Privacy Policy & Cookie Policy

Last updated: May 25, 2026

01Data controller

The controller of the personal data collected through this website is:

COLDCARE SYSTEMS — brand of Hygiene Care S.a.s.
Legal seat: Via degli Artigiani 27, 50055 Lastra a Signa (FI), Italy
VAT / Tax ID: 06939970486 · Italian SDI code (B2B e-invoicing): M5UXCR1 · REA Firenze: [to be completed]
Email: coldcareofficial@gmail.com
Phone: +39 351 4425240

For any request regarding the processing of personal data, you can contact the controller at the addresses above.

02Data collected

Through this website, the controller may collect the following categories of data:

• Contact data voluntarily provided: name, email, phone, company name, business description — collected via the Contact form and through WhatsApp / email messages started from the site.
• Order data: chosen system configuration, amounts, installation address — collected via the configurator and transmitted to the controller via WhatsApp or email.
• Browsing data: IP, browser, pages visited, time spent, OS, country of origin — automatically collected by any analytics tools (only with explicit consent via the cookie banner).
• Payment data: in case of online purchase, card data is processed exclusively by Stripe Payments Europe Ltd. The site owner does not see or store card data.

03Purposes of processing

The data collected is processed exclusively for the following purposes:

• Responding to quote, information and contact requests submitted by the user
• Planning and managing site surveys, installations and operator training
• Fulfilling contractual, tax and legal obligations arising from the sale of the system
• Ensuring after-sales service and technical support
• Improving the site and services offered (only with consent, through analytics tools)
• Sending periodic commercial communications (only with explicit and revocable consent at any time)

04Legal basis

The processing of personal data is based on:

• Art. 6(1)(b) GDPR — performance of a contract or pre-contractual measures (e.g. quotes)
• Art. 6(1)(c) GDPR — compliance with legal obligations (e.g. invoicing, retention of tax documents)
• Art. 6(1)(a) GDPR — explicit consent of the data subject (analytics cookies, commercial communications)
• Art. 6(1)(f) GDPR — legitimate interest of the controller (site security, fraud prevention)

05Data recipients

Personal data may be communicated to the following categories of recipients, within the limits necessary for the purposes described above:

• Authorized internal staff of the controller (installation technicians, administration)
• Legal, tax and accounting consultants of the company
• Technology service providers (OVH SAS France hosting, Gmail Google Ireland Ltd email, CRM) operating as Data Processors pursuant to art. 28 GDPR
• Formspree Inc. (Boston, MA, USA) for contact form management. Extra-EU transfer pursuant to art. 44 GDPR based on Standard Contractual Clauses (SCC) from European Commission (decision 2021/914) and/or adherence to the EU-US Data Privacy Framework. See Formspree privacy policy.
• Stripe Payments Europe Ltd (Ireland, EU) for online payments when activated — see Stripe privacy policy
• Meta Platforms Ireland Ltd (Ireland, EU) for WhatsApp Business contacts — see WhatsApp privacy policy. Any extra-EU transfers to Meta Platforms Inc. (USA) based on SCC.
• Google Ireland Ltd for analytics services (Google Analytics 4 with anonymized IP, activated only after explicit consent) — see Google privacy policy
• Competent authorities, in case of legal obligations or motivated requests

Data is not publicly disseminated and is not transferred or sold to third parties for marketing purposes.

Extra-EU transfers: the contact form uses Formspree Inc. (USA). Personal data transfer outside the European Union is based on Standard Contractual Clauses (SCC) pursuant to art. 46 GDPR. You have the right to request a copy of the SCC by contacting the controller.

06Retention period

Data type	Retention period
Contact data (quotes not closed)	24 months from the request
Order data and contracts	10 years (tax and civil obligations)
Payment data	Managed by Stripe — see their policy
Browsing data (server logs)	12 months
Aggregated statistical data (analytics)	26 months (Google Analytics 4 default)
Cookie consent	12 months · then new request

07Rights of the data subject

As a data subject, at any time you can exercise the following rights provided by articles 15-22 GDPR:

• Right of access — obtain confirmation of processing and receive a copy of your data
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure ("right to be forgotten") — request the deletion of data in the cases provided
• Right to restriction of processing — limit its use in specific cases
• Right to portability — receive the data in a structured format and transfer it to another controller
• Right to object — object to processing for marketing or legitimate interest purposes
• Right to withdraw consent — withdraw consent at any time (without affecting processing already carried out)
• Right to lodge a complaint — file a complaint with the Italian Data Protection Authority (garanteprivacy.it)

To exercise any of these rights, write to coldcareofficial@gmail.com with subject "Exercise of GDPR rights". We will respond within 30 days of receipt of the request, except in cases of particular complexity (extendable to 90 days with justification).

08Cookie policy

This site uses cookies and similar technologies (e.g. localStorage) to ensure correct operation, improve user experience and, with consent, for analytical purposes.

Technical cookies (always active)

Necessary for the operation of the site, do not require consent pursuant to art. 6(1)(f) GDPR:

Name	Purpose	Duration
coldcare_cookie_consent	Stores cookie banner choice	12 months (localStorage)
coldcare_docs_unlocked	Reserved documents area unlock session	Browser session (localStorage)

Analytics cookies (only with consent)

Activated exclusively after explicit consent through the banner. They allow analyzing the use of the site in aggregate and anonymous form:

• Google Analytics 4 — provided by Google Ireland Ltd. Data collected: anonymized IP, device, browser, pages visited, session times. Google privacy policy · [Currently not active · being activated]
• Meta Pixel — tracker provided by Meta Platforms Ireland Ltd for advertising campaigns on Facebook/Instagram. Meta privacy policy · Not installed (no Meta ADV campaigns currently planned).

How to withdraw consent

To withdraw consent to analytics cookies, delete the value coldcare_cookie_consent from your browser's localStorage. The banner will reappear on the next site load.

09Data security

We adopt technical and organizational measures appropriate to protect personal data from unauthorized access, modification, disclosure or destruction. These include:

• Data transmission on encrypted HTTPS/TLS connections
• Access to data limited to authorized personnel
• Periodic backups and disaster recovery systems
• Periodic verification of service providers and Data Processing Agreements

However, no system can guarantee absolute security: we invite users to be cautious in the transmission of sensitive data and to promptly report any anomalies.

10Changes to this notice

This notice may be updated at any time to reflect regulatory changes or changes in the processing carried out. The current version is always available at this URL with the date of last update in the opening. In case of substantial changes, registered users will be informed via email.

11Contact

For any question relating to the processing of your personal data, the rights guaranteed by GDPR or to exercise one of the rights listed in paragraph 7, contact us:

• Email: coldcareofficial@gmail.com
• Phone / WhatsApp: +39 351 4425240
• Mail: Hygiene Care S.a.s. · Via degli Artigiani 27, 50055 Lastra a Signa (FI), Italy

Supervisory authority: Italian Data Protection Authority · Piazza Venezia 11, 00187 Rome · garanteprivacy.it