Artemij Keidan

Data controller

Artemij Keidan
Sapienza University of Rome — Department "ISO – Italian Institute of Oriental Studies"
Circonvallazione Tiburtina 4, 00185 Roma, Italy
Email: # (or: [email protected])

Hosting and data processing

This website is hosted on servers located within the European Union. The hosting provider acts as data processor pursuant to Art. 28 GDPR. A Data Processing Agreement (DPA) is in place in accordance with the provider's standard contractual clauses.

Categories of personal data and purposes of processing

The web server automatically records technical log data for each request (IP address, user agent, timestamp, requested resource). These data are processed solely for the purpose of ensuring the security and correct functioning of the website. The legal basis for this processing is the legitimate interest of the data controller (Art. 6(1)(f) GDPR).

The website makes use of technical cookies and the browser's local storage (localStorage), strictly necessary for retaining the user's display preferences. These mechanisms store exclusively the following data:

• Selected theme (theme): the visual theme chosen by the user (e.g. light, dark, sepia, high-contrast); retained persistently until manually deleted by the user;
• Floating letters configuration (lettersConfig): settings for the decorative background letters (opacity, count, swap interval); retained persistently until manually deleted by the user;
• Section collapse state (sectionState): which sections of the page are expanded or collapsed; retained persistently until manually deleted by the user.

All data is stored locally in the user's browser only; no data collected through these mechanisms is transmitted to third parties. Pursuant to Art. 5(3) of Directive 2002/58/EC and the Italian Data Protection Authority's Guidelines on cookies and other tracking tools (10 June 2021, § 17), such storage mechanisms are exempt from the requirement of prior consent. Users may delete this data at any time through their browser settings.

Should a user choose to contact the data controller by email, the personal data contained in the message (name, email address, content) will be processed solely for the purpose of responding to the enquiry. The legal basis is Art. 6(1)(b) GDPR (steps taken at the request of the data subject) or, where applicable, Art. 6(1)(f) GDPR (legitimate interest in handling correspondence).

Third-party services

This website does not make use of analytics, profiling, or advertising services. All typographic resources (fonts) are hosted locally; no automatic requests to external services are initiated upon page load.

The Blog section displays content retrieved from Tumblr (Automattic Inc., USA) through the site's own server. No direct connection between the user's browser and Tumblr's servers is established for retrieving posts or images, as Tumblr-hosted images are served through a server-side proxy. This technical arrangement ensures that the user's IP address is not transmitted to Tumblr during normal browsing. A direct connection to Tumblr (or other third-party services) may still occur only if a post contains embedded external content (for example, iframes) or links that the user actively opens.

Automattic Inc. is a US-based company. Any residual data transfer to the USA would be governed by the applicable adequacy decisions or standard contractual clauses pursuant to Art. 46 GDPR.

Recipients and transfers

Personal data contained in server logs may be accessible to the hosting provider in its capacity as data processor. No other recipients are foreseen. The site's own server acts as an intermediary for all Tumblr content, including images; a transfer of personal data to third countries may occur only in the residual cases described above (embedded external content actively opened by the user).

Retention

Server log data are retained for a maximum of 90 days, unless a longer period is required for the investigation of security incidents. Technical cookies and local storage data are persistent and remain stored until the user modifies the corresponding preference or deletes them through the browser settings. Email correspondence is retained for as long as necessary to address the enquiry and any follow-up communication.

Personal data breach

In the event of a personal data breach likely to result in a risk to the rights and freedoms of natural persons, the data controller undertakes to notify the Italian Data Protection Authority (Garante per la protezione dei dati personali) within 72 hours of becoming aware of the breach, in accordance with Art. 33 GDPR. Where the breach is likely to result in a high risk to the rights and freedoms of the data subjects, the data controller will also communicate the breach to the affected individuals without undue delay, pursuant to Art. 34 GDPR.

Rights of the data subject

Pursuant to Articles 15–22 of the GDPR, the data subject has the right to access, rectify, erase, restrict, and port their personal data, as well as the right to object to processing. These rights may be exercised by contacting the data controller at the address indicated above.

The data subject also has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), Piazza Venezia 11, 00187 Roma, www.garanteprivacy.it.

Cookie and storage management

Users can manage or delete data stored by this website through their browser settings:

• Chrome: Settings → Privacy and security → Clear browsing data → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data → Clear Data
• Safari: Preferences → Privacy → Manage Website Data
• Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data

Deleting cookies and site data will reset the visual preferences (theme, floating letters, section states) to their default values.