Privacy Policy

1. Data Controller

The data controller is Mare Media SRL, with registered office at Corso Buenos Aires 20, 20129 Milano (MI), Italy — P.IVA 09942611212.

For any questions regarding this privacy policy or your personal data, you can reach us through the contact information listed on our website.

2. What data we collect

We may collect the following categories of personal data:

• Navigation data: IP address, browser type, operating system, pages visited, access time. These are collected automatically by our servers.
• Data you provide voluntarily: name, email address, or any other information submitted through contact forms or email communication.
• App usage data: if you use our mobile applications (e.g. PandaCoco), we may collect anonymous usage analytics, device type, OS version, and app interaction data to improve the product experience.

3. Purpose and legal basis

Your data is processed for the following purposes:

• Website functionality: ensuring correct display and technical operation of the website (legitimate interest, Art. 6(1)(f) GDPR).
• Responding to inquiries: processing your requests sent via email or contact forms (consent or pre-contractual measures, Art. 6(1)(a)(b) GDPR).
• Analytics: understanding how users interact with our website and apps to improve our services (legitimate interest, Art. 6(1)(f) GDPR).
• Legal obligations: complying with applicable laws and regulations (Art. 6(1)(c) GDPR).

4. Third-party services

We may use the following third-party services that process personal data on our behalf:

• Google Analytics: for website traffic analysis. Data may be transferred to the United States. Google's privacy policy applies.
• Google Fonts: fonts are loaded from Google servers. Your IP address may be transmitted to Google.
• Apple App Store / Google Play Store: for app distribution. Their respective privacy policies apply to transactions and downloads.
• Firebase / RevenueCat: if used within our apps for analytics, crash reporting, or subscription management.

5. Data retention

Personal data is retained only for the time necessary to fulfill the purposes for which it was collected:

• Navigation data: up to 26 months.
• Contact form data: up to 12 months after the last communication.
• App usage data: anonymized and retained for analytics purposes indefinitely.

6. Data sharing

Your personal data will not be sold, traded, or rented to third parties. Data may be shared with:

• Third-party service providers strictly necessary for operating our services (as listed in Section 4).
• Authorities, if required by law.

7. International transfers

Some third-party services may transfer data outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

8. Your rights

Under the GDPR (Regulation EU 2016/679), you have the right to:

• Access your personal data (Art. 15).
• Rectify inaccurate or incomplete data (Art. 16).
• Erase your personal data — "right to be forgotten" (Art. 17).
• Restrict processing of your data (Art. 18).
• Data portability — receive your data in a structured, commonly used format (Art. 20).
• Object to processing based on legitimate interest (Art. 21).
• Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, contact us through the contact information listed on our website.

9. Cookies

This website may use technical cookies necessary for the proper functioning of the site. We may also use analytics cookies (e.g. Google Analytics) to collect anonymous usage data.

You can manage your cookie preferences through your browser settings. Disabling cookies may affect the functionality of the website.

10. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. However, no method of transmission over the internet is 100% secure.

11. Children's privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us and we will promptly delete it.

12. Changes to this policy

We reserve the right to update this privacy policy at any time. Changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

13. Supervisory authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) — www.garanteprivacy.it.