Privacy Policy

Interpretation and Definitions

The terms used in this Privacy Policy shall have the meanings ascribed to them in the following Definitions, and they shall have the same meaning regardless of whether they appear in the singular or plural form.

Data Subject’s Consent (hereinafter referred to as “Consent“) refers to any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Usage Data refers to the data collected automatically, generated by the use of the Service or the Service infrastructure itself (e.g., the duration of a page visit).

Personal Data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Device refers to any device capable of accessing the Services, such as a computer or mobile phone.

Services refers to the Website.

Company (hereinafter referred to as “Geckosoft“) refers to Geckosoft S.r.l with registered office at Via San Lorenzo, 6, 56127, Pisa (PI), VAT: IT02208570503.

Website refers to the Rationale AI website accessible at .

Third Party refers to a natural or legal person, public authority, agency, or body other than the Data Subject, the Data Controller, the Data Processor, and persons who, under the direct authority of the Data Controller or Data Processor, are authorized to process Personal Data.

Data Controller refers to the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

Processing refers to any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Article 1 – Introduction

Geckosoft is committed to process personal data in compliance with the General Data Protection Regulation – Regulation (EU) 2016/679 (hereinafter also referred to as “GDPR”) and other applicable privacy laws .

This Privacy Policy (and any other documents referred to in it) sets out the basis on which the Company will process any personal information about you or individuals in general when they use the Rationale AI website, (hereinafter, also referred to as the “Site”), including the rules on data protection and the legal conditions that must be satisfied when the Company obtains, handles, processes, transfers or stores personal information. Furthermore, this Privacy Policy  informs the user about their rights and the type of protection granted by the law to the user. Pursuant to Article 28 of the GDPR, Geckosoft sets out the processing rules in writing, which is done in this document.

Article 2 – Data Controller

For the purpose of this Privacy Policy, Data Controller is Geckosoft S.r.l, with registered office at Via San Lorenzo, 6, 56127, Pisa (PI), VAT: IT02208570503.

Article 3 – Types of personal data collected

Personal Data: During the user’s use of the Services provided by Geckosoft, Geckosoft may ask the user to provide certain personal information that can be used to contact or identify the user. Personal information may include:

  • Name and place of birth
  • Email address
  • Phone number
  • Job title and place of work
  • Location information such as your post code and postal address

Browsing Data:  The computer systems and software procedures used to operate the website acquire, during their normal operation, certain data whose transmission is implicit in the use of Internet communication protocols. Such data, necessary for the provision of web services, are also processed for the purpose of: (I) obtaining statistical information about the use of the services (most visited pages, number of visitors per time slot or day, geographical areas of origin); (II) monitoring the proper functioning of the services offered.

Article 4 – Purpose and legal basis for processing

Geckosoft may process your personal data in connection with the following processing activities:

  • Execution of pre-contractual and contractual measures: In particular, your personal data will be processed for the purpose of: (i) contacting you following the completion of the form on the Site; (ii) if requested, fulfilling the contract related to the use of the Software.
    Legal basis: Article 6 (1) (b) of the GDPR, as it is necessary for the performance of contractual or pre-contractual obligations.
  • Use of the Rationale AI website: Geckosoft may process personal data about visitors to the Rationale AI website. Geckosoft uses cookies and other information gathering methods to enhance the user experience and optimize the functions of the Site, where personal data such as the data subject’s IP address may be collected. For more detailed information, please read our Cookie Policy.
    Legal basis: GDPR Article 6 (1) (f) as Geckosoft has a legitimate interest in maintaining and improving the webpage and collecting statistics about how visitors are using the webpage.
  • Ensure compliance and legitimate interests: Geckosoft may also process personal data to comply with statutory obligations to which Geckosoft is subject, and to safeguard own or third parties’ legitimate interests.
    Legal basis: GDPR Article 6 (1) (f) in relation to Geckosoft establishing a legal claim or preventing unauthorized access to or disclosure of personal data.
  • Legal obligations: Geckosoft may process personal data due to legal obligations applicable to the operation of Rationale AI. Geckosoft may also, on a case-by-case basis, process personal data for other purposes and rely on different legal grounds, such consent or legitimate interest or, in accordance with applicable data protection law, as set forth in an applicable privacy notice.
    Legal basis: GDPR Article 6 (1) (c), such as Geckosoft’s need to meet accounting obligations.

Article 5 – Processing and Transfer of Personal Data

The user’s Personal Data is processed at the operational offices of Geckosoft and at any other location where the parties involved in the processing are located.

