Privacy Policy
Last updated: March 25, 2026
Data Controller
Yellow Tech S.R.L.
Via Carlo Boncompagni 3B, 20139 Milano
Email: info@yellowtech.it
C.F. / P.IVA: 10568721210
Data Collected
The platform collects the following categories of personal data:
- Email address
- Contact form data: first name, last name, phone number, company, job title, LinkedIn profile
- Tracking data: IP address, pageviews, device logs, operating system, browsing history, and browser information
Fields marked as required in forms are necessary to provide the service. All other fields are optional.
Purposes and Legal Bases for Processing
User data is collected for the following purposes, each with its legal basis under Article 6 of EU Regulation 2016/679:
| Purpose | Legal basis |
|---|---|
| Managing contact requests | Performance of pre-contractual measures (Art. 6.1.b) |
| Collecting privacy preferences and managing consents | Legal obligation (Art. 6.1.c) |
| Statistical analysis of browsing (analytics cookies) | User consent (Art. 6.1.a) |
| Direct marketing communications (email, phone) | User consent (Art. 6.1.a) |
| Profiling for marketing purposes | User consent (Art. 6.1.a) |
| Security, fraud prevention, system logs | Legitimate interest of the Controller (Art. 6.1.f) |
Processing Methods
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of data. Data is processed using electronic and/or digital tools, with organizational and logical methods strictly related to the stated purposes.
In addition to the Data Controller, in some cases the following parties may have access to the data: administrative, sales, marketing, and legal staff, as well as external parties appointed as data processors.
Main Data Processors
- Vercel Inc. (San Francisco, USA) — website hosting and CDN
- Neon Inc. (USA) — PostgreSQL database for form data storage
- Resend Inc. (USA) — email notification delivery
- Google LLC (USA) — Google Analytics (GA4) for statistical analysis, Google Maps for the contact page map
Transfers Outside the EU
Transfers of personal data to third countries (in particular the United States) only occur to entities covered by the EU-US Data Privacy Framework, adequacy decisions of the European Commission, or through Standard Contractual Clauses (SCCs) approved by the Commission.
Data Retention
Personal data is retained for the time strictly necessary to fulfill the purposes for which it was collected:
- Contact form data: 24 months from collection, unless a contractual relationship is established
- Direct marketing data: until consent is withdrawn, and in any case no longer than 24 months from the last interaction
- Analytics cookies: according to the durations indicated in the Cookie Policy
- System logs: 90 days, for security purposes
- Accounting and tax data: 10 years from the end of the relationship, as required by Italian law
At the end of the retention period, data is deleted or irreversibly anonymized.
User Rights
Under Articles 15-22 of EU Regulation 2016/679 (GDPR), the user has the right to:
- Withdraw consent at any time
- Object to the processing of their data
- Access their personal data
- Verify and request rectification of their data
- Request restriction of processing
- Obtain erasure of their data
- Receive their data in a structured, machine-readable format (portability)
- Lodge a complaint with the competent supervisory authority
Right to Object
When processing is based on the legitimate interest of the Data Controller, the user may object on grounds relating to their particular situation.
For direct marketing, the right to object may be exercised at any time, free of charge and without providing any reason.
Exercising Your Rights
Requests regarding the exercise of the above rights should be addressed to the Data Controller at the contact details provided at the beginning of this notice. The Data Controller will respond as promptly as possible and in any case within 30 days of receiving the request, as required by Article 12 of the GDPR.
Supervisory Authority
The user has the right to lodge a complaint with the competent supervisory authority:
Garante per la protezione dei dati personali (Italian Data Protection Authority)
Piazza Venezia 11, 00187 Rome, Italy
Website: www.garanteprivacy.it
Email: garante@gpdp.it
PEC: protocollo@pec.gpdp.it
System Logs
The platform automatically collects system logs that may contain personal data such as the user's IP address. This data is processed exclusively for technical and security purposes and retained for 90 days.
Do Not Track
This website does not support “Do Not Track” requests.
Changes to This Privacy Policy
The Data Controller reserves the right to make changes to this privacy policy at any time, notifying users on this page. In the event of substantial changes to consent-based processing, the Data Controller will collect new consent where necessary.
Cookie Policy
For information on the use of cookies, please refer to our Cookie Policy.