Data Controller
The data controller responsible for the personal data processed through this website and related services is Synthos Logic, with headquarters in the European Union.
Data We Collect
We collect only the data strictly required to respond to your enquiry, deliver services you requested, or comply with a legal obligation. We do not build marketing profiles and we do not trade personal data with third parties.
- Identity data — full name, professional role, organization name.
- Contact data — work email, phone number (optional).
- Enquiry data — area of interest, message content, any voluntary details you provide.
- Newsletter data — email, locale, opt-in timestamp — collected only when you explicitly subscribe to the Insights newsletter on synthoslogic.ai/insights.
- Technical data — IP address, user agent, timestamp — used only for security and rate-limiting.
- Usage data — anonymized page views if analytics cookies are accepted.
Purposes of Processing
Personal data collected through this site is processed for the following purposes only:
- Responding to enquiries submitted through the contact form or via email.
- Delivering services, platforms, or advisory engagements you have requested.
- Sending the Insights newsletter to subscribers who have explicitly opted in — consent under Art. 6(1)(a) GDPR, withdrawable at any time (see §06).
- Complying with legal, tax, accounting, and regulatory obligations.
- Improving the website, detecting fraud, and maintaining information security.
Legal Basis for Processing
Under Article 6 GDPR we rely on the following legal bases, depending on the context:
Art. 6(1)(a)
Analytics cookies, marketing communications, and any optional processing. Consent is freely given and revocable at any time.
Art. 6(1)(b)
Processing necessary to enter into, perform, or manage a contractual relationship with you or your organization.
Art. 6(1)(c)
Processing required to comply with legal obligations (taxation, accounting, anti-fraud, regulatory reporting).
Art. 6(1)(f)
Security, fraud prevention, and service improvement — balanced against your rights and freedoms.
Retention Periods
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by applicable law.
Your Rights
Under GDPR (Articles 15–22) you have the following rights, exercisable at any time by writing to info@synthoslogic.ai. We will respond within 30 days.
Right of access
Obtain confirmation and a copy of the personal data we hold about you.
Right of rectification
Correct inaccurate or incomplete personal data without undue delay.
Right to erasure
Request deletion of personal data when the purpose has ended — the "right to be forgotten".
Right to restriction
Limit processing in specific circumstances, e.g. while accuracy is being verified.
Right to portability
Receive your data in a structured, commonly used, machine-readable format.
Right to object
Object to processing based on legitimate interest, including any form of profiling.
Newsletter unsubscribe. If you subscribed to the Insights newsletter, you can withdraw your consent at any time, free of charge and without justification, by writing to unsubscribe@synthoslogic.ai. Your address will be removed from the subscribers list within 48 hours of receipt. Once an external email service provider is in place, every newsletter will also include a one-click unsubscribe link in the footer, in line with Art. 21 GDPR and Art. 130 of the Italian Privacy Code.
You also retain the right to lodge a complaint with a supervisory authority — in Italy, the Garante per la Protezione dei Dati Personali (garanteprivacy.it); in Bulgaria, the Commission for Personal Data Protection (cpdp.bg).
Cookies
This site uses cookies to operate correctly and, only with your consent, to understand aggregate usage. No third-party advertising, behavioural retargeting, or cross-site tracking is used.
You can review or change your preferences at any time by clearing site data in your browser settings — the consent banner will reappear on your next visit.
Security Measures
We protect personal data with appropriate technical and organizational measures, aligned with GDPR Article 32 and industry best practice.
- Encryption in transit — TLS 1.3 across every public endpoint.
- Encryption at rest — AES-256 for all persistent storage containing personal data.
- Access controls — role-based access, least-privilege principle, hardware-backed MFA for internal personnel.
- Audit logs — append-only logs of access and changes, retained for security review.
- Data minimization — we only collect and retain what is strictly necessary.
- Incident response — documented procedures and a 72-hour notification path to supervisory authorities and affected users, per GDPR Article 33.
International Transfers
Personal data collected through this website is hosted within the European Union. We do not routinely transfer personal data outside the EU/EEA. Where a specific engagement requires it, transfers are carried out only on the basis of an adequacy decision or appropriate safeguards (Standard Contractual Clauses, supplementary measures, impact assessment) in line with Chapter V GDPR.
Policy Updates
We may update this policy from time to time to reflect changes in services, technology, or regulation. The "last updated" date at the top of this page is authoritative. Substantive changes will be communicated via the website banner or direct notification, where appropriate.
Contact
For any question regarding this policy, or to exercise your rights, write to:
If you believe your data has been processed unlawfully, you may also lodge a complaint with the competent supervisory authority (see §06).