Legal

Privacy Policy

Pursuant to Arts. 13 and 14 of Regulation (EU) 2016/679 (GDPR)

Last updated: April 2026

Data Controller

This Privacy Policy describes how personal data is processed by OpsEvolution (hereinafter "Controller" or "we"), a professional services firm providing growth operations consulting for Italian industrial technology companies.

Email: [email protected]

Website: opsevolution.co

1. Scope of Application

This Privacy Policy applies to the processing of personal data collected through:

  • Our website opsevolution.co and any other website linking to this Policy;
  • Our professional consulting services, including the development of revenue-producing assets (Qualified Buyer Map, Trade Show Pipeline Accelerator, Stakeholder Content Kit, Industry-Specific ROI Engine), full pipeline build engagements, and field operations programmes;
  • Commercial communications, marketing activities, and events.

2. Categories of Personal Data Processed

2.1 Data provided directly by the data subject

We collect personal data that you voluntarily provide to us, including:

  • Identification data: first name, last name, professional title, company name;
  • Contact data: email address, telephone number, postal address, LinkedIn profile;
  • Professional data: role, industry, career information, technical competencies;
  • Billing data: tax identification number, VAT number, bank details, billing address;
  • Content: information, documents, and materials provided for the execution of the Services.

2.2 Data collected automatically

When you visit our website, we automatically collect certain technical information:

  • Navigation data: IP address, browser type and version, operating system, pages visited, date and time of access, time on page;
  • Location data: country and city of origin (derived from IP address);
  • Device data: device identifiers, screen resolution.

2.3 Special categories of data

We do not intentionally collect special categories of data (formerly "sensitive data") under Art. 9 GDPR, such as health data, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, or data concerning sexual life or orientation.

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and on the following legal bases:

3.1 Performance of a contract (Art. 6.1.b GDPR)

  • Delivery of the requested Services (revenue-producing assets, consulting, retained engagements);
  • Management of the contractual relationship and related communications;
  • Invoicing and payment management;
  • Responding to pre-contractual enquiries.

3.2 Compliance with legal obligations (Art. 6.1.c GDPR)

  • Tax and accounting obligations (invoice retention, tax declarations);
  • Compliance with orders from public or judicial authorities;
  • Fraud and money laundering prevention.

3.3 Legitimate interests of the Controller (Art. 6.1.f GDPR)

  • Improvement of services and performance analysis;
  • Protection of our legal rights;
  • IT security and abuse prevention;
  • Anonymised use of produced assets for portfolio purposes.

3.4 Consent of the data subject (Art. 6.1.a GDPR)

  • Sending commercial communications and newsletters;
  • Named use of case studies and references;
  • Installation of non-technical cookies.

Consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent given before withdrawal.

4. Processing Methods

Personal data is processed using manual, electronic, and telematic tools, with logic strictly related to the purposes indicated above, in a manner that ensures the security and confidentiality of the data, in compliance with the technical and organisational measures required under Art. 32 GDPR. In particular, we adopt: encryption of communications (HTTPS/TLS), authentication and access control systems, periodic backups, regular updates of IT systems, and training of authorised personnel.

5. Recipients of Data

Your personal data may be shared with the following categories of recipients:

  • Authorised personnel: collaborators and consultants of the Controller, duly authorised to process data and bound by confidentiality;
  • Data processors (Art. 28 GDPR): hosting and cloud service providers, email and communication service providers, payment service providers, accountants and tax consultants, web analytics and marketing tool providers;
  • Independent controllers: public and judicial authorities where required by law, legal professionals, banking institutions for payment management.

6. International Data Transfers

Your personal data is stored on servers located within the European Union. Where it is necessary to transfer data to third countries outside the European Economic Area, such transfer will only occur where: the destination country has been recognised by the European Commission as providing an adequate level of protection (adequacy decision under Art. 45 GDPR); appropriate safeguards have been adopted, such as standard contractual clauses approved by the European Commission (Art. 46.2.c GDPR); or one of the derogations under Art. 49 GDPR applies.

7. Retention Period

Personal data will be retained for the time strictly necessary to achieve the purposes for which it was collected:

  • Contractual data: for the duration of the contractual relationship and for 10 years following its termination (ordinary limitation period and tax obligations);
  • Tax and accounting data: for 10 years from the invoice date, pursuant to applicable tax legislation;
  • Marketing data: until withdrawal of consent or, in the case of legitimate interest, until the data subject objects;
  • Navigation data: for the time strictly necessary for technical site management, and in any event no longer than 24 months.

Upon expiry of the retention period, data will be deleted or irreversibly anonymised.

8. Rights of the Data Subject

Pursuant to Arts. 15–22 GDPR, you have the right to:

  • Access (Art. 15): obtain confirmation of whether your personal data is being processed and, if so, access the data and information about the processing;
  • Rectification (Art. 16): obtain correction of inaccurate personal data or completion of incomplete data;
  • Erasure (Art. 17): obtain deletion of personal data where the legal conditions are met;
  • Restriction (Art. 18): obtain restriction of processing in the cases provided by law;
  • Portability (Art. 20): receive personal data in a structured, commonly used, machine-readable format and transmit it to another controller;
  • Objection (Art. 21): object at any time to the processing of personal data based on legitimate interest, including profiling;
  • Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of processing based on consent given before withdrawal.

To exercise your rights, please send a written request to: [email protected]. We will respond within one month of receipt. This period may be extended by two months where necessary, taking into account the complexity and number of requests.

9. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority:

Garante per la Protezione dei Dati Personali

Piazza Venezia, 11 — 00187 Roma, Italy

Tel: (+39) 06 696771

Email: [email protected]

Website: www.garanteprivacy.it

We invite you to contact us first to attempt to resolve any issue collaboratively.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to ensure the correct functioning of the site, improve the browsing experience, and — with your consent — for analytics and marketing purposes. For full details, please consult our Cookie Policy.

11. Automated Decision-Making

We do not engage in fully automated decision-making processes, including profiling, that produce legal effects or similarly significantly affect you, pursuant to Art. 22 GDPR.

12. Updates to This Policy

This Privacy Policy may be updated periodically to reflect changes in our processing practices or to comply with new regulatory requirements. In the event of material changes, we will notify you via a notice on our website or, where possible, by direct communication. We invite you to consult this page periodically to stay informed about how we protect your personal data.