OsintOps

Privacy Policy

Last updated: 20 May 2026

This Website collects some Personal Data from its Users.

Users may be subject to different protection standards. Some Users therefore benefit from a higher level of protection. Further information about the protection criteria can be found in the Applicability of the higher protection standard section.

Index

Data Controller

The Data Controller for the Personal Data collected through this Site is Alessandro Rossetti (natural person), editorial curator of the OsintOps project (https://osintops.com).

Data Controller’s email address: osintops1@tutanota.com

The processing does not take place in the exercise of a professional or commercial activity: the Site is a non-profit editorial project of an informational nature.

Types of Data collected

Among the types of Personal Data that this Website collects, by itself or through third parties, there are: name, email address, comment or message content, IP address, browser User-Agent, Cookies and Usage Data.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.

Personal Data may be freely provided by the User (for example by filling in a contact form) or, in the case of Usage Data, collected automatically while the User browses the Site.

Unless otherwise specified, all Data requested by the Site is mandatory and failure to provide it may make it impossible for the Site to provide the requested service (for example, replying to a contact request).

The use of Cookies — or other tracking tools — by the Site or by the integrated third-party services serves the purpose of providing the service requested by the User, in addition to any other purposes described in this document and in the Cookie Policy.

Users are responsible for any Personal Data of third parties obtained, published or shared through the Site (for example in a comment) and confirm that they have the right to communicate or disclose such Data, thereby releasing the Data Controller from any liability towards third parties.

Mode and place of processing the Data

Method of processing

The Data Controller adopts appropriate technical and organisational security measures to prevent unauthorised access, disclosure, alteration or destruction of Personal Data. Measures actively in place include:

  • encrypted connection between the User’s browser and the server (HTTPS with HSTS preload and modern ciphers);
  • Wordfence application firewall (Defiant Inc.) for protection against attacks on web applications;
  • access to the site’s administration area restricted and secured by strong credentials;
  • restriction of anonymous access to the WordPress REST API;
  • regular updates to the CMS and plugins to mitigate known vulnerabilities.

Processing is carried out using IT tools, with organisational procedures and logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases other parties involved in the operation of the Site may have access to the Data (such as the other blog authors or the system administrator) or external parties appointed as Data Processors (the hosting provider and the providers of the third-party services described below). An up-to-date list of Data Processors can be requested from the Data Controller.

Legal basis of processing

The Data Controller processes the User’s Personal Data when one of the following conditions applies:

  • the User has given consent for one or more specific purposes (for example: publishing a comment, installing cookies that are not strictly necessary);
  • processing is necessary for the performance of a contract with the User or for pre-contractual measures (for example: replying to a request for information sent via the contact form);
  • processing is necessary to comply with a legal obligation to which the Data Controller is subject;
  • processing is necessary for the legitimate interests pursued by the Data Controller or by third parties (for example: site security, log analysis for operation and maintenance).

It is always possible to ask the Data Controller to clarify the specific legal basis of each processing operation.

Place

The Data is processed at the Data Controller’s operating offices and at the offices of the hosting providers, as well as in any other place where the parties involved in the processing are located. The server hosting the Site is operated by SupportHost (Italy).

Some third-party services integrated into the Site may transfer Data outside the European Union — in particular to the United States of America. Such transfers, where they occur, are governed by:

  • adequacy decisions of the European Commission (EU–US Data Privacy Framework where applicable);
  • Standard Contractual Clauses approved by the European Commission;
  • other appropriate safeguards pursuant to Articles 46–49 of the GDPR.

The specific services and related transfers are listed in the Detailed information on the processing of Personal Data section.

Retention time

The Data is processed and stored for as long as required by the purposes for which it has been collected:

  • Browsing data (server logs): deleted at the end of the session or, in any case, within a maximum of 14 days, unless retention for a longer period is required to establish, exercise or defend a legal claim, or to comply with a legal obligation.
  • Article comments: retained indefinitely to ensure continuity of editorial discussion, subject to deletion upon request by the Data Subject.
  • Contact requests: retained for the time needed to handle the request and, in any case, no longer than 24 months from receipt.
  • Cookies: please refer to the Cookie Policy for the specific durations of each cookie.

Where the processing is based on consent, the Data Controller may retain Personal Data for longer until that consent is withdrawn. Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, the Personal Data is deleted. After that point, the rights of access, deletion, rectification and portability can no longer be exercised.

