Privacy Policy

Hoplo S.r.l. · Via Fontana 25, 20122 Milano (Italy) · VAT IT08450220010.

Email: privacy@hoplo.com · PEC: hoplo@legalmail.it

• Identification and contact data (name, surname, company, role, email, phone).
• Data provided in free-text fields (message, notes, request details).
• Technical and security data (IP address, user-agent, timestamp, server logs).
• Tracking and behavioral data on the marketing website (page views, sessions, clicks, referral, device · via Google Analytics 4, Microsoft Clarity, Google Tag Manager).
• Advertising and conversion data (campaign attribution, ad clicks · via Meta Pixel, Google Ads conversion tracking), only with prior consent.
• Preference data related to optional marketing consent.

• Managing requests sent through forms (Art. 6(1)(b) GDPR · pre-contractual measures requested by the data subject).
• Complying with legal obligations and handling security / fraud prevention (Art. 6(1)(c) and Art. 6(1)(f) GDPR).
• Aggregate analytics, advertising campaign measurement, retargeting and UX improvement on the marketing website (Art. 6(1)(a) GDPR · explicit consent, granted via the cookie banner and revocable at any time).
• Sending informational or promotional communications only with specific optional consent (Art. 6(1)(a) GDPR and Art. 130 Italian Privacy Code).
• For existing customers, commercial emails on similar services may be sent under Art. 130(4) Italian Privacy Code, with opt-out available at any time.

Data marked as mandatory in forms is necessary to process your request. Marketing consent is always optional and does not affect service or response.

Data may be processed by authorized internal personnel and by external providers appointed as data processors. The main categories of recipients are: website hosting (Hetzner Online GmbH, Germany · EU), consent management (Hu-manity), analytics (Google LLC, Microsoft Corp.), advertising and conversion tracking (Google LLC, Meta Platforms Ireland Ltd / Meta Platforms Inc.), email delivery for transactional and marketing communications (Mailgun Technologies Inc., EU region). Data is not publicly disclosed. The full list of processors is available on request.

Website hosting (Hetzner) and email dispatch (Mailgun EU region) reside within the EU. Some advertising / analytics providers (Google, Meta, Microsoft) are based in the United States. Transfers occur under GDPR safeguards · adequacy decisions where applicable (EU-US Data Privacy Framework) and Standard Contractual Clauses (SCC) for the rest, complemented by additional technical and organisational measures (encryption in transit, IP truncation, IP anonymisation where supported).

• Contact / demo / partner / download requests: up to 24 months from collection, unless further legal retention is required.
• Technical and security logs: up to 12 months, unless needed for security investigations or legal defense.
• Marketing consent data: until withdrawal and in any case no longer than 24 months from consent.
• Analytics, advertising and tracking data: based on each provider settings and your active consent · cookie preferences expire after 12 months and are re-prompted.

Under Articles 15 to 22 of the GDPR, the data subject has the right to:

• Access · obtain confirmation of whether personal data is being processed and a copy of it (Art. 15).
• Rectification · correct inaccurate or incomplete data (Art. 16).
• Erasure · request deletion of data when there is no longer a lawful basis (Art. 17).
• Restriction · request the limitation of processing in specific cases (Art. 18).
• Portability · receive data in a structured, commonly used and machine-readable format and transmit it to another controller (Art. 20).
• Object · object to processing based on legitimate interest or for direct marketing purposes at any time, free of charge and without justification (Art. 21).
• Withdraw consent · withdraw consent previously given at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3)).
• Automated decisions · not be subject to a decision based solely on automated processing that produces legal or significantly similar effects (Art. 22 · we do not currently make such decisions).

Requests can be sent to privacy@hoplo.com or to the contact details listed in this policy. Requests are free of charge and we reply within 30 days as required by GDPR.

Where personal data is processed for direct marketing purposes (including profiling related to such marketing), the data subject can object at any time, free of charge and without justification. Following the objection, the data is no longer processed for those purposes.

You can lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it), without prejudice to other judicial remedies.

Personal data may be used by the Controller to defend its rights in court or in pre-litigation proceedings against any abuse of this website or related services.

For operational and maintenance purposes, this website and any third-party services it uses may collect system logs · files that record interactions and may include personal data such as the user IP address. These logs are retained for the period strictly necessary to ensure security and stability of the service.

This privacy policy may be updated over time. The latest version is always published on this page. Where changes affect processing based on consent, we will request renewed consent if required.