Privacy Policy of the Beyond the Pitch blog
1. Data Controller
The data controller for personal data collected through the Beyond the Pitch website ('Site' or 'Blog') is Marco Teodori, located at Via Cadore, 110 - 61033 Fermignano (PU), VAT/Tax ID 02786950416. For any information or to exercise your rights, you can contact the Controller at the email address: [email protected] .
An updated list of designated Data Processors can be provided upon request by data subjects and/or Users.
2. Types of Data Collected
The Blog collects the following personal data, voluntarily provided by the User:
Data for account creation and comment management:
- Name and Surname: Used to identify the author of a comment.
- Email address: Used as a username for login and for any service communications related to the account (e.g., password recovery).
- Password: Collected to protect account access. The password is stored in an encrypted (hashed) format and is never visible in plain text to the Controller.
Data for newsletter subscription:
- Email address: Collected for the sole purpose of sending the Blog's newsletter.
- Preferred Language (IT/EN): Collected for the sole purpose of sending the Blog's newsletter in the language selected by the user, to ensure a better reading experience.
Technical data for web analytics (only after consent):
If you consent to analytics cookies, the Site uses Google Analytics 4 (GA4). In this case GA4 may collect:
- Browser information (user agent), device/screen data (e.g., screen resolution), language, page URL and referrer, event timestamps.
- Anonymous identifiers stored in first-party cookies to distinguish sessions and visitors (e.g., “_ga”, “_ga_<container-id>”).
- Network metadata like IP address may transit as part of standard HTTP communication; Google Analytics 4 does not store or log IP addresses.
- If you do not consent, GA4 does not set or read cookies. Only anonymized, non-identifiable cookieless pings are sent for limited measurement purposes.
3. Purposes and Legal Basis of Processing
Data is processed for the following purposes and on the following legal bases:
| Purpose | Data Processed | Legal Basis |
|---|---|---|
| Purpose: Account creation and management for commenting | Data Processed: Name, Surname, Email address, Password | Legal Basis: Performance of a contract to which the data subject is party (provision of the commenting service) - Art. 6(1)(b) GDPR |
| Purpose: Sending newsletters and content updates | Data Processed: Email address, Preferred language | Legal Basis: Explicit consent (Art. 6(1)(a) GDPR) |
| Purpose: Displaying comments on articles | Data Processed: Name, Surname (associated with the comment content) | Legal Basis: Performance of the service requested by the user (publication of the comment) - Art. 6(1)(b) GDPR |
| Purpose: Web analytics (Google Analytics 4) with Consent Mode v2 | Data Processed: Technical metadata; if consent is given, first-party analytics identifiers (e.g., “_ga”, “_ga_<container-id>”) and event data | Legal Basis: Consent (Art. 6(1)(a) GDPR). Without consent, only anonymized cookieless pings are sent and no analytics cookies are used. |
4. Collection Methods
Data is provided directly by the User through: the account registration form, which is required to comment on articles; the newsletter subscription form.
Before submitting the data, the User must review this Policy. Creating an account or subscribing to the newsletter constitutes acceptance of the conditions described herein. For newsletter subscription, explicit consent is requested via a specific checkbox.
5. Retention Period
Personal data is kept for the time strictly necessary to achieve the stated purposes:
- User account data: Data (name, surname, email) is retained as long as the account remains active. Upon a deletion request from the User, personal data will be deleted. Published comments may be retained in an anonymized form.
- Newsletter data: The email address and preferred language are retained until the User revokes consent (unsubscribes) and, in any case, no longer than 2 years from the last interaction (e.g., opening a newsletter).
For GA4, user-level and event-level data are retained for a period configured within Google Analytics. Standard properties allow 2 or 14 months. The Controller has configured a 14-month retention period.
6. Processing Methods and Security
Data processing is carried out exclusively on electronic systems and tools protected by adequate technical and organizational measures (e.g., data encryption, password hashing, regular backups, access control with secure credentials), to ensure integrity, confidentiality, and protection against unauthorized access, loss, or destruction. No paper files or documents are used for the storage of personal data.
7. Data Communication and Dissemination
Personal data is not communicated or disclosed to third parties. The sending of newsletters and emails is handled entirely by the Controller, using their own systems and infrastructure or generic hosting services that do not involve sharing data with external parties. No personal data is transferred or made accessible to external data processors.
8. Cookies
The Site uses only the cookies necessary for its operation and, subject to your consent, Google Analytics 4 (GA4) cookies for audience measurement.
- Technical session cookies: Deleted when the browser is closed.
- Authentication cookies: Used to keep the User's session active after login.
Analytics cookies (set only if you consent):
- _ga (2 years): used to distinguish users.
- _ga_<container-id> (2 years): used to persist session state.
- When consent is denied (`analytics_storage='denied'`), GA4 does not set or read cookies; only anonymized cookieless pings are transmitted.
No third-party marketing/profiling cookies are used. You can change or withdraw your consent at any time via the consent banner or by contacting the Controller.
9. Rights of Data Subjects
- Access to personal data;
- Rectification or integration of incorrect or incomplete data;
- Erasure ('right to be forgotten');
- Restriction of processing;
- Data portability;
- Objection to processing;
To exercise these rights, the User can send a request via email to: [email protected]. The User can also manage their data and delete their account directly from their personal area on the Site, where provided. [email protected]
10. Privacy Policy Updates
The Controller reserves the right to modify this Policy at any time. Any updates will be published on this page with an indication of the last revision date.
Last updated: July 26, 2025