← Back to website

Privacy Policy

Last updated: March 23, 2026

1. Controller

The controller responsible for data processing on this website is:

ERA
IV Novembre 33
20093 Cologno Monzese, Italy
Email: info@era-nova.eu
Phone: +39 328 756 2792

2. Data Protection Officer

Given the nature and scale of our data processing activities, we are not required to appoint a Data Protection Officer under Art. 37 GDPR. For all data protection inquiries, please contact us directly at info@era-nova.eu.

3. What Data We Collect

We collect personal data that you voluntarily provide through our inquiry form:

  • Full name
  • Company name
  • Email address
  • Phone number / WhatsApp
  • Website or commercial profile URL (optional)
  • Business type
  • Message content (optional)

Automatically Collected Data

When you visit our website, your browser automatically transmits certain technical data, including your IP address, browser type and version, operating system, referrer URL, and the date and time of your visit. This data is processed to ensure the technical operation and security of the website. Your IP address is also used for rate-limiting to prevent abuse of our contact form.

4. Purpose and Legal Basis

We process your personal data for the following purposes:

  • Responding to inquiries — to process your business inquiry and communicate with you regarding potential cooperation. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures).
  • Website operation and security — to ensure the technical functionality, security, and stability of our website, including rate-limiting and abuse prevention. Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in providing a secure, functional website and protecting it from misuse. We have assessed that this interest does not override your fundamental rights and freedoms, given the limited nature and scope of the data processed.
  • Consent — where you have given consent to specific processing activities. Legal basis: Art. 6(1)(a) GDPR. You may withdraw your consent at any time.

5. Data Sharing & Processors

We do not sell, rent, or trade your personal data. Your data may be shared with the following processors, who act on our behalf under data processing agreements:

Vercel Inc.

Purpose: Website hosting, content delivery (CDN), and serverless API functions.
Data processed: IP address, browser metadata, and form submission data (transmitted through serverless functions).
Location: San Francisco, CA, USA.
Transfer safeguards: EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs).
Privacy policy: vercel.com/legal/privacy-policy

Zoho Corporation B.V.

Purpose: Transactional email delivery via SMTP to transmit form submissions to our inbox.
Data processed: Form submission content (name, email, company, phone, and other fields you provide).
Location: Netherlands, EU. Email is processed on EU servers (smtp.zoho.eu) — no transfer outside the EEA.
Privacy policy: zoho.com/privacy.html

Dynadot LLC

Purpose: Domain name registration and DNS management.
Data processed: DNS query data, including IP address and requested domain name.
Location: San Mateo, CA, USA.
Transfer safeguards: EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs).
Privacy policy: dynadot.com/community/privacy-policy

Google (Google Maps)

We embed Google Maps to display our location. When viewing the map, data (including your IP address) may be transmitted to Google LLC, USA. Google participates in the EU-US Data Privacy Framework. For details, refer to Google's Privacy Policy.

We may also disclose your data when required by law, regulation, or court order.

6. International Transfers

Your data is primarily processed within the European Economic Area (EEA). Zoho processes email data exclusively on EU servers. Where data is transferred to the United States — specifically to Vercel (hosting), Dynadot (DNS), and Google (Maps) — we rely on the EU-US Data Privacy Framework (DPF) and, where applicable, Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Art. 46(2)(c) GDPR, to ensure an adequate level of data protection.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Inquiry data is typically retained for 12 months after your last contact, unless a business relationship is established, in which case statutory commercial and tax retention periods apply (generally 6 to 10 years).

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) — obtain confirmation of whether we process your data and request a copy.
  • Right to rectification (Art. 16 GDPR) — request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR) — request deletion of your data ("right to be forgotten").
  • Right to restriction (Art. 18 GDPR) — request limitation of processing.
  • Right to data portability (Art. 20 GDPR) — receive your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR) — object to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7(3) GDPR) — withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@era-nova.eu. We will respond to your request within 30 days in accordance with Art. 12(3) GDPR.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority for our business is:

Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma, Italy
www.garanteprivacy.it

10. Cookies

This website uses only technically necessary cookies (such as the language preference cookie) that are essential for the website to function. These cookies do not require your consent under Art. 5(3) of the ePrivacy Directive. We do not use analytics, tracking, or advertising cookies.

11. Third-Party Services

Fonts

This website uses self-hosted fonts. No connection to external font services (such as Google Fonts) is made when you visit our site. Font files are served directly from our own infrastructure.

12. Automated Decision-Making

We do not use automated decision-making or profiling as defined in Art. 22 GDPR.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, in accordance with Art. 32 GDPR. These measures include encrypted data transmission (TLS/HTTPS), server-side input validation, rate-limiting, and strict Content Security Policy headers.

14. Obligation to Provide Data

Providing your name, company name, email address, phone number, and business type is necessary to process your inquiry. This information is required for pre-contractual communication. If you do not provide this data, we will be unable to respond to your request. All other fields (website, message) are optional.

15. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised "Last updated" date.