Privacy Policy

1. Introduction

 

This Privacy Policy explains how cScale Consulting collects, uses, stores and protects Personal Data when you visit the website www.cscaleconsulting.com, contact us through the website, request information about our services, or engage with us as a client, potential client, partner, supplier or business contact.

cScale Consulting provides strategic advisory, fractional CMO/COO support and operational consulting services to startups, scale-ups and growth-stage companies. In delivering these services, we may process certain Personal Data in accordance with applicable data protection laws, including the EU General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”), and applicable national data protection laws.

This Policy also explains your rights in relation to your Personal Data and how you can contact us if you have any questions.


2. Who is the Data Controller?

 

For the purposes of applicable data protection laws, the Data Controller is:

cScale Consulting
 Represented by Caroline Jacquard Pria

For any questions regarding this Privacy Policy or the processing of your Personal Data, you can contact us at:

Email: caroline@cscaleconsulting.com
 Website: www.cscaleconsulting.com


3. What is Personal Data?

 

Personal Data means any information relating to an identified or identifiable natural person. This may include, for example, your name, email address, telephone number, company, job title, business information, IP address, online identifiers or any other information that can directly or indirectly identify you.


4. Why do we have a Privacy Policy?

 

We are required to inform website visitors, clients, potential clients and business contacts about how we collect and process Personal Data, why we process it, the legal basis for doing so, how long we retain it, who we may share it with and what rights individuals have under applicable data protection laws.

The GDPR grants individuals rights such as access, rectification, erasure, restriction of processing, objection and data portability. The Italian Data Protection Authority also states that data subjects should generally receive a response within one month when exercising their rights.

 

We process Personal Data only when we have a lawful basis to do so. Depending on the situation, we may rely on one or more of the following legal bases:

Consent
When you have given us specific consent, for example for certain cookies, marketing communications or optional contact forms.

Contractual necessity or pre-contractual measures
When processing is necessary to provide our services, respond to your requests, prepare proposals, manage client relationships or perform an agreement with you or your company.

Legal obligation
When processing is necessary to comply with legal, accounting, tax or regulatory obligations.

Legitimate interest
When processing is necessary for our legitimate business interests, provided that your interests, rights and freedoms do not override those interests. This may include managing business relationships, responding to enquiries, improving our website, protecting our business, and communicating with relevant professional contacts.


6. What Personal Data do we collect?

 

We may collect and process the following categories of Personal Data.

a) Personal Data you provide to us

This includes information you provide when you:

  • contact us through the website;
  • send us an email;
  • request a call, consultation or proposal;
  • communicate with us as a client, potential client, partner or supplier;
  • enter into a consulting, advisory or service relationship with us.

This information may include:

  • name and surname;
  • email address;
  • telephone number;
  • company name;
  • job title or professional role;
  • business sector;
  • information about your company, needs, challenges or objectives;
  • billing and administrative information;
  • correspondence and communications with us.

b) Personal Data collected through the website

When you visit www.cscaleconsulting.com, certain technical information may be collected automatically, including:

  • IP address;
  • browser type and version;
  • device type;
  • operating system;
  • pages visited;
  • date and time of access;
  • referring website or source;
  • approximate location based on technical data;
  • cookie preferences and consent status.

This data is generally used to operate, secure, monitor and improve the website.

c) Cookies and similar technologies

The website may use cookies and similar technologies to ensure the proper functioning of the website, improve user experience, measure website performance and, where applicable, support analytics or marketing activities.

Non-essential cookies are used only where required consent has been obtained through the website’s cookie consent mechanism.

For more information about cookies, users should refer to the website’s Cookie Policy.

d) Aggregated or anonymised data

We may process aggregated, statistical or anonymised data to understand how users interact with the website and to improve our services. This type of data does not identify you directly. However, if aggregated data is combined with Personal Data in a way that can identify you, we will treat it as Personal Data.


7. Third-party services and providers

 

We may use third-party service providers to operate the website, manage communications, provide our services and support our business activities.

These providers may include, depending on the tools actually used:

  • hosting providers;
  • website and CMS providers, such as WordPress;
  • website builders or plugins;
  • cookie consent management tools;
  • analytics providers, such as Google Analytics, if active;
  • email and communication providers;
  • cloud storage and productivity tools;
  • accounting, legal, tax or administrative service providers;
  • marketing, SEO, community growth, recruitment or operational partners where required for specific projects.

Third-party providers may process Personal Data only where necessary to provide their services and, where applicable, under appropriate contractual safeguards.

The following providers should be confirmed before this Policy goes live:

  • Hosting provider: Hostinger
  • CMS / website platform: WordPress
  • Analytics tools: Google Analytics, Google Search Console


8. How we use your Personal Data

 

We may collect, store and use Personal Data for the following purposes:

  • to operate, maintain and secure the website;
  • to respond to enquiries, messages and requests;
  • to schedule calls or meetings;
  • to understand your business needs and assess whether our services may be relevant;
  • to prepare proposals, contracts or project documentation;
  • to provide strategic advisory, fractional CMO/COO, operational support or related consulting services;
  • to manage client relationships;
  • to communicate with clients, potential clients, partners and suppliers;
  • to manage invoicing, accounting, tax and administrative obligations;
  • to improve our website, services, processes and communications;
  • to develop business relationships and professional partnerships;
  • to send relevant business communications, where permitted by law;
  • to protect our business, website, systems and legal rights;
  • to comply with legal and regulatory obligations;
  • to establish, exercise or defend legal claims.

