EN
AR DE ES FR IT PL PT RU
Advanced Search
0 item in the cart
Items added to the cart will be displayed here
View the cart
Access
Unregistered User
Login to place orders
Login
Privacy
Home / Privacy

WEBSITE PRIVACY NOTICE
ART. 13 OF REGULATION (EU) 2016/679 (“GDPR”)

Pursuant to Regulation (EU) 2016/679 (hereinafter the “GDPR”), laying down provisions on the protection of personal data, COVIND S.p.A. (sole shareholder) (VAT no. 03699000018), with registered office at Strada della Cebrosa 68, 10036 Settimo Torinese (TO), Italy, in its capacity as Data Controller, hereby provides the main information regarding the use of your personal data through this website (hereinafter also referred to as the “Website” for the sake of brevity). This notice does not extend to other websites that may be accessed by the user via links contained herein.

  1. Sources and categories of personal data

The personal data held by the undersigned organization are collected directly from the data subjects. This Website does not collect data belonging to special categories of personal data, meaning data capable of revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of trade unions, associations or organizations of a religious, philosophical, political or trade-union nature, health status, or sex life.

  1. Cookies

Like many others, this Website stores cookies on the browser used by the user for the transmission of personal information and in order to enhance the user experience. Cookies are small text strings that the websites visited by the user send to their device (usually the browser), where they are stored—sometimes with a long retention period—and subsequently retransmitted to the same websites upon the user’s next visit.

Further details, as well as the possibility to modify your consent to the use of cookies, are available by consulting the Cookie Policy  of our website:

  1. Browsing Data

The IT systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects; however, by its very nature, it could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment. These data are used solely for the purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning, and are deleted immediately after processing. The data may be used to ascertain liability in the event of hypothetical computer-related offences to the detriment of the Website.

This Website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the website operator. An encrypted connection can be recognized in the browser’s address bar when it changes from “http://” to “https://” and the padlock icon appears in the browser’s address bar.

If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

  1. Profiling Data

No profiling data relating to the data subject’s habits or consumption choices are directly collected. However, it is possible that such information may be collected by independent or separate third parties through links or by embedding third-party elements. In this regard, please refer to the section on Third-Party Cookies.

  1. Data Provided Voluntarily by the User

The optional, explicit, and voluntary sending of emails to the addresses indicated on the Website entails the subsequent acquisition of the sender’s email address, which is necessary in order to respond to requests, as well as any other personal data included in the email. Likewise, the explicit and voluntary submission of fillable forms on the Website containing the data subject’s personal data entails their processing in order to fulfil pre-contractual obligations or to perform the services provided for through the submission of such forms. The information contained in the forms may include personal identification data, contact details, addresses, telephone numbers, accommodation facility details, email addresses of the data subjects, and of identified or identifiable third parties having a relationship with the Website user.

The user assumes responsibility for the personal data of third parties obtained, published, or shared through this Website and warrants that they have the right to communicate or disclose such data, thereby holding the Data Controller harmless from any liability towards third parties.

  • Newsletter, Mailing-list

The email contacts used for sending communications from the Website derive from voluntary subscriptions by the recipients, for which a confirmation request is always required, as well as from information collected in the context of the sale of the Data Controller’s products or services, or similar activities. This includes the sending of information, promotional communications, and materials. It is emphasized that such contacts are not obtained from public subscriber directories. If the communications are not of interest to the recipient, it is possible to prevent any further contact by clicking the relevant link contained in each message, or by writing to the contact details provided at the end of the communication, thereby exercising the right to unsubscribe from the newsletter.

 

  • Contact Form

By completing the contact form with their personal data, the user consents to its use for the purpose of responding to requests for information, quotations, or any other requests submitted through the contact form. Any interest in collecting and/or recording special categories of personal data or judicial data is expressly excluded; therefore, users are invited not to provide such information when completing the contact form.

