K
kovizu

Menu

© 2025 Kovizu. All rights reserved.

Privacy Policy

Information about personal data processing

Last updated: July 20, 2025

Introduction

At Kovizu S.L. (hereinafter 'Kovizu', 'we' or 'the company'), we are committed to protecting and respecting your privacy. This privacy policy explains how we collect, use, store, and protect your personal information when you use our website kovizu.com and our custom parts manufacturing services.

Data Controller

Kovizu 904 Paseo de Larratxo, 20017 Guipúzcoa, Spain

What personal data do we collect?

We collect and process the following types of personal data:

Identification data

Full name, email address, phone number, postal address.

Commercial data

Order history, product preferences, commercial communications.

Billing data

Billing address, tax information (ID number, Tax ID), payment data (processed by secure third parties).

Technical data

IP address (anonymized), browser type, pages visited, browsing time.

Design data

Technical specifications, design files, customization preferences for products.

Legal Basis for Processing

We process your personal data based on the following legal bases under GDPR:

Consent (Art. 6.1.a GDPR)

For direct marketing, non-essential cookies, and promotional communications.

Contract performance (Art. 6.1.b GDPR)

To process orders, manage customer accounts, provide customer service.

Legitimate interest (Art. 6.1.f GDPR)

For web analytics, service improvement, fraud prevention, website security.

Legal obligation (Art. 6.1.c GDPR)

To comply with tax, accounting, and billing obligations.

What do we use your data for?

We use your personal data for the following purposes:

  • Process and manage your custom product orders
  • Provide customer service and technical support
  • Manage payments and billing
  • Send order-related communications
  • Improve our products and services
  • Comply with legal and tax obligations
  • Prevent fraud and ensure security
  • Website usage analytics (anonymized data)
  • Direct marketing (only with your consent)

Who do we share your data with?

We do not sell or rent your personal data to third parties. We share data only when necessary to provide our services:

Service providers

Hosting companies, payment processors, shipping services, web analytics providers.

All have data processing agreements and comply with GDPR.

Competent authorities

When required by law or to protect our legal rights.

Logistics companies

For product delivery (only data necessary for shipping).

International Transfers

Some of our service providers may be located outside the European Economic Area (EEA). In such cases, we ensure that:

  • European Commission adequacy decisions are applied
  • EU-approved standard contractual clauses are used
  • Additional security measures are implemented when necessary
  • Your explicit consent is obtained when required

How long do we keep your data?

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected:

Active customer data

While you maintain an active account with us

Order data

7 years (Spanish tax billing requirement)

Marketing data

Until you withdraw your consent

Technical data (analytics)

26 months (Google Analytics)

Consent records

3 years to demonstrate compliance

Your Rights under GDPR

As a personal data subject, you have the following rights:

Right of access (Art. 15 GDPR)

You can request a copy of the personal data we hold about you.

Right to rectification (Art. 16 GDPR)

You can request that we correct inaccurate or incomplete personal data.

Right to erasure (Art. 17 GDPR)

You can request that we delete your personal data in certain circumstances.

Right to restriction of processing (Art. 18 GDPR)

You can request that we limit the processing of your personal data.

Right to data portability (Art. 20 GDPR)

You can request to receive your data in a structured, machine-readable format.

Right to object (Art. 21 GDPR)

You can object to processing based on legitimate interests or for direct marketing.

Right to withdraw consent

You can withdraw your consent at any time when processing is based on consent.

To exercise any of these rights, use our contact form. We will respond to your request within 7 business days.

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • SSL/TLS encryption for all data transmissions
  • Restricted access to personal data only for authorized personnel
  • Regular security audits
  • Data processing agreements with all suppliers
  • Security incident response procedures
  • Regular staff training on data protection

Minors

Our services are intended for people over 16 years of age. We do not intentionally collect personal data from minors under 16 without parental consent. If we discover that we have collected data from a minor without consent, we will delete it immediately.

Changes to this Policy

We reserve the right to update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of any significant changes by email or through a prominent notice on our website. The date of the last update is indicated at the top of this policy.

Contact

If you have any questions about this privacy policy or about how we process your personal data, you can contact us through our contact form on the website.

We commit to responding to all inquiries within 7 business days.