Third-party subjects, such as technical service providers, hosting providers, and IT companies, may have access to your personal data. They may act as independent data controllers or as external data processors duly appointed by the Data Controller, in accordance with Article 28 of the GDPR. Additionally, the data may be disclosed to public security authorities, judicial authorities, entities, or authorities to whom the communication of the user’s Personal Data is mandatory pursuant to legal provisions or orders from authorities. An updated list of data processors appointed by the Data Controller can always be requested from the Data Controller itself.

Article 6 – Retention period

Your personal data processed for the purposes referred to in Article 4, letter a), will be retained for the time necessary for the execution of pre-contractual and/or contractual measures for which they were collected. Consequently, your personal data will be retained for the entire duration of the pre-contractual and/or contractual relationship and, subsequently, for the period of time necessary to fulfill legal obligations, including accounting obligations, and in any case, for a maximum period of 10 years (statute of limitations).

At the end of this period, the data will be deleted. At the end of the retention period, your personal data will be erased. If the Data Controller intends to retain your personal data for a further period of time, they will inform you of this intention and request your explicit consent for that purpose.

Your personal data processed for the purposes stated in Article 3, letter c) above, will be kept at the Data Controller’s premises until the revocation of your consent. It is understood that the revocation of consent does not affect the lawfulness of processing based on consent before its revocation.

In order to ensure proper and transparent processing, Personal Data is retained for a period not exceeding the time necessary for the purposes for which they were collected or subsequently processed, in accordance with Article 5, paragraph 1, letter e) of the GDPR.

Personal Data may be retained for longer periods where necessary to fulfill statutory and/or legal obligations, as well as to ensure the judicial protection of the rights of the Data Controller in accordance with the ordinary prescription terms.

Article 7 – Cookies

When you use our Site, we and our service providers (who are third parties that perform services on our behalf) automatically collect certain information about your device and how you use the Site, including your IP address, browser type, browser language, operating system, the state or country from which you accessed the Site or Services, software and hardware attributes (including device IDs), number of clicks, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Site or Services, and other similar information. From your IP address, we may be able to infer your general location (e.g., city/state or postal code).

To collect this information, we and our service providers may use “cookies” or similar tools that track, measure, and analyze the behaviors and usage patterns of our users. Cookies are small data files that can be stored on your browser and device so we can recognize you when you return. We use cookies for analytics purposes, to deliver certain features of the Site, to help us understand how users engage with the Site, and to improve your experience. You may set your web browser to notify you when you receive a cookie and to accept or refuse certain cookies. However, if you elect not to accept cookies, some functionality and areas of the Site or Services may be restricted. To learn how to manage your cookies, please follow the instructions from your specific browser, or if accessing the Site or Services via a mobile device, refer to the manufacturer’s instructions. For more details, please refer to our Cookie Policy at

This Site uses the following cookies:

  1. necessary cookies that contribute to the usability of the Site by enabling basic functionalities such as page navigation and access to protected areas of the Site. The Site cannot function properly without these cookies.
  2. analytical cookies that allow understanding how users interact with the Site by collecting and reporting anonymous information for statistical purposes.
  3. preference cookies that allow the Site to store information that influences its behavior or appearance, such as preferred language or user’s location.
  4. marketing cookies that are used, with the prior consent of the user, to track visits to the Site. The purpose is to present relevant and engaging advertisements to individual users, thereby providing greater value to third-party publishers and advertisers.

Article 8 – Rights of the data subject

The user can exercise the following rights:

  1. Right to access to the personal data provided and the right to receive a copy thereof (Article 15 GDPR);
  2. Right to rectify personal data  (Article 16 GDPR);
  3. Right to delete personal data (Article 17 GDPR);
  4. Right to request the restriction of the processing of personal data (Article 18 GDPR);
  5. Right to transfer personal data (Article 20 GDPR).
  6. Right to object to the processing of personal data provided  (Article 21 GDPR).
  7. Right to lodge a complaint with the Supervisory Authority for Personal Data Protection, if the user believes that the processing of personal data is carried out in violation of the applicable regulations (Article 77 GDPR), or to seek appropriate judicial remedies under Article 79 GDPR.

In the event that the Data Processing is based on consent, you also have the right to withdraw the consent to the processing of your personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

The Controller shall not make a decision towards you that is based solely on automated processing, including profiling.

The user can exercise the aforementioned rights by writing to

Article 9 – Changes to the Privacy Policy

Geckosoft may periodically update the Privacy Policy found on Where Geckosoft decides to update the Privacy Policy, it will notify the user of any changes by publishing the updated version on this page. Geckosoft will inform the user via email and/or a prominent notice before the change takes effect and will update the ‘Last Updated’ date at the top of the Privacy Policy. Geckosoft recommends that the user periodically check this document for any changes. Changes to this document  are effective as of the date they are published on this page.

Article 10  – Contacts

If you have any questions regarding this Privacy Policy, you can contact Geckosoft by writing to