PALO Framework Privacy Policy
GDPR Compliant ePrivacy Aligned WCAG 2.1 AA Last updated: December 17, 2024
📋 Table of Contents
1. Introduction
Welcome to PALO Framework ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience when using our website and tools.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website paloframework.org and use our services, in compliance with the General Data Protection Regulation (GDPR - EU 2016/679) and other applicable data protection laws.
PALO Framework tools are designed with privacy at their core. All data processing in our Model Canvas AI tool happens locally in your browser. We do not collect, store, or have access to the assessments you create.
2. Data Controller
For the purposes of GDPR, the Data Controller is:
Organization: PALO Framework
Website: https://paloframework.org
Email: info@paloframework.org
Country: Italy (European Union)
3. Data We Collect
3.1 Data We DO NOT Collect
We want to be clear about what we do not collect:
- ❌ Personal data entered in the Model Canvas AI tool (processed locally only)
- ❌ AI assessment data or scores
- ❌ Account information (we don't have user accounts)
- ❌ Payment information
- ❌ Precise location data
3.2 Data We May Collect
| Data Type | Description | Purpose |
|---|---|---|
| Server Logs | IP address, browser type, pages visited, timestamps | Security, analytics, troubleshooting |
| Contact Form Data | Email, name, message content (if you contact us) | Respond to inquiries |
| Cookie Data | Session identifiers, preferences | Essential website functionality |
4. Legal Basis for Processing
In accordance with GDPR Article 6, we process personal data only when we have a valid legal basis:
| Legal Basis | GDPR Article | When We Use It |
|---|---|---|
| Consent | Art. 6(1)(a) | Newsletter subscription, non-essential cookies |
| Legitimate Interest | Art. 6(1)(f) | Website security, analytics, fraud prevention |
| Contract | Art. 6(1)(b) | Responding to your inquiries |
| Legal Obligation | Art. 6(1)(c) | Compliance with applicable laws |
5. How We Use Your Data
When we do collect data, we use it for:
- Website Operation: Ensuring the website functions properly
- Security: Protecting against malicious attacks and abuse
- Analytics: Understanding how visitors use our site (anonymized)
- Communication: Responding to inquiries you send us
- Improvement: Enhancing our services based on usage patterns
6. Data Sharing & Transfers
6.1 Who We Share Data With
We do not sell your personal data. We may share data with:
- Hosting Providers: Infrastructure necessary to operate the website
- Analytics Services: Anonymized usage statistics only
- Legal Authorities: When required by law
6.2 International Transfers
If we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Other approved transfer mechanisms under GDPR Chapter V
7. Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Server Logs | 30 days | Security monitoring |
| Contact Messages | 2 years | Record of communications |
| Analytics Data | 26 months | Trend analysis |
8. Your Rights Under GDPR
Under GDPR, you have the following rights regarding your personal data:
| Right | GDPR Article | Description |
|---|---|---|
| Access | Art. 15 | Obtain a copy of your personal data |
| Rectification | Art. 16 | Correct inaccurate personal data |
| Erasure | Art. 17 | "Right to be forgotten" - delete your data |
| Restriction | Art. 18 | Limit how we use your data |
| Portability | Art. 20 | Receive data in a machine-readable format |
| Object | Art. 21 | Object to processing based on legitimate interest |
| Withdraw Consent | Art. 7(3) | Withdraw previously given consent |
To exercise any of these rights, please contact us at info@paloframework.org. We will respond within 30 days as required by GDPR.
You have the right to lodge a complaint with a supervisory authority. In Italy, this is the Garante per la protezione dei dati personali (www.garanteprivacy.it).
9. Cookies & Tracking
9.1 What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and improve your experience.
9.2 Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Required for website functionality | Session |
| Preferences | Remember your settings | 1 year |
9.3 Managing Cookies
You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.
10. Children's Privacy
Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at info@paloframework.org.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by:
- Posting the new policy on this page
- Updating the "Last updated" date at the top
- For significant changes, providing a more prominent notice
We encourage you to review this policy periodically.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:
📧 Privacy Inquiries: info@paloframework.org
🔒 Security Issues: info@paloframework.org
📬 General Contact: info@paloframework.org
🌐 Website: https://paloframework.org
This Privacy Policy was developed in compliance with the General Data Protection Regulation (GDPR - EU 2016/679), the ePrivacy Directive (EU 2002/58/EC), and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.