Privacy policy

Who we are

ShieldChain (the "Platform") is operated by ICT Cyber Consulting S.r.l. ("we", "us", "our"). We are the data controller for the personal data processed in connection with the Platform, unless otherwise stated in a separate agreement.

Scope of this policy

This policy describes how we collect, use, and protect personal data when you use the ShieldChain platform, our marketing website, and related services. It applies to visitors, registered users, and organizations using the Platform. Separate terms or notices may apply to specific features or contractual relationships.

Data we collect

We may collect and process the following categories of data:

• Account data: name, email address, job title, and authentication-related data (e.g. password hash, MFA settings).
• Organization data: company name, address, contact details, and other information you provide about your organization.
• Usage and logs: access logs, usage events, and operational data necessary for security, support, and improving the service.
• Questionnaires and documents metadata: metadata related to questionnaires, document requests, and compliance workflows (e.g. status, dates); document content may be stored as necessary to provide the service.

We do not sell your personal data. We limit collection to what is necessary for the purposes described below.

Purposes of processing

We process your data to: provide and operate the Platform; authenticate users and manage access; support supplier validation, risk benchmarking, and related workflows; communicate with you (e.g. support, product updates); comply with legal obligations; and improve our services and security. We do not use your data for automated decision-making that significantly affects you, except where permitted by law and disclosed to you.

Legal bases

Where applicable under the GDPR and similar laws, we rely on: performance of a contract (e.g. providing the service you signed up for); legitimate interests (e.g. security, analytics, product improvement) where they are not overridden by your rights; consent where we have asked for it; and legal obligation where we must process data to comply with the law. This is for informational purposes only and does not constitute legal advice; your rights may vary by jurisdiction.

Data sharing / processors

We may share data with service providers (processors) that help us run the Platform, such as hosting, email, and analytics. We require them to process data only in line with our instructions and applicable law. We may also disclose data when required by law or to protect our rights and safety. We do not share your data with third parties for their own marketing.

International transfers

Your data may be processed in the European Economic Area (EEA) or in other countries where we or our processors operate. When we transfer data outside the EEA, we use appropriate safeguards (e.g. adequacy decisions, standard contractual clauses) as required by applicable law. Details can be provided on request.

Retention

We retain your data only as long as necessary for the purposes described in this policy, or as required by law (e.g. tax, legal holds). Account and organization data are typically retained for the duration of the contract and a reasonable period thereafter; logs and operational data may be retained for a shorter period. You may request deletion of your data subject to our legal and operational requirements.

Security measures

We implement technical and organizational measures to protect your data, including encryption in transit and at rest where appropriate, access controls, and regular reviews of our security practices. No system is completely secure; we encourage you to use strong credentials and keep your account details confidential.

Data subject rights

Depending on your location, you may have the right to: access your data; correct inaccuracies; request deletion or restriction of processing; object to certain processing; data portability; and withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with a supervisory authority. To exercise your rights, please contact us using the details below.

Contact details

For privacy-related requests, questions, or complaints, contact us at: privacy@shieldchain.example. We will respond within a reasonable time in line with applicable law.

Cookies and similar technologies

We use cookies and similar technologies where necessary for the operation of the Platform and the website. For example, we use them for authentication and session management so you can stay signed in and use the service securely. We may also use them for essential security and performance purposes. We do not use non-essential cookies for advertising or third-party tracking on the core Platform. Cookie preferences can be managed in your browser settings. This privacy policy covers our use of cookies; we do not maintain a separate Cookie Policy page.