Privacy Policy

1. Data controller
2. What we collect
3. Purposes of processing
4. Legal basis
5. Retention periods
6. Third parties
7. Your rights
8. Cookies
9. Security
10. Changes
11. Contact

This privacy policy describes how sevv.it ("Sevv", "we", "us") processes personal data in connection with the delivery of the Sevv SaaS platform. The policy applies to all users of the platform, including installers, company owners, managers and end customers.

1. Data controller

The data controller for the processing of your personal data is:

sevv.it
Falster, Denmark
Email: hi@sevv.it

Enquiries regarding the processing of personal data should be directed to the above address.

2. What personal data do we collect?

2.1 Data about business users (installers, managers, etc.)

Name and job title
Email address and phone number
Company details (company name, address)
Login credentials (email and hashed password)
Activity log (login times, actions in the system)
IP address and browser information when using the platform

2.2 Data about end customers (customer portal users)

Name and email address
Phone number (if provided)
Information about owned assets (vehicles, boats, machinery, etc.)
Registration numbers and serial numbers of assets
History of warranties and treatments
Digital confirmations and acceptance timestamps

2.3 Automatically collected data

IP address and geographic location (country/region)
Browser type and operating system
Pages visited and actions taken in the platform
Cookie data (see section 8)

3. Purposes of processing

We process personal data for the following purposes:

Purpose	Description
Platform delivery	Creating and managing user accounts, access control, and delivering SaaS features.
Warranty management	Creating, storing and communicating warranty certificates and treatment history.
Communication	Sending emails about warranties, service reminders and system notifications.
Customer support	Handling support enquiries and bug fixes.
Billing	Usage logging as the basis for billing subscribers.
Security and operations	Protection against misuse, debugging and operational monitoring.
Statutory retention	Compliance with accounting and legal obligations.

4. Legal basis (GDPR Article 6)

We process your personal data on the following legal bases:

Processing activity	Legal basis
Performance of the subscription agreement	Article 6(1)(b) — necessary for the performance of a contract
Warranty certificates and service reminders	Article 6(1)(b) — necessary for the performance of a contract
Usage logging for billing	Article 6(1)(b) — necessary for the performance of a contract
Security logging and operational monitoring	Article 6(1)(f) — legitimate interest in secure operations
Marketing and newsletter	Article 6(1)(a) — consent
Bookkeeping and accounting	Article 6(1)(c) — legal obligation (Bookkeeping Act)

5. Retention periods

We retain your personal data for as long as necessary for the stated purposes:

Data type	Retention period
User accounts and login data	Duration of contract + 12 months after termination
Warranty certificates and treatment history	10 years from date of issue (documentation purposes)
End customer portal data	Deleted 12 months after the subscriber's termination, unless the end customer requests earlier deletion
Activity log and API calls	13 months
Billing information	5 years (Bookkeeping Act)
Support correspondence	3 years
Consents	Duration of consent + 5 years

6. Third parties and data transfers

We may share or provide access to your personal data to the following categories of recipients:

6.1 Data processors

Hosting provider — Server infrastructure for operating the platform. Data is processed within the EU/EEA.
Email service — Transactional emails (warranty notifications, invitations). Data is processed within the EU/EEA.
Payment processor — Processing of subscription payments. Card data is never stored by Sevv.
Error monitoring — Technical logging of system errors for debugging. No personally identifiable data is logged in error reports.

6.2 Transfers to third countries

We aim to keep all data processing within the EU/EEA. If transfers to third countries occur in exceptional cases, this is done solely on the basis of the European Commission's standard contractual clauses (SCCs) or equivalent appropriate safeguards.

6.3 Disclosure to authorities

We may disclose personal data to public authorities, courts or other third parties if we are legally obliged to do so.

7. Your rights

Under the GDPR you have the following rights in connection with our processing of your personal data:

Right of access (Art. 15) — You have the right to obtain information about what data we process about you.
Rectification (Art. 16) — You have the right to have inaccurate data corrected.
Erasure ("right to be forgotten", Art. 17) — You may request erasure of your personal data under certain circumstances.
Restriction of processing (Art. 18) — You may request restriction of the processing of your data.
Data portability (Art. 20) — You may request to receive your data in a structured, machine-readable format.
Objection (Art. 21) — You may object to processing based on legitimate interest.
Withdrawal of consent — Consent may be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise your rights, contact us at hi@sevv.it. We respond to enquiries within 30 days.

You have the right to lodge a complaint with the relevant supervisory authority in your country if you believe our processing is in breach of the GDPR.

8. Cookies

We use cookies and similar technologies on our website and platform. The categories of cookies we use are shown below:

Category	Purpose	Legal basis
Necessary cookies	Session management, login state, CSRF protection. The platform cannot function without these.	Necessary for delivery of the service
Preference cookies	Remembers your language settings and interface preferences.	Legitimate interest
Analytics cookies	Anonymous visitor statistics to improve the platform. No personally identifiable data is shared with third parties.	Consent

You can manage cookies at any time via your browser settings. Please note that disabling necessary cookies may prevent correct use of the platform.

9. Security

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

Specific security measures include:

Encrypted connections (HTTPS/TLS) for all data transmission
Passwords are always stored as secure hashed values — never in plain text
Role-based access control — users can only access data they are authorised for
Regular backups with encrypted storage
Ongoing patching and security updates
Logging of all authentication events

In the event of a security breach that poses a risk to data subjects' rights and freedoms, we will notify those affected within 72 hours of becoming aware of the breach, pursuant to GDPR Articles 33–34.

10. Changes to this privacy policy

We reserve the right to update this privacy policy. For material changes we will notify you by email or via a prominent notice on the platform at least 30 days before the changes take effect.

The current version is always available at sevv.it/privacy-policy.

11. Contact regarding personal data

If you have questions about our processing of your personal data, or wish to exercise your rights, please do not hesitate to contact us:

sevv.it
Data Protection Contact
Email: hi@sevv.it

We respond to all enquiries within 30 days.