Privacy Policy

techiteurope.com — Digital Ethics & Cyber Protection

Last updated: 2026-03-31 — Eduardo Maschietto

GDPR compliant   |   No data selling   |   European standards   |   Transparent by design

TechIT Europe practices what it advises. This notice explains exactly what personal data this website collects, why, on what legal basis, and what rights you have over that data.

This site is operated by Eduardo Maschietto, independent consultant, Italian citizen, operating as TechIT Europe. Contact: contact@maschiettoadvisory.com

1. What we collect

We collect the minimum data necessary to provide our services and respond to enquiries:

  • Service enquiry forms: name, email address, company (if applicable), type of service requested, and any information you choose to include.
  • Individual and company intake forms: depending on the service, we may collect additional context such as the nature of the issue, country of operation, or description of the digital risk you are facing. This is provided voluntarily by you.
  • Technical logs: standard server logs (IP address, browser type, page visited, timestamp) used for security and website reliability only.

We do not collect sensitive personal data. We do not use automated decision-making or profiling. We do not track your activity across other websites.

2. Legal basis for processing

All data processing is based on one of the following legal grounds under GDPR Art. 6:

  • Responding to service enquiries: legitimate interest (Art. 6(1)(f)) — we have a legitimate interest in responding to people who contact us voluntarily.
  • Delivering contracted services: performance of a contract (Art. 6(1)(b)) — when an engagement is established, processing is necessary to deliver the agreed service.
  • Security and abuse prevention via technical logs: legitimate interest (Art. 6(1)(f)) — necessary to maintain a secure and reliable website.
  • Email communications for service updates (where opted in): consent (Art. 6(1)(a)) — you may withdraw consent at any time.

3. How we use your data

Data is used exclusively for:

  • Evaluating and responding to service enquiries
  • Delivering advisory, audit, or coaching services once an engagement is established
  • Security, reliability, and abuse prevention

We do not sell personal data. We do not share data with third parties for marketing purposes. We do not use your data to build advertising profiles.

4. Third-party services

We use the following third-party services that may process limited personal data:

  • WordPress hosting and plugins: the site runs on WordPress. Hosting and core infrastructure providers process limited technical data. We apply security hardening and keep plugins updated.
  • Contact and enquiry forms: form submissions may be processed by a third-party form provider before delivery to our inbox.
  • Google services (if applicable): if Google Analytics or other Google tools are active, data is processed under Google’s privacy framework with anonymisation enabled where possible.

Where providers are outside the European Economic Area, data transfers are governed by Standard Contractual Clauses as required by GDPR Art. 46.

5. Data retention

  • Enquiries without a resulting engagement: maximum 24 months from last interaction, then permanently deleted.
  • Data related to an active or completed engagement: retained for the duration of the engagement plus 5 years for professional record-keeping.
  • Technical logs: maximum 90 days, used only for security and reliability.

6. Your rights

As a data subject under GDPR, you have the right to:

  • Access — obtain a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion where there is no overriding legal basis for retention
  • Restriction — limit how your data is used in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact: contact@maschiettoadvisory.com. We will respond within 30 days. Complex requests may take up to 60 days, with prior notification.

7. Right to lodge a complaint

You have the right to lodge a complaint with your national data protection supervisory authority at any time. Examples: Garante per la Protezione dei Dati Personali for Italy (garanteprivacy.it), the ICO for the United Kingdom (ico.org.uk), or the supervisory authority in your EU member state. A full list of EU supervisory authorities is available at edpb.europa.eu.

8. Security

We apply technical and organisational measures appropriate to the risk: access controls, encrypted communications, regular security reviews, and data minimisation practices. As a cybersecurity advisory practice, security is applied to our own operations before we advise others on theirs.

9. Updates

This policy may be updated to reflect changes in our services or applicable law. The date at the top of the page reflects the most recent revision.

Privacy requests: contact@maschiettoadvisory.com techiteurope.com — Digital Ethics & Cyber Protection for Europe