Privacy policy.

1. Data controller

The data controller is Aegis Regula Consulting, with registered office at [registered office address] (the “Controller”). For any matter relating to the processing of personal data, the Controller can be contacted at [email protected].

This notice concerns this website only and does not extend to other websites that may be reached through external links.

2. Categories of data processed

While browsing and using the services of this website, the following categories of personal data may be processed:

• Browsing data — the IT systems operating this website acquire, in the course of their normal operation, certain data whose transmission is implicit in the use of Internet communication protocols (IP addresses, access times, pages visited, device and browser parameters). This information is used solely to ensure the proper functioning and security of the website.
• Data provided voluntarily — data submitted through the call request form, the preliminary assessment, or by emailing the addresses indicated: first and last name, company, business email, role and the content of the message.

Please do not enter special categories of data (Art. 9 GDPR) or confidential or technically sensitive information not required for your request into the website forms: substantive matters are addressed during a confidential conversation, under a non-disclosure agreement where appropriate.

3. Purposes and legal bases of processing

Personal data are processed for the following purposes:

• Responding to contact and call requests — legal basis: performance of pre-contractual measures taken at the data subject’s request (Art. 6(1)(b) GDPR).
• Providing the guidance requested through the preliminary assessment — legal basis: the data subject’s consent (Art. 6(1)(a) GDPR), which may be withdrawn at any time.
• Ensuring website security and preventing abuse or unlawful access — legal basis: the Controller’s legitimate interest (Art. 6(1)(f) GDPR).
• Complying with obligations under laws or regulations — legal basis: legal obligation (Art. 6(1)(c) GDPR).

Providing the data requested in the forms is optional; failure to provide them only means the request cannot be processed. Data are not used for marketing purposes, are not transferred to third parties for commercial purposes, and are not subject to profiling or automated decision-making (Art. 22 GDPR).

4. Processing methods

Processing is carried out using IT and telematic tools, with logic strictly related to the purposes indicated and through the adoption of technical and organisational measures adequate to ensure the confidentiality, integrity and availability of the data (Art. 32 GDPR). Access to the data is limited to persons authorised and instructed by the Controller.

5. Retention period

Data are retained for no longer than is strictly necessary to achieve the purposes for which they were collected:

• data relating to contact requests and assessments are kept for the time needed to handle the request and, in the absence of a subsequent engagement, deleted within 24 months of the last contact;
• browsing data are kept for the technically necessary time, normally no longer than 12 months, except where needed to investigate unlawful activity;
• further retention periods may arise from legal obligations or from the need to protect the Controller’s rights.

6. Data recipients

Data are not disclosed to the public. They may be accessed exclusively by: persons authorised to process them by the Controller; providers of technical services essential to the operation of the website (hosting, email, IT infrastructure), appointed as data processors pursuant to Art. 28 GDPR; and the competent authorities, in the cases provided for by law.

7. Transfers outside the EU

Data are normally processed within the European Union. Where technical service providers entail the transfer of data to third countries, such transfers take place only on the basis of an adequacy decision of the European Commission or of the appropriate safeguards provided for by Articles 44 et seq. GDPR (for example, standard contractual clauses).

8. Data subject rights

As a data subject, you may exercise at any time the rights provided for by Articles 15–22 GDPR, including:

• access to your personal data and to information about the processing (Art. 15);
• rectification of inaccurate data or completion of incomplete data (Art. 16);
• erasure of data, in the cases provided for (Art. 17);
• restriction of processing (Art. 18);
• data portability (Art. 20);
• objection to processing based on legitimate interest (Art. 21);
• withdrawal of consent, without affecting the lawfulness of processing carried out before withdrawal (Art. 7).

Requests may be sent to [email protected]. You also retain the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali, www.garanteprivacy.it) pursuant to Art. 77 GDPR.

9. Cookies

This website uses technical cookies only, which are necessary for the proper functioning of its pages and for storing the language preference. Such cookies do not require the user’s consent, pursuant to Art. 122 of the Italian Privacy Code and the Guidelines of the Italian Data Protection Authority.

No profiling cookies or third-party tracking tools are used. Should any be introduced in the future, this notice will be updated and, where required, prior consent will be requested through a dedicated banner.

You may in any case manage or disable cookies through your browser settings; disabling technical cookies may impair some website features.

10. Minors

The website and its services are aimed at professional operators and are not intended for persons under 18 years of age. The Controller does not knowingly collect personal data of minors.

11. Changes to this notice

The Controller reserves the right to amend or update this notice, including as a result of regulatory changes or the introduction of new services. Updated versions are published on this page with an indication of the date of last update. Please review it periodically.