Privacy Policy on the Processing of Personal Data

Pursuant to Article 13 of Regulation (EU) 2016/679

1. Why this information is provided

Pursuant to Regulation (EU) 2016/679 (hereinafter the “Regulation” or “GDPR”), this page describes how the personal data of users who browse the SourcifAI website are processed. The website is accessible at https://www.sourcifai.org/. This information does not concern other websites, pages, or online services that may be reached via hyperlinks published on this site but referring to resources external to the Controller’s domain.

2. Identity and contact details of the Data Controller

The Data Controller is SourcifAI. For any request or information relating to the processing of personal data, you may contact the Controller through the following channel:

• Email: info@sourcifai.org

3. Types of data processed, purposes of processing, and retention period

Browsing data

The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category includes data such as: IP addresses, URI/URL, time of the request, browser type and operating system, referrer, and other technical data.

Data provided by the user

The voluntary sending of messages to the Controller’s contact addresses entails the acquisition of the sender’s contact details and any personal data included in the communication.
In the case of online forms used to submit requests, consent is obtained explicitly via a checkbox. Consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Data collected through Vercel Web Analytics

This website uses Vercel Web Analytics, a web analytics service designed to comply with Regulation (EU) 2016/679. The service does not use third-party cookies, nor does it collect personally identifiable data or IP addresses. The collected data are anonymous and aggregated and include:

• Event timestamp
• Visited URL
• Referrer (origin page)
• Query parameters (filtered)
• Approximate geolocation (e.g., country and city)
• Operating system and browser used
• Device type (mobile/desktop/tablet)

The data are used exclusively for aggregated statistical analysis of website traffic and do not allow user identification. Visitor sessions last a maximum of 24 hours and are not stored permanently. The Controller has configured the service to avoid accidental collection of personal information in URL parameters or custom events.

4. Legal basis for processing

Personal data are processed by SourcifAI in order to provide access to and use of the website’s content, as well as to manage relationships and communications with users. With specific reference to statistical checks and proper functioning of the website, processing is based on the Controller’s legitimate interest. The Controller processes users’ personal data to ensure security and to prevent unforeseen events or unlawful or malicious acts that could compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal data, which constitutes a legitimate interest of the Data Controller. For these purposes, the Controller provides procedures for managing personal data breaches (data breaches). For any other processing activities, the Controller will provide specific notices describing the purposes pursued and, where necessary, will obtain the data subject’s specific consent.

5. Data recipients

Data may be processed:

• by the Controller and any authorized collaborators
• by service providers (e.g., hosting, maintenance, consultancy) appointed as Data Processors

The updated list of Data Processors is available upon request.

6. Data subject rights

As a Data Subject, you may exercise at any time the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR), and the right to object (Art. 21 GDPR), in accordance with the procedures set out in those articles, to which reference is expressly made. To exercise these rights, the data subject may contact the Data Controller at the email address info@sourcifai.org. For any further information and communication regarding their data, the data subject may contact the Data Controller through the communication channels indicated above.

7. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, a data subject who believes that the processing of personal data concerning them carried out through this website is in violation of the Regulation has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place where the alleged infringement occurred.

Last updated: 06/05/2025