RegulationsOffice Privacy Notice

Controller and contact

RegulationsOffice is a 10li-operated business surface for informational requests and manual scoping. Paid engagements are not concluded through this public site until the registered contracting entity, postal address, VAT/tax details where applicable, and written scope are confirmed directly with the requester.

For privacy, legal, or data-rights requests, contact: hello@regulationsoffice.eu.

What data is collected

• Website and event logs: requested path, timestamp, event label, selected plan/profile where relevant, IP address hash, and user-agent hash.
• Request forms: name, email, company/team, countries or markets, service interest, timeline, message, and selected preference fields.
• Newsletter preference form: preferred profile, frequency, countries/markets, watch topics, and explicit manual-review consent.
• Operational metadata: spam/rate-limit signals, form source, and governed-review queue status.

Purposes and lawful bases

• Responding to requests and preparing scoped replies: legitimate interest and pre-contract steps requested by the sender.
• Newsletter preference review: explicit positive request/consent captured by the form; no automatic subscription or send is activated.
• Security, abuse prevention, and diagnostics: legitimate interest in operating a safe public site.
• Compliance with legal obligations: where retention, accounting, or dispute-handling duties apply after a paid engagement is agreed.

Sensitive information

Do not send credentials, API keys, regulated internal files, raw supplier exports, health data, special-category data, or confidential client evidence through public forms. If deeper work is appropriate, a secure file exchange method must be agreed first.

Cookies and analytics

The public static pages do not intentionally set advertising or third-party analytics cookies. Some pages use first-party event endpoints to record hashed technical signals and CTA/form events for safety and product improvement. If cookie-based analytics or marketing tools are introduced later, this notice and consent UX should be updated before activation.

Storage, protection, and retention

• Form records are stored in private server-side queues outside the public web root for governed manual review.
• Technical safeguards include HTTPS, private storage paths, input length limits, honeypot/rate-limit controls, and hashed IP/user-agent fields in event records where possible.
• Public forms are intended for high-level context only. Sensitive records should move only through a separately agreed secure file exchange path.
• Request and preference records should be kept only as long as needed for review, follow-up, legal obligations, or dispute handling. The operational retention target is up to 24 months for open/recent business records unless a shorter period is required or deletion is requested and no overriding obligation applies.
• Backups and server logs may persist for a limited operational period before rotation or deletion.

Processors and transfers

Infrastructure, email, and manual-review tooling may involve hosting, mailbox, and operational providers. Before regulated or sensitive material is accepted, the secure file exchange and processor position should be confirmed. If personal data is transferred outside the EEA, appropriate safeguards should be used where required.

Your rights

• Request access to personal data held about you.
• Ask for inaccurate or incomplete data to be corrected.
• Ask for deletion where the data is no longer needed or processing is unlawful.
• Object to or restrict certain processing where applicable.
• Withdraw newsletter/preference consent without disadvantage.
• Request portability where applicable.
• Contact a supervisory authority if you believe your data has been mishandled.

Last updated

2026-04-29. This notice is an operational publication and should be reviewed by counsel before broad paid promotion or standardized contracting.