PRIVACY NOTICE

Last updated: 30 May 2026

This notice describes how Carrozzeria Nova Umbra processes the personal data of users browsing the novaumbra.it website and of anyone who contacts us, pursuant to Regulation (EU) 2016/679 (“GDPR”) and Italian Legislative Decree 196/2003 as amended.

1. Data controller

The data controller is Carrozzeria Nova Umbra di Roncolino Nico, with registered office at Località Cardete, 06062 Città della Pieve (PG) — VAT no. 03138620541.
Email: novaumbra@gmail.com · Phone: +39 0578 199 8005.
For any matter relating to data processing, you can use the details on the Contact page.

2. Types of data processed

• Contact data provided voluntarily: first name, last name, email, phone, message content.
• Vehicle and case data: number plate, model, description and photos of the damage, information useful for managing the claim or the job.
• Conversations with the virtual assistant: the text of the messages you type in the website chat.
• Browsing data collected automatically: IP address, browser and device, operating system, pages visited, date and time, technical and security logs.

We do not request special categories of data (Art. 9 GDPR). Please do not enter sensitive data in the forms or in the chat.

3. Purposes and legal bases

• Responding to requests for information or a quote and managing contacts — pre-contractual measures, Art. 6.1.b.
• Managing the bodywork, paint, auto glass centre or claim job entrusted to us — performance of the contract, Art. 6.1.b.
• Complying with legal, tax and accounting obligations — legal obligation, Art. 6.1.c.
• Ensuring security, preventing abuse and keeping the website running — legitimate interest, Art. 6.1.f.
• Loading third-party content (e.g. the map) and any further purposes — consent, Art. 6.1.a, where required.

4. How we collect data

• Contact form: the data you enter is sent through the FormSubmit service (formsubmit.co), which delivers it to our email inbox.
• Email, phone and WhatsApp: when you write to or call us voluntarily.
• Virtual assistant (AI chat): see point 6.
• Browsing: technical data collected automatically by the website infrastructure.

5. Cookies and similar technologies

The website uses exclusively technical cookies and local storage necessary for it to work (e.g. remembering your choice on the cookie banner), for which no consent is required. We do not use profiling or advertising cookies.

The Google Maps map on the Contact page is third-party content and is loaded only after an explicit action by the user (clicking “Show the map” or accepting the banner): in that case Google may set its own technical cookies. Until then, no data is sent to Google through the map.

6. Virtual assistant (AI chat)

The website offers a virtual assistant powered by artificial intelligence. The messages you send in the chat are transmitted, through our infrastructure, to Anthropic PBC (USA), which provides the language model used to generate the replies. The messages are processed solely to respond to your request and, under Anthropic's API terms, are not used to train the models. We ask you not to enter personal or sensitive data in the chat: for requests that require personal data, please use phone, email or WhatsApp.

7. Providers and recipients of the data

To deliver our services we rely on providers that act as data processors or independent controllers:

• Cloudflare, Inc. — website hosting (Cloudflare Pages), content delivery and security.
• FormSubmit — delivery of contact form messages to our email.
• Anthropic PBC — artificial intelligence model for the virtual assistant.
• Google Ireland Ltd / LLC — Google Maps map (subject to consent) and email (Gmail).
• unpkg / jsDelivr — content delivery networks for the website's technical libraries.
• Insurance companies, loss adjusters, advisers and professionals — where necessary to manage the claim or the job entrusted to us.

The data is neither disclosed nor transferred to third parties for marketing purposes.

8. Transfer of data outside the European Union

Some providers (e.g. Cloudflare, Anthropic, Google) are based or have servers in the United States. Any transfers take place under appropriate safeguards pursuant to Art. 44 et seq. of the GDPR, such as the European Commission's Standard Contractual Clauses and/or adherence to the EU-U.S. Data Privacy Framework.

9. Retention period

• Simple contact/enquiry data not followed by a relationship: for the time needed to handle it and up to 24 months.
• Customer and case data: for the duration of the relationship and, for tax and legal obligations, up to 10 years.
• Chat messages and technical logs: for a limited period, according to technical needs and the providers' policies.

10. Rights of the data subject

You can exercise at any time the rights under Art. 15-22 of the GDPR: access, rectification, erasure, restriction, objection, portability and withdrawal of consent (without affecting the lawfulness of prior processing). To exercise them, write to novaumbra@gmail.com: we will reply within the legal time limits.

11. Complaint to the supervisory authority

You have the right to lodge a complaint with the Italian Data Protection Authority (garanteprivacy.it) if you believe that the processing of your data infringes the Regulation.

12. Data of minors

The website and the services are not aimed at minors under 16 years of age. We do not knowingly collect data of minors without the consent of those holding parental responsibility.

13. Security

We adopt appropriate technical and organisational measures (encrypted HTTPS connection, access control, minimisation of the data processed) to protect the data from unauthorised access, loss or misuse.

14. Changes to this notice

This notice may be updated to align it with regulatory changes or with the services offered. The current version is always published on this page, with the date of the last update.