Privacy Policy

Dear Visitor of the Website,

complying with Privacy Law is particularly dear to us. 

In particular, "General Regulation on Data Protection" (EU Regulation 2016/679, known under the English acronym "GDPR") requires us to provide you with the following information on the processing of your Personal Data, pursuant to Article 13 of the aforementioned Regulation.

"Processing of Personal Data", in plain words, means any operation concerning any "information relating to an identified or identifiable natural person". For example, first and last name, or an email address with a "user name" that identifies you (e.g. mariorossi@....), is considered "Personal Data", and the actions of collection, registration with us and use of your Personal Data to send you a communication, are considered "Processing" operations; same applies (again, for example) to communication of Data to other organizations and storage. 

Our organisation is defined as the "Data Controller", meaning that we are the entity that establishes how and for what purposes information relating to natural persons are processed.

You, as the "individual to whom the Personal Data refer", are referred to as the "Data Subject", and are entitled to receive the following information about who we are, what personal data we process, why, how and for how long we process it, and what obligations and rights you have in this regard.

If you are a natural person or a sole proprietorship, you are the Data Subject; if you are a private or public organization (e.g. a corporation, association, public body), the Data Subjects are the natural persons who administer the organization itself or who operate under its authority (e.g. its employees); information strictly related to the organization (e.g. tax code number or VAT number) is not considered Personal Data.

Depending on whether you are a simple Visitor or you write to us at the addresses available on the "Contacts" page, we collect and/or need you to provide us with certain Data, which we need to allow you to browse the Website; in the first case (i.e. when you only visit the Website) this information does not allow us to identify you (and therefore we will only process "Browsing Data").

Definitions of terms and expressions used within this Privacy Policy are contained in the Glossary. For anything not expressly defined therein, please refer to the definitions contained in the Terms of Use of the Website; in the event of any conflict between definitions, for the purposes of this Privacy Policy, the definitions in the Glossary (at the bottom of the page) shall prevail over those contained in the Terms of Use of the Website. 

The website of the Italian Data Protection Authority contains further information useful to better understand the topic (see e.g.:

Who are we ("Data Controller")?

COVERTECH S.r.l. - P.IVA/C.F.10827710012 - registered office: Via Gaetano Filangeri 8, 10128 Turin - operational headquarters Via Vittime di Piazza Fontana 32, 10024 Moncalieri (TO)

What categories of Personal Data do we process?

“Common" personal data (name and surname, tax code, e-mail address, telephone number, or any other data you may provide us with), to the minimum extent necessary to achieve each of the Purposes indicated below. 

Why do we process Personal Data (Purpose) and what is the basis for the Processing (Legal Basis) of each category of Data?



Categories of Personal Data

Legal basis


Analyze the traffic on the Website (e.g. detect the most visited pages, the number of visitors per time slot or day, geographical areas of origin, etc.) to understand how the Website is used, in order to manage, optimize, and improve it, or even just for statistical purposes; solve operational problems (e.g. anomalies in page loading); perform monitoring activities to reject and/or prevent cyber attacks and frauds 

Browsing Data, anonymous information (which does not allow us to trace your identity) and Common Personal Data (e.g. full IP address) 

The need to make the Website available in accordance with the Terms of Use (art. 6.1.b GDPR). 


To satisfy your requests regarding the Website and our activities received at the contact details on the "Contacts" page (e.g. requests for estimates)

Common Personal Data

The need to take pre-contractual measures at your request (Art. 6.1.b GDPR)

To whom do we communicate the Data (Categories of Recipients)?

To the minimum extent necessary to achieve each of the Purposes, on the basis of the Applicable Rules and/or a contractual agreement with the Data Controller, a:

  1. persons/entities necessary for the execution of the activities connected and consequent to the management of the Website and the supply of Services, who act as Data Processors (e.g. IT service providers, etc.); 
  2. consultants and/or professionals appointed by us, autonomous Data Controllers;
  3. other persons authorised by us (e.g. our employees), committed to confidentiality or subject to a legal obligation to confidentiality;
  4. public organisations and Authorities, if and to the extent required by the Applicable Law or their orders, or for the exercise, assessment and/or defence of a right in court. 

