1. Data Controller
The Data Controller for personal data processing is PYTHAGOR Srls - PMI Innovativa, with registered office at Viale Regina Giovanna, 33, 20129 Milano (MI), VAT/Tax ID: 10386010960, REA: MI-2527294. Email: info@pythagor.it, PEC: pythagor@legalmail.it.
2. Privacy contact
Pursuant to Article 37 of the GDPR, the appointment of a Data Protection Officer (DPO) is not mandatory for the Controller. For any queries regarding personal data processing and the exercise of GDPR rights, you may contact the Controller at the email address info@pythagor.it.
3. Data collected
The website collects the following categories of personal data:
- Registration data: first name, last name, email, password, tax code, address (street, postal code, city, province), VAT number (optional)
- Company data (for business users): company name, VAT number, SDI code, certified email (PEC), business type, role in company, revenue range, number of employees
- Contact data: first name, last name, email, phone number, message
- Application data: name, email, phone number, cover letter, LinkedIn URL, portfolio URL
- Analysis data: address and geographic coordinates of the chosen location, analysis parameters (business category, transport mode, coverage radius, demographic target), conversations with the assistant chatbot
- Browsing data: IP address, browser type, pages visited, access times
- Service usage data: analyses started and completed, credits purchased and used, PDF reports and Excel exports generated
- Newsletter data: email address
- Push notification data: notification preferences, subscription endpoint
4. Methods of collection
Personal data is collected through the following methods:
- Account registration form
- User profile settings
- Contact form
- Job application form (Work with us)
- Custom analysis request
- Research request
- Newsletter subscription
- Creating an analysis on the platform, also guided orally by company staff
5. Purposes of processing
Personal data is processed for the following purposes:
- Provision of requested services (e.g. area analyses, demographic analyses, competitor analyses, points of interest analyses)
- Management of the user account, credit system and payment transactions
- Responding to contact and information requests
- Compliance with legal, accounting and tax obligations
- Improvement of services and user experience (with prior consent)
- Staff recruitment and assessment of applications for open positions
- Sending informational communications via newsletter (with prior consent)
- Sending technical and service push notifications (with prior consent)
6. Legal basis for processing
Data processing is based on:
- Contractual performance: for the provision of requested services, account management and the credit system
- Consent: for sending promotional communications, newsletter subscription, enabling push notifications, and the use of non-essential cookies
- Legal obligation: for tax, accounting and regulatory compliance
- Legitimate interest: for website security, fraud prevention and service improvement
7. Data retention
Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected, and in any case in compliance with applicable legal terms. Upon expiry of the retention period, data will be deleted or irreversibly anonymised.
8. Data sharing
Personal data is not sold to third parties. It may be shared with the following service providers, appointed as data processors pursuant to Article 28 of the GDPR:
- Amazon Web Services (AWS): infrastructure hosting, cloud services and authentication management via AWS Cognito
- Google Analytics: aggregate statistical analysis of website usage (with user consent)
- Stripe: secure payment processing for credit purchases
- Sentry (Functional Software Inc.): application error monitoring and service performance tracking
- Mapbox (Mapbox Inc.): geocoding and map visualisation services
- OpenStreetMap / Nominatim: geocoding and address search services
- Competent authorities, where required by law
9. International data transfers
Personal data may be transferred outside the European Economic Area (EEA) in the following cases:
- Amazon Web Services (AWS) processes data within the European Union, in the eu-south-1 (Milan) region, ensuring that data remains within the EEA.
- Google (Google Analytics), Stripe, Sentry (Functional Software Inc.) and Mapbox (Mapbox Inc.) may transfer data to the United States. Such transfers are safeguarded by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) approved by the European Commission, pursuant to Articles 46-49 of the GDPR.
10. Profiling and automated decision-making
Pursuant to Article 22 of the GDPR, the Controller informs that the platform performs automated market analyses based on parameters provided by the user. Such analyses do not constitute automated decisions producing legal effects or similarly significantly affecting the data subject. The analysis results are statistical tools to support the user's decisions and do not lead to any differentiated treatment.
11. Data subject rights
Pursuant to Articles 15-22 of the GDPR, the user has the right to:
- Access their personal data
- Request rectification or deletion of data
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time
- Lodge a complaint with the supervisory authority (Garante per la Protezione dei Dati Personali — https://www.garanteprivacy.it)
To exercise your rights, you can write to info@pythagor.it.
12. Minors
The services offered by the platform are not intended for individuals under the age of 16. The Controller does not knowingly collect personal data from minors. Should it become aware that data of a minor has been collected without parental or guardian consent, it will promptly delete such data.
13. Updates and contacts
This privacy notice may be updated periodically to reflect regulatory changes or variations in the services offered. Users are encouraged to consult this page regularly to review any changes.
2026-05-09