Your privacy rights (GDPR)
Last updated: 06/05/2026
The EU Regulation 2016/679 (GDPR) grants you a series of rights over your personal data. This page summarises how and when you can exercise them with Andrea Berni (WaveStaq).
What are your rights
📋 Right of access (Art. 15)
You can request to know whether we process your personal data and, if so, obtain a copy of such data along with information on how it is processed (purposes, categories of data, recipients, retention period).
✏️ Right of rectification (Art. 16)
If the data we hold about you is inaccurate or incomplete, you have the right to request its correction or completion.
🗑️ Right to erasure — "right to be forgotten" (Art. 17)
You can request the deletion of your data when:
- It is no longer necessary in relation to the purposes for which it was collected
- You have withdrawn consent and there is no other legal basis for processing
- You have objected to the processing and there are no overriding legitimate grounds
- It has been processed unlawfully
- It must be deleted to comply with a legal obligation
⏸️ Right to restriction (Art. 18)
You can request temporary suspension of the processing of your data, for example while we verify the accuracy of data you have contested.
📦 Right to data portability (Art. 20)
You have the right to receive your data in a structured, machine-readable format (e.g. JSON, CSV) and to transmit it to another data controller.
🚫 Right to object (Art. 21)
You can object at any time to processing based on the legitimate interest of the Controller. In such case we will stop the processing, unless we demonstrate the existence of compelling legitimate grounds that override your interests.
🔄 Right to withdraw consent (Art. 7.3)
When processing is based on your consent (e.g. statistics cookies), you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
For cookies: use the shield icon in the bottom-left of every page of the Site.
⚖️ Right to lodge a complaint (Art. 77)
If you believe that the processing of your data infringes the GDPR, you can lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali):
- Website: www.garanteprivacy.it
- Email: protocollo@gpdp.it
- Address: Piazza Venezia, 11 — 00187 Rome, Italy
How to exercise your rights
To exercise one or more of the rights listed above, write to:
📧 info@wavestaq.com
In the subject line: "GDPR rights request — [type of right]" (e.g. "GDPR rights request — access").
In your request include:
- First name, surname and contact (email or postal address for the response)
- Which right you want to exercise
- Any useful information to identify your data (e.g. date of a form submitted, email address used)
- (Optional) Copy of an identity document if the request concerns sensitive data and you have doubts about our ability to identify you
Response times
We will respond within 30 days of receiving the request (Art. 12.3 GDPR), extendable by a further 60 days in cases of particular complexity — in such case we will inform you of the extension within the initial deadline.
The exercise of rights is free of charge. Only in the case of manifestly unfounded or excessive requests (in particular repetitive ones) may we charge a reasonable fee or refuse the request giving reasons for the refusal.
Request form
To facilitate the exercise of rights, the Italian Data Protection Authority provides a pre-filled form that you can download and adapt:
👉 Form "Data subject rights" — Italian Data Protection Authority
Related documents
- Full Privacy Policy — extended notice on all processing operations
- Cookie Policy — specific notice on cookies
For any request, write to info@wavestaq.com. We respond within 30 days.
WaveStaq