Privacy Policy

Last updated: July 3, 2026

Privacy Policy

This Privacy Policy explains how personal data is collected and processed through this website and related services operated under the brand Niva Skye. Details about the Data Controller and contact channels are provided in the dedicated section below.

For the purposes of Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”), the Data Controller is the individual professional identified in Section 3 of this Privacy Policy.

Niva Skye is the commercial brand used for the website, digital products, questionnaire, and related communications. The legal Data Controller remains the individual professional identified in Section 3.

1. Personal data we collect

We only collect personal data that is necessary for the purposes described below.

Depending on how you interact with the website, we may process the following categories of data:

a) Website browsing and technical data

When you visit the website, technical data may be processed automatically, including IP address, browser type, device information, access logs, timestamps and technical cookies necessary for the website to function securely.

b) Contact form data

If you contact us voluntarily through the contact form or by email, we may process your name, email address and the content of your message.

The contact form is provided through the website infrastructure and/or email routing tools used to receive and manage voluntary contact requests.

c) Questionnaire data

If you complete a voluntary questionnaire, we may process the answers you choose to provide.

If the questionnaire requests your name and email address, we process them only to identify your submission, display or send your result, and provide the requested resource.

The questionnaire is designed not to collect special category data or sensitive personal data.

d) Purchase and checkout data

If you buy a digital product, checkout and payment are handled by CopeCart. Purchase-related data may include your name, email address, billing details, transaction information, tax-related information and order details.

e) Customer support data

If you request support, we may process your email address, order information and the content of your support request.

2. Why we process your data and legal bases

We process personal data only when we have a valid legal basis under the GDPR.

Website operation and security

We process technical data to operate, maintain and secure the website, prevent abuse, troubleshoot technical issues and ensure the availability of the service.

Legal basis: legitimate interest in ensuring website security and functionality.

Contact requests

We process the data you submit through the contact form or by email to respond to your message.

Legal basis: pre-contractual measures when your request relates to a product or service, or legitimate interest in responding to voluntary communications.

Questionnaire

We process the answers you provide through the questionnaire in order to generate, display and/or send your scorecard, assessment result or related resource.

If you provide your name and email address, we process them only to identify your submission, deliver your result and provide the requested resource.

Legal basis: legitimate interest in providing the requested questionnaire-based service, or pre-contractual measures where the questionnaire is linked to a product, resource or service requested by you.

Digital product purchases

When you purchase a digital product, we process the limited purchase-related information made available to us by CopeCart only to provide access to the purchased product, manage product-related support and keep the records necessary for our business and legal obligations.

Legal basis: performance of a contract, compliance with legal obligations where applicable, and legitimate interest in managing customer support and internal business records.

Fraud prevention and payment security

Payment-related processing is handled by CopeCart as merchant of record. CopeCart may process data for payment processing, fraud prevention, tax compliance, invoicing and transaction support.

Legal basis: performance of a contract, legal obligations and legitimate interest in fraud prevention.

3. Data Controller

This website and the related digital services are operated under the commercial brand Niva Skye. For the purposes of the GDPR, the Data Controller is the individual professional operating the brand, Lidia Soggia, Italian VAT number 13459380013. The Data Controller can be contacted for privacy-related requests at privacy@nivaskye.com. Throughout this Privacy Policy, references to “we”, “us”, “our” or “Niva Skye” refer to the website and services operated under that brand by the Data Controller.

4. Contact form

When you submit the contact form, we use the data you provide only to respond to your request.

We do not use contact form data for newsletter or marketing purposes unless you provide separate consent in the future.

The contact form is managed through the website infrastructure and/or email routing tools used by the website.

5. Questionnaire

The questionnaire or scorecard is provided through Tally.

Tally acts as a data processor for the form responses submitted through the questionnaire. The Data Controller remains the individual professional operating under the brand Niva Skye.

The questionnaire is intended to collect only non-sensitive professional or profile-related information. Please do not submit special category data, such as health data, political opinions, religious beliefs, trade union membership, genetic or biometric data, or information about sex life or sexual orientation.

If the questionnaire requests your name and email address, we process them only to identify your submission, display or send your result, and provide the requested resource.

6. Digital products and CopeCart checkout

Digital product payments and checkout are handled by CopeCart.

CopeCart acts as merchant of record and independent controller for checkout, payment, tax, invoicing, fraud prevention and related transaction support. This means that, when you buy a digital product, your transaction is processed by CopeCart (CopeCart GmbH) and may appear on your bank or card statement as a name referencing CopeCart.

We may receive from CopeCart the information necessary to fulfil your order, provide product access, manage support and comply with applicable legal, tax and accounting obligations.

A separate consent is not required for the processing of data necessary to complete a purchase, issue invoices, provide the product or manage transaction security.