In the event that the user voluntarily communicates personal data belonging to special categories (e.g. data relating to health status), the organization will delete such data, provided that this does not prejudice the processing of the data.

  •  Restricted Area

The information uploaded by the user in the restricted area is protected by encryption and authentication systems and is accessible only to authorized users, namely the data subjects themselves and/or the intermediaries involved. Such information is not subject to any dissemination activities.

The Data Controller does not intentionally collect or store personal data of individuals under the age of 18, nor does it intentionally allow such minors to use the Website. Users under the age of 18 are therefore requested not to register on the Website and not to provide personal data.

  • Clarification on Pre-Sales Activity

This privacy notice is intended for all users who visit and interact with the website https://www.covind.it/ , which has an exclusive pre-sales function and does not qualify as an e-commerce platform. The Website is used solely for the presentation of the product catalogue and for the collection of order requests.

No online transactions or payments are carried out or managed through the Website. Orders submitted via the Website do not constitute a sales confirmation, but rather a request that will be reviewed by the sales department. Order confirmation and payment methods will be communicated directly to the customer following verification of product availability and applicable conditions.

  1. Purposes and Legal Bases of the Processing

 Your personal data are processed as follows:

  1. to enable browsing of the Website (pursuant to Art. 6(1)(f) of the GDPR);
  2. to perform the service or supply requested in the context of the ordinary activities carried out by the undersigned organization (pursuant to Art. 6(1)(b) of the GDPR), by way of example and without limitation:
    • to allow registration for the e-commerce platform and to manage access to the related services;
    • to enable and facilitate the online purchase of products and the possible conclusion of the purchase contract through the e-commerce platform;
    • to maintain and manage the account created following registration;
    • to store data and information within the created account (e.g. personal details, order/purchase/return history, preferred delivery and billing addresses);
    • to allow products to be added to the shopping cart and to conclude the purchase contract through the e-commerce platform;
    • to enable and facilitate the online purchase of products and the possible conclusion of the purchase contract through the e-commerce platform for users who use the “Purchase as a guest” service without registering on the e-commerce platform;
    • to perform the purchase contract and the related purposes and to fulfil all legal obligations connected thereto;
    • delivery of the products sold by courier;
    • general assistance and customer care activities.

Furthermore, all personal data may also be processed:

  1. for purposes related to obligations provided for by law, as well as by provisions issued by authorities empowered to do so by law (pursuant to Art. 6(1)(c) of the GDPR), by way of example and without limitation:
    1. performance of administrative and/or accounting and/or tax obligations related to the provision of e-commerce services and/or to the purchase contract concluded (e.g. keeping accounting records and issuing the sales invoice);
  2. for the establishment, exercise, or defense of a right in judicial and out-of-court proceedings (legitimate interest) of the undersigned organization (pursuant to Art. 6(1)(f) of the GDPR);
  3. for functional purposes, based on the legitimate interest of the Data Controller, in particular for navigation and usage logs in order to protect the Website and the service from cyber-attacks and to identify any malicious or fraudulent activities (pursuant to Art. 6(1)(f) of the GDPR);
  4. for direct marketing purposes, differentiated as follows:
    • with regard to existing customers, for the sending of communications relating to products or services similar to those already purchased, on the basis of the legitimate interest of the Data Controller (pursuant to Art. 6(1)(f) of the GDPR), in accordance with Art. 130(4) of Legislative Decree No. 196/2003, unless the data subject objects (so-called “soft spam”);
    • with regard to non-customers, subject to prior explicit consent (pursuant to Art. 6(1)(a) of the GDPR), for the sending of newsletters, promotional communications, commercial information, and satisfaction surveys, including by automated means (e.g. email, SMS, instant messaging) or by traditional methods (postal mail or telephone calls with an operator).

g) for marketing purposes through digital technologies, as follows:

- Online cookies and advertising identifiers: subject to the user’s specific consent (pursuant to Art. 6(1)(a) of the GDPR), for the installation of profiling cookies and similar tools (e.g. tracking pixels, advertising IDs, tags), aimed at displaying personalized advertising and content in line with the user’s preferences. For further information, please refer to the Website’s Cookie Policy.

