Privacy policy

This translation is provided for convenience only. In the event of any discrepancies or conflicts, the original Italian version shall prevail.

Refer to the Terms of Service for the general conditions of use of Pavex and the definition of terms in uppercase in this privacy policy.

Data controller

The data controller is Mr. Luca Palmieri, VAT number holder no. 17246041002, domiciled in Italy, who can be contacted via e-mail at [email protected]

Object, purpose and legal basis of the data processing

The data controller can process the e-mail address of each Pavex USER:

  • to create a personal account;
  • to identify the USERS who are assigned a SEAT;
  • to send service communications (such as in case of updates).

The controller may process the first and last name of the CUSTOMER who purchased the license, if it is a natural person, or the legal representative of the CUSTOMER, in the case of a legal person, as well as their e-mail address, for the following purposes:

  • to identify the contracting party;
  • to send communications related to the contract (e.g. conditions changes).

The lawful basis for the processing of these data is their necessity for the performance of a contract to which the data subjects are party (Art. 6(b) GDPR).

To be able to use Pavex, the communication of these data by the interested parties is of a mandatory nature.

The CUSTOMER data necessary for payment processing and tax compliance are processed by Lemon Squeezy LLC as autonomous data controller. Therefore, the CUSTOMER is encouraged to consult their privacy policy.

Data disclosure and transfers to third countries

We use DigitalOcean to store and process your data. DigitalOcean operates data centers within the European Union (EU), ensuring compliance with the GDPR.

In cases where data is transferred outside the EU/European Economic Area (EEA), such transfers are conducted in accordance with applicable data protection laws, including the implementation of Standard Contractual Clauses (SCCs) or equivalent safeguards.

Data retention period

CUSTOMER data are retained for 10 years, while individual USERS’ data are deleted when their accounts are deactivated.

Data subjects’ rights

The GDPR (articles 15-22) recognizes important personal data protection rights, which each data subject (CUSTOMER or USER) can exercise by contacting the data controller at the addresses listed above:

  • the right to know whether or not personal data concerning the data subject are being processed, and, where that is the case, to obtain a copy of the data and the following information: the origin of the data; the categories of personal data concerned; the recipients of the data; the purposes of the processing; the occurrence of automated decision-making, including profiling; the period for which the data will be stored;
  • the right to request, in the cases included by the GDPR, the rectification or erasure of personal data concerning him or her, or to obtain restriction of processing;
  • the right to request the transmission of the data he or she has provided to another controller (“right to data portability”), where the processing is based on consent or on a contract with the subject and carried out by automated means.
  • the right to object to the processing of personal data carried out in the legitimate interest of the data controller or for reasons of public interests;
  • the right to object to processing of personal data for marketing purposes without having to state the grounds for the objection;
  • the right to withdraw his or her consent at any time;
  • the right to lodge a complaint with a single supervisory authority for the processing of personal data.