PRIVACY & COOKIE POLICY – Komebi Studio Srl
Last updated: January 20, 2026This notice explains how
Komebi Studio Srl (“Controller”) processes personal data of users who visit and interact with
www.komebistudio.com (the “Website”), in accordance with the EU General Data Protection Regulation
(Regulation (EU) 2016/679 – “GDPR”) and applicable national laws.
Data Controller:
Komebi Studio SrlCorso Luigi Manusardi 3, 20136 Milan (MI), Italy
VAT No.:
IT14519690961Privacy email:
info@komebistudio.comPEC (certified email):
komebistudio@pec.it
Types of personal data processed
a)Browsing / technical log dataWhen y
ou browse the Website, our systems may collect technical data such as: IP address, device/browser identifiers, date and time of access, pages/URLs visited, server requests and responses. This data is processed for technical operation and security purposes.
b) Data you provide voluntarilyIf you contact us (e.g., via a contact form or email), we will process the information you submit, typically: name, email address, company/role (if provided), message content, and any other information you choose to share.
c)Cookies and similar technologiesThe Website uses cookies and similar technologies. Consent is managed through a Consent Management Platform (“CMP”) based on
Cookiebot by Usercentrics. See the “Cookie Policy” section below.
Purposes and legal bases
3.1 Website operation, technical management, and securityPurpose: to ensure the Website works properly, maintain service continuity, manage the technical infrastructure, and protect the Website (e.g., preventing abuse/fraud, mitigating attacks, troubleshooting).
Legal basis:
Art. 6(1)(f) GDPR (legitimate interests of the Controller in ensuring security and proper service operation).
3.2 Handling contact requests / pre-contractual stepsPurpose: to respond to requests sent via forms/email, schedule calls, provide information about services/activities, and manage potential business discussions.
Legal basis:
Art. 6(1)(b) GDPR (steps prior to entering into a contract at the data subject’s request) and/or
Art. 6(1)(f) GDPR (legitimate interest in handling requests).
Provision: optional, but necessary to receive a response.
3.3 Marketing / newsletters (only if enabled)If the Website includes newsletter sign-up or promotional communications, processing will be based on:
Art. 6(1)(a) GDPR (consent), which you can withdraw at any time.
3.4 Analytics/statistics and marketing via cookies (only if present)Non-essential cookies (e.g., analytics/statistics not strictly necessary, marketing/remarketing) are activated only after you provide consent through the CMP.
Processing methods and security measures
Personal data is processed using IT systems and, where necessary, manual tools, following logic strictly related to the purposes stated above. We implement appropriate technical and organisational measures (e.g., access controls, credential management, backups, logging, data minimisation).
Recipients and data processors
Personal data may be processed by:the Controller’s authorised personnel; andexternal service providers acting as
Data Processors under
Art. 28 GDPR (e.g., hosting/CMS, email platforms, CRM tools, analytics tools, CMP/cookie services).
Webflow (hosting/CMS)The Website is built and/or hosted using
Webflow, which processes data on behalf of the Controller in the context of providing the platform and related services (hosting/CMS) in accordance with its terms and data processing arrangements (DPA).Personal data is not publicly disclosed.
International data transfers (outside the EEA)
Some providers (including cloud services) may involve transfers of personal data outside the European Economic Area (EEA). Where this occurs, the Controller relies on appropriate safeguards under Chapter V GDPR (e.g., Standard Contractual Clauses and supplementary measures where required).
Data retention
Contact requests (forms/email): for as long as necessary to handle the request and, if no further relationship follows, for a period consistent with the purpose (typically up to 12–24 months from the last interaction), unless we need to retain data to establish, exercise, or defend legal claims.
Security technical logs: for a limited and proportionate period (typically up to 6 months), unless required for incident management or investigations.
Cookies: according to the retention periods shown in the Cookie Declaration (see below).
Your rights
You may exercise the rights set out in Articles 15–22 GDPR: access, rectification, erasure, restriction, data portability (where applicable), objection, and withdrawal of consent (without affecting the lawfulness of processing based on consent before its withdrawal).
To exercise your rights, contact:
info@komebistudio.com or
komebistudio@pec.it (subject: “Privacy – GDPR data subject rights request”).
You also have the right to lodge a complaint with the competent Data Protection Authority (in Italy: the
Garante per la Protezione dei Dati Personali).
Changes to this noticeWe may update this notice from time to time. The current version will always be available on this page with the “Last updated” date.
COOKIE POLICYWhat cookies areCookies are small text files that websites send to your device and that are sent back to the same websites on subsequent visits. Similar technologies (e.g., pixels, local storage) may also be used depending on the tools integrated into the Website.
Consent management with Cookiebot by Usercentrics
The Website uses
Cookiebot by Usercentrics to:display the consent banner and collect your choices;allow you to manage preferences by category (e.g., necessary / preferences / statistics / marketing, depending on configuration);document and store your consent choices.You can change or withdraw your consent at any time using a persistent CMP preferences function, made available on the Website.
Cookie DeclarationThe categories and the
actual list of cookies and tracking technologies used on this domain (including provider, purpose, and duration) are available in the
Cookie Declaration generated by Cookiebot.
Cookie Declaration: