This Privacy & Cookie Policy (“Policy”) explains how Bravo Outreach, owned by Milano Agency SRL (Viale Montenero 55, 20135 Milan, Italy – P.IVA IT13428430964 – REA MI-2722626) ("Bravo Outreach", "we", "us", "our") collects, uses, discloses, retains, and protects personal data across our services. This Policy applies to all interactions with Bravo Outreach, including websites, forms, marketing platforms, advertising, CRM, chat, and email campaigns.

1. Scope & Applicability

This Policy governs:

Personal data collected via websites, landing pages, forms, chat, CRM, emails, and ad platforms.

Use of cookies, pixels, tracking, analytics, and marketing tools.

Services delivered across platforms including Google Ads, Meta Ads, LinkedIn, TikTok.

It complements our Terms of Service and specific product notices. In the event of conflict, those specific notices prevail for relevant processing.

2. Controller & Contact Information

Data Controller: Bravo Outreach (Milano Agency SRL).

Address: Viale Montenero 55, 20135 Milan, Italy.

Email (Privacy): [email protected]

Responsible Personnel: While not a mandatory Data Protection Officer, we maintain an internal privacy governance framework overseeing compliance.

3. Key Definitions

Personal Data: Any information relating to an identified or identifiable individual.

Processing: Any operation performed on personal data (collection, use, disclosure, etc.).

Controller / Processor: Entities determining or processing data.

Consent: Freely given, specific, informed, and unambiguous indication of the data subject’s wishes.

Cookies & Tracking: Small text files, pixels, tags, JavaScript, SDKs used to collect data on usage and targeting.

4. Types of Personal Data Collected

Depending on interaction and service usage, we may collect:

Contact & Professional Data: Names, email, phone, company, job title, LinkedIn URL.

Lead Data & Outreach History: Meeting logs, pipeline stage, consent records.

Technical Data: IP address, browser, operating system, device type, time zone.

Usage Data: Page visits, click interactions, session durations, email opens/clicks.

Marketing Preferences: Subscriptions, opt-in/opt-out status, cookie preferences.

Billing Data: Invoicing information (when applicable).

Communication Records: Chats, emails, support tickets.

5. Sources of Data

Directly from You: Through forms, chats, emails, or interactions.

Automatically Collected: Via cookies, pixels, analytics tools.

Third-Party Providers: Enrichment services, CRM integrations, advertising platforms (subject to compliance and opt-out options).

6. Purposes & Legal Basis for Processing

PurposeLegal BasisService delivery, scheduling, supportContractual necessity; legitimate interestsMarketing, personalization, cold outreachWith consent (where required); legitimate interests in B2B contextsAnalytics & product improvementConsent-based for non-essential; legitimate interests for operationsAdvertising & retargetingConsent for cookies/pixels; legitimate interests where permittedSecurity & fraud preventionLegitimate interests; legal complianceLegal complianceLegal obligation; legitimate interests

7. Legitimate Interests Assessment (Summary)

We assess and ensure that legitimate interest processing:

Is necessary and minimally intrusive

Balances business interests with user rights

Provides opt-out mechanisms for profiling or marketing

Is transparent and documented

8. Data Retention

Personal Data is retained as necessary, according to internal schedules:

Leads & marketing data: up to 24 months

Contracts & billing: up to 10 years (tax compliance)

Security logs: up to 12 months, extendable for incidents

Data is regularly reviewed, and anonymized or deleted when no longer needed

9. Sharing & International Transfers

We may share data with:

Service providers acting as processors (e.g., hosting, CRM, analytics, ads platforms)

Legal advisors, authorities (as required)

Successor entities in mergers or acquisitions (under legal protections)

International Transfers: Data transferred outside the EEA, UK, or Switzerland is safeguarded via Standard Contractual Clauses (SCCs), UK IDTAs, adequacy decisions, or EU–U.S. Data Privacy Framework.

10. Security Measures

We employ robust technical and organizational measures:

Encryption in transit and at rest

Role-based access and least-privilege principles

MFA for critical systems

Regular vulnerability testing and audits

Staff privacy training

No system is completely secure—use strong passwords and MFA when available.

11. Your Rights

Under applicable laws, you may have:

Access, rectification, erasure, processing restriction, objection to processing, portability, and withdrawal of consent

Right to lodge complaints with supervisory authorities

Under CCPA/CPRA: right to opt-out of sale/sharing, know what is collected, correct, and delete data

Requests can be submitted via [email protected]. Identity verification is required to process requests.

12. U.S. State Privacy Rights

For California residents (and similar provisions in VA, CO, CT, UT):

Right to know, delete, correct, and opt-out of sale/sharing

We do not knowingly sell Personal Data of individuals under 16

Mechanisms for exercising these rights are available via contact or site links.

13. Direct Marketing & Analytics

Cold Email Outreach: To relevant B2B contacts with opt-out options; suppression lists maintained.

Analytics: Track activity such as email opens, link clicks, site behavior (with consent as needed).

Ads & Retargeting: Ads on major platforms run only after consent or lawful assessment; no sensitive profiling.

14. Profiling & Automated Decisions

We segment users for communication purposes. No fully automated decisions with legal or similarly significant impact are made solely based on profiling.

15. Children’s Privacy

Our Services are intended for business users. We do not knowingly collect data from individuals under 18. If detected, such data is deleted or anonymized immediately.

16. Do Not Track & Similar Signals

We do not respond to browser “Do Not Track” signals. Cookie consent is managed via the GoHighLevel Cookie Consent Tool, allowing opt-in/out per category.

17. Changes to this Policy

We may revise this Policy—updates will be live with the date updated. Significant changes will be communicated via prominent notices.

18. Complaints

You may lodge complaints with:

EU/EEA: Your local data protection authority

Italy: Garante per la Protezione dei Dati Personali

U.S.: As applicable (e.g., California Attorney General)

19. Cookie Policy

A. Cookie Categories

Strictly Necessary Cookies
Essential for site functionality (e.g., session management).

Performance Cookies
Aggregate usage data (e.g., Google Analytics ga, gid).

Functional Cookies
Preferences (e.g., language settings, form data).

Targeting/Advertising Cookies
Behavioural tracking for ads (Google Ads, Meta Pixel, LinkedIn Tag, TikTok Pixel).

Consent Cookies
Store cookie preferences set through GoHighLevel CMP.

B. Consent Management

The GoHighLevel CMP allows users to give granular, revocable consent. Non-essential cookies only load upon user consent. Preference settings can be changed at any time.

C. Third-Party Cookie Providers

We use cookies from:

Google (Analytics, Ads, remarketing)

Meta Platforms (Tracking Pixel)

LinkedIn (Insight Tag)

GoHighLevel (Consent management)

20. Appendices (Illustrative)

A – Cookie Register Example
Table listing cookies, purpose, category, provider, expires.

B – Illustrative Processor List
E.g., CRM vendor, email delivery platform, analytics, ad networks.

C – Data Retention Schedule
Mapping purposes to retention periods and deletion criteria.

D – Glossary & Legal References
Terminology definitions (e.g., GDPR Articles, SCCs, Consent definitions, International frameworks).

21. Contact Information

For questions or data requests:

Privacy Contact:
Bravo Outreach (Milano Agency SRL)
Viale Montenero 55, 20135 Milan, Italy
Email: [email protected]