Privacy Policy

Informativa sulla Privacy

Last updated: 7 April 2026

This privacy policy explains how Murray Mills, independent professional (Libero Professionista), collects, uses, and protects personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Italian and Australian privacy legislation.

Data Controller

The data controller is Murray Mills, with registered office at [YOUR ADDRESS], Partita IVA: [YOUR P.IVA NUMBER].

Data Collected

We collect the following personal data through the contact form, assessments, and resource downloads on this website:

  • Full name
  • Email address
  • Phone number (if provided)
  • Organisation name (if provided)
  • Message content
  • IP address and user-agent string (collected automatically for security and session tracking)
  • First-party session identifier (see Session Tracking below)

Purpose of Processing

Personal data is collected and processed for the following purposes:

  • To respond to your enquiries and requests for information
  • To provide the professional services described on this website
  • To understand the full journey a contact took on this site before they chose to get in touch, so follow-up conversations can be more relevant
  • To comply with legal and tax obligations

Legal Basis

The legal basis for processing your data is your explicit consent (Art. 6(1)(a) GDPR) provided via the contact form and the cookie consent banner, and the necessity of processing for the performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR).

First-Party Session Tracking

When you visit this site we set a single first-party cookie called mm_sid, which contains a random identifier and nothing else — no name, no email, no profile data. The cookie lets the server record which pages you visited on this site so that, if you later contact us via the contact form, an assessment, or a resource request, we can see the full journey that led you there. The cookie is first-party (set by this domain only), httpOnly, SameSite=Lax, and expires after 180 days of inactivity. IP addresses are truncated at the point of storage — the last octet of an IPv4 address (/24) and the last 80 bits of an IPv6 address (/48) are zeroed before being written to disk — so the stored data can no longer uniquely identify a household or device. The data stays on the server that hosts this site — it is never shared with third parties, ad networks, or analytics providers, and is never used to profile you across sites. This processing falls under the guidance issued by the French CNIL and the Italian Garante, which permits first-party non-profiling analytics on a notice-and-opt-out basis rather than requiring prior consent. You can opt out at any time by clicking Opt out on the cookie banner, which sets a separate mm_optout cookie and stops all tracking. If the banner is no longer visible you can restore it by clearing cookies for this site.

Data Retention

Contact form, assessment, and resource-request records are retained while the relationship is active and for a reasonable period after, in accordance with applicable legal retention requirements. First-party session data (mm_sid cookie records) is automatically deleted after 180 days of inactivity. You may request earlier deletion of all your personal data at any time.

Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time

Contact for Data Protection

To exercise your rights or for any questions regarding data protection, please contact: [email protected]

Make a Difference With Expert Guidance

Let's Work Together