We will only use Personal Data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose. If we need to use your Personal Data for an unrelated purpose, we will inform you where required by law.


9. Marketing communications

 

We may contact you with relevant professional or business communications where:

  • you have given your consent;
  • you are an existing client or business contact;
  • we have a legitimate interest in contacting you about services or insights that may be relevant to your professional role or business relationship with us.

You may opt out of marketing or non-essential communications at any time by contacting us at caroline@cscaleconsulting.com or by using any unsubscribe mechanism included in our communications, where applicable.


10. Disclosure of Personal Data

 

We may disclose Personal Data to:

  • service providers who support our website, IT systems, communications or business operations;
  • professional advisers, including lawyers, accountants, auditors, consultants and insurers;
  • trusted partners or freelancers involved in client projects, only where necessary;
  • public authorities, courts, regulators or law enforcement agencies where required by law;
  • financial institutions or payment providers where necessary for billing and payments;
  • other parties where necessary to protect our rights, property, business or clients.

We do not sell Personal Data.

We require third parties who process Personal Data on our behalf to respect confidentiality, security and applicable data protection laws. They may only process Personal Data for specified purposes and in accordance with our instructions, unless they act as independent controllers under applicable law.


11. International transfers

 

Some service providers may be located outside the European Economic Area or may process data in countries outside the European Economic Area.

Where Personal Data is transferred internationally, we take appropriate measures to ensure that such transfers comply with applicable data protection laws. These measures may include adequacy decisions, Standard Contractual Clauses approved by the European Commission, contractual safeguards or other legally recognised transfer mechanisms.

12. How long we keep Personal Data

 

We retain Personal Data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax, contractual or reporting requirements.

Retention periods may vary depending on the type of data and the context. For example:

  • website technical data may be retained for a limited period necessary for security and analytics;
  • enquiry and contact data may be retained for the time necessary to respond and manage the relationship;
  • client and contractual data may be retained for the duration of the business relationship and for the period required by law;
  • accounting and tax records may be retained for the period required under applicable laws;
  • data relevant to legal claims may be retained for as long as necessary to establish, exercise or defend such claims.

When Personal Data is no longer required, we will delete, anonymise or securely archive it, unless further retention is required by law.


13. How we protect your Personal Data

 

We take appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

These measures may include, where applicable:

  • access controls;
  • secure systems and accounts;
  • limited access to Personal Data on a need-to-know basis;
  • secure storage and communication tools;
  • regular review of tools and service providers;
  • contractual safeguards with third-party providers.

However, no method of transmission or storage is completely secure. While we take reasonable measures to protect Personal Data, we cannot guarantee absolute security.

 

The website may contain links to third-party websites, including client websites, partner websites, LinkedIn profiles or other external resources.

This Privacy Policy does not apply to third-party websites. We are not responsible for the privacy practices, security or content of websites that we do not own or control. We encourage users to read the privacy policies of any external websites they visit.


15. Your rights

 

Subject to the conditions and limits set out under applicable data protection laws, you may have the following rights:

  • the right to access your Personal Data;
  • the right to request correction of inaccurate or incomplete data;
  • the right to request deletion of your Personal Data;
  • the right to request restriction of processing;
  • the right to object to processing based on legitimate interests;
  • the right to data portability;
  • the right to withdraw consent at any time, where processing is based on consent;
  • the right to lodge a complaint with a supervisory authority.

To exercise your rights, please contact us at:

Email: caroline@cscaleconsulting.com

We may need to verify your identity before responding to your request. We will respond within the timeframe required by applicable law.


16. Complaint to a supervisory authority

 

If you believe that your Personal Data has been processed unlawfully or that your rights have not been respected, you may lodge a complaint with the competent data protection authority.

In Italy, the supervisory authority is:

Garante per la protezione dei dati personali
Piazza Venezia 11
00187 Rome, Italy
Website: www.garanteprivacy.it

We would appreciate the opportunity to address your concerns before you contact the supervisory authority.


17. What we do not do

 

Unless expressly stated otherwise, we do not:

  • knowingly request Personal Data from children or minors;
  • intentionally process special categories of Personal Data, such as health data, political opinions, religious beliefs or biometric data;
  • use automated decision-making that produces legal or similarly significant effects;
  • sell Personal Data to third parties.

If any special category data is voluntarily provided to us, we will process it only where legally permitted and strictly necessary.


18. Changes to this Privacy Policy

 

This Privacy Policy was last updated on 12 June 2026. 

We may update this Privacy Policy from time to time to reflect changes in our business, website, services, legal obligations or data processing practices.

When we make changes, we will update the effective date at the top of this page. Any previous versions will be replaced by the most recent version published on the website.