Cookie consent

We use cookies to improve your experience and for analytics, as described in our Privacy Policy and Cookie Policy. You can accept, reject, or customize your choices anytime.
AcceptRejectManage
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
mokka studio logo
HomeServicesIndustriesPortfolioTechnologyProcess
Get in touch:info@mokkastudios.com
Contact Us
Contact Us
HomeServicesIndustriesPortfolioTechnologyProcess
Get in touch:info@mokkastudios.com
Contact Us
Get in touch:info@mokkastudios.com
HomeServicesIndustriesPortfolioTechnologyProcess
Home
Services
Industries
Portfolio
Technology
Process
Contact Us
Contact Us

Privacy Policy

Effective date: 17 Aug 2025
Last updated: 17 Aug 2025

1. Who we are (Data Controller)

Mokka Studios
Via Bernardo Quaranta, 45, 20139 Milano (MI), Italy
VAT: 12283950967
privacy@mokkastudios.com
This Privacy Policy explains how Mokka Studios collects and processes personal data in connection with this website and our services.
If you contact us about this Policy or wish to exercise your rights, email privacy@mokkastudios.com.

2. Scope and roles

This Policy covers:
• Visitors to our website and recipients of our communications.
• Prospective and existing business contacts (B2B).
• Job applicants.
For client projects, Mokka may act as a processor (service provider) handling data on a client’s behalf under a Data Processing Addendum (DPA). In those cases, the client’s privacy notice governs the processing and your requests should be directed to the client.

3. What we collect

We collect the following categories of data:
• Contact & business details: name, work email, company, role, phone (if provided), message content.
• Commercial information: project interests, services requested, meeting notes, proposal/contract metadata.
• Recruitment data: CV/resume, cover letters, portfolio links, interview notes.
• Usage & device data: IP address, user agent, device type, pages viewed, referrer, timestamps, consent choices, and similar technical logs.To improve website performance
• Attribution & analytics data (consent-based): UTM parameters, an anonymized first-touch/last-touch record, and analytics identifiers (e.g., GA4 client/session IDs only after consent).
• Documents you request: preferences for security documents (e.g., DPA, pen-test letter, sub-processor list).
We do not intentionally collect sensitive data via this website. Please do not include special categories of personal data in free-text fields.

4. Why we use your data (purposes & legal bases)

We process personal data only when we have a lawful basis under the GDPR (and equivalent laws). Typical purposes include:
• Responding to enquiries and providing proposals — Legitimate interests to respond (Art. 6(1)(f)) and/or steps before contract (Art. 6(1)(b)).
• Performing a contract and client onboarding — Contract (Art. 6(1)(b)).
• Operating the website, security, and fraud prevention — Legitimate interests (Art. 6(1)(f)).
• Consent-based analytics & measurement (e.g., GA4 with Consent Mode) — Consent (Art. 6(1)(a)).
• Marketing communications (e.g., newsletters if subscribed) — Consent (Art. 6(1)(a)).
• Recruitment — Steps prior to contract (Art. 6(1)(b)) and/or Consent (Art. 6(1)(a)).
• Legal compliance and recordkeeping — Legal obligation (Art. 6(1)(c)).
We do not use your data for automated decisions that produce legal or similarly significant effects.

5. How we collect data

• Directly from you via website forms, email, meetings, events.
• Automatically via cookies/SDKs and server logs (only strictly necessary cookies load by default; analytics load after consent).
• Operating the website, security, and fraud prevention — Legitimate interests (Art. 6(1)(f)).
• From your organization if we work with you on a project.
• From public business sources (e.g., LinkedIn) for B2B outreach where permitted by law.

6. Cookies, consent & analytics

We use a consent banner that allows you to accept or reject Analytics cookies. Essential cookies (for security and basic site functions) always run.
• Consent Mode (v2): Until you grant analytics consent, GA4 runs in a restricted, cookieless mode. On consent, GA4 may set client/session IDs.
• Attribution storage: We store first/last-touch UTM parameters and a random anon_id in local storage to populate forms and help attribute leads. This does not identify you across sites.
• Manage choices: Use the Cookie Settings link in the footer to change or withdraw consent at any time. Withdrawal does not affect past lawful processing.
See our Cookie Settings for details of tools and categories in use.

7. Sharing and recipients

We share data only as needed:
• Service providers/sub-processors (hosting, email, analytics, forms, security scanning).
• Professional advisors (legal, accounting) under confidentiality.
• Business transfers (e.g., merger/acquisition) where lawfully permitted.
• Legal & safety (to comply with law, enforce agreements, or protect rights).

8. International data transfers

When transferring personal data outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and risk assessments, or rely on adequacy decisions where available. Copies of relevant safeguards can be requested via privacy@mokkastudios.com.

9. Your rights & supervisory authority

If you are in the EU/EEA or UK, you have the following rights (subject to conditions and limits in law):
• Access to your personal data
• Rectification of inaccurate data
• Erasure (“right to be forgotten”)
• Restriction of processing
• Objection to processing based on legitimate interests
• Portability of data you provided
• Withdraw consent at any time (where processing is based on consent)
You also have the right to lodge a complaint with a supervisory authority. In Italy, this is the Garante per la protezione dei dati personali (Italian Data Protection Authority). You may also complain to the authority of your habitual residence or place of work.
For individuals in jurisdictions with similar rights (e.g., UAE PDPL), we will honor applicable requests.
How to exercise your rights:
Email privacy@mokkastudios.com with your request. We may ask for information to verify your identity and will respond within applicable statutory timelines.

10. Children’s data

Our website and services are directed to business users. We do not knowingly collect personal data from children.

11. Third-party links

Our site may link to third-party sites or services. Their privacy practices are governed by their own policies.

12. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date reflects the latest version. Significant changes will be highlighted on this page or via reasonable notice.

13. Contact

Questions, requests, or complaints: privacy@mokkastudios.com
Security reports (urgent): security@mokkastudios.com
Postal: Mokka Studios, Via Bernardo Quaranta, 45, 20139 Milano (MI), Italy