Privacy Statement (EU)

This privacy statement was last updated on 2 July 2025 and applies to citizens and legal permanent residents of the European Economic Area and Switzerland.

In this privacy statement, we explain what we do with the data we obtain about you via https://www.cavabike.it/en. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
we first request your explicit consent to process your personal data in cases requiring your consent;
we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand)

2. Sharing with other parties

We only share or disclose this data to processors for the following purposes:

Processors

Name: Google Ireland Limited
Country: Ireland
Purpose: Statistical Analysis
Name: Aruba S.p.A.
Country: Italy
Purpose: Hosting

3. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy.

4. Disclosure practices

We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.

If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

We have concluded a data processing agreement with Google.

Google may not use the data for any other Google services.

The inclusion of full IP addresses is blocked by us.

5. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

6. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

7. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

8. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
Right of access: You have the right to access your personal data that is known to us.
Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

9. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Data Protection Authority.

10. Contact details

Francesco Cavaleri - Cava Bike Di Cavaleri Francesco
Via Annunciata, 10
25015 Desenzano Del Garda (BS)
Italy
Website: https://www.cavabike.it/en
Email: info@ex.comcavabike.it
Phone number: +39 379 139 6333

11. Data Requests

For the most frequently submitted requests, we also offer you the possibility to use our data request form

Annex

Hosting and backend infrastructure

These types of services have the function of hosting Data and files that allow this Application to function, enable its distribution and provide a ready-to-use infrastructure to deliver specific functionalities of this Application.

Some of the services listed below, if any, may operate on geographically dispersed servers, making it difficult to determine the actual location where Personal Data is stored.

Aruba (Aruba S.p.A.)

Aruba is a hosting service provided by Aruba S.p.A..

Personal Data processed: Usage Data; Tracking Tools; various types of Data as specified by the privacy policy of the service.

Place of processing: Italy - Privacy Policy.

Complianz

This website uses the Privacy Suite for WordPress by Complianz to collect consent records. For this functionality your IP address is anonymised and stored in our database. For more information, see the Privacy Statement of Complianz.

Akismet

We collect information about visitors who comment on sites that use our Akismet anti-spam service. The information we collect depends on how you configure Akismet for the Site, but typically includes the IP address, user agent, referrer and URL of the commenter's site (along with other information provided directly by the commenter such as name, username, email address and the comment itself).

WPML

WPML uses cookies to identify the language of the current visitor, the language of the last visit and the language of the logged in users.

When using the plugin, WPML will share data about the site via the installer. No personal user data will be shared.

FareHarbor

FareHarbor is a booking service provided by FareHarbor B.V..

Personal Data processed: Usage Data; Tracking Tools; various types of Data as specified by the privacy policy of the service.

Place of processing: Amsterdam - Privacy Policy.

Protection from spam and bots

This type of service analyses the traffic of this Application, potentially containing Users' Personal Data, in order to filter it from unwanted traffic, messages and content recognised as SPAM or to protect it from malicious bot activities.

Cloudflare Bot Management (Cloudflare Inc.)

Cloudflare Bot Management is a malicious bot protection and management service provided by Cloudflare Inc.

Personal Data processed: Application opening; metropolitan area; postcode; city; click; search history; browsing history; Usage data; video view data; session duration; interaction events; page events; keypress events; custom events; motion sensor events; touch events; browser information; device information; app information; page-scrolling interactions; IP address; launches; latitude (of city); language; device log; longitude (of city); mouse movements; country; number of sessions; pageviews; location relative to scrolling; province; geographic region; operating systems; session statistics; status; Tracking Tools.

Place of processing: United States - Privacy Policy.