Skip to main content

Legal

Privacy Policy

Last updated: 2026-05-17

Scope of this notice

This notice covers personal data processing for which SmartVolve S.r.l. acts as data controller — namely the website forms, newsletter, and site cookies. Data processed by the voice AI agent on behalf of our B2B clients (where SmartVolve S.r.l. acts as data processor under Art. 28 GDPR) is governed by a separate Data Processing Agreement signed with each client; the privacy notice to the callers in that case is the responsibility of our B2B client as data controller.

Data controller

SmartVolve S.r.l.. Contact: [email protected].

Purposes and legal basis

We process personal data you provide via our website forms (15-minute call requests, missed-call revenue-loss calculator, contact) to respond to your requests (Art. 6(1)(b) GDPR — pre-contractual measures), to manage our newsletter (Art. 6(1)(a) — explicit consent, double opt-in), and to comply with legal obligations (Art. 6(1)(c)).

Automated processing — Artificial Intelligence

Some processing involves AI systems. Specifically: (a) generative AI models may assist in drafting reply templates after manual review; (b) the sample voice clip on the product page is pre-generated audio — no real-time AI inference on visitor data and no personal data collected from listening to the sample. We do not take automated decisions producing legal or similarly significant effects on you within the meaning of Art. 22 GDPR. Per Art. 13(2)(f) GDPR and the EU AI Act Art. 50, you are informed when interacting with an AI-generated output.

Recipients (categories)

Data is shared with the following categories of processors, all bound by GDPR-compliant DPAs: hosting and CDN providers, transactional email providers, CRM platform, database providers, security/captcha providers, and EU-based analytics. The full, named list with location and transfer safeguard is published at /sub-processors.

International transfers

Personal data collected through the website may be transferred outside the European Economic Area (EEA), specifically to the United States, exclusively to service providers (sub-processors) certified under the EU-U.S. Data Privacy Framework (Art. 45 GDPR — Commission Implementing Decision (EU) 2023/1795 of 10 July 2023). Where DPF certification is not in place or as a contractual safeguard, transfers are governed by the Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR — Decision (EU) 2021/914) together with a Transfer Impact Assessment (TIA).

Retention

Lead data is retained for 24 months from last contact where you gave marketing consent; absent marketing consent it is anonymised within 30 days of collection. Newsletter data is retained until withdrawal of consent. Cookie consent logs are retained for up to 12 months as proof of consent. Server access logs are retained for 30 days for security purposes.

Your rights

You have the right to access, rectify, erase, restrict or object to processing of your personal data, and to data portability (GDPR Arts. 15-22). To exercise your rights, write to [email protected]. You may also lodge a complaint with the Italian Garante for the Protection of Personal Data (www.garanteprivacy.it).

For US visitors

CCPA Notice at Collection and TCPA Policy

If you are a California resident, see our CCPA Notice at Collection for the categories of personal information we collect, the purposes of processing, and your CCPA/CPRA rights. If you receive a phone call from a SmartVolve voice agent, our TCPA Policy describes how consent, AI-voice disclosure, and opt-out work under US federal law and FCC rules.