01
Data controller
XV Studio is the data controller for personal data processed through this website and through requests submitted in its forms.
Legal
Privacy Policy
Last updated: March 7, 2026
This policy explains how XV Studio collects, uses, and protects personal data when you use the website and submit contact or quote requests.
02
Data we collect
We may process data you provide (name, email, phone number, and notes), quote request details (service areas, purpose, and timeline), and technical access data (IP, user-agent, date/time, and security logs). Some fields are required to process requests; without them, we may be unable to answer contact/quote submissions.
03
Purposes and legal basis
We process data to answer contact/quote requests, perform pre-contractual steps, operate and protect the website, and comply with legal obligations. Legal bases include legitimate interest, pre-contractual necessity, and legal compliance.
04
Sharing with service providers
We do not sell personal data. We may share data only with providers required to operate the service, such as web hosting/platform infrastructure (Netlify) and transactional quote email delivery (Resend), under security and confidentiality obligations.
05
International transfers
Some providers may process data outside your country or the EEA. In such cases, appropriate contractual and technical safeguards are applied according to the applicable legal framework.
06
Data retention
Data is retained only for the period required to handle your request, commercial follow-up, and legal requirements. Technical logs and operational records follow retention periods defined by hosting and security infrastructure.
07
Your rights
You may request access, rectification, erasure, restriction, objection, and data portability where applicable. You may also withdraw consent whenever consent is the legal basis.
08
Security
We apply appropriate technical and organizational measures to reduce the risk of unauthorized access, misuse, alteration, or loss of personal data.
09
Supervisory authority and contact
If you believe data processing is non-compliant, you may file a complaint with the competent supervisory authority in your country. For privacy-related questions, please use the website contact page.
10
Automated decision-making
We do not carry out solely automated decision-making, including profiling, that produces legal effects or similarly significant impacts for website users.