Privacy Policy

Complete transparency about how we collect, use, and protect your personal data. This policy complies with EU GDPR requirements and provides full details about your privacy rights.

📅 Last Updated: June 26, 2025

This privacy policy was last updated on June 26, 2025. We will notify you of any material changes.

Quick Navigation

🏢 Company Information

Data controller details

📊 Data We Collect

Information collection

⚙️ How We Use Data

Processing purposes

⚖️ Your Rights

GDPR rights & controls

🔒 Data Security

Protection measures

📞 Contact DPO

Data protection officer

🏢

Data Controller Information

CAPITAL ADV is the data controller responsible for your personal data when you visit our website resivo-home.shop or use our services.

Company Details

Legal Name	CAPITAL ADV
Registration	Italian Business Registry
VAT Number	IT02271440063
Address	CORSO BUENOS AIRES 64 20124 MILANO (MI), Italy
Website	https://resivo-home.shop/
Email	privacy@resivo-home.shop
Phone	+39 383 097 949

🇪🇺 EU Representative: As we are established in the EU (Italy), we serve as our own representative for GDPR compliance purposes.

📊

What Personal Data We Collect

We collect personal data that you provide directly to us and data that is automatically collected when you use our website and services.

Data You Provide Directly

Account Registration & Orders

Contact Information: Name, email address, phone number
Billing Information: Billing address, company details (if applicable)
Shipping Information: Delivery address, special delivery instructions
Payment Information: Payment method preferences (actual payment data processed by secure payment providers)
Account Credentials: Username, encrypted password, security questions

Customer Service & Support

Communication Records: Email correspondence, chat logs, phone call records
Support Tickets: Issue descriptions, product information, resolution history
Warranty Claims: Product serial numbers, purchase proof, issue documentation
Feedback & Reviews: Product reviews, ratings, customer feedback

Data Collected Automatically

Website Usage Data

Technical Information: IP address, browser type, device information, operating system
Website Analytics: Pages visited, time spent, clicks, navigation patterns
Cookies & Tracking: Session cookies, preference cookies, analytics cookies
Security Logs: Login attempts, security events, fraud prevention data

Anti-Counterfeit Verification Data

Product Verification: QR code scans, serial number lookups, authenticity checks
Purchase Verification: Order verification, supplier verification, authenticity certificates
Security Monitoring: Suspicious activity detection, fraud prevention measures

✅ Data Minimization Principle: We only collect data that is necessary for providing our services, ensuring product authenticity, and complying with legal obligations.

⚙️

How We Process Your Personal Data

We process your personal data for specific purposes based on legal grounds as required by GDPR. Here’s how and why we use your information:

Processing Purposes & Legal Bases

🛒 Order Processing & Fulfillment

Legal Basis: Contract Performance

Processing and fulfilling your orders
Payment processing and billing
Shipping and delivery coordination
Order tracking and customer notifications
Invoice generation and record keeping

🔒 Product Authenticity Verification

Legal Basis: Legitimate Interest (Anti-counterfeiting)

Verifying product authenticity before shipping
Maintaining authenticity database and records
Preventing counterfeit products from entering supply chain
Supplier verification and compliance monitoring
Customer verification of received products

🛡️ Customer Service & Support

Legal Basis: Contract Performance & Legitimate Interest

Responding to customer inquiries and support requests
Processing warranty claims and repairs
Handling returns and refunds
Technical support and troubleshooting
Customer satisfaction surveys and feedback

📊 Website Analytics & Improvement

Legal Basis: Legitimate Interest (with consent for non-essential cookies)

Website performance monitoring and optimization
User experience analysis and improvements
Security monitoring and fraud prevention
Statistical analysis and reporting
A/B testing for website improvements

📧 Marketing Communications

Legal Basis: Consent (with easy opt-out)

Sending newsletters and promotional emails
Product recommendations and special offers
New product announcements
Seasonal promotions and sales notifications
Customer loyalty program communications

⚖️ Legal Compliance

Legal Basis: Legal Obligation

VAT and tax record keeping
Consumer protection law compliance
Anti-money laundering requirements
Data protection law compliance
Regulatory reporting and audits

🔄 Data Retention: We retain personal data only as long as necessary for the purposes outlined above or as required by law. Customer data is typically retained for 7 years for accounting purposes.

⚖️

Your Data Protection Rights

Under GDPR, you have comprehensive rights regarding your personal data. Here’s what you can do and how to exercise these rights:

Your GDPR Rights

📋 Right of Access

You have the right to obtain confirmation of whether we process your personal data and receive a copy of your data.

Request a copy of all personal data we hold about you
Understand how your data is being processed
Learn about data sharing with third parties
Review data retention periods

✏️ Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Update your contact information
Correct billing or shipping addresses
Amend account preferences
Update communication preferences

🗑️ Right to Erasure (“Right to be Forgotten”)

You can request deletion of your personal data in certain circumstances.

When data is no longer necessary for original purpose
When you withdraw consent (for consent-based processing)
When data has been unlawfully processed
For compliance with legal obligations

⏸️ Right to Restrict Processing

You can limit how we use your personal data in certain situations.

When you contest the accuracy of data
When processing is unlawful but you prefer restriction over deletion
When we no longer need data but you need it for legal claims
While we verify legitimate grounds for processing

📤 Right to Data Portability

You can receive your personal data in a structured, machine-readable format.

Export your account data
Transfer data to another service provider
Receive data in common formats (JSON, CSV)
Include order history and preferences

🚫 Right to Object

You can object to processing based on legitimate interests or for direct marketing.

Object to marketing communications (instant opt-out)
Object to profiling for marketing purposes
Object to legitimate interest processing
Object to automated decision-making

🏛️ Right to Lodge a Complaint

You can file a complaint with a data protection authority.

Contact Italian Data Protection Authority (our lead authority)
File complaint with your local EU data protection authority
Seek judicial remedy in EU courts
Contact our Data Protection Officer first

How to Exercise Your Rights

📧 Email: privacy@resivo-home.shop

📞 Phone: +39 383 097 949

📬 Mail: CAPITAL ADV, CORSO BUENOS AIRES 64, 20124 MILANO (MI), Italy

⏱️ Response Time: We will respond within 30 days (1 month) as required by GDPR

⚠️ Identity Verification: To protect your privacy, we may need to verify your identity before processing data rights requests.

🔒

Data Security & Protection Measures

We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Technical Security Measures

🔐 Encryption & Data Protection

SSL/TLS Encryption: All data transmission protected with 256-bit SSL encryption
Database Encryption: Personal data encrypted at rest using AES-256 encryption
Password Security: Strong password requirements and secure hashing (bcrypt)
Secure Storage: Data stored on secure, hardened servers with regular security updates

🛡️ Access Controls & Authentication

Multi-Factor Authentication: Required for all administrative accounts
Role-Based Access: Employees only access data necessary for their role
Access Logging: All data access logged and monitored
Regular Access Reviews: Quarterly review and update of access permissions

🔍 Monitoring & Incident Response

24/7 Security Monitoring: Continuous monitoring for security threats
Intrusion Detection: Advanced systems detect and prevent unauthorized access
Regular Security Audits: Quarterly security assessments and penetration testing
Incident Response Plan: Established procedures for security breach response

Organizational Security Measures

👥 Staff Training & Procedures

Privacy Training: Regular GDPR and privacy training for all employees
Confidentiality Agreements: All staff sign comprehensive confidentiality agreements
Security Policies: Detailed data protection and security policies
Background Checks: Security screening for employees with data access

🏢 Physical Security

Secure Facilities: Data centers with biometric access controls
Equipment Security: Secured workstations and mobile device management
Visitor Controls: Strict visitor access controls and monitoring
Disposal Procedures: Secure destruction of physical media and documents

Third-Party Security

🤝 Vendor Management

Due Diligence: Thorough security assessment of all data processors
Data Processing Agreements: GDPR-compliant contracts with all processors
Regular Audits: Ongoing security audits of third-party providers
Limited Access: Processors only access data necessary for their services

🚨 Data Breach Notification: In the unlikely event of a data breach, we will notify affected individuals within 72 hours and relevant authorities as required by GDPR.

International Data Transfers

We primarily process data within the EU. When international transfers are necessary, we ensure adequate protection through:

Adequacy Decisions: Transfers only to countries with adequate protection
Standard Contractual Clauses: EU-approved contracts for international transfers
Binding Corporate Rules: Internal data protection rules for group companies
Certification Schemes: Verified data protection certifications

🍪

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze website usage, and provide personalized content.

Types of Cookies We Use

Essential Cookies (Always Active)

These cookies are necessary for the website to function and cannot be disabled.

Session Management: Login status, shopping cart contents
Security: CSRF protection, fraud prevention
Load Balancing: Website performance optimization
Accessibility: User accessibility preferences

Analytics Cookies (Consent Required)

Help us understand how visitors use our website.

Website Analytics: Page views, bounce rate, session duration
Performance Monitoring: Site speed, error tracking
User Behavior: Navigation patterns, popular content
Conversion Tracking: Purchase funnel analysis

Marketing Cookies (Consent Required)

Used to deliver relevant advertising and marketing content.

Remarketing: Show relevant ads on other websites
Personalization: Customized product recommendations
Campaign Tracking: Measure advertising effectiveness
Social Media: Social media integration and sharing

Cookie Management

🎛️ Cookie Preferences: You can manage your cookie preferences at any time using our cookie settings panel or through your browser settings.

🔄 Consent Withdrawal: You can withdraw consent for non-essential cookies at any time without affecting website functionality.

Third-Party Services

We use the following third-party services that may place cookies:

Google Analytics: Website analytics and performance monitoring
Payment Processors: Secure payment processing (Stripe, PayPal)
Customer Support: Live chat and support ticket systems
Content Delivery: Fast content delivery and website optimization

👶

Children’s Privacy

We are committed to protecting the privacy of children and comply with applicable laws regarding children’s personal data.

🔞 Age Restriction: Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16.

Parental Rights & Controls

Verification: If we discover we have collected data from a child under 16, we will delete it immediately
Parental Consent: For users aged 13-16, we require verifiable parental consent
Access Rights: Parents can request access to their child’s data and request deletion
Account Closure: Parents can request closure of their child’s account

If you believe we have collected personal data from a child under 16, please contact us immediately at privacy@resivo-home.shop.

📝

Policy Updates & Changes

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Handle Updates

Notification: We will notify you of material changes via email or website notice
Advance Notice: 30 days advance notice for significant changes
Consent: We will request new consent if required by law
Version Control: We maintain a record of all policy versions

What Constitutes a Material Change

New purposes for data processing
Changes to data sharing practices
Modifications to your rights
Changes to data retention periods
New third-party integrations

📅 Review Schedule: We review this privacy policy annually to ensure it remains current and accurate.

Contact Our Data Protection Officer

For any privacy-related questions, concerns, or requests, please contact our Data Protection Officer

📧 Email

privacy@resivo-home.shop

📞 Phone

+39 383 097 949

📬 Mail

Data Protection Officer
CAPITAL ADV
CORSO BUENOS AIRES 64
20124 MILANO (MI), Italy

⏱️ Response Time

Within 30 days
(GDPR Compliant)

We are committed to resolving privacy concerns promptly and transparently

EU-Compliant Footer – CAPITAL ADV