Legal Document

Privacy Policy

Last updated: June 2025 GDPR compliant Version 1.0
Data Controller — Legal Details
Company NameE CONSULTING ADVISOR S.R.L.S.
Full Legal NameE CONSULTING ADVISOR SOCIETA' A RESPONSABILITA' LIMITATA SEMPLIFICATA
Trading Ase-consultadvisor
REA NumberRM-1777243
Tax Code / Registro Imprese18318481001
VAT Number (Partita IVA)IT18318481001
Registered AddressViale Antonio Ciamarra 259, 00173 Roma (RM), Italy
CountryItaly
Privacy Contacteconsultingadvisor25@gmail.com

1. Data Controller

E CONSULTING ADVISOR S.R.L.S., trading as e-consultadvisor (hereinafter "we", "us", "our"), is the Data Controller for personal data collected through this website and in the context of our services, in accordance with EU Regulation 2016/679 (GDPR) and the Italian Privacy Code (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018).

As Data Controller, we determine the purposes and means of processing your personal data. For all privacy-related enquiries or to exercise your rights, contact us at econsultingadvisor25@gmail.com.

2. Personal Data We Collect

2.1 Data You Provide Directly

  • Contact and identity data: Full name, email address, phone number, company name, job title — collected when you submit a quote request, contact form, or enquiry.
  • Service data: Project descriptions, requirements, technical specifications, and other information you provide when engaging our services.
  • Communications data: Emails, messages, and correspondence exchanged with us during the course of a service engagement or support request.
  • Payment data: Billing name, address, and invoice details. We do not store payment card numbers — payments are processed by third-party providers who are PCI-DSS compliant.
  • Account credentials: Usernames and passwords shared by clients for the purpose of carrying out agreed work (e.g. CMS access, server credentials). These are handled with strict confidentiality and deleted after use.

2.2 Data Collected Automatically

  • Usage data: IP address, browser type and version, operating system, referring URL, pages visited, time and date of visit, time spent on pages.
  • Device data: Device type, screen resolution, language preferences.
  • Cookie data: Data collected via cookies and similar tracking technologies. See our Cookie Policy for full details.
  • Log data: Server logs automatically record requests made to our website, including IP addresses, request timestamps, and response codes.

2.3 Data from Third Parties

  • Publicly available professional information (e.g. LinkedIn profiles) where relevant to a business enquiry.
  • Referral data when you are introduced to us by a mutual contact or partner.

3. How We Use Your Personal Data

PurposeData UsedLegal Basis
Responding to quote requests and enquiriesName, email, project detailsLegitimate interests / Pre-contractual steps
Delivering contracted servicesContact, service, communications dataContract performance
Invoicing and payment processingBilling data, contact detailsContract performance / Legal obligation
Customer support and after-sales serviceContact, communications dataContract performance / Legitimate interests
Sending service updates and important noticesEmail, nameContract performance / Legitimate interests
Marketing communications (newsletter, offers)Email, nameConsent
Website analytics and improvementUsage data, cookie dataLegitimate interests / Consent
Legal compliance and fraud preventionAny relevant dataLegal obligation / Legitimate interests
Accounting and tax recordsBilling and transaction dataLegal obligation

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Legal Basis for Processing

Under the GDPR, we rely on the following legal bases:

  • Contract performance (Art. 6(1)(b)): Processing necessary to perform a contract with you or take pre-contractual steps at your request (e.g. delivering services, invoicing).
  • Legal obligation (Art. 6(1)(c)): Processing required to comply with Italian and EU law (e.g. tax records, anti-money laundering requirements).
  • Legitimate interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests, provided these are not overridden by your rights. Examples include website security, analytics, fraud prevention, and direct marketing to existing clients.
  • Consent (Art. 6(1)(a)): Where we have asked for and received your explicit consent (e.g. marketing emails, non-essential cookies). You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We may share your data in the following limited circumstances:

5.1 Service Providers (Data Processors)

We engage trusted third-party providers who process data on our behalf, subject to binding Data Processing Agreements. These include:

  • Email and communication platforms (e.g. Google Workspace) — for email and document management.
  • Payment processors — for secure invoice and payment handling.
  • Cloud hosting providers — for website and service infrastructure.
  • Analytics providers — for website usage analysis (see Cookie Policy).
  • Accounting software — for invoicing and financial records.

