Privacy Policy

& DATA GOVERNANCE FRAMEWORK

PRIVACY POLICY & DATA GOVERNANCE FRAMEWORK

Last Updated: February 2026

1. DATA CONTROLLER (TITOLARE DEL TRATTAMENTO)

The Data Controller for this website and the "Decision Protocol™" framework is: Lamberto Iezzi - Strategic Risk Advisor & Founder - based in Venice - EU. Email for privacy inquiries: office@decisionprotocolinstitute.com

2. PURPOSE OF DATA PROCESSING

We process personal data solely for the following operational purposes:

Contractual Fulfillment: To deliver digital license keys, invoices, and product updates (via our Merchant of Record, Lemon Squeezy).
Legal Compliance: To maintain fiscal records required by Italian and EU tax authorities.
Commercial Communications: To send the "Shadow AI Amnesty Policy" (Lead Magnet) and subsequent educational updates. You may unsubscribe from these communications at any time.

3. MERCHANT OF RECORD & FINANCIAL CLEARING

To ensure strict adherence to global VAT/GST regulations and digital services directives (EU Directive 2006/112/EC), we utilize a delegated Merchant of Record (MoR) structure.

Lemon Squeezy, LLC: Acts as the reseller and MoR for all transactions.
Data Handling: Your payment details (Credit Card numbers) are processed directly by Lemon Squeezy via PCI-DSS Level 1 secure vaults. The Institute does not access, store, or handle your financial data.

4. ADVERTISING & ANALYTICS (GOOGLE ADS)

To measure the effectiveness of our "Forensic Governance" awareness campaigns, this website uses tracking technologies provided by Google LLC (Google Ads and Google Analytics).

Conversion Tracking: We use cookies to understand if a user clicks on our ad and subsequently downloads a framework. This data is anonymized and used solely for statistical analysis.
Remarketing: We may use data to show relevant educational ads to users who have previously visited our site.
Opt-Out: Users can opt-out of Google's use of cookies by visiting Google's Ad Settings or the Network Advertising Initiative opt-out page.

5. DATA RETENTION & SECURITY

Fiscal Data: Retained for 10 years as mandated by Italian corporate law.
Marketing Data: Retained until the user requests unsubscription ("Right to be Forgotten").
Security: We employ enterprise-grade encryption (TLS/SSL) for all data in transit.

6. USER RIGHTS (GDPR)

Under the General Data Protection Regulation (EU) 2016/679, you have the right to:

Access your personal data.
Request correction or deletion of your data.
Object to processing for marketing purposes.
Request data portability. To exercise these rights, please contact the Data Controller at office@decisionprotocolinstitute.com.

Page updated

Report abuse