Privacy Policy

Last updated: 2026-05-06

This Privacy Policy describes how the website espeiria.netlify.app (the "Site") and the ESPEIRIA service (the "Service") handle personal data of users who visit or use them. The notice is issued under Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended (Privacy Code) to all those who interact with the Site or the Service.

Data controller

LemonJuice Solutions S.r.l., registered office in Verona, Italy. Email: info@lemonjuicesolutions.it. For any request or communication relating to personal data, the Controller can be contacted at the addresses above. This notice is the only one formally in force.

Data Protection Officer (DPO)

The Controller has not appointed a DPO as it is not legally required. The contact point for data subjects' rights is info@lemonjuicesolutions.it.

Categories of data collected

Personal data collected, by us or via third parties, includes: first and last name, company name, email address, phone number, role, industry, country, VAT number, payment data (handled entirely by Stripe — we do not receive or store card numbers), the content of communications sent via contact forms, licence key, machine identifier (machine ID) linked to software activation, usage data (IP addresses, browser and device type, operating system, pages visited, access times, visit duration, referrer parameters), cookies and tracking tools. Provision is optional, but refusal may make it impossible to provide the requested Service. The User accepts responsibility for any third-party personal data communicated and warrants the right to do so.

Methods of processing

The Controller adopts technical and organisational security measures appropriate to prevent unauthorised access, disclosure, modification or destruction of data. Processing is carried out using IT and electronic tools, with organisational and logical methods strictly related to the purposes indicated. In addition to the Controller, in some cases the data may be accessed by other parties involved in the operation of the Site (administrative, sales, technical, marketing staff) or by external parties (technical service providers, hosting providers, IT companies, communication agencies) appointed where necessary as Data Processors under Art. 28 GDPR.

Place of processing

Data is processed at the Controller's operational offices and at any other place where the parties involved in the processing are located. For further information, please contact the Controller. The User's personal data may be transferred to countries other than the User's country. To obtain further information about the place of processing, the User can refer to the "Third-party services" section or contact the Controller.

Retention period

Personal data is processed and stored for the time strictly necessary for the purposes for which it was collected. Therefore: data collected for purposes related to performance of a contract is retained until completion of the contract and for the subsequent applicable limitation period (10 years for accounting and tax purposes under Art. 2220 of the Italian Civil Code); data collected for purposes attributable to the Controller's legitimate interest is retained until that interest is satisfied; data collected for marketing purposes is retained until withdrawal of consent and in any case no longer than 24 months; contact requests are retained for 24 months unless converted to a contractual relationship; technical logs are retained for 12 months unless investigation is needed for security incidents.

Purposes of processing

User data is collected to allow the Controller to provide the Service, fulfil legal obligations, respond to requests or enforcement actions, protect its rights and interests, ascertain liability in the event of IT-related offences, manage payments, contact the User, hosting and infrastructure, database management, displaying content from external platforms, statistics, spam prevention, providing assistance and support, infrastructure monitoring. For detailed information about each processing purpose please refer to the "Detailed information on processing of Personal Data" section.

Legal basis of processing

The Controller processes personal data relating to the User if one of the following applies: the User has given consent for one or more specific purposes (Art. 6.1.a GDPR); processing is necessary for the performance of a contract with the User and/or the execution of pre-contractual measures (Art. 6.1.b GDPR); processing is necessary for compliance with a legal obligation to which the Controller is subject (Art. 6.1.c GDPR); processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party (Art. 6.1.f GDPR). It is always possible to ask the Controller to clarify the actual legal basis of each processing operation.

Third-party services

The Service relies on the following providers, each appointed as Data Processor under Art. 28 GDPR: Stripe Payments Europe Ltd. (Ireland) — payments, data processed: customer identifiers, payment data, amounts; notice: stripe.com/privacy. Resend Inc. (USA, SCC) — transactional emails, data processed: email address, message content; notice: resend.com/legal/privacy-policy. Netlify Inc. (USA, SCC) — Site hosting, data processed: access logs, IP; notice: netlify.com/privacy. Vercel Inc. (USA, SCC) — hosting of components, data processed: access logs, IP; notice: vercel.com/legal/privacy-policy. Turso (ChiselStrike Inc., USA, SCC) — licence and content database, data processed: licence data, blog posts; notice: turso.tech/privacy. Google Ireland Ltd. (Ireland) — Google Calendar for appointment booking, data processed: name, email, time slot; notice: policies.google.com/privacy. For non-EU transfers, providers apply the Standard Contractual Clauses approved by the European Commission (decision 2021/914/EU) as an adequate safeguard under Art. 46 GDPR.

