Skip to content

LEGAL_POLICY

Privacy Policy

Version 1.0.0 Updated 2026-04-12 GDPR Art. 13-14

This notice describes how personal data is processed when users visit spectrosec.com or use the services provided by SPECTROSEC. The document is drafted under Articles 13-14 of Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.

01. Data controller

โš  SECTION BEING UPDATED

Formal identification of the Data Controller will be published once SPECTROSEC's VAT registration is complete (upcoming). In the meantime, for any request under Articles 15-22 GDPR please write to privacy@spectrosec.com.

02. Types of data collected

Data provided by the user

  • Contact form: name, email, company, free-text message.
  • Newsletter: email address.
  • Assessment requests: technical details about the infrastructure to test, voluntarily provided during scoping.

Data collected automatically

  • Web server logs: IP address, user-agent, requested URL, timestamp, referrer โ€” retained for up to 12 months for security and troubleshooting.
  • Technical cookies required for the site to function (language preference, cookie consent). No tracking or profiling cookies.

The site does not use Google Analytics, Facebook Pixel, Hotjar or similar user profiling services. Fonts and icons are self-hosted with no third-party calls.

03. Purposes of processing

  • Handling contact and quotation requests (contact form, direct email).
  • Sending the SPECTROSEC Intelligence Briefing newsletter, only after explicit consent.
  • Delivering contractually requested services (assessment, pentest, consulting).
  • Compliance with legal and tax obligations.
  • Site security: detection and prevention of fraudulent or abusive activity.

05. Retention period

  • Contact form requests: 24 months from receipt.
  • Newsletter subscriptions: Until unsubscribe request.
  • Server logs: 12 months (legal obligation).
  • Cookies: Max 12 months, renewable after consent renewal.
  • Contractual data: 10 years from the end of the relationship, under civil and tax law.

06. Data recipients

Personal data may be shared with:

  • External data processors, appointed under Art. 28 GDPR: hosting provider, email provider, CDN.
  • Legal and tax advisors of the Controller, within the scope of their professional engagement.
  • Public authorities when required by law or legal order.

Data is never disseminated, sold, or transferred to third parties for commercial purposes.

07. Non-EU data transfer

Some technical providers (e.g. CDN, email) may operate infrastructure located outside the European Economic Area. In such cases, transfer occurs exclusively to countries with an adequacy decision by the European Commission, or through:

  • Standard Contractual Clauses (SCC) adopted by the EU Commission on 4 June 2021.
  • Adherence to the EU-US Data Privacy Framework (where applicable).

08. Your rights

Under Articles 15-22 GDPR, you have the right to:

  • Access your personal data (Art. 15).
  • Rectify inaccurate data (Art. 16).
  • Erase your data ("right to be forgotten", Art. 17).
  • Restrict processing (Art. 18).
  • Data portability in a structured, machine-readable format (Art. 20).
  • Object to processing (Art. 21).
  • Withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.

To exercise these rights, email privacy@spectrosec.com. The Controller responds within 30 days (extendable by up to 60 additional days in case of particular complexity).

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante) or another competent supervisory authority.

09. Data Protection Officer (DPO)

Under Art. 37 GDPR, SPECTROSEC is not required to appoint a Data Protection Officer, as its core activities do not involve large-scale processing of special category or criminal-conviction data, nor systematic large-scale monitoring of data subjects.

A privacy point of contact is nonetheless available at privacy@spectrosec.com.

10. Cookie policy

Technical cookies

The site uses only technical cookies strictly necessary for basic functionality; under Art. 122 of the Italian Privacy Code and the Italian DPA guidelines of 10 June 2021, no consent is required:

  • spectrosec-lang โ€” stores the user's language choice (IT or EN). Duration: 12 months.
  • spectrosec-cookie-consent โ€” stores the user's choice on the cookie banner. Duration: 12 months.

Profiling and analytics cookies

The site currently does not install profiling cookies or analytics tools. Should they be introduced in the future, they will be subject to prior explicit consent via cookie banner, with the right to withdraw.

How to manage cookies

You can delete or block cookies directly from your browser settings. Disabling technical cookies may impair site functionality.

11. Changes to this notice

The Controller reserves the right to modify this notice at any time to reflect legislative changes or operational updates. Material changes will be notified on the site and, where appropriate, by email.

Version 1.0.0 ยท Last updated: 2026-04-12