Last Update: December 28, 2025
This Privacy Notice ("Notice") is provided pursuant to Article 13 of EU Regulation 2016/679 ("GDPR") and Articles 13 and 14 of Legislative Decree 196/2003 ("Privacy Code"), as amended by Legislative Decree 101/2018, to users who access and browse the website zenithtoday.com (hereinafter "Site").
1. Data Controller
Pursuant to Article 4, paragraph 7, of the GDPR, the Data Controller is:
Alessandro Giusti
Email address: procurandum@gmail.com
The Data Controller can be contacted for any information or request related to the processing of personal data.
2. Categories of Personal Data Processed
2.1 Navigation Data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category includes:
- IP addresses or domain names of devices used by users
- URI (Uniform Resource Identifier) addresses of the resources requested
- Time of the request
- Method used to submit the request to the server
- Size of the file obtained in response
- Numeric code indicating the status of the server response
- Parameters related to the user's operating system and computer environment
2.2 Account Registration Data
Users who choose to register on the Site voluntarily provide the following personal data:
- Name and Surname: used to personalize the user experience and identify the subscriber
- Username: unique identifier for account access
- Email address: used for account verification, password recovery, and service communications
- Password: stored in encrypted form (bcrypt hash) and never accessible in plain text
Registration requires email verification via a confirmation link sent automatically. The account will not be active until verification is completed.
2.3 Subscription Data
Users who subscribe to a paid subscription to access personalized forecasts provide the following data:
- Billing data: name, surname, address (if required for billing)
- Payment data: managed directly by PayPal. The Site does not store credit card numbers or sensitive payment data
- PayPal transaction ID: stored for subscription management and customer support
- Subscription history: start dates, expiration dates, and subscription status
Payments are processed through PayPal. For information on how PayPal processes data, please refer to the PayPal Privacy Policy.
2.4 Data Provided Voluntarily by the User
Through the use of specific features of the Site (e.g., ascendant calculation, astrological quizzes, contact forms), the user may voluntarily provide some personal data, including:
- Date, time, and place of birth (for ascendant calculation)
- Email address (for potential communications)
- Answers to quizzes or surveys
2.5 Cookies and Tracking Technologies
The Site uses technical cookies and, with the user's consent, third-party profiling cookies. For detailed information, please refer to the Cookie Policy.
3. Purpose and Legal Basis of Processing
Personal data is processed for the following purposes:
| Purpose | Legal Basis (Article 6 GDPR) |
|---|---|
| Provision of requested services (horoscopes, ascendant calculation, quizzes) | Execution of a contract or pre-contractual measures (Article 6.1.b) |
| Registration and account management | Execution of a contract or pre-contractual measures (Article 6.1.b) |
| Email verification and account security | Legitimate interest of the Controller (Article 6.1.f) |
| Service communications related to the account | Execution of a contract (Article 6.1.b) |
| Subscription and payment management via PayPal | Execution of a contract (Article 6.1.b) |
| Technical management of the Site and IT security | Legitimate interest of the Controller (Article 6.1.f) |
| Anonymous and aggregated statistical analysis of traffic | Legitimate interest of the Controller (Article 6.1.f) |
| Display of personalized advertisements | Consent of the data subject (Article 6.1.a) |
| Compliance with legal obligations | Legal obligation (Article 6.1.c) |
| Judicial protection | Legitimate interest of the Controller (Article 6.1.f) |
4. Processing Methods
Personal data is processed using computerized and telematic tools, with logic strictly related to the purposes indicated, and in any case, in a manner that guarantees the security and confidentiality of the data, in compliance with Article 32 of the GDPR.
Data is processed at the Controller's headquarters and at the data centers of service providers, located within the European Union.
5. Data Retention Period
Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected, in compliance with the principle of minimization under Article 5, paragraph 1, letter e) of the GDPR.
- Navigation data: retained for a maximum of 12 months from collection
- Account registration data: retained for the entire duration of the account and for a maximum of 12 months from account cancellation
- Subscription and payment data: retained for 10 years as required by Italian tax legislation
- Data provided through forms: retained until cancellation by the user or for a maximum of 24 months from the last use
- Data for legal obligations: retained for the period prescribed by applicable legislation
6. Data Recipients
Personal data may be communicated to:
- Technical service providers acting as Data Processors under Article 28 of the GDPR (e.g., hosting providers, analytics services)
- Email service providers for sending transactional emails (account verification, password recovery)
- Public authorities, when required by law or by orders of competent authorities
- Consultants and professionals for the protection of the Controller's rights
Personal data is not sold to third parties and is not subject to dissemination.
