Privacy Policy and Data Protection

1. Introduction

This Privacy Policy explains how we collect, use, store and protect your personal data when you visit our website or contact us. We process personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

The data controller responsible for your personal data is the operator of this website (Ricci Solutions). For any questions about this policy or your data, please use the contact details in Section 11.

By using our website, you acknowledge that you have read this Privacy Policy. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

2. Personal Data We Collect

Depending on how you interact with our website, we may collect the following categories of personal data:

• Identity and contact data: name, email address, phone number, company name
• Communication data: messages and information you send through contact forms
• Technical and usage data: IP address, browser type, operating system, pages visited, referral source
• Cookie and device data: cookie identifiers and similar technologies (see Section 9)

3. Purposes of Processing

We use your personal data for the following purposes:

• To respond to enquiries and messages submitted through our contact forms
• To provide, maintain and improve our website and services
• To send service-related communications where permitted by law and, where required, with your consent
• To comply with legal, regulatory and tax obligations
• To protect the security of our website, prevent fraud and abuse
• To analyse website performance and improve user experience

4. Legal Basis for Processing

Under the GDPR, we process personal data only where we have a valid legal basis, including:

• Consent (Article 6(1)(a)): for example, non-essential cookies or optional marketing communications
• Contract (Article 6(1)(b)): when processing is necessary to respond to your request or perform pre-contractual steps
• Legal obligation (Article 6(1)(c)): when we must comply with applicable law
• Legitimate interests (Article 6(1)(f)): for website security, service improvement and business administration, where your rights do not override those interests

5. Sharing and International Transfers

We do not sell your personal data. We may share data with trusted service providers (data processors) who assist us in hosting, email delivery, analytics, security or website operation, subject to appropriate contractual safeguards.

Some providers may process data outside the European Economic Area (EEA). Where this occurs, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or other mechanisms permitted under the GDPR.

We may also disclose data when required by law, court order or competent authority, or to protect our legal rights and the safety of users.

6. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure, including:

• Encryption of data in transit (HTTPS/TLS) and, where appropriate, at rest
• Access controls and least-privilege principles
• Regular security monitoring and updates
• Secure backups and recovery procedures

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, including legal, accounting or reporting requirements. Contact form submissions are generally retained for the period needed to handle your enquiry and any follow-up, unless a longer retention period is required by law.

When data is no longer required, we securely delete or anonymise it.

8. Your Rights Under the GDPR

If you are located in the EEA, UK or another jurisdiction with similar protections, you may have the following rights:

• Right of access: obtain confirmation as to whether we process your data and receive a copy
• Right to rectification: request correction of inaccurate or incomplete data
• Right to erasure: request deletion in certain circumstances
• Right to restriction: request limitation of processing in certain circumstances
• Right to data portability: receive data you provided in a structured, commonly used format
• Right to object: object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: where processing is based on consent
• Rights related to automated decision-making: not to be subject solely to automated decisions with legal or similarly significant effects, where applicable

9. Cookies and Similar Technologies

We use cookies and similar technologies to ensure the website functions properly, remember preferences and understand how visitors use our site.

Essential cookies are necessary for the operation of the website. Non-essential cookies (such as analytics or marketing cookies) are used only where permitted by law and, where required, after you have given your consent.

You can manage or disable cookies through your browser settings. Blocking certain cookies may affect website functionality.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or services. We encourage you to review this page periodically. Material changes will be highlighted on our website where appropriate.

11. Contact and Data Protection Enquiries

To exercise your rights or ask questions about this Privacy Policy and our processing of personal data, please contact us:

12. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

Further information about EU data protection authorities is available from the European Data Protection Board at edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk.