Privacy Policy
Last updated: May 30, 2025
1Introduction
This Privacy Policy explains how COVENANCE.AI S.R.L. ("Covenance", "we", "us") collects, uses, and protects personal data when you visit or use https://dpia.covenance.ai (the "Website") and related DPIA services.
We are committed to complying with Regulation (EU) 2016/679 (GDPR) and applicable EU data-protection laws.
2Data Controller
COVENANCE.AI S.R.L.
Via di Affogalasino 34, 00148 Rome, Italy
VAT number: IT18129351005
Email: privacy@covenance.ai
Covenance acts as:
- Data Controller for Website visitors and leads
- Data Processor when performing DPIA services on behalf of clients (under a Data Processing Agreement)
3Scope of This Policy
This Policy applies to:
- Visitors of dpia.covenance.ai
- Users requesting information, demos, or DPIA services
- Clients using our DPIA tools or services
Note: This policy does not apply to third-party websites linked from our Website.
4Personal Data We Collect
4.1 Website usage data
Automatically collected:
Purpose: security, analytics, website improvement
Legal basis: legitimate interest (Art. 6(1)(f) GDPR)
4.2 Contact and lead data
When you fill in forms or contact us:
Purpose: respond to inquiries, sales discussions, service delivery
Legal basis: pre-contractual measures or consent (Art. 6(1)(b)/(a))
4.3 DPIA-related data (client data)
When providing DPIA services, we may process:
Important: Covenance does not determine the purposes of this data. We act strictly as a data processor under client instructions.
Legal basis: contract performance (Art. 6(1)(b))
Processor obligations: Art. 28 GDPR
6How We Use Personal Data
We use personal data to:
- Operate and secure the Website
- Respond to requests and inquiries
- Provide DPIA services
- Improve our services and documentation
- Meet legal and regulatory obligations
We do not sell personal data.
7Legal Bases for Processing
Depending on the context, processing is based on:
Consent
Art. 6(1)(a)
Contract or pre-contractual measures
Art. 6(1)(b)
Legal obligation
Art. 6(1)(c)
Legitimate interests
Art. 6(1)(f), balanced against user rights
8Data Sharing and Sub-processors
We may share data with trusted providers acting as processors, including:
- Cloud hosting and infrastructure providers
- Analytics and monitoring services
- Security and logging providers
All sub-processors are bound by GDPR-compliant agreements. A list of sub-processors is available upon request.
9International Data Transfers
Where data is transferred outside the EEA, we ensure appropriate safeguards, including:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions (where applicable)
10Data Retention
We retain personal data:
- Only for as long as necessary for the stated purposes
- According to legal, contractual, and regulatory requirements
DPIA-related client data is retained per contract and deleted or returned upon request, unless legally required otherwise.
11Data Security
We implement appropriate technical and organizational measures, including:
12Data Subject Rights
Under GDPR, you have the right to:
Requests can be sent to privacy@covenance.ai
We respond within statutory deadlines.
13Complaints
If you believe your rights have been violated, you may lodge a complaint with:
- Your local supervisory authority, or
- The authority in your EU Member State of residence or work
14Automated Decision-Making
We do not perform automated decision-making with legal or similarly significant effects on individuals within the meaning of Art. 22 GDPR.
15Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be published on this page with an updated date.
16Contact
For privacy-related questions or requests:
Company
COVENANCE.AI S.R.L.
Via di Affogalasino 34, 00148 Rome, Italy