7. Data Transfer to Third Countries
Some third-party services used by the Site may involve the transfer of data to countries outside the European Economic Area. In such cases, the transfer is carried out in compliance with the guarantees provided for in Chapter V of the GDPR, including:
- European Commission adequacy decisions
- Standard Contractual Clauses approved by the European Commission
- Other appropriate safeguards under Article 46 of the GDPR
8. Third-Party Services
The Site uses the following third-party services:
8.1 PayPal (Payments)
Payment service provided by PayPal Holdings, Inc. used to manage subscriptions. Payment data is processed directly by PayPal according to its Privacy Policy. The Site only receives payment confirmation and transaction ID.
8.2 Google Analytics
Web analysis service provided by Google LLC. The data collected is used to analyze the use of the Site in anonymous and aggregated form. For more information: Google Privacy Policy.
8.3 Google AdSense
Advertising service provided by Google LLC that uses cookies to display ads relevant to the user's interests. For more information: How Google uses advertising cookies.
8.4 Google reCAPTCHA
Anti-spam protection service provided by Google LLC, used in registration and login forms to prevent unauthorized automated access. For more information: Google Privacy Policy.
9. User Account Management
9.1 Reserved Area
Registered users can access their Reserved Area where they can:
- View and modify their personal data
- Change their access password
- Request cancellation of their account
9.2 Account Cancellation
The user can request cancellation of their account at any time by sending a request to the Controller's email address. Following cancellation:
- All personal data associated with the account will be removed within 30 days
- Data necessary for legal obligations may be retained for the period prescribed by legislation
- Anonymized and aggregated data may be retained for statistical purposes
10. Rights of the Data Subject
Pursuant to Articles 15-22 of the GDPR and Article 7 of Legislative Decree 196/2003, the data subject has the right to:
- Access (Article 15 GDPR): obtain confirmation of the existence of processing and access to their personal data
- Rectification (Article 16 GDPR): obtain the correction of inaccurate personal data or the integration of incomplete data
- Erasure (Article 17 GDPR): obtain the erasure of their personal data in the cases provided for by law ("right to be forgotten")
- Restriction (Article 18 GDPR): obtain the restriction of processing in the cases provided for by law
- Portability (Article 20 GDPR): receive their data in a structured, commonly used, and machine-readable format
- Objection (Article 21 GDPR): object to processing at any time for legitimate reasons
- Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal
To exercise these rights, the data subject can send a written request to the email address: procurandum@gmail.com.
11. Right to Lodge a Complaint
Pursuant to Article 77 of the GDPR and Article 141 of Legislative Decree 196/2003, the data subject who believes that the processing of their personal data is in violation of current legislation has the right to lodge a complaint with the Italian Data Protection Authority:
Italian Data Protection Authority
Piazza Venezia, 11 - 00187 Rome
Email: protocollo@gpdp.it
PEC: protocollo@pec.gpdp.it
Website: www.garanteprivacy.it
12. Nature of Data Provision
Providing navigation data is necessary for using the Site. Providing other personal data (e.g., for ascendant calculation or registration) is optional; however, failing to provide it may make it impossible to provide the requested service.
For registration: Providing name, username, email, and password is necessary for account creation. Without this data, registration cannot be completed.
13. Automated Decision-Making Process
The Site does not adopt automated decision-making processes, including profiling, under Article 22, paragraphs 1 and 4, of the GDPR, which produce legal effects or similarly significant effects on the data subject.
14. Data Security
The Controller adopts technical and organizational measures to guarantee a level of security appropriate to the risk, under Article 32 of the GDPR, including:
- Encryption of data in transit using the HTTPS/TLS protocol
- Protection of computer systems with firewalls and intrusion prevention systems
- Periodic backups of data
- Limited access to data to authorized personnel only
- Encryption of user passwords using the bcrypt algorithm
- Email verification using a unique token with a time limit
- Protection of registration and login forms using reCAPTCHA
15. Changes to this Notice
The Controller reserves the right to modify, update, or integrate this Notice at any time. Changes and updates will be binding as soon as they are published on the Site. Users are therefore invited to periodically consult this page.
16. Contacts
For any information or clarification regarding this Notice or the processing of personal data, you can contact the Controller:
Alessandro Giusti
Email: procurandum@gmail.com
This Notice is provided pursuant to Article 13 of EU Regulation 2016/679 (GDPR) and Articles 13 and 14 of Legislative Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018.