Privacy and Cookie Policy Declaration of Accessibility

Privacy Notice pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR")

General Principles of Processing

R.A.L.O. processes personal data in accordance with the principles established by Article 5 of the GDPR: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.

1. Data Controller

The Data Controller is R.A.L.O., a platform currently under formation with its operational headquarters in Italy. Pending the finalization of its legal form, data processing is managed in compliance with applicable regulations by a designated responsible person, reachable at privacy@ralolegal.com

2. Purpose of Processing and Legal Basis

R.A.L.O.'s legitimate interest lies in continuously improving its services, ensuring cybersecurity, monitoring website usage, and providing a user experience consistent with its stated purposes.

3. Types of Data Processes

- Browsing data: IP addresses, device identifiers, browser used, session data.
- Voluntarily provided data: name, surname, email address, information included in contact forms or CVs.
- Cookies: processed according to the updated Cookie Declaration managed via Cookiebot.
- DPO: A Data Protection Officer has not been appointed at this time, as the conditions under Articles 37 et seq. of the GDPR are not met.

For more information about the cookies used, please refer to our Cookie Policy.

4. Processing Methods

Data is processed using IT tools, in compliance with appropriate technical and organizational measures to ensure security and confidentiality, as required by Articles 32 and following of the GDPR.

R.A.L.O. does not carry out automated processing, including profiling, without explicit consent. Should R.A.L.O. introduce automated profiling or behavioral analysis tools in the future, users will be informed in advance and explicit consent will be requested.

5. Data Recipients

Data may be disclosed to:
- Service providers strictly related to the website operation (e.g., hosting, newsletter tools, data analysis);
- Competent authorities as required by law;
- Collaborators and external parties duly authorized and instructed.

6. Use of third-party providers and technologies

R.A.L.O. uses external applications and platforms to operate the website and deliver its services (e.g., hosting, email, newsletter, automations). Providers are selected based on adequate GDPR compliance guarantees (Art. 28). An updated list of external data processors is available upon request at: privacy@ralolegal.com

R.A.L.O. also reserves the right to use, in the future, tools for aggregated data analysis (e.g., analytics) solely to improve user experience and optimize website performance. Such tools, if activated, will be configured in compliance with current legislation and require explicit consent via the cookie banner.

7. Data Transfers to Third Countries

Any transfers to non-EU countries will occur only if appropriate safeguards are in place as per Articles 44 and following of the GDPR. If services involve providers with servers outside the EU (e.g., for newsletters, analytics, or cloud services), data will be transferred only if an adequacy decision or Standard Contractual Clauses approved by the EU Commission exist. R.A.L.O. is committed to managing personal data in line with EU and other applicable international regulations (e.g., UK GDPR, CCPA for California).

8. Data Retention Periods

- Contact data: retained until deletion request or maximum 36 months from the last interaction.
- Technical browsing data: retained up to 7 days, unless required for crime investigations.
- CV data: retained for up to 12 months from receipt.

At the end of the above-mentioned periods, the data will be deleted or anonymized, unless legal obligations require further retention.

9. Data Subject Rights

Users have the right to:
- Access, rectify or delete their data;
- Restrict or object to processing;
- Withdraw consent at any time;
- Request data portability;
- Lodge a complaint with the competent data protection authority (Garante Privacy).

Requests may be sent to: privacy@ralolegal.com

10. Applicable Law
As an entity established in Italy, R.A.L.O. operates in accordance with Regulation (EU) 2016/679 ("GDPR") and the applicable Italian legislation on personal data protection (Legislative Decree 196/2003, as amended).
For matters not explicitly regulated herein, Italian data protection laws shall apply

11. Updates

This privacy notice may be subject to changes. The latest version will always be available on the dedicated website page.


Last update: June 29, 2025

For more information or to file a complaint, please visit the website of the Italian Data Protection Authority: www.garanteprivacy.it