Privacy Policy.

Last updated: 02 May 2026

1. Data Controller

The data controller (titolare del trattamento) for the personal data collected through this website is:

• Name: HA S.r.l.
• Registered office: Via Cerva 1, 20122 Milan, Italy
• VAT (P.IVA) / Tax code: IT 11765560963
• REA / Registro Imprese: CCIAA Milano Monza Brianza Lodi — MI-2623507
• Email: info@hydra-advisory.com

The controller has not appointed a Data Protection Officer (DPO), as appointment is not mandatory under Article 37 GDPR for the activities carried out.

2. What personal data we collect

This website collects personal data only when you actively provide it. Specifically:

2.1 Enquiry form

When you submit the contact form, we collect:

• First name and last name
• Company name
• Email address
• Nature of enquiry (selected from a list)
• Message content

2.2 Client Access (Hydra Intelligence reading room)

If access credentials are issued to you as an institutional subscriber, the username (which may be your email address) is processed solely for the purpose of authenticating your access to subscriber-only research materials. Passwords are stored in hashed form and are not accessible to Hydra Advisory staff.

2.3 Email correspondence

If you contact us directly by email at info@hydra-advisory.com, the contents of your message and any data you choose to share are processed for the purpose of responding to your enquiry.

2.4 Technical data and analytics

This website does not currently use Google Analytics or comparable third-party analytics tools. Standard web-server logs may record your IP address, browser type, and pages visited, retained for security and operational purposes by the hosting provider.

2.5 Stock-quote data

The luxury-sector ticker on this website fetches market-quote data from a third-party financial-data provider (Twelve Data Inc.). When the page loads, your browser makes an outgoing request to api.twelvedata.com. Twelve Data may log this request, including your IP address, in accordance with its own privacy policy (available at twelvedata.com/privacy). No personal data of yours is shared by Hydra Advisory in this request beyond the standard request metadata.

3. Why we process your data — legal bases

Under Articles 6 and 9 of the GDPR, we rely on the following legal bases:

• Contract / pre-contractual measures (Art. 6(1)(b)): when you submit an enquiry or correspond with us, we process your data to respond and, where applicable, to assess engagement.
• Legitimate interest (Art. 6(1)(f)): for security logs, fraud prevention, and the operation of authenticated subscriber areas.
• Consent (Art. 6(1)(a)): where required (for example, for non-essential cookies, if introduced).
• Legal obligation (Art. 6(1)(c)): where retention or disclosure is required by Italian or EU law.

4. How long we keep your data

Personal data is retained only for as long as necessary for the purposes described:

• Enquiry-form data: up to 24 months from last contact, unless an engagement is opened, in which case data is retained per professional and legal requirements.
• Email correspondence: retained for as long as the relationship is active, plus the period required by Italian law for advisory-firm record-keeping.
• Subscriber access credentials: retained for the duration of the active subscription and a reasonable period thereafter for audit purposes.
• Server logs: retained by the hosting provider in accordance with its standard retention policy.

5. Who we share your data with

Personal data is not sold, rented, or shared with third parties for marketing purposes. We share data only with:

• Service providers acting as data processors on our behalf, including: the website hosting provider (Netlify, Inc., USA); the email-delivery provider for form submissions (Netlify Forms); and, when applicable, the authentication provider for the Client Access area. Each operates under a Data Processing Agreement compliant with Article 28 GDPR.
• Professional advisors (lawyers, accountants, auditors) bound by professional confidentiality, where strictly necessary.
• Public authorities, where required by Italian or EU law.

Some processors are based outside the EU/EEA (notably Netlify in the United States). Where this is the case, transfers are made under the European Commission's Standard Contractual Clauses or other valid transfer mechanisms under Chapter V of the GDPR.

6. Your rights

Under Articles 15–22 of the GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request erasure ("right to be forgotten") in the cases provided by law
• Restrict or object to processing
• Receive a portable copy of your data
• Withdraw any consent given, at any time and without affecting the lawfulness of prior processing
• Lodge a complaint with the Italian supervisory authority (Garante per la protezione dei dati personali, www.gpdp.it)

To exercise any of these rights, please contact us at info@hydra-advisory.com. We will respond within the timeframes required by Article 12 GDPR (generally one month).

7. Security

We implement reasonable technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure. These include encrypted (HTTPS) transmission of all form submissions, hashed storage of any subscriber credentials, and restricted access to enquiry data. No transmission over the internet can be guaranteed entirely secure, however, and you acknowledge this when providing data through the site.

8. Children

This website is intended for professional use and is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors.

9. Changes to this policy

This Privacy Policy may be updated from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be notified through the website.

10. Contact

For any questions about this Privacy Policy or about how your data is handled, write to info@hydra-advisory.com.