- Use of the email address for promotional activities:

      1. as already specified in point f), with regard to customers, on the basis of legitimate interest;
      2. in all other cases, subject to the data subject’s prior consent.

 

  1. Consequences of Refusal to Provide Data

The provision of data collected from the data subject is voluntary but indispensable for the processing of such data for the purposes referred to in points a) and b) above. If the data subjects do not provide the essential data and do not allow their processing, it will not be possible to carry out and implement the services offered or to fulfil the contractual obligations undertaken, with consequent prejudice to the proper fulfilment of statutory obligations, such as accounting, tax, and administrative obligations, etc.

 

Apart from what is specified with regard to browsing data, the user is free to provide personal data for cookies and specific requests through forms, for example relating to products and/or services. Failure to provide such data may result in the impossibility of obtaining what is requested. For all non-essential data, including those belonging to special categories of personal data, provision is optional. In the absence of consent or in the event of incomplete or incorrect provision of certain data, including those belonging to special categories, the requested fulfilments may prove so incomplete as to cause prejudice, either in terms of sanctions or loss of benefits, both due to the inability to ensure that the processing is consistent with the obligations for which it is carried out and due to the possible failure of the results of such processing to comply with the obligations imposed by the applicable legal provisions. In such cases, the undersigned organization shall be deemed exempt from any and all liability for any sanctions or punitive measures that may be imposed.

  1.  Methods of Processing

The processing operations related to the Website’s web services are carried out using automated tools for the time strictly necessary to achieve the purposes for which the data were collected. Such processing takes place on servers located in Italy or within the EU and is carried out exclusively by technical staff authorized to process the data, or by any persons appointed to perform maintenance and administration activities. Specific security measures are implemented to prevent data loss, unlawful or improper use, unauthorized access, and loss of confidentiality.

For the purposes of this notice, “processing of personal data” means their collection, recording, organization, storage, processing, modification, erasure, and destruction, or the combination of two or more of these operations. In relation to the purposes indicated above, personal data are processed using manual, IT, and telematic tools, according to logics strictly related to such purposes and, in any event, in a manner that ensures data security and confidentiality. Personal data will therefore be processed in compliance with the methods set out in Article 5 of Regulation (EU) 2016/679, which provides, inter alia, that data must be processed lawfully and fairly, collected and recorded for specified, explicit, and legitimate purposes, accurate and, where necessary, kept up to date, relevant, complete, and not excessive in relation to the purposes of processing, in compliance with fundamental rights and freedoms, as well as with the dignity of the data subject, with particular reference to confidentiality and personal identity, through appropriate protection and security measures. The undersigned organization has implemented, and will further enhance, the system for secure access to and storage of data.

No automated decision-making process (e.g. profiling) is carried out.

  1. Categories of Recipients

Your data may be disclosed:

    • to employees and collaborators of the Data Controller, in their capacity as authorized persons and/or Data Processors, all of whom are appropriately instructed and perform specific tasks and operations (website administration, analysis of browsing and traffic data, management of emails and forms voluntarily submitted by the user, processing of requests and e-commerce orders, and support for e-commerce services, etc.). An up-to-date list of Data Processors and authorized persons is kept at the registered office of the Data Controller;
    • in the cases and to the parties provided for by law.

The data will not be subject to disclosure, except where otherwise required by law or following anonymization. Without prejudice to what is specified with regard to cookies and third-party elements, in the absence of the data subject’s prior general consent to disclosure to third parties, only those services that do not involve such disclosure may be provided. Where necessary, specific and explicit consents will be requested, and the parties receiving the data will process them in their capacity as independent data controllers.