5.2 Legal Requirements

We may disclose personal data if required to do so by law, court order, or governmental authority, or where we believe disclosure is necessary to protect our legal rights, prevent fraud, or ensure the safety of individuals.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of the Company, personal data may be transferred as part of that transaction. We will notify affected individuals before their data is transferred and becomes subject to a different privacy policy.

6. International Data Transfers

Our primary operations are based in Italy (EU). Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

  • Transfers to countries recognised by the European Commission as providing adequate protection.
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Binding Corporate Rules or other approved transfer mechanisms.

For example, Google services (Google Workspace, Google Analytics) may process data on servers located in the United States under Google's SCCs and EU-US Data Privacy Framework certification.

7. Data Retention

Data CategoryRetention PeriodReason
Client contract and project data10 years after project endItalian civil law statute of limitations
Invoices and financial records10 yearsItalian tax law (D.P.R. 600/1973)
Pre-contractual enquiries (no contract formed)2 yearsLegitimate interests
Marketing consent recordsUntil consent withdrawn + 1 yearCompliance with consent obligation
Website analytics data26 monthsStandard analytics retention
Server access logs12 monthsSecurity and abuse prevention
Support communications3 years after last interactionLegitimate interests

After the applicable retention period, data is securely deleted or anonymised. We review data holdings periodically and delete data that is no longer necessary.

8. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR. To exercise any of these rights, contact us at econsultingadvisor25@gmail.com. We will respond within 30 days (extendable to 90 days for complex requests).

  • Right of access (Art. 15): You may request a copy of all personal data we hold about you and information about how it is processed.
  • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
  • Right to erasure / "right to be forgotten" (Art. 17): You may request deletion of your personal data where it is no longer necessary, where you withdraw consent, or where processing is unlawful — subject to our legal retention obligations.
  • Right to restriction of processing (Art. 18): You may request that we limit processing of your data in certain circumstances (e.g. while a rectification request is being assessed).
  • Right to data portability (Art. 20): Where processing is based on consent or contract and is carried out by automated means, you may request your data in a structured, machine-readable format.
  • Right to object (Art. 21): You may object to processing based on legitimate interests, including direct marketing. Where you object to direct marketing, we will stop processing immediately.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at garanteprivacy.it or with the supervisory authority of your EU member state of residence.

We will never charge a fee for exercising your rights unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or refuse to act.

9. Security of Your Data

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL.
  • Access controls and authentication for systems containing personal data.
  • Regular security assessments and vulnerability monitoring.
  • Staff awareness and confidentiality obligations.
  • Secure deletion of data when no longer required.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Art. 34 GDPR. All qualifying breaches are reported to the Garante within 72 hours as required by Art. 33 GDPR.

10. Children's Privacy

Our services are directed at businesses and professional adults. We do not knowingly collect personal data from individuals under the age of 16. If you believe a child has provided us with personal data, please contact us immediately at econsultingadvisor25@gmail.com and we will delete it promptly.

11. Third-Party Links

Our website may contain links to third-party websites, tools, or services. This Privacy Policy applies only to our own website and services. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies before providing any personal data.

12. Cookies

We use cookies and similar tracking technologies on our website. For full details of the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "last updated" date at the top of this page will reflect the most recent revision.

For material changes, we will provide notice by email or a prominent notice on our website prior to the change taking effect. We encourage you to review this policy periodically.

14. Contact & Data Protection Authority

For any privacy-related questions, to exercise your rights, or to raise a concern:

E CONSULTING ADVISOR S.R.L.S. — e-consultadvisor
Viale Antonio Ciamarra 259, 00173 Roma (RM), Italy
Email: econsultingadvisor25@gmail.com
VAT: IT18318481001  ·  REA: RM-1777243

You also have the right to contact the Italian Data Protection Authority directly:

Garante per la protezione dei dati personali
Piazza Venezia n. 11, 00187 Roma (RM), Italy
Website: garanteprivacy.it
Email: garante@garanteprivacy.it