Privacy Policy
Last updated: February 18, 2026

This notice describes how Fabrizio Borgosano (“Controller”, “we”) processes the personal data of users who visit https://www.coralriff.biz/ and use our AI/GPT assistants or other third parties connected web instruments.

This notice is provided pursuant to Regulation (EU) 2016/679 (“GDPR”), applicable national law, and, where required, applicable non-EU privacy laws.

1. Data Controller
Controller: Fabrizio Borgosano
Registered office: via del Corsaro, 1, 98163 Messina (ME), Italy
VAT/Tax ID: IT11238501008
Privacy email: privacy@coralriff.biz

2. Scope
This notice applies to:
– browsing the website;
– contact requests sent via forms, email, or other channels;
– use of AI/GPT assistants published or managed by us;
– possible integration with third-party tools (e.g., CRM, ticketing, analytics, email providers, automation tools).

3. Personal data we process
We may process the following categories of data:
– identification and contact data (first name, last name, email, phone, company, role);
– data voluntarily provided in messages, prompts, and uploaded attachments;
– service usage data (technical logs, timestamps, errors, operational metadata);
– browsing data (IP address, user agent, visited pages, technical events);
– data present in integrated systems (e.g., CRM) where necessary to provide the requested service.

Please do not submit unnecessary data, highly sensitive data, or third-party data without an appropriate legal basis.

4. Purposes and legal bases
We process personal data for the following purposes:
1. Providing the website and AI/GPT services requested by the user.
Legal basis: performance of pre-contractual/contractual measures (Art. 6(1)(b) GDPR).
2. Managing support, contact, demo, or quote requests.
Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR (legitimate organizational interest).
3. Security, abuse prevention, legal defense, and business continuity.
Legal basis: Art. 6(1)(f) GDPR.
4. Compliance with legal, tax, and administrative obligations.
Legal basis: Art. 6(1)(c) GDPR.
5. Direct marketing (newsletter/commercial communications), where applicable.
Legal basis: consent (Art. 6(1)(a) GDPR) or legitimate interest, within applicable legal limits.

5. Use of AI/GPT and third-party services
When you use our GPTs:
– content you provide (prompts, files, instructions) may be transmitted to third-party technology providers required to process your request;
– where actions/integrations are enabled, data may be sent to connected services to execute the requested task;
– AI output may contain errors, so human review remains necessary, especially for important decisions;
– we do not carry out solely automated decisions producing legal or similarly significant effects on users, unless permitted by law and with appropriate safeguards.

6. Data recipients
Data may be processed by:
– authorized personnel of the Controller;
– IT/cloud/hosting providers;
– AI/LLM service providers;
– CRM, email, analytics, and support providers;
– legal/tax advisors or competent authorities, where required.

Providers are appointed as data processors where required by law, or act as independent controllers under their own terms.

7. Transfers outside the EEA/EU
Some providers may process data in countries outside the EEA/EU. In such cases, we adopt transfer mechanisms compliant with applicable law (e.g., adequacy decisions, standard contractual clauses, and supplementary measures where necessary).

8. Data retention
We retain data only for as long as necessary for the purposes above, including:
– contact and request data: up to [X months/years];
– contractual/administrative data: according to legal obligations;
– technical and security logs: for [X months], unless longer retention is needed for investigations/disputes;
– marketing data: until consent withdrawal or objection, and in any case within legal limits.

After retention periods expire, data is deleted or anonymized.

9. Data subject rights
Users may exercise the rights under Articles 15-22 GDPR, including:
– access;
– rectification;
– erasure;
– restriction of processing;
– data portability;
– objection;
– withdrawal of consent (where processing is based on consent).

To exercise your rights: privacy@coralriff.biz.
You also have the right to lodge a complaint with the competent supervisory authority (in Italy: Garante per la protezione dei dati personali).

10. Cookies and tracking tools
The website may use strictly necessary technical cookies and, where required by law and subject to consent, statistical, preference, or marketing cookies/functions.
You can manage preferences via the cookie banner/preference center.

11. Minors
Services are not intended for users under [14/16/18, depending on applicable law]. If we detect non-compliant processing related to minors, we will take prompt action.

12. Security
We implement technical and organizational measures appropriate to risk to protect data against unauthorized access, loss, alteration, or improper disclosure.

13. Changes to this notice
We may update this Privacy Policy due to legal, technical, or organizational changes. The updated version will be published on this page with a new last-updated date.

14. Contacts
For privacy questions or to exercise your rights:
privacy@coralriff.biz
via del Corsaro, 1, 98163 Messina (ME), Italy