Privacy & Cookie Policy

1Data Controller

The data controller is Coviola.com. For any privacy inquiry, you can contact us at info@coviola.com.

2Categories of Data Collected

We may collect and process the following types of data:

• Identification data: name, surname, company name, email address, phone number, billing information.
• Payment data: handled securely by payment processors (e.g. Stripe). Coviola does not store card details.
• Technical and browsing data: IP address, browser type, device identifiers, operating system, cookies, and access logs.
• Voluntarily provided data: content of messages, support requests, emails, or form submissions.
• Project data: files, images, credentials, or materials you provide to deliver services.
• Marketing preferences: newsletter subscriptions and interactions with marketing emails.

3Legal Basis and Purposes of Processing

Data is processed based on the following legal grounds:

• Contract execution: to deliver projects, maintain client relationships, process payments, and provide support.
• Legal obligations: for accounting, tax, and regulatory compliance.
• Legitimate interests: to ensure security, prevent fraud, and improve website functionality and service quality.
• Consent: for marketing communications, analytics, and optional cookies.

If consent is withdrawn, processing based on legitimate interest or legal obligation may continue where applicable.

4Use of Data

Personal data is used to:

• Respond to inquiries and provide project quotations.
• Deliver design, development, and marketing services.
• Manage subscriptions and renewals.
• Send updates, news, or promotional offers (only if consented).
• Analyze and improve service performance and website traffic.
• Comply with legal and tax requirements.

5Third-Party Processors and Services

To operate effectively, Coviola uses third-party providers acting as data processors under GDPR-compliant contracts:

• Stripe: processes payments securely under PCI DSS standards.
• Google Analytics: provides anonymized website analytics.
• Meta Pixel: measures campaign effectiveness (requires consent).
• Mailchimp: manages newsletters and marketing automation.
• Crisp Chat: provides live chat support and ticket management.
• Cloud hosting providers: store project and operational data in secure data centers.

Each provider processes data according to its own privacy terms and the Standard Contractual Clauses when outside the EU.

6Cookies and Tracking

Coviola.com uses cookies to provide a secure and optimized browsing experience.

• Essential cookies: required for site functionality and security (do not require consent).
• Analytical cookies: used to gather anonymized usage statistics.
• Marketing cookies: track engagement across platforms (require consent).

A cookie banner appears on your first visit, allowing you to accept, reject, or manage preferences. You can change preferences anytime through the "Cookie Settings" link at the bottom of the site.

7Data Retention

• Contractual and billing data: retained up to 10 years to comply with legal obligations.
• Communication data: retained up to 24 months or until consent is withdrawn.
• Analytics and cookies: retained according to the provider's policies and your consent settings.

After the retention period, data is securely deleted or anonymized.

8International Data Transfers

Some service providers may process data outside the EU. Where this occurs, Coviola ensures adequate protection through the European Commission's Standard Contractual Clauses (SCC) or other lawful mechanisms recognized by the GDPR.

9Security Measures

We use technical and organizational measures to safeguard data against unauthorized access, disclosure, loss, or alteration. These include encryption (SSL/TLS), restricted access, secure password management, and continuous system monitoring. No method of transmission or storage is completely risk-free, but we aim to maintain industry-level security standards.

10Your Rights under GDPR

You have the following rights:

• Access your personal data.
• Request correction of inaccurate or incomplete data.
• Request deletion of data ("right to be forgotten").
• Restrict or object to specific types of processing.
• Request data portability in a structured, machine-readable format.
• Withdraw consent at any time without affecting the legality of prior processing.
• File a complaint with the Garante per la Protezione dei Dati Personali (Italian Data Protection Authority) or your local supervisory authority.

Requests can be submitted by email to info@coviola.com. Coviola may verify your identity before fulfilling your request.

11Data of Minors

Coviola.com does not knowingly collect or process personal data of minors under 16 years old. If we become aware that such data has been provided without parental consent, it will be deleted promptly.

12Automated Decision-Making

Coviola does not make decisions solely based on automated processing that produce legal or similarly significant effects for users.

13Breach Notification

If a data breach occurs that poses a risk to individuals' rights and freedoms, Coviola will notify the relevant authority within 72 hours and affected users without undue delay, as required by the GDPR.

14Links to External Websites

Coviola.com may contain links to third-party websites or tools. Coviola is not responsible for their content or data protection practices. We encourage you to review their privacy policies.

15Policy Updates

Coviola may revise this policy to reflect service or legal changes. Updates will be posted on this page, with the most recent date listed at the top. Continued use of our website or services after changes means you accept the updated version.

16Contact Information

For any data protection question or exercise of your rights, contact us at:

info@coviola.com