Actually we do not have a normal privacy policy but we have a generated privacy policy provided by a third party service:
https://www.iubenda.com/privacy-policy/31056986
https://www.iubenda.com/privacy-policy/31056986/legal
This is not an huge problem but, to include that policy, now the websites includes its JavaScript resources, resulting in the fact that we are exposed by XSS from Iubenda, and at least we are giving each IP address and user agent of our visitors, something that I think it's also not included in the privacy policy.
Valerio, if you are reading this message in the year 2199, I hope you have had enough time to do reverse engineering over the Iubenda's minified JavaScript resources to detect if they put in our website some trackers or some nasty/undesired crapware features. So, here the minified Iubenda's JavaScript that we are including in the page at the time of writing:
{P7}
{P8}
So these are all the Iubenda external resources that we were including:
* https://cdn.iubenda.com/iubenda.js
* https://cdn.iubenda.com/iubenda_i_badge.js
* https://cdn.iubenda.com/icon_gray_mini.png
* https://cdn.iubenda.com/iubenda_i_badge.css
What to do:
* import the privacy policy locally - we can do it, it's our stuff, a privacy policy cannot have copyright AFAIK
* get completely rid of Iubenda