Last updated: March 3, 2026
1. Data Controller
The data controller is Evolv, operating in the Veneto region (provinces of Venice, Treviso, and Padua), Italy.
Contact email: evolvagency@proton.me
2. Personal Data Collected
We only collect data that users voluntarily provide through the contact form on our website:
- Full name
- Email address
- Phone number (optional)
- Project type selected
- Project description message
We do not collect data automatically through profiling tools, nor do we use third-party tracking cookies. No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.
3. Purposes and Legal Basis for Processing
Personal data is processed for the following purposes:
| Purpose | Legal Basis (Art. 6 GDPR) |
|---|---|
| Responding to contact and quote requests | Performance of pre-contractual measures at the data subject's request (Art. 6.1.b) |
| Subsequent project-related communications | Legitimate interest of the controller (Art. 6.1.f) |
| Legal and tax obligations | Legal obligation (Art. 6.1.c) |
4. Processing Methods
Data is processed using electronic and automated tools, with logic strictly related to the stated purposes, and in a manner that ensures data security and confidentiality, in accordance with the principle of data minimisation (Art. 5.1.c GDPR).
5. Data Retention
Personal data is retained for the time strictly necessary to fulfil the purposes for which it was collected:
- Contact requests: maximum 12 months from receipt, unless a contractual relationship is established.
- Contractual and tax data: retained for the periods required by applicable law (up to 10 years for tax obligations).
Data is deleted at the end of the retention period, unless otherwise required by law.
6. Data Sharing and Disclosure
Personal data is not sold, transferred, or disclosed to third parties. It may be shared with:
- Technical service providers (e.g. hosting, email services) acting as data processors, with appropriate contractual guarantees pursuant to Art. 28 GDPR.
- Competent authorities, when required by law.
7. International Data Transfers
Where necessary, any transfer of personal data to third countries shall be carried out in compliance with Articles 44-49 GDPR and the updated 2026 regulatory framework, using Standard Contractual Clauses approved by the European Commission or other appropriate safeguards. Users have the right to obtain a copy of the safeguards adopted.
8. Use of Artificial Intelligence
Evolv may use artificial intelligence tools to support its activities (e.g. software development, assistance). However:
- Personal data collected through the contact form is not used for training artificial intelligence models.
- No AI-based automated decisions that produce legal effects or significantly affect users are made, in accordance with Art. 22 GDPR and the European AI Act (EU Regulation 2024/1689).
- Should AI systems that process personal data be implemented in the future, users will be promptly informed through an update to this policy.
9. Your Rights
Under Articles 15-22 of the GDPR, you have the following rights:
- Access — obtain confirmation of whether your personal data is being processed and receive a copy thereof.
- Rectification — request the correction of inaccurate or incomplete data.
- Erasure ("right to be forgotten") — request the deletion of your data, where no legal obligation to retain it exists.
- Restriction — request the restriction of processing in certain circumstances.
- Data portability — receive your data in a structured, commonly used and machine-readable format, and transmit it to another controller.
- Objection — object to processing based on legitimate interest.
- Withdrawal of consent — withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
To exercise your rights, please send a request to evolvagency@proton.me. We will respond within 30 days, as required by Art. 12.3 GDPR.
10. Right to Lodge a Complaint
You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) (www.garanteprivacy.it) if you believe that the processing of your data violates the European regulation.
11. Changes to This Policy
The Controller reserves the right to modify this policy at any time by publishing the updated version on this page. Users are encouraged to check this page regularly.
12. Legal References
- Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR)
- Italian Legislative Decree 196/2003 — Personal Data Protection Code (as amended by Legislative Decree 101/2018)
- Regulation (EU) 2024/1689 — AI Act (European Regulation on Artificial Intelligence)
- Guidelines and provisions of the Italian Data Protection Authority updated to 2026