Skip to content

Privacy

Privacy notice

Last updated: May 10, 2026

This information notice is provided pursuant to articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter “GDPR”) and Italian Legislative Decree 196/2003 as amended, to users who interact with the website aimultisite.it (the “Site”) and the SaaS product AI Multisite, available at app.aimultisite.com.

This notice applies exclusively to the Site and to the SaaS service mentioned above. It does not extend to other sites, products or web pages that may be linked from the Site.

1. Data controller

The Data Controller is Romiltec S.r.l., an innovative startup with registered office in Calcinaia (PI), Italy (hereinafter “Romiltec” or “Controller”).

For any request regarding the processing of personal data, including the exercise of the rights set out in articles 15-22 GDPR, the Controller may be contacted at: privacy@romiltec.it.

Romiltec has not designated a Data Protection Officer (DPO), as no obligation arises under article 37 GDPR. The single point of contact for data protection requests is the email address above.

2. Categories of personal data processed

Through the Site, the Controller processes the following categories of personal data:

2.1 Browsing data

The IT systems and software procedures responsible for the operation of the Site acquire, during normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. In particular:

  • IP addresses or domain names of the devices used by users;
  • URI/URL addresses of the requested resources;
  • time of the request;
  • method used to submit the request to the server;
  • size of the file obtained in response;
  • numerical code indicating the status of the response from the server;
  • type of browser and operating system of the user’s device.

These data, necessary for the use of web services, are also processed in order to obtain anonymous statistical information on the use of the Site and to ensure its security. The data may be used to ascertain liability in the event of hypothetical computer crimes against the Site.

2.2 Data voluntarily provided by the user

The optional sending of emails to the addresses indicated on the Site (e.g. hello@aimultisite.it, privacy@romiltec.it, legal@romiltec.it) entails the subsequent acquisition of the sender’s email address, necessary for the reply, as well as any further personal data contained in the message.

Booking a demo of the AI Multisite product takes place via redirection to the Cal.com platform: in this context, Romiltec does not collect data directly through the Site, but receives them from Cal.com following the booking made by the user. Cal.com acts as an external Data Processor (see section 5).

2.3 Cookies and similar technologies

The Site uses technical cookies necessary for its operation and, with the user’s consent, may use third-party analytics and marketing cookies in the future. For further information please refer to the Cookie Policy.

3. Data processed within the AI Multisite SaaS

The AI Multisite SaaS product (available at app.aimultisite.com) processes personal data and editorial content on behalf of its customers. In this context, Romiltec acts as a Data Processor within the meaning of article 28 GDPR, on the basis of a Data Processing Agreement (DPA) signed contractually with each customer.

The specific processing terms within the SaaS (categories of data, purposes, retention, sub-processors, security measures, international transfer rules) are governed by the DPA and fall outside the scope of this notice, which refers exclusively to the marketing Site.

4. Purposes and legal bases of processing

The personal data collected through the Site are processed for the following purposes:

  • Provision of the Site and informational content. Legal basis: legitimate interest of the Controller in making its corporate site available (article 6(1)(f) GDPR).
  • Response to contact requests and demo bookings. Legal basis: pre-contractual measures at the request of the data subject (article 6(1)(b) GDPR).
  • Site security, prevention of cyber attacks and investigation in case of abuse. Legal basis: legitimate interest of the Controller in the security of its systems (article 6(1)(f) GDPR).
  • Compliance with legal obligations, including tax, accounting, or those arising from measures of public Authorities. Legal basis: legal obligation (article 6(1)(c) GDPR).

5. Data recipients and external processors

The personal data collected through the Site may be processed, for the purposes indicated above, by the following entities, duly appointed as Data Processors pursuant to article 28 GDPR where necessary:

  • Cloudflare, Inc. — provider of CDN, DNS, security and DDoS protection services. Processes user IP addresses for security and performance purposes. Registered office in the United States of America. Cloudflare privacy policy.
  • Cal.com, Inc. — appointment scheduling platform used for demo bookings. Processes name, email, and any further data provided by the user in the booking form. Cal.com privacy policy.
  • European hosting provider — the Site is hosted on cloud infrastructure located within the European Union.
  • Professional advisors (accountants, legal advisors, labour consultants) engaged by Romiltec in carrying out its business, each within their respective areas of competence.

The updated list of External Processors is available upon request by writing to privacy@romiltec.it.

The data are in no way disseminated or sold to third parties.

6. Transfer of data outside the European Economic Area

The data collected through the Site are processed primarily within the European Union. Some Data Processors (in particular Cloudflare and Cal.com) are based in the United States: in such cases, data transfer takes place on the basis of the Standard Contractual Clauses adopted by the European Commission pursuant to article 46(2)(c) GDPR, supplemented by the additional technical and organisational measures provided for by the EDPB guidelines.

For the AI Multisite SaaS product, editorial data, stylometric models and customer credentials always remain within data centres located in the European Union (EU Data Residency).

7. Retention period

Personal data are retained for the time strictly necessary for the purposes for which they were collected, in particular:

  • Browsing data: up to 12 months, except where a longer retention is required for security investigations.
  • Contact emails: up to 24 months from the last contact, or for the period necessary to manage the commercial relationship.
  • Data relating to demo requests: processed by Cal.com according to its policies; at Romiltec they are retained for the time necessary for commercial follow-up and in any case for no longer than 24 months.
  • Data linked to legal obligations (e.g. accounting, tax obligations): for the period required by applicable law, generally 10 years pursuant to article 2220 of the Italian Civil Code.

At the end of the above periods, the personal data will be deleted or anonymised irreversibly.

8. Rights of the data subject

The user, as a data subject, has the right to exercise the following rights at any time, pursuant to articles 15-22 GDPR:

  • Right of access to their personal data (article 15 GDPR).
  • Right of rectification of inaccurate data or completion of incomplete data (article 16 GDPR).
  • Right to erasure of data (“right to be forgotten”, article 17 GDPR), in the cases provided for by law.
  • Right to restriction of processing (article 18 GDPR).
  • Right to data portability in a structured, commonly used and machine-readable format (article 20 GDPR).
  • Right to object to processing (article 21 GDPR), in particular for processing based on the legitimate interest of the Controller.
  • Right to withdraw consent at any time, without prejudice to the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint with the Italian Data Protection Authority, available at garanteprivacy.it.

To exercise their rights, the data subject can write to privacy@romiltec.it indicating their identifying details and the request. The Controller will respond without undue delay and in any case within 30 days of receipt of the request, subject to extension on motivated grounds pursuant to article 12(3) GDPR.

9. Automated decision-making and profiling

The Site does not carry out automated decision-making processes, including profiling, that produce legal effects on the user or that significantly affect them in a similar way pursuant to article 22 GDPR.

10. Data security

Romiltec adopts appropriate technical and organisational measures, pursuant to article 32 GDPR, to ensure a level of security appropriate to the risk, including: encryption of data in transit (TLS 1.2+) and at rest, role-based access control, environment segregation, audit logs, periodic backups, incident management procedures.

11. Changes to the notice

Romiltec reserves the right to modify this notice at any time. Changes will take effect from the date of publication on the Site. The date of the last update is indicated at the top of the document. Users are invited to consult this page periodically.

12. Contact

For any request or clarification regarding this notice, please write to privacy@romiltec.it.