Purposes of processing

The User’s Data is collected to enable the Data Controller to deliver the editorial service and to ensure the operation, security and usability of the Site, as well as for the following purposes:

  • management and moderation of article comments;
  • replying to requests sent via the contact form;
  • protection against SPAM in comments;
  • protection of the Site from cyber attacks, intrusions and abuse;
  • automatic multilingual translation of content for international accessibility;
  • management of the User’s cookie preferences;
  • anonymous technical analysis and aggregate statistics on the operation of the Site.

For further details on the purposes of processing and the specific Personal Data relevant to each purpose, the User can refer to the next section.

Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Publication of comments on blog content

When the User posts a comment under an article, the Data strictly necessary for moderating and publishing the comment itself is collected.

  • Personal Data collected: name (or pseudonym) chosen by the User, email address, IP address, browser User-Agent and the content of the comment.
  • Visibility: the name and content of the comment are published below the article. The email address is not published and is visible only to the Site administrators.
  • Service: native WordPress functionality (content management system).
  • Place of processing: hosting servers (SupportHost, Italy).
  • Legal basis: the User’s consent (Art. 6(1)(a) GDPR), given at the moment the comment is submitted.

Contact form

When the User sends a message via the Site’s contact form, the Data provided is processed solely to reply to the request.

  • Personal Data collected: name, email address and message content. The IP address and browser User-Agent may also be collected, as ancillary data, for security purposes (SPAM and abuse detection).
  • Service: Kali Forms (WordPress plugin).
  • Place of processing: hosting servers (SupportHost, Italy).
  • Legal basis: pre-contractual measures taken at the Data Subject’s request (Art. 6(1)(b) GDPR).

SPAM protection

To filter comments and contact form submissions for SPAM messages, the Site uses the Akismet service provided by Automattic Inc.

  • Personal Data collected: IP address, browser User-Agent, comment data (name, email, optional URL, text) or message data submitted via the form.
  • Service: Akismet — Automattic Inc.
  • Place of processing: United States of America — Privacy Policy.
  • Legal basis: the Data Controller’s legitimate interest in preventing abuse on the Site (Art. 6(1)(f) GDPR).

Site security and protection against attacks

To protect the Site from cyber attacks, intrusions, automated scans and unauthorised access attempts, the Data Controller uses the Wordfence application firewall.

  • Personal Data collected: IP address, browser User-Agent, data relating to HTTP requests (requested URL, method, headers), any credentials submitted in login attempts.
  • Service: Wordfence — Defiant Inc.
  • Place of processing: the Site’s servers (Italy) for local analysis; aggregate data may be transmitted to Defiant Inc. (United States) for threat intelligence — Privacy Policy.
  • Legal basis: the Data Controller’s legitimate interest in the security of the Site and its visitors (Art. 6(1)(f) GDPR).

Automatic translation of content

The Site is available in Italian and English. Translation is handled by the TranslatePress plugin, which can integrate third-party machine translation services (Google Cloud Translation, DeepL) where configured.

  • Personal Data collected: textual content of the Site (not the User’s Personal Data, save for any Personal Data contained in published comments), the User’s language preference.
  • Service: TranslatePress (self-hosted plugin); any third-party machine translation services.
  • Place of processing: the Site’s servers (Italy); if an integration with Google Cloud Translation or DeepL is enabled, the translated content is sent to the provider’s servers (United States / Germany) — Google Privacy Policy, DeepL Privacy Policy.
  • Legal basis: the Data Controller’s legitimate interest in offering multilingual content to international Users (Art. 6(1)(f) GDPR).

Cookie consent management

To record the User’s cookie choices and demonstrate their lawfulness under the GDPR, the Site uses the CookieYes service.

  • Personal Data collected: IP address (in anonymised form for statistical purposes), anonymous unique consent identifier, date and time of consent, preferences expressed, browser User-Agent.
  • Service: CookieYes — CookieYes Limited.
  • Place of processing: United Kingdom (country covered by an EU adequacy decision) — CookieYes Privacy Policy.
  • Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR, read in conjunction with Art. 7 GDPR — demonstration of consent).

The rights of Users

As a Data Subject of the processing, the User may exercise the rights provided by Regulation (EU) 2016/679 (GDPR). In particular, the User has the right to:

  • withdraw consent at any time — where processing is based on consent, the User may withdraw it without affecting the lawfulness of any processing carried out previously;
  • object to the processing of their Data when it is carried out on a legal basis other than consent (legitimate interest, performance of a contract, legal obligation);
  • access their Data — obtain confirmation that processing is taking place, access the Data being processed and receive a copy of it;
  • verify and request the rectification of inaccurate Data or the integration of incomplete Data;
  • obtain restriction of processing in the cases provided for by Art. 18 GDPR;
  • obtain erasure of their Data in the cases provided for by Art. 17 GDPR (“right to be forgotten”);
  • receive their Data in a structured, commonly used and machine-readable format and, where technically feasible, have it transferred to another controller (portability — Art. 20 GDPR), where the processing is based on consent or on a contract and is carried out by automated means;
  • lodge a complaint with the competent supervisory authority for the protection of personal data, or seek legal remedy. In Italy, the supervisory authority is the Garante per la protezione dei dati personali (www.garanteprivacy.it).