Transfers of data outside the European Union

Some of the User's personal data is transferred outside the European Union, in particular to the United States of America. The nature of the location to which data is transferred may be specified in dedicated sections of this document or requested from the Controller using the contacts above. Transfer is authorised based on specific decisions of the European Union or under Standard Contractual Clauses. The User can request detailed information from the Controller about the actual nature of the transfer or the specific safeguards in place.

Cookies and tracking tools

For detailed information about cookies and tracking tools used on the Site, please refer to the Cookie Policy. The User can give or withdraw consent to non-necessary cookies at any time through the "Cookie preferences" panel available at the bottom of every page.

User rights

Users may exercise certain rights regarding the data processed by the Controller. In particular, the User has the right to: withdraw consent at any time; object to processing of their data; access their data; verify and request rectification; obtain restriction of processing; obtain erasure or removal of their personal data; receive their data or have it transferred to another controller (portability); lodge a complaint. To exercise their rights, Users can address a request to the Controller's contact details indicated in this document. Requests are filed free of charge and processed as soon as possible, in any case within 30 days.

Right to lodge a complaint

Users who believe that the processing of their personal data is in breach of the Regulation have the right to lodge a complaint with the Garante per la Protezione dei Dati Personali, as provided by Art. 77 of the Regulation, or to take legal action (Art. 79 of the Regulation). Garante per la Protezione dei Dati Personali — Piazza Venezia 11, 00187 Rome — phone +39 06 696771 — website garanteprivacy.it.

Commercial communications by email

If the User provides their email address, the Controller may use it to send commercial communications regarding products and services similar to those covered by the relationship, without prejudice to the User's right to object at any time, including by simply notifying the Controller.

Defence in court

User personal data may be used by the Controller in court or in the stages leading to its potential establishment, for defence against abuses in the use of the Service or related services. The User declares to be aware that the Controller may be required to disclose data on the order of public authorities.

Specific notices

On request of the User, in addition to the information contained in this privacy policy, the Site may provide the User with additional and contextual notices regarding specific services or the collection and processing of personal data.

System logs and maintenance

For purposes related to operation and maintenance, the Site and any third-party services it uses may collect system logs, i.e. files that record interactions and may also contain personal data such as the User's IP address.

Information not contained in this policy

More information about the processing of personal data can be requested at any time from the Controller using the contact details.

Changes to this privacy policy

The Controller reserves the right to modify this privacy policy at any time, providing notice to Users on this page and, where possible, on the Site. Please therefore check this page regularly, referring to the date of last modification indicated at the top. If changes affect processing whose legal basis is consent, the Controller will collect the User's consent again.

Definitions and legal references

Personal Data: Any information that, directly or indirectly, including in connection with any other information — including a personal identification number — makes a natural person identified or identifiable.
Usage Data: Information collected automatically through the Site (also from third-party applications integrated in it), including: the IP addresses or domain names of the computers used by Users connecting to the Site, URI addresses, request time, the method used to submit the request to the server, response file size, the numerical code indicating the server response status, and other parameters about the User's operating system and IT environment.
User: The individual using the Site who, unless otherwise specified, coincides with the Data Subject.
Data Subject: The natural person to whom the Personal Data refers.
Data Processor: The natural person, legal person, public authority or any other body that processes personal data on behalf of the Controller, as set out in this privacy policy.
Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, including the security measures relating to the operation and use of the Site.
Site: The hardware or software tool through which Users' Personal Data is collected and processed.
Service: The Service provided by the Site as defined in the relevant terms (if any) on this site/application.
European Union (or EU): Unless otherwise specified, every reference to the European Union in this document extends to all current member states of the European Union and the European Economic Area.
Cookie: Small piece of data stored within the User's device.
Tracking Tool: Tracking Tool means any technology — e.g. Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting — that allows tracking Users, for example by collecting or storing information on the User's device.
Legal references: This privacy notice is drafted on the basis of multiple legislative provisions, including Articles 13 and 14 of Regulation (EU) 2016/679. Unless otherwise specified, this privacy notice exclusively concerns the Site.