Privacy Policy
Last update: March 3, 2026
This privacy policy describes how EVAScan ("we", "our" or "Data Controller") collects, uses, and protects the personal data of users of the EVA (Embedded Vulnerability Assessment) platform. The protection of your personal data is important to us and we are committed to processing it in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Italian law.
1. Data Controller
The Data Controller for personal data processing is: EVAScan Email: info@evascan.app For any questions regarding the processing of your personal data, you can contact us at the email address above.
2. Personal Data Collected
We collect the following categories of personal data: • Registration and account data: username, email address, password (encrypted), role in the organization. • Demo request form data: first name, last name, business email, company name, company role, message. • Navigation data: IP address, browser type, operating system, pages visited, date and time of access. • Technical data: system logs for security and debugging purposes.
3. Processing Purposes
Your personal data is processed for the following purposes: • Service provision: account management, authentication, access to the EVA platform for software vulnerability management. • Demo request processing: responding to platform demonstration requests and providing commercial information. • Service communications: sending service-related notifications, security updates, changes to terms. • Regulatory compliance: supporting compliance with the Cyber Resilience Act (CRA) and RED 3.3. • Security: protecting the platform from unauthorized access and fraudulent activities. • Service improvement: usage analysis to improve platform features.
4. Legal Basis for Processing
The processing of your personal data is based on the following legal bases: • Contract performance (Art. 6.1.b GDPR): for providing the requested services and managing the contractual relationship. • Consent (Art. 6.1.a GDPR): for sending commercial communications and demo requests. • Legitimate interest (Art. 6.1.f GDPR): for platform security and service improvement. • Legal obligations (Art. 6.1.c GDPR): to comply with legal obligations, including tax and accounting requirements.
5. Data Retention
Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected: • Account data: for the duration of the contractual relationship and for the subsequent 10 years for legal obligations. • Demo request data: for 24 months from the request, unless a contractual relationship is established. • Navigation data and logs: for 6 months for security purposes. • Data for legal obligations: according to the terms provided by applicable regulations.
6. Data Sharing
Your personal data may be disclosed to: • Service providers: hosting providers, cloud services, technical support, who act as Data Processors under contractual agreements compliant with the GDPR. • Competent authorities: when required by law or to protect our legal rights. Data is not transferred outside the European Economic Area (EEA) unless adequate safeguards provided by the GDPR are in place.
7. Data Subject Rights
Under the GDPR, you have the right to: • Access: obtain confirmation of the existence of processing and access your data. • Rectification: obtain the correction of inaccurate data or the integration of incomplete data. • Erasure: obtain the deletion of data in the cases provided by the GDPR. • Restriction: obtain the restriction of processing in the cases provided. • Portability: receive data in a structured format and transfer it to another controller. • Objection: object to processing based on legitimate interest. • Withdraw consent: withdraw consent at any time. To exercise your rights, contact us at info