reviews: no expiration (may be anonymized on request)
• Verification photos: maximum 30 days, then auto-deleted
• School messages: 12 months
• Cookie consent log: 24 months from last change, as documentary proof of consent

6. RECIPIENTS

Data may be shared with:

• Skydiving schools receiving bookings and messages
• Technical providers: Vercel, Supabase (EU), Sanity, Resend, Anthropic
• Authorities when required by law

7. NON-EU TRANSFERS

Some providers (Anthropic, Resend) are based outside the EU. Transfer is ensured via EU Standard Contractual Clauses.

8. USER RIGHTS

You have rights to: access, rectification, erasure, restriction, portability, objection, withdrawal of consent. Write to privacy@quota4000.com.

For quick account deletion: data-deletion.

9. COOKIES

The Site uses technical cookies (necessary for operation) and, only with explicit consent, analytics and marketing cookies. On arrival, a banner lets you accept, reject or customize by category.

We implement Google Consent Mode v2 with default state denied: no analytics or marketing cookie fires before your choice. Proof of consent is retained in the consent_logs table, using a daily-rotating hash of the IP (non-reversible) and an anonymous identifier.

For detailed descriptions of individual cookies, durations and purposes, see the Cookie Policy. You can change your preferences at any time via the "Cookie settings" link in the footer (GDPR art. 7 §3 — withdrawal as easy as giving consent).

10. COMPLAINTS

You have the right to complain to the Italian Data Protection Authority (garanteprivacy.it).

11. CHANGES

This notice may be updated. Last update date is shown at the top.