SeptimaDomus
Privacy Policy
Last updated: May 15, 2026
This privacy policy describes how we collect, use, and protect your personal data when you use our personalized Birth Chart generation service ("Service").
Personal data processing complies with EU Regulation 2016/679 (GDPR) and applicable Italian law (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018).
1. Data Controller
The Data Controller for personal data processing is:Ivan Santonastase
Address: Via Arese 39/2, 20020 Robecchetto con Induno (MI), Italy
VAT Number: 01673550081
Email: [email protected]
2. Personal Data Collected
We collect the following personal data:Identifying data: first name, last name, email address.
Birth data: date of birth, time of birth (optional), place of birth.
Payment data: handled directly by Stripe, Inc. We do not have access to your full credit card details.
Browsing data: IP address, browser type, pages visited (session technical cookies only).
Birth data (date, time, place) may indirectly reveal sensitive information. We process it with the utmost care.
3. Legal Basis and Purposes of Processing
We process your data for the following purposes:Contract performance (Art. 6.1.b GDPR): to generate and deliver the purchased personalized Birth Chart.
Legal obligations (Art. 6.1.c GDPR): tax and accounting obligations related to the transaction.
Legitimate interest (Art. 6.1.f GDPR): fraud prevention, system security.
The legal basis for processing birth data (special category under Art. 9 GDPR) is your explicit consent, given by filling out the form and submitting the order.
4. Data Retention Period
We retain your personal data for the time strictly necessary for the described purposes:Sensitive data (date, time, place of birth) and contact data (email) are automatically anonymized 90 days after order completion through an automated deletion process (data purge).
The generated PDF is simultaneously deleted from our system.
Data required for tax obligations (amount, transaction date) are retained for 10 years as required by Italian law.
You can request early deletion of your data at any time (see Section 5).
5. Your Rights
To exercise your rights, write to: [email protected]We will respond within 30 days.
6. Data Recipients
Your personal data is processed by our authorized personnel and may be disclosed to the following data processors appointed under Art. 28 GDPR:Stripe, Inc. — payment processing.
Sendinblue (Brevo) — transactional email delivery.
Google LLC (Gemini API) — AI-based Birth Chart content generation.
OpenStreetMap / Nominatim — birth location geocoding.
We do not sell, share, or transfer your data to third parties for marketing purposes.
7. International Data Transfers
Some of our providers (Stripe, Google, Brevo) are based in the United States. Data transfers to non-EU countries are based on:Standard Contractual Clauses (SCC) approved by the European Commission.
Certification under the EU-US Data Privacy Framework (DPF), where applicable.
You can request a copy of the adopted safeguards by writing to the Data Controller's address.
8. Cookies
This site uses strictly necessary, analytics and marketing cookies. Strictly necessary cookies are required for site operation and do not need consent. Analytics and marketing cookies are activated only after your explicit consent.Strictly necessary cookies: ASP.NET session, antiforgery (CSRF), language preference, cookie preferences storage.
Analytics cookies: Google Analytics via Google Tag Manager, to measure traffic and improve the site (operating in Consent Mode v2).
Marketing cookies: used to display personalised advertising.
You can change your choices at any time by clicking .
Below is the detailed list of cookies in use.
9. Complaints
If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or the supervisory authority of your country of residence.We encourage you to contact us first so we can try to resolve any issues.
10. Changes to This Privacy Policy
This privacy policy may be updated periodically to reflect regulatory changes or Service developments. The date of the last update is indicated at the top of this document.In the event of substantial changes, we will notify you by email (if available) or via a notice on the site before the changes become effective.
Cookie Declaration
Up-to-date list of cookies set by this site. Optional categories are activated only after consent.
Strictly necessary cookies
| Name | Domain | Expiry | Purpose |
|---|---|---|---|
| .AspNetCore.Session | This site | Session | User session management. |
| .AspNetCore.Antiforgery.* | This site | Session | Protects forms against CSRF attacks. |
| .AspNetCore.Culture | This site | 1 year | Stores selected language. |
| cc_cookie | This site | 6 months | Stores user cookie preferences. |
Analytics cookies (consent required)
| Name | Domain | Expiry | Purpose |
|---|---|---|---|
| _ga | .google-analytics.com | 2 years | Distinguishes unique users (Google Analytics). |
| _ga_* | .google-analytics.com | 2 years | Persists session state (Google Analytics 4). |
| _gid | .google-analytics.com | 24 hours | Identifies users for the duration of a session. |
Marketing cookies (consent required)
| Name | Domain | Expiry | Purpose |
|---|---|---|---|
| _gcl_au | This site | 3 months | Google Ads conversion tracking. |
| IDE | .doubleclick.net | 13 months | Remarketing and ad campaign measurement. |