7. Service providers and recipients

We may share personal data with trusted service providers only where necessary for the purposes described in this Privacy Policy.

Current service providers include:

Hostinger

Used for website hosting, website builder services, technical infrastructure, security and technical logs.

Tally

Used to collect and manage questionnaire responses.

CopeCart

Used as merchant of record for checkout, payment processing, invoicing, tax management, fraud prevention and transaction support.

Google Fonts / Google

Used to load website fonts and ensure consistent visual display across devices and browsers. When fonts are loaded from Google servers, technical data such as IP address and browser request information may be transmitted to Google.

Website contact form / email routing tools

Used to receive and manage voluntary contact requests submitted through the website or by email.

We may also disclose personal data where required by law, tax obligations, accounting obligations, legal claims or requests from competent authorities.

8. International data transfers

Some service providers may process personal data outside the European Economic Area.

Where personal data is transferred outside the EEA, we rely on appropriate safeguards where required, such as adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms under the GDPR.

According to the current setup:

• Tally is based in the EU and stores form responses in Europe.

• CopeCart (CopeCart GmbH) is based in Germany (EU) and acts as data controller. It may transfer personal data outside the EU/EEA, in particular to the US, relying on the EU Standard Contractual Clauses.

• Hostinger may involve international processing and may rely on Standard Contractual Clauses or other safeguards for transfers outside the EEA.

• Google Fonts may involve processing by Google and possible transfers outside the EEA. Where applicable, such transfers rely on appropriate safeguards, such as adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms.

• Website contact form and email routing tools may involve processing by the relevant website, hosting or email service providers. Where personal data is transferred outside the EEA, appropriate safeguards are used where required by the GDPR.

9. Data retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

Indicative retention periods:

Website technical logs

Technical logs are retained for the period strictly necessary for security, troubleshooting and infrastructure protection, according to Hostinger’s retention settings and applicable law.

Contact form messages

Contact form messages are normally retained for the time necessary to respond to and manage the request, typically up to 12 months, unless a longer period is necessary to protect legal rights or manage contractual matters.

Questionnaire / scorecard answers

Questionnaire data is retained for up to 24 months, unless earlier deletion is requested or a longer period is necessary to protect legal rights.

Purchase and invoice data

Purchase, invoice and tax-related data are retained for the period required by applicable tax, accounting and legal obligations, which may be up to 10 years.

Customer support data

Customer support data is retained for the time necessary to manage support and protect legal or contractual rights, typically up to 24 months, unless longer retention is legally required.

10. Cookies, fonts and tracking technologies

This website does not use Google Analytics, Meta Pixel, advertising pixels, remarketing technologies or profiling cookies.

The website may use technical cookies and similar technologies that are strictly necessary for website operation, security, checkout, form functionality or user-requested services.

Technical cookies do not require prior consent, but users are informed about their use through this Privacy Policy and/or a dedicated Cookie Policy.

This website uses Google Fonts to display consistent typography across browsers and devices.

When Google Fonts are loaded from Google servers, technical data such as the user’s IP address, browser information and request data may be transmitted to Google. Google may process this data as an independent provider of the font service.

Legal basis: legitimate interest in ensuring consistent, readable and functional website typography.

Where possible, we may choose to host fonts locally in the future in order to reduce third-party requests.

The website does not embed YouTube, Vimeo, Instagram, TikTok or other third-party social/video feeds.

If we add analytics, advertising pixels, marketing tracking technologies, embedded videos, newsletter tools or social media feeds in the future, we will update this Privacy Policy and the Cookie Policy and, where required, implement a consent management mechanism before activating those tools.

11. Your rights under the GDPR

Under the GDPR, you may have the following rights:

• right of access: to know whether we process your personal data and receive a copy;

• right to rectification: to correct inaccurate or incomplete data;

• right to erasure: to request deletion of your data where applicable;

• right to restriction: to ask us to limit processing in certain cases;

• right to data portability: to receive your data in a structured, commonly used format where applicable;

• right to object: to object to processing based on legitimate interest;

• right to withdraw consent: where processing is based on consent, you may withdraw it at any time;

• right to lodge a complaint with a supervisory authority.

In Italy, you may lodge a complaint with the Garante per la protezione dei dati personali.

To exercise your rights, contact us at: privacy@nivaskye.com

We may need to verify your identity before responding to your request.

12. Children

This website and its products are not intended for children.

We do not knowingly collect personal data from children.

If you believe that a child has submitted personal data through the website, please contact us so that we can review and delete the data where appropriate.

13. Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse or disclosure.

However, no online service can guarantee absolute security. Users should avoid submitting unnecessary or sensitive information through forms or questionnaires.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical or business changes.

The updated version will be published on this page with a new “Last updated” date.

15. Contact

For any privacy-related request, you can contact the Data Controller at privacy@nivaskye.com.