Privacy Policy

The data controller is BeVibes S.r.l., registered office at Via del Braldo 86/a, 47121 Forlì (FC), Italy.

VAT / Tax ID: IT04796220400 REA: FO-441727 Email: info@bevibes.tech

We have not appointed a Data Protection Officer (DPO) as we do not fall within the mandatory cases set out in art. 37 GDPR. For any privacy-related request you can write directly to the controller at the email address above.

We only collect data strictly necessary for the purposes described below. We do not collect special categories of data (origin, health, opinions, etc.) nor data of minors.

From the contact form (/contatti): name, email address, company (optional), project type (optional), indicative budget (optional), message. Transmission via the Resend service to info@bevibes.tech.

From the newsletter (once the service is activated): email address only, with double opt-in confirmation (you receive a verification email before actual subscription).

From external Google forms: if in specific cases (surveys, applications, feedback collection) we ask you to fill in a Google Form hosted outside the website, the data you enter is collected via Google Forms and stored in Google Workspace. We flag this explicitly each time.

Automatic navigation data: our hosting (Vercel) records technical logs containing IP address, user-agent, timestamp and requested URL for security and diagnostic purposes. We do not use this data to profile you.

We process your data exclusively for the following purposes, each with a specific legal basis under art. 6 GDPR.

a) Responding to your contact requests and providing a first read on your project. Legal basis: performance of pre-contractual measures at your request (art. 6(1)(b) GDPR).

b) Sending you the newsletter (future service). Legal basis: your explicit consent, revocable at any time (art. 6(1)(a) GDPR).

c) Ensuring the security and proper functioning of the site through technical logs and strictly necessary cookies. Legal basis: legitimate interest of the controller (art. 6(1)(f) GDPR).

d) Fulfilling legal obligations (tax, accounting, dispute management) if a contractual relationship is established. Legal basis: legal obligation (art. 6(1)(c) GDPR).

We do not use your data for automated profiling activities nor for automated decision-making processes under art. 22 GDPR.

We do not sell, rent or transfer your personal data to third parties for marketing purposes. We share data exclusively with the following providers, who act as Data Processors under art. 28 GDPR on the basis of contractual agreements (Data Processing Agreement) governing their activity.

Vercel Inc. (USA) — website hosting, edge infrastructure, technical security logs. Resend, Inc. (USA) — sending the transactional emails generated by the contact form. Google LLC (USA) — Google Forms and Google Workspace, used only when explicitly indicated for external surveys or applications. Newsletter provider (to be defined at launch) — list management and newsletter delivery.

The complete and up-to-date list of Data Processors is available on request by writing to info@bevibes.tech.

We may also share your data with professional advisors (accountants, lawyers) and public authorities where required by law.

Some of the providers indicated above (Vercel, Resend, Google) have headquarters or infrastructure in the United States of America. Personal data transfers to non-EU countries take place on the basis of the following safeguards provided by Chapter V GDPR.

EU-US Data Privacy Framework (DPF): DPF-certified providers (including Vercel, Google and Resend where applicable) ensure an adequate level of protection recognised by the European Commission in the Adequacy Decision of 10 July 2023.

Standard Contractual Clauses (SCC): where DPF certification does not apply, transfers are governed by the Standard Contractual Clauses approved by the European Commission pursuant to art. 46 GDPR.

You can request a copy of the applied safeguards by writing to info@bevibes.tech.

We retain your data for the time strictly necessary to achieve the purposes for which it was collected, according to the following criteria.

Contact form data: 24 months from our reply or from the closure of the conversation, unless transformed into a contractual relationship. Newsletter data: until consent is revoked (immediate deletion on your request). Vercel technical logs: maximum 30 days for security and diagnostic purposes. Accounting and tax data (in case of contractual relationship): 10 years pursuant to art. 2220 of the Italian Civil Code. Data collected via external Google Forms: for the duration of the specific initiative (survey, selection), typically no longer than 12 months unless otherwise explicitly indicated.

At the end of the retention period, data is securely deleted or definitively anonymised.

As a data subject you have the right, at any time and free of charge, to exercise the rights granted by articles 15-22 GDPR:

Access (art. 15) — obtain confirmation that processing of your data is underway and access related information. Rectification (art. 16) — request correction of inaccurate data or integration of incomplete data. Erasure (art. 17) — request deletion of your data when no longer necessary, in case of consent withdrawal or unlawful processing. Restriction (art. 18) — request restriction of processing in specific cases. Portability (art. 20) — receive your data in a structured, commonly used and machine-readable format, or request its direct transmission to another controller. Objection (art. 21) — object to processing for legitimate reasons, in particular if based on legitimate interest. Consent withdrawal (art. 7) — withdraw your consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, write to info@bevibes.tech. We will reply within 30 days of receiving the request.

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority. For Italy the authority is the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali):

Website: www.garanteprivacy.it Email: protocollo@gpdp.it Certified email: protocollo@pec.gpdp.it Address: Piazza Venezia 11, 00187 Rome, Italy

Any other administrative or judicial remedy remains available.

The site bevibes.tech uses exclusively technical cookies necessary for proper operation and security. We do not use profiling cookies, marketing cookies nor analytics tools that track user behaviour. For this reason, pursuant to the Italian Data Protection Authority Guidelines of 10 June 2021 and art. 122 of the Italian Privacy Code, no cookie consent banner is required.

Technical cookies in use:

Next.js session cookies — necessary for correct navigation between pages and management of language and theme (light/dark) preferences. Duration: browser session or up to 1 year for persistent preferences. Vercel security cookies — generated by the hosting infrastructure to prevent attacks and bot abuse. Duration: session.

You can disable cookies from your browser settings. Disabling technical cookies may impair the correct display of the site.

Should we in future decide to introduce analytics or profiling cookies, we will update this section and implement a prior consent banner in compliance with applicable regulations.

We adopt appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, alteration or disclosure, in compliance with art. 32 GDPR.

Measures adopted include: HTTPS connection with valid TLS certificates, Vercel edge infrastructure with DDoS protection, administrative access with two-factor authentication, secret management of API keys via encrypted environment variables, principle of least privilege in internal roles, periodic review of providers and their security standards.

In the event of a personal data breach posing a risk to the rights and freedoms of data subjects, we will notify the Italian Data Protection Authority within 72 hours and, where necessary, also the data subjects directly, pursuant to artt. 33-34 GDPR.

We may update this notice to reflect regulatory changes, site evolution or new processing purposes. Each new version is published on this page with the date of last update. We invite you to consult it periodically.

In case of substantial changes affecting your rights or the legal bases of processing, we will also inform you through direct communication (e.g. email if you are subscribed to the newsletter) or prominent notice on the site.

Last updated: 2 June 2026.