Privacy Policy
Last updated: March 2026
This Privacy Policy explains how BoreaTech SRLS collects, uses, and protects personal data when you visit our website or interact with our services. We are committed to processing your data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Italian data protection legislation.
1. Data Controller
The data controller responsible for your personal data is:
BoreaTech SRLS
[PLACEHOLDER]
P.IVA: [PLACEHOLDER]
Email: [email protected]
2. What We Collect
We may collect the following categories of personal data:
| Category | Examples | Source |
|---|---|---|
| Contact information | Email address | Contact form submission |
| Technical data | IP address, browser type, device info, pages visited | Automatic collection via server logs |
| Usage data | Interaction patterns, referral source | Automatic collection |
We do not collect special categories of personal data (e.g., health, biometric, or political data).
3. How We Use Data
We process your personal data for the following purposes:
- Responding to inquiries — to reply to messages submitted through our contact form.
- Website operation — to serve, secure, and improve our website.
- Follow-up marketing — to send relevant updates about our products, only with your explicit consent.
- Legal compliance — to meet our legal and regulatory obligations.
4. Legal Basis (GDPR Art. 6)
We rely on the following legal bases for processing your personal data:
| Purpose | Legal Basis | GDPR Reference |
|---|---|---|
| Responding to contact form inquiries | Legitimate interest | Art. 6(1)(f) |
| Follow-up marketing communications | Consent | Art. 6(1)(a) |
| Website security and operation | Legitimate interest | Art. 6(1)(f) |
| Legal compliance | Legal obligation | Art. 6(1)(c) |
Where we rely on legitimate interest, we have conducted a balancing test and determined that our interests do not override your fundamental rights and freedoms. You may object to processing based on legitimate interest at any time (see Section 7).
5. Data Sharing
We do not sell your personal data. We share data only with the following processors, each bound by a Data Processing Agreement:
| Processor | Purpose | Safeguards |
|---|---|---|
| Cloudflare, Inc. | Website hosting, CDN, and DDoS protection | EU Standard Contractual Clauses (SCCs) |
| Google LLC (Gmail) | Email routing and delivery | EU Standard Contractual Clauses (SCCs) |
We may also disclose data where required by law, regulation, or lawful request by public authorities.
6. Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this policy:
- Contact form data — retained for up to 12 months after the last communication, unless a longer retention period is required by law.
- Technical/server logs — retained for up to 90 days.
- Marketing consent records — retained for as long as your consent is valid, plus any period required by applicable record-keeping obligations.
When data is no longer needed, it is securely deleted or anonymised.
7. Your Rights
Under the GDPR (Articles 15–21), you have the following rights regarding your personal data:
- Right of access (Art. 15) — obtain confirmation of whether we process your data and request a copy.
- Right to rectification (Art. 16) — correct inaccurate or incomplete personal data.
- Right to erasure (Art. 17) — request deletion of your personal data ("right to be forgotten").
- Right to restriction (Art. 18) — restrict the processing of your data under certain conditions.
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
- Right to object (Art. 21) — object to processing based on legitimate interest, including direct marketing.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days of receiving your request.
Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
8. Cookies
Our website uses only strictly necessary, first-party cookies required for basic site functionality (e.g., Cloudflare security cookies). We do not use analytics cookies, advertising cookies, or third-party tracking cookies.
Because these cookies are strictly necessary for the operation of the site, they do not require consent under GDPR and the ePrivacy Directive. If we introduce non-essential cookies in the future, we will update this policy and implement a consent mechanism before deployment.
The following Cloudflare cookies may be set when you visit our website:
| Cookie | Purpose | Duration |
|---|---|---|
__cf_bm |
Bot detection and management | 30 minutes |
cf_clearance |
Security challenge verification | Session |
__cflb |
Load balancing | Session |
9. Security Measures
We implement appropriate technical and organisational measures to protect your personal data, including:
- HTTPS/TLS encryption for all data in transit.
- Cloudflare DDoS protection and Web Application Firewall.
- Access controls limiting who can view submitted contact data.
While no system is completely secure, we continuously review and improve our security practices.
10. Children’s Privacy
Our website is intended for business professionals aged 18 and over. We do not knowingly collect personal data from individuals under 16. If we become aware that we have collected data from someone under 16, we will delete it promptly.
11. International Transfers
Some of our processors (Cloudflare, Google) may transfer personal data outside the European Economic Area (EEA). Where such transfers occur, they are protected by:
- EU Standard Contractual Clauses (SCCs) — as adopted by the European Commission, ensuring an adequate level of data protection.
- Supplementary measures — including encryption in transit and at rest, as appropriate.
You may request a copy of the applicable safeguards by contacting us at [email protected].
12. Contact & Complaints
For any questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at:
BoreaTech SRLS
Email: [email protected]
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Italian supervisory authority:
Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Rome, Italy
Website: www.garanteprivacy.it