Privacy Policy¶

This privacy policy is provided pursuant to EU Regulation 2016/679 (GDPR) for those who consult the website https://ai-resources.eu. Please note that this privacy policy applies only to this website and not to other websites that may be consulted by the user via links.

Data Controller¶

The "data controller" for the processing of data relating to identified or identifiable persons who access and browse this website is Nicola Fabiano (privacy [at] ai-resources [dot] eu).

Purpose and legal basis of processing¶

The processing of personal data resulting from consultation of the website is based on the following purposes and related legal bases:

Data processed¶

Navigation data¶

Access to this website and browsing within it occurs through the use of a web browser. The IT systems responsible for the operation of this website acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. Some data necessary for browsing the internet, by their very nature, could allow users to be identified through processing and associations with data held by third parties. In particular, this refers to IP addresses (anonymized) or domain names of computers used by users who connect to this website, addresses in URI (Uniform Resource Identifier) notation of requested resources, request time, browser type and operating system used, etc.

Such data are used solely for the purpose of obtaining anonymous statistical information on the use of the website, to check its correct functioning, and to ensure system security. Web server log data are kept for a maximum of 30 days, after which they are automatically deleted. The data could be used to ascertain responsibility in the event of computer crimes against the website, upon request of the Judicial Authority.

Data voluntarily provided by the user¶

The optional, explicit, and voluntary sending of email to the address indicated on this website entails the acquisition of the sender's address, necessary to respond, as well as any other personal data contained in the message. Such data are processed exclusively to respond to sent messages and to fulfill any related requests. Failure to provide personal data for communications or to send any requests prevents their fulfillment. Data are kept for the period strictly necessary for the purposes for which they are processed, no more than 30 days from the response.

The email address for communications relating to privacy and the exercise of GDPR rights is: privacy [at] ai-resources [dot] eu

Cookies¶

This website does not install any cookies on the user's device.

No technical, preference, analytical, profiling, or advertising cookies are used. The web analytics service is configured in fully cookieless mode (see Matomo Web Analytics below for technical details).

Managing cookies in browsers¶

Although this website does not install cookies, users can still verify and manage any cookies installed by other websites through their browser settings:

• Mozilla Firefox
• Microsoft Edge
• Google Chrome
• Apple Safari
• Opera

Matomo Web Analytics¶

This website uses Matomo to collect aggregate and anonymous browsing statistics (as specified in the purpose table).

Privacy-first configuration implemented¶

• ✓ No cookies installed on the user's device
• ✓ IP address anonymization (last 2 bytes masked)
• ✓ Respect for the browser's "Do Not Track" (DNT) signal
• ✓ Aggregate data not traceable to individual users
• ✓ No sharing with third parties
• ✓ Matomo server hosted in the European Union
• ✓ Visit log and visitor profiles disabled at site level

User control over tracking¶

Since the website is fully cookieless, no specific consent is required or technically possible. Users can nonetheless signal their wish not to be tracked by enabling the "Do Not Track" (DNT) option in their browser settings: Matomo is configured to honour this signal and, when present, performs no measurement.

Privacy by Design: cookieless approach¶

This website has adopted a privacy-first approach in full compliance with the privacy by design principle (art. 25 GDPR), thus ensuring:

✓ Maximum respect for privacy: no cookies installed on the user's device ✓ No consent required: no data collection falls under art. 122 of the Italian Privacy Code ✓ No invasive banners: no blocking of access to content ✓ Total transparency: no profiling or advertising tracking ✓ Regulatory compliance: full adherence to GDPR, ePrivacy Directive, and Italian Privacy Code ✓ Minimization principle: only strictly necessary data is collected (art. 5, para. 1, lett. c GDPR) ✓ Do Not Track respected: the browser's DNT signal is honoured server-side

Browsing statistics are collected through Matomo in cookieless configuration with strong anonymization.

