Privacy Policy

Last updated: June 21, 2026

This Privacy Policy explains how personal data is processed when you browse the Chill 'n Panic website, contact the studio, or send a project inquiry.

Data controller

The data controller is Chill 'n Panic, VAT IT01584480527. For privacy requests, contact [email protected].

Personal data we process

Depending on how you use the website, we may process:

  • Contact and identification data, such as name, email address, company name, and any details you choose to include in an email or project request.
  • Project inquiry data, such as the goal, deadline, timeline, assets, requirements, message contents, and the mood or urgency selected in the project-request form.
  • Technical data, such as IP address, browser and device information, requested pages, date and time of access, basic security logs, and network information generated when the website is delivered.
  • Analytics and performance data, only where you consent to optional analytics, including aggregate page-view and browser-performance measurements processed through Cloudflare Web Analytics / RUM.
  • Consent data, including the analytics choice stored by the website so that we can respect it on later visits.
  • Privacy-request data, including the contents of any request you send about your data protection rights.

Please do not include special-category data or unnecessary personal information in free-text fields or emails unless it is strictly necessary for the request.

We process personal data for the following purposes:

  • To respond to contact requests, project inquiries, quote requests, and related communications: Article 6(1)(b) GDPR for pre-contractual steps requested by you and, where applicable, Article 6(1)(f) GDPR for our legitimate interest in managing business communications.
  • To operate the website, deliver pages, maintain security, prevent abuse, troubleshoot technical issues, and remember privacy choices: Article 6(1)(f) GDPR.
  • To comply with legal obligations, respond to lawful requests, and establish, exercise, or defend legal claims: Article 6(1)(c) GDPR and, where relevant, Article 6(1)(f) GDPR.
  • To measure website performance and aggregate usage through Cloudflare Web Analytics / RUM where you have consented to analytics: Article 6(1)(a) GDPR.

Where processing is based on consent, you may withdraw that consent at any time without affecting processing already carried out before withdrawal.

Project request and email flows

The contact page uses direct email links. The interactive project-request form prepares an email in your own email client; it does not submit the message to a Chill 'n Panic server automatically. Personal data is sent to us only if you choose to send that email.

Providing data

Providing the information needed to understand and answer a request is voluntary, but if you do not provide enough information we may be unable to respond properly or evaluate the project request.

Recipients of personal data

Personal data may be processed by authorized collaborators and by service providers that help us operate the website and communications, such as:

  • hosting, infrastructure, security, DNS, CDN, and website-delivery providers, including Cloudflare;
  • email and communications providers used to receive and answer messages;
  • website maintenance, development, analytics, and technical support providers;
  • professional advisors, public authorities, or legal counterparties where disclosure is required by law or necessary to protect rights.

These recipients process data only to the extent necessary for the relevant purpose and under contractual or legal confidentiality obligations where applicable.

International transfers

The website is intended primarily for users in the European Union and Italy. If a provider processes personal data outside the European Economic Area, we rely on a lawful transfer mechanism under Chapter V GDPR, such as an adequacy decision or the European Commission's Standard Contractual Clauses, together with supplementary measures where required.

Retention periods

We do not keep personal data longer than necessary for the purposes described above. In particular:

  • contact and project inquiry data is generally kept for the time needed to manage the request and follow-up, and normally for no longer than 24 months after the last relevant contact unless a longer period is required by law or needed to establish, exercise, or defend legal claims;
  • client, supplier, accounting, and contractual records are kept for the periods required by applicable law;
  • technical logs and security events are kept for the period reasonably necessary to ensure security, investigate incidents, and meet legal obligations;
  • consent records are kept for the period described in the Cookie Policy, unless you clear or update them earlier;
  • analytics data is retained according to the settings and documentation of the analytics provider.

Your rights

Under the GDPR, where the legal requirements are met, you may have the right to:

  • obtain confirmation that your personal data is being processed and access that data;
  • request rectification of inaccurate or incomplete data;
  • request erasure of personal data;
  • request restriction of processing;
  • object to processing based on legitimate interests, where your particular situation justifies it;
  • receive the personal data you provided to us in a structured, commonly used, machine-readable format where portability applies;
  • withdraw consent at any time where processing is based on consent;
  • lodge a complaint with the competent supervisory authority. In Italy, this is generally the Garante per la protezione dei dati personali.

To exercise your rights, contact [email protected].

Automated decision-making

This website does not carry out automated decision-making that produces legal or similarly significant effects under Article 22 GDPR.

For information about cookies and similar technologies, please read the separate Cookie Policy.

Where you consent, the website may activate Cloudflare Web Analytics / RUM for optional measurement activities. Without analytics consent, Cloudflare Web Analytics / RUM remains disabled. According to Cloudflare, Cloudflare Web Analytics / RUM does not use cookies or browser storage and uses browser performance APIs to send measurements to Cloudflare for reporting.

The website may include links to third-party websites or social platforms. If you follow those links, the relevant third party may process personal data under its own policies.

Security measures

We adopt technical and organizational measures reasonably designed to protect personal data against unauthorized access, accidental loss, alteration, or unlawful disclosure.

Policy updates

We may update this Privacy Policy from time to time. The date shown at the top of this page indicates the latest revision.