Last updated: 28 July 2025
Colossus Digital SA ("Colossus", "we", "our", "us") is committed to protecting and respecting your privacy in accordance with Regulation (EU) 2016/679 (the "GDPR"), the Italian Legislative Decree 196/2003 as subsequently amended (the "Privacy Code"), and all other applicable data‑protection laws.
This Privacy Policy explains how we collect, use, disclose and safeguard personal data when you visit colossus.digital (the "Site") or interact with our services, including Google Analytics 4, Mailchimp, Calendly, and other tracking and marketing tools (collectively, the "Services").
1. Data Controller
Colossus Digital SA
Route de Gilly 30, 1180 Rolle, Switzerland
CHE-192.033.433
E‑mail: info@colossus.digital
2. Scope of This Policy
This Policy applies to personal data processed through our Site and Services. It does not apply to third‑party websites linked from the Site; those are governed by their own privacy policies.
3. Categories of Personal Data We Process
Category | Examples | Source |
|---|---|---|
Identification & Contact Data | name, surname, institutional e-mail, job title, company | directly from you (forms, Microsoft Bookings) |
Technical & Usage Data | IP address, device ID, browser type, pages visited, events | collected via cookies & similar tech (Matomo, server logs) |
Marketing Preferences | newsletter opt-in/opt-out status | directly from you (Mailchimp forms) |
Communication Data | meeting notes, messages, support tickets | directly from you |
We do not knowingly collect special categories of personal data (Art. 9 GDPR) unless explicitly provided by you for a specific purpose.
4. Purposes and Legal Bases
Purpose | Legal Basis (Art. 6 GDPR) |
|---|---|
Operate the Site, provide core Services | Performance of a contract (Art. 6 (1)(b)) |
Measure and improve Site performance (Matomo, with IP anonymisation, self-hosted) | Legitimate interest (Art. 6 (1)(f))—balanced assessment performed |
Send newsletters, market insights, product updates (Mailchimp) | Consent (Art. 6 (1)(a)); you may withdraw at any time |
Schedule calls or demos (Microsoft Bookings) | Performance of a contract (Art. 6 (1)(b)) |
Comply with legal obligations (OAM, AML/CFT) | Legal obligation (Art. 6 (1)(c)) |
Detect, prevent, and investigate fraud or security incidents | Legitimate interest (Art. 6 (1)(f)) |
Where consent is the legal basis, failure to provide data will have no consequences other than our inability to send you marketing communications.
5. Analytics & Tracking Technologies
Matomo
We use Matomo, an open-source analytics platform, to understand aggregated user behaviour. Matomo is configured with IP-anonymisation and hosted on servers under our control within Switzerland/EEA. No data is shared with third parties.
Cookies & Similar Technologies
Cookies are text files placed on your device. You can manage or disable them through your browser settings or via our Cookie Banner. For further details, consult our Cookie Policy.
6. Marketing Communications (Mailchimp)
If you opt‑in, we will send you newsletters and institutional updates through Mailchimp (The Rocket Science Group LLC, USA). Data may be stored outside the EEA under SCCs. You may unsubscribe at any time by clicking the "unsubscribe" link in any email or by contacting us.
7. Scheduling & Meeting Management (Calendly)
When you book a meeting via Calendly, the information you provide (name, e‑mail, availability) is used solely to schedule and host the event. Calendly LLC may process data in the USA under SCCs.
8. Data Retention
Data Category | Retention Period |
|---|---|
Analytics data (Matomo) | 13 months (default Matomo retention) |
Marketing data | until withdrawal of consent or 24 months of inactivity |
Contractual & communication data | 10 years following contract termination (statutory limitation) |
Cookie data | as specified in Cookie Policy |
9. Data Disclosure
We disclose personal data only to:
Service Providers acting as processors (e.g., hosting, analytics, email, CRM) under Art. 28 GDPR;
Authorities when required by law or regulatory obligations (e.g., OAM, tax authorities);
Professional advisors (lawyers, auditors) bound by confidentiality.
We never sell your data.
10. International Transfers
Matomo data is stored under our control in Switzerland/EEA; no transfers occur.
Microsoft Bookings and Mailchimp may involve transfers to the USA. In such cases, we rely on SCCs approved by the European Commission, supplemented by technical and organisational measures.
11. Data Security
We implement technical and organisational measures appropriate to the risk, including: encryption in transit and at rest, strict access controls, regular penetration testing, and incident‑response procedures.
12. Your Rights
Under Articles 15–22 GDPR, you may:
Access your data;
Rectify inaccurate or incomplete data;
Erase data (right to be forgotten);
Restrict processing;
Portability—receive data in a structured, commonly used format;
Object to processing based on legitimate interests;
Withdraw consent at any time (marketing communications);
Lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
13. Exercising Your Rights
Send your request to info@colossus.digital. We will respond within one month, extendable by two months for complex requests.
14. Cookies
For detailed information on the cookies we use, their purpose, and how to manage them, please refer to our separate Cookie Policy.
15. Changes to This Policy
We may update this Policy to reflect legal changes or improvements to our practices. Material changes will be announced on the Site and, where appropriate, notified to you directly. The "Last updated" date indicates the latest revision.
16. Contact Us
If you have questions about this Policy or our privacy practices, please contact our Privacy Team at info@colossus.digital.