External assets managed locally¶

This website implements the privacy by design principle also with regard to third-party assets (fonts, JavaScript libraries, stylesheets). All assets normally loaded from external CDNs are downloaded at build time and served directly from the ai-resources.eu domain, avoiding any request from the user's browser to third-party servers.

In particular:

• Fonts: self-hosted typography (no requests to Google Fonts or similar services)
• JavaScript libraries: all hosted locally (no requests to CDNs such as unpkg, jsDelivr, etc.)
• Stylesheets: entirely served from the website's domain

This configuration, achieved through the privacy plugin of Material for MkDocs with asset prefetching enabled, ensures that browsing the website does not entail the transmission of any data to third parties, except for the Matomo server (configured in cookieless mode and with IP anonymization).

Recipients¶

Personal data collected by this website as a result of consultation are not communicated to recipients or categories of recipients.

Personal data retention period¶

Data collected by the website are kept for the following periods:

• Web server logs: maximum 30 days, then automatic deletion
• Matomo analytics data: 12 months in aggregate and anonymous form
• Email requests: time strictly necessary to fulfill the request, no more than 30 days from the response

The retention periods comply with the principle of storage limitation (Art. 5, para. 1, lett. e) of the GDPR).

Transfer of data to non-EU countries¶

This website does not transfer or share personal data with services located outside the European Economic Area (EEA). All servers and services used for the operation of the website are located in the European Union, ensuring full compliance with GDPR provisions on international transfers.

Security measures¶

Visitors'/users' data are processed lawfully and correctly, adopting appropriate security measures aimed at preventing unauthorized access, disclosure, modification, or unauthorized destruction of data.

The security measures implemented include:

• Communication encryption: SSL/TLS certificate for data protection in transit
• Anonymization: IP address masking at source
• Access limitation: log access limited to authorized personnel only
• Regular backups: security copies to ensure data availability
• Monitoring: systems for detecting unauthorized access and attack attempts
• Server hardening: modern TLS configuration (TLS 1.2/1.3), HSTS, restrictive Content Security Policy, rate limiting

In addition to the Controller, in some cases, categories of persons in charge involved in the organization of the website or external subjects (such as third-party technical service providers, hosting providers) may have access to the data, appropriately designated as data processors pursuant to Art. 28 of the GDPR.

Data subject rights¶

Data subjects may exercise the following rights provided for in Articles 15 to 22 of EU Regulation 2016/679:

• Right of access (Art. 15): obtain confirmation of the existence of personal data and receive a copy
• Right of rectification (Art. 16): obtain correction of inaccurate data
• Right to erasure (Art. 17): obtain deletion of data ("right to be forgotten")
• Right to restriction (Art. 18): obtain restriction of processing
• Right to data portability (Art. 20): receive data in a structured format
• Right to object (Art. 21): object to processing based on legitimate interest

To exercise their rights, the request should be addressed to: privacy [at] ai-resources [dot] eu

The Controller will respond to the request without undue delay and, in any case, within one month of receiving it.

Right to lodge a complaint¶

Data subjects who believe that the processing of their personal data carried out through this website is in violation of EU Regulation 2016/679 have the right, pursuant to Art. 77 of the GDPR, to lodge a complaint with the Italian Data Protection Authority:

Garante per la protezione dei dati personali Piazza Venezia, 11 - 00187 Rome, Italy Tel. +39 06.696771 Fax +39 06.69677.3785 Email: garante@gpdp.it PEC: protocollo@pec.gpdp.it Website: https://www.garanteprivacy.it

Changes to this privacy policy¶

This privacy policy may be subject to changes over time, also in connection with the possible entry into force of new sector-specific regulations, the updating or provision of new services, or following technological innovations.

Any changes will be published on this page and will be immediately binding from the moment of their publication. Therefore, it is advisable to consult this privacy policy regularly.

In case of any discrepancy between this English version and the Italian version of this privacy policy, the Italian version shall prevail as the original document.

Last updated: April 2026