In certain cases (not falling within the ordinary management of this Website), supervisory authorities may request information for the purpose of monitoring the processing of personal data. In such cases, the response is mandatory, failing which administrative sanctions may be imposed.

  1. Data Retention Period and Processing upon Expiry

The Data Controller will process personal data for the period necessary to fulfil the purposes set out above. The Data Controller may be required to retain personal data for a longer period in compliance with a legal obligation or by order of an authority.

Data processed for contractual purposes will be retained for 10 years; data processed for marketing purposes will be retained until consent is withdrawn and, in any case, for no longer than 24 months; technical browsing data will be retained for a maximum of 12 months, unless different retention periods are required by law.

12. Transfer of Data Outside the EU

Your personal data are processed at the Data Controller’s operational headquarters and at any other locations where the parties involved in the processing are located, in any case within the European Union. It is nonetheless understood that, where necessary, the Data Controller may transfer such data abroad to non-European countries.

In such cases, the Data Controller hereby ensures that any transfer of data outside the European Union will be carried out in compliance with the applicable legal provisions, following the execution of the standard contractual clauses adopted by the European Commission. Specifically, your data will be transferred to non-European countries only where the level of data protection in the third country has been deemed adequate by the European Commission pursuant to Article 45 of the GDPR. In the absence of an adequacy decision, the transfer of data may nevertheless take place where one of the derogations provided for under Article 49 of the GDPR applies (e.g. consent, transfer necessary for contractual or pre-contractual purposes in relation to a contract concluded with or in favor of the data subject, establishment, exercise, or defense of legal claims, etc.).

13. Rights of the Data Subject

You have the right at any time to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to obtain:

  1. Access to personal data, in order to:
  • know the categories of data processed, the purposes for which they are processed, the recipients or categories of recipients to whom such data have been or will be disclosed, the period for which the data will be stored or, if not possible, the criteria used to determine that period, your rights, the existence of appropriate safeguards in the event that data are transferred to a third country, and whether an automated decision-making process, including profiling, is in place (at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing);
  • obtain a copy of the personal data undergoing processing, without adversely affecting the rights and freedoms of others..
  1. Rectification of inaccurate personal data or, where you have an interest, the completion of incomplete data,
  1. Erasure of your personal data in the following cases:
  • where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • where your personal data have been processed unlawfully;
  • where you withdraw your consent and there is no other legal ground for the processing;
  • where you object to the processing and there are no overriding legitimate grounds or legal obligations;
  • where the Data Controller is subject to a legal obligation to erase the data.
  1. Restriction of processing of your data in the following cases:
  • where the accuracy of the data is contested;
  • where the processing of the data is alleged to be unlawful;
  • where the data are required for the establishment, exercise, or defense of legal claims;
  • where you have objected to the processing, pending verification of the existence of overriding legitimate grounds.

 You also have the right:

  1. To object, in whole or in part:
  • to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • to processing necessary for the purposes of the legitimate interests pursued by the Data Controller or by third parties, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular where the data subject is a minor. The Data Controller must respond to your request within one month from the exercise of the right. The response must be provided in writing, including by electronic means, unless you request it orally. The response must be concise, accessible, and intelligible.
  1. Data portability, namely the right to request, where the processing is based on electronic means, the portability, in whole or in part, of your personal data.
  1. Right to lodge a complaint with the competent supervisory authority in the Member State in which you habitually reside, work, or in which the alleged infringement occurred.

To exercise your rights, you may:

  • send an email to gdpr@covind.it
  • send a registered letter with return receipt to COVIND S.p.A. (sole shareholder), Strada della Cebrosa 68, 10036 Settimo Torinese (TO), Italy.

14. Amendments to this Document

This document constitutes the Privacy Policy of COVIND S.p.A. (sole shareholder). It may be subject to amendments or updates.

Where such amendments or updates are significant, they will be notified to the data subjects through specific notices.

This document was last updated on 24 September 2025 in order to comply with the applicable legal provisions, in particular Regulation (EU) 2016/679.