Details about the right to object

When Personal Data is processed in the legitimate interest of the Data Controller, the User has the right to object to such processing on grounds relating to their particular situation. The Data Controller will assess each request and, unless there are compelling reasons to continue the processing, will stop processing the User’s Data.

The Site does not carry out direct marketing activities: there are no advertising campaigns, commercial profiling or promotional newsletter sending.

How to exercise these rights

To exercise the rights listed above, the User can send a request to the Data Controller’s email address indicated in the Data Controller section. Requests are submitted free of charge and are handled by the Data Controller as quickly as possible, in any case within one month of receipt (Art. 12(3) GDPR).

Applicability of the higher protection standard

While the majority of provisions of this document apply to all Users, some are expressly subject to the applicability of a higher protection standard for the processing of Personal Data.

Such higher protection standard is always granted when the processing:

  • is performed by a Data Controller based in the European Union; or
  • concerns Personal Data of Users located in the European Union and is functional to the offering of goods or services, paid or otherwise, to such Users; or
  • concerns Personal Data of Users located in the European Union and enables the Data Controller to monitor the behaviour of such Users insofar as that behaviour takes place within the Union.

Since the Data Controller is based in Italy and the Site is aimed at Italian and international audiences, the higher protection standard is applied to all Users.

Cookie Policy

This Website uses Cookies. To learn more and consult the detailed notice, please refer to the Cookie Policy.

Further information about processing

Legal action

The User’s Personal Data may be used by the Data Controller in court, or in the stages leading to any potential legal action, for defence against abuses in the use of the Site or the connected Services by the User. The User declares to be aware that the Data Controller may be required to disclose Personal Data upon order of public authorities.

Specific information notices

Upon the User’s request, in addition to the information contained in this privacy policy, the Site may provide the User with additional contextual information notices concerning specific services or the collection and processing of Personal Data in particular circumstances.

System logs and maintenance

For operation and maintenance purposes, the Site and any third-party services may collect system logs — files that record interactions and may also contain Personal Data such as the User’s IP address. Such logs are retained for the time strictly necessary to resolve technical incidents and, in any case, no longer than the retention periods indicated in the Retention time section.

Information not contained in this policy

Further information on the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided at the top of this document.

Response to “Do Not Track” requests

The Site does not automatically support Do Not Track (DNT) requests sent by browsers. To determine whether any third-party services integrated into the Site support them, the User is invited to consult their respective privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by providing notice to Users on this page and, where possible, by using one of the contact details held. Users are encouraged to consult this page regularly, referring to the “Last updated” date indicated at the top.

Should the changes affect processing based on consent, the Data Controller will collect the User’s consent again, if necessary.

Definitions and legal references

Personal Data (or Data)

Personal Data is any information that, directly or indirectly, even in combination with any other information, including a personal identification number, makes a natural person identified or identifiable.

Usage Data

Information collected automatically through the Site (including from third-party applications integrated in the Site), such as: the IP addresses or domain names of the computers used by the User connecting to the Site, the URI (Uniform Resource Identifier) addresses, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server response (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various time-related details of the visit (for example the time spent on each page) and the details concerning the path followed within the Site.

User

The individual using the Site who, unless otherwise specified, coincides with the Data Subject.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor (or Processor)

The natural or legal person, public administration or any other entity that processes Personal Data on behalf of the Data Controller, as set out in this privacy policy.

Data Controller (or Controller)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures relating to the operation and use of the Site. Unless otherwise specified, the Data Controller of this Site is the owner of the Site.

This Site (or this Application)

The hardware or software tool through which the Personal Data of Users is collected and processed.

Service

The editorial service provided by OsintOps through the Site.

European Union (or EU)

Unless otherwise specified, any reference to the European Union in this document is intended to extend to all current member states of the European Union and the European Economic Area.

Cookie

A small piece of data stored within the User’s device.

Legal references

This privacy notice is drafted on the basis of multiple legal systems, including Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 (“Personal Data Protection Code”) as amended by Italian Legislative Decree 101/2018.

Unless otherwise specified, this privacy notice applies exclusively to this Site.