Do we transfer Personal Data outside the European Union?

No, we do not transfer Personal Data outside the European Economic Area (EEA). 

Do we carry out automated decision-making processes and/or profiling activities?

No, we do not carry out any automated decision-making processes or profiling activities. 

How long do we keep the Data?

We keep the personal data of those who write to us for information through the Contact Form / at the addresses available on the page "Contacts" for a maximum of two years after the request. As regards Browsing Data, see the following point.

Does the Website make use of Cookie?

Yes. Please refer to the Cookie Policy for more information and to view our policy on this matter.

Are you obliged to provide us with Personal Data?

Due to the operation of the Internet network, you may not refuse to communicate your Browsing Data; you may refuse to communicate certain Personal Data (such as the IP address of your device); you may refuse to install certain Cookies. 

You are, of course, not obliged to contact us at the contact details available on the "Contacts" page, but if you wish to do so, you must provide us with the Personal Data we require from you.

What happens if you refuse to communicate your Data?

If you do not agree to provide us with your Data, we will not be able to respond to the requests you send us at the contact details available on the "Contact Us" page. 

What rights do you have as a "Data Subject"?

You, as the person to whom the data refer ("Data Subject") have the right to:

  1. to access the data held by the Controller, and to ask for a copy, unless the exercise of the right violates the rights and freedoms of other natural persons;
  2. request the rectification of  incomplete or inaccurate data;
  3. request the erasure of the data, subject to the exclusions or limitations established by the Applicable Law(e.g. Art. 17 § 3 GDPR);
  4. request the restriction of processing, if the conditions are met and subject to the exclusions established by Art. 18 § 2 GDPR;
  5. request data portability (i.e. commonly used and machine-readable format, so that they can be transmitted to another Data Controller without hindrance), to the extent that the processing is based on consent or on the need to perform a contract, where technically possible and except where the exercise of the right infringes the rights and freedoms of other natural persons;
  6. lodge a complaint with a Supervisory Authority (in Italy,, or with the Data Protection Authority of the EU State where he or she habitually resides or works, or of the place where the alleged violation occurred.

Right of opposition 

You may object at any time to the processing based on the legitimate interest of the Data Controller, for reasons related to your particular situation (e.g. prejudice to honour, reputation, decency), unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims, as provided under article 21.1 GDPR.

Who can you contact for questions or to exercise your rights?

You may contact the Data Controller for questions concerning the processing of your Personal Data by sending an email to, or to 011.2634935, or by post to Via Vittime di Piazza Fontana 32, 10024 Moncalieri (TO).



  • The information presented herein relates exclusively to the processing of personal data collected through this Website. In the event that you enter into a relationship with us that goes beyond simply browsing the Website or requesting information, you will receive further information regarding the processing of your personal data.
  • this Privacy Policy is in force from 5 December 2020; we reserve the right to modify its content, in part or in full, even following changes to the Privacy Policy; we will publish the updated version of the Privacy Policy on the Website and from that moment it will be binding: you are therefore invited to visit this section regularly.
  • We do not intentionally collect personal information from individuals under the age of sixteen. In the event that information about children is recorded, we will delete it in a timely manner, at the request of the person concerned or of those exercising authority over them.


"Supervisory Authority": the independent public authority established by a European Union State, or by the European Union itself, in charge of monitoring the application of the Privacy Regulations (for Italy, the Personal Data Protection Authority,

"Authority": public or private body or organisation with administrative, judicial, police, disciplinary and supervisory powers.

"Authorised": the natural person, placed under the direct authority of the Data Controller, who receives instructions from the latter on the Processing of Personal Data, pursuant to and for the purposes of Article 29 of the GDPR. 

"Privacy Code": Legislative Decree no. 196/2003 and subsequent amendments and/or additions (in particular by Legislative Decree no. 101/2018).

"Committee" or "EDPB": the European Data Protection Committee, established by Art. 68 of the GDPR and governed by Articles 68 to 76 of the GDPR, which replaces WP29 from 25/5/2018.

"Communication": "giving knowledge of personal data to one or more specific subjects other than the data subject, the representative of the data controller in the territory of the European Union, the data controller or its representative in the territory of the European Union, persons authorised, pursuant to article 2-quaterdecies, to process personal data under the direct authority of the data controller or the data processor, in any form whatsoever, including by making the data available, consulting or interconnecting them" (as defined in article 2-ter, paragraph 4, letter a of the Privacy Code).

"Cookies": short fragments of text (letters and/or numbers) that allow the web server to store information on the browser to be reused during the same visit to the Website (session cookies) or afterwards, even after days (persistent cookies). Cookies are stored, according to the user's preferences, by the individual browser on the specific device used (computer, tablet, smartphone). The following categories are considered:

  • Technical cookies: these cookies are essential for the correct functioning of the Website and are used for the sole purpose of "transmitting a communication over an electronic communication network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or User to provide such service" (see art. 122, par. 1, of the Privacy Code).
  • Analytical cookies: these cookies are used to anonymously collect and analyze the Website’s traffic and usage. These cookies, while not identifying the user, allow, for example, to detect if the same user logs in again at different times. They also make it possible to monitor the system and improve its performance and usability. The deactivation of such cookies can be performed without any loss of functionality.
  • Profiling cookies: these cookies are persistent ones used to (anonymously or otherwise) identify your preferences and improve your browsing experience.
  • Third party cookies (analytical and/or profiling): these cookies are generated by organisations not part of the Website, but integrated into parts of the Website page. For example, Google widgets (e.g. Google Maps) or social plugins (Facebook, Twitter, LinkedIn, Google+, etc.).

"Browsing Data": are the data that the computer systems and software procedures used to operate the Website acquire, during their normal operation, and whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified  Data Subjects, but given  their very nature, this information could, through processing and association with data by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the user. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and is deleted immediately after processing. 

"Personal Data": shall mean "any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" as defined in Article 4(1)(1) of the GDPR).

"Recipient": means “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not", as defined in Article 4, sub-paragraph 1, no. 9, of the GDPR.

"GDPR": Regulation (EU) 2016/679 "on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)".

"Data Subject": "identified or identifiable natural person", as defined in Article 4, sub-paragraph 1, no. 1, of EU Regulation 2016/679 (so-called "GDPR"). 

"Restriction of processing": "the marking of personal data stored with the aim of limiting their processing in the future", as defined in Article 4, sub-paragraph 1, no. 3, of the GDPR.

"Regulations" or "Regulations": one or more of the sets of regulations referred to in this Act as Privacy Law and Applicable Law.

"Applicable Law": any provision, of whatever rank, belonging to Italian or European Union law, in any way applicable to the Website. 

"Privacy Law": EU Regulation 2016/679 ("GDPR"), Legislative Decree 196/2003 and subsequent amendments and/or additions ("Privacy Code"), as well as the measures adopted by the Supervisory Authority in execution of the tasks established by the GDPR and the Privacy Code, and further applicable legislation, of whatever rank, including the opinions and guidelines drawn up by the Committee. 

"Profiling": means "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements", as defined in Article 4, subparagraph 1, no. 4, of the GDPR. 

"Publication": the action by which the Data Controller communicates information on the Website, without implementing procedures that require the Visitor to view it.

"Data Processor": "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller", as defined in Article 4, sub-paragraph 1, no. 8, of the GDPR.

"Website": the web pages displayed through , subdomains included.

"Third party" means "a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data", as defined in Article 4(1)(10) of the GDPR.

"Data Controller": "the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data", as defined in Article 4, sub-paragraph 1, no. 7, of the GDPR.

"Processing": "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction", as defined in Article 4, subparagraph 1, no. 2, of the GDPR.

"Visitor": the natural or legal person who uses a device and navigates, through the Internet, on the public pages of the Webite.

"WP29": the Working Party on the Protection of Individuals with regard to the Processing of Personal Data, established pursuant to Article 29 of Directive 95/46/EC, whose tasks are set out in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC.

Covertech Divider