Maschietto Advisory

Privacy

This privacy notice explains what personal data is collected on this website, why it is collected, the legal basis for processing, how it is used, and how you can exercise your rights. This site is operated by Eduardo Franco Maschietto, independent consultant, Italian citizen. Contact: contact@maschiettoadvisory.com

Data minimization Confidential by default No selling of data GDPR compliant

What we collect

This site collects limited personal data in the following ways:

  • Request form submissions — name, email address, role or context, request type, and any information you choose to include in your message.
  • Links you provide — the form requests public links only. Do not submit private credentials or sensitive documents through the form.
  • Basic technical logs — standard server and security logs (IP address, browser type, timestamps) used solely for reliability and abuse prevention.

We do not collect sensitive data (special categories under GDPR Art. 9). We do not use automated decision-making or profiling.

How we use your data and legal basis

We process personal data only for the following purposes, each with a specific legal basis under GDPR Art. 6:

  • Responding to enquiries and requests — legal basis: legitimate interest (Art. 6(1)(f)). We have a legitimate interest in responding to people who contact us voluntarily through the site.
  • Delivering advisory work once an engagement is established — legal basis: performance of a contract (Art. 6(1)(b)).
  • Security, reliability, and abuse prevention via technical logs — legal basis: legitimate interest (Art. 6(1)(f)), necessary to maintain a safe and functioning website.

We do not sell personal data. We do not use submissions for advertising or marketing profiles.

Third-party services

We use the following third-party services that may process limited personal data on our behalf:

  • Form processing (Formspree or equivalent) — your form submission is transmitted to a third-party provider and delivered to our inbox. Check the provider's own privacy policy for their data handling practices.
  • Hosting and infrastructure — standard CDN and hosting services process limited technical data to deliver the website.

Where these providers are located outside the European Economic Area, transfers are governed by Standard Contractual Clauses or equivalent safeguards as required by GDPR Art. 46.

If you prefer not to use the contact form, you may reach us directly at contact@maschiettoadvisory.com.

Retention

  • Contact form submissions without an established engagement — maximum 24 months from the date of last interaction, after which data is permanently deleted.
  • Data related to an advisory engagement — retained for the duration of the engagement plus 5 years, in line with standard professional record-keeping obligations.
  • Technical logs — maximum 90 days, used solely for security and reliability.

Your rights under GDPR

If you are located in the European Economic Area or United Kingdom, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your data where there is no overriding legal basis for retention.
  • Restriction — request that we limit how we use your data in certain circumstances.
  • Portability — request your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interest.

To exercise any of these rights, contact us at contact@maschiettoadvisory.com. We will respond within 30 days of receiving your request. In complex cases this may be extended to 60 days, with prior notification.

Right to lodge a complaint

You have the right to lodge a complaint with the supervisory authority in your country of residence at any time.

  • Italy — Garante per la Protezione dei Dati Personali: garanteprivacy.it
  • United Kingdom — Information Commissioner's Office: ico.org.uk
  • Other EU member states — contact the national data protection authority in your country. Full list at edpb.europa.eu.

Confidentiality boundary

Submissions are treated as confidential by default. However, confidentiality is not the same as legal privilege. If you require a specific legal confidentiality framework, state it explicitly at intake.

Updates

This notice may be updated to reflect changes in the website or operational practices. Material changes will be reflected on this page.

Last updated: 2026-03-31 — v2

Contact

For privacy-related requests, use the intake form as the initial channel and indicate "Privacy request" in the message, or contact through the same email thread used for your submission.

Request → Services