Privacy Policy

This privacy notice describes how personal data collected through www.ermilaniconsulting.com is processed, in compliance with EU Regulation 2016/679 (the “GDPR”) and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (the Italian Privacy Code).

1. Data controller

The data controller is Ermilani Consulting S.R.L., with registered office in Italy.
Email: info@ermilaniconsulting.com

2. Types of data collected

Through the contact form we collect the following personal data, voluntarily provided by the user:

• First and last name
• Email address
• Company name (optional)
• Service of interest
• Message content

We also automatically collect, in aggregated and anonymous form, technical browsing data (IP address, browser type, operating system, pages visited) for statistical and security purposes.

3. Purpose and legal basis of processing

The data collected is processed for the following purposes:

• Responding to enquiries — replying to information requests, contacts or quotes submitted via the contact form.
  Legal basis: performance of pre-contractual measures (Art. 6(1)(b) GDPR) and consent of the data subject (Art. 6(1)(a) GDPR).
• Legal compliance — compliance with legal, regulatory or European obligations.
  Legal basis: legal obligation (Art. 6(1)(c) GDPR).
• Site security and operation — ensuring the proper functioning, security and integrity of the site.
  Legal basis: legitimate interest of the controller (Art. 6(1)(f) GDPR).

4. Method of processing

Data is processed using electronic tools, by authorised and trained personnel, with technical and organisational measures appropriate to the risk (Art. 32 GDPR), in compliance with the principles of lawfulness, fairness, transparency and minimisation.

5. Data retention

Personal data is retained only as long as strictly necessary to achieve the purposes set out above. Specifically:

• Data collected via the contact form: retained for a maximum of 24 months from the last interaction, unless a contractual relationship is established.
• Data relating to contractual relationships: retained for 10 years after the end of the relationship, in compliance with tax and civil obligations.

6. Disclosure of data

The data collected is not sold, transferred or disclosed to third parties for marketing purposes. It may be disclosed to:

• Technical service providers (hosting, email management, form processor) acting as external data processors, bound by a contract under Art. 28 GDPR.
• Judicial or public security authorities, where required by law.

7. Transfer of data outside the EU

Some technical providers (e.g. hosting or email services) may be based outside the European Economic Area. In such cases, transfers occur only to countries that ensure an adequate level of protection, or on the basis of Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR).

8. Rights of the data subject

You may exercise the following rights under Articles 15–22 GDPR at any time:

• Access to personal data (Art. 15)
• Rectification of inaccurate or incomplete data (Art. 16)
• Erasure of data (“right to be forgotten”, Art. 17)
• Restriction of processing (Art. 18)
• Portability of data (Art. 20)
• Objection to processing (Art. 21)
• Withdrawal of consent at any time, without affecting the lawfulness of processing based on consent before withdrawal

To exercise your rights, write to: info@ermilaniconsulting.com

9. Lodging a complaint with the supervisory authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali):

• Website: www.gpdp.it
• Email: protocollo@gpdp.it
• Address: Piazza Venezia 11, 00187 Rome, Italy

10. Cookies and similar technologies

The site uses the following categories of cookies. You can manage your preferences at any time by clicking on “Cookie Preferences” at the bottom of every page.

10.1 Technical cookies (always active)

Necessary for the site to function. No consent required under Art. 122 of Italian Legislative Decree 196/2003. Includes session, security and preference cookies (e.g. storing the user’s cookie consent itself).

10.2 Analytics cookies (Google Analytics 4)

Subject to consent. When the user accepts, we activate Google Analytics 4 in anonymised mode to measure aggregate site traffic.

• Provider: Google Ireland Ltd.
• Purpose: traffic measurement, aggregate browsing behaviour, content optimisation
• Cookies used: _ga, _ga_* (maximum duration 24 months)
• IP anonymisation: enabled
• Data transfer: USA, on the basis of Standard Contractual Clauses (Art. 46 GDPR)
• Provider privacy policy: policies.google.com/privacy

10.3 Marketing cookies

We currently do not use marketing or third-party profiling cookies. If introduced in the future, explicit new consent will be required.

10.4 Google Consent Mode v2

The site implements Google Consent Mode v2: before consent, all non-strictly-necessary cookies are set to “denied”. Only explicit user interaction with the consent banner can change this setting.

10.5 Withdrawing consent

You may withdraw consent at any time by clicking “Cookie Preferences” in the footer. Consent is valid for a maximum of 6 months, after which it will be requested again.

11. Changes to this notice

This Privacy Policy may be updated at any time to reflect regulatory or organisational changes. The date of the latest update is indicated at the top of this page. Users are encouraged to review this section periodically.