Privacy Policy

Last updated: 9 March 2026 · Version 2026-03-09-v2

1. Data controller

Dynamics Consulting di Corrado Patierno ("we", "us", "our") is the data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 (GDPR).

Registered office: Via Torino 2, 20123 Milano, Italy
VAT number: IT 10651160961
Data protection contact: privacy@dynamicsconsulting.it

2. Personal data we collect

2.1 Contact form

When you submit the contact form we collect: name, email address, company name (optional), project type (optional), referral source (optional), and message content. This data is processed solely to respond to your enquiry.

2.2 Website analytics

If you enable the "Analytics" preference in the consent banner, we collect anonymous, aggregated page-visit statistics (page URLs, referral source, device type, country). No cookies are set for this purpose and no individual user is identified or tracked.

2.3 AI Assistant (chatbot)

This website may feature an AI-powered conversational assistant. In accordance with Article 50(1) of the EU AI Act (Regulation (EU) 2024/1689), we inform you that:

The chatbot is an artificial intelligence system, not a human being. It functions as a digital assistant that provides information about our services and expertise.
Your conversation messages are sent to a third-party AI model provider to generate responses. Messages are processed in real time and are not used to train or fine-tune any AI model.
Conversation data is retained for a maximum of 90 days for quality assurance, then permanently deleted.
The AI Assistant is activated only if you explicitly enable the "AI Assistant" category in the consent banner.

2.4 Cookies and local storage

We use the following client-side storage:

Name	Type	Purpose	Duration
`dc_privacy_consent`	localStorage	Stores your consent preferences (categories accepted, version, timestamp)	Until cleared by you or policy version update

We do not use tracking cookies, advertising cookies, or third-party profiling cookies.

3. Legal basis for processing

Processing activity	Legal basis (GDPR)
Contact form submission	Explicit consent — Art. 6(1)(a). You provide consent by checking the required checkbox before submitting.
Analytics	Consent — Art. 6(1)(a). Optional, controlled via banner toggle.
AI Assistant conversations	Consent — Art. 6(1)(a). Optional, controlled via banner toggle.
Essential cookies / consent record	Legitimate interest — Art. 6(1)(f). Strictly necessary for the website to function and to demonstrate GDPR compliance.

4. Consent mechanism and records

On your first visit a consent banner is displayed. You may:

Accept all — enables analytics and AI Assistant.
Essential only — no optional processing is enabled.
Manage preferences — choose individual categories (Analytics, AI Assistant) with granular toggles.

Each choice is recorded in your browser's local storage with a timestamp, consent version, and selected categories. This record serves as proof of consent under Art. 7(1) GDPR. You can change your preferences at any time by clearing your browser data, which will cause the banner to re-appear.

4.1 Withdrawal of consent

You may withdraw consent at any time by:

Clearing your browser local storage (the banner will re-appear)
Emailing privacy@dynamicsconsulting.it

Withdrawal does not affect the lawfulness of processing carried out before the withdrawal (Art. 7(3) GDPR).

5. Data retention

Data category	Retention period
Contact form submissions	24 months from submission, then deleted unless a business relationship has been established
AI Assistant conversations	90 days, then permanently deleted
Analytics data	Aggregated and anonymous — no individual deletion applies
Consent record (local storage)	Until you clear browser data or a new policy version is published

6. Data sharing and sub-processors

We do not sell, rent, or trade your personal data. Data is shared only with the following categories of processors, all bound by Data Processing Agreements (DPAs):

Processor category	Purpose	Location
Email delivery (Resend)	Sending contact-form notification emails	USA (see Section 7)
Cloud hosting (Vercel)	Website infrastructure and edge delivery	EU / USA (see Section 7)
AI model provider	Generating AI Assistant responses	USA (see Section 7)

7. International data transfers

Some of our sub-processors are based in the United States. These transfers are protected by:

The EU–US Data Privacy Framework (adequacy decision C(2023) 4745), where the processor is a certified participant; or
Standard Contractual Clauses (SCCs) approved by Commission Decision 2021/914, supplemented by a Transfer Impact Assessment where required.

You may request a copy of the applicable safeguards by writing to privacy@dynamicsconsulting.it.

8. Automated decision-making and AI transparency

8.1 GDPR — Article 22

We do not subject you to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. The AI Assistant provides informational responses only and does not make decisions about contracts, pricing, or eligibility.

8.2 EU AI Act — Article 50 transparency obligations

In compliance with Regulation (EU) 2024/1689 (the AI Act), we disclose:

Nature of the system: the AI Assistant is a conversational AI system that generates text-based responses using a large language model (LLM).
Provider: the underlying model is supplied by a third-party AI model provider. We do not develop or train the base model.
Capabilities and limitations: the assistant provides general information about our services and technology expertise. It may produce inaccurate or incomplete answers. It is not a substitute for professional advice.
Human oversight: critical decisions (proposals, contracts, technical architectures) are always made by a human professional — Corrado Patierno or his team.
Identification: the chatbot clearly identifies itself as an AI system in every interaction and never impersonates a human.
Data processing: conversation messages are processed in real time to generate replies and are not used to train or improve any AI model. See Section 2.3 for retention details.

9. Your rights under GDPR

You have the following rights regarding your personal data:

Access (Art. 15) — obtain a copy of the data we hold about you
Rectification (Art. 16) — correct inaccurate data
Erasure (Art. 17) — request deletion ("right to be forgotten")
Restriction (Art. 18) — limit how we process your data while a dispute is resolved
Data portability (Art. 20) — receive your data in a structured, machine-readable format
Object (Art. 21) — object to processing based on legitimate interests
Withdraw consent (Art. 7(3)) — at any time, as described in Section 4.1

To exercise any right, email privacy@dynamicsconsulting.it. We will respond within 30 days (extendable by 60 days for complex requests, with prior notification).

10. Supervisory authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma, Italy
Website: www.garanteprivacy.it
Email: protocollo@gpdp.it · PEC: protocollo@pec.gpdp.it

11. Security measures

We implement appropriate technical and organisational measures to protect personal data, including:

HTTPS/TLS encryption for all data in transit
Access controls and authentication on all backend systems
Regular security updates and dependency auditing
Minimisation of data collected (data minimisation principle)

12. Children's privacy

This website and its services are intended for business professionals. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have collected data from a minor, please contact us immediately.

13. Changes to this policy

We may update this policy from time to time. When we do, we update the version number and "last updated" date at the top. If the consent version changes, the privacy banner will automatically re-appear to request your updated consent. Material changes are also communicated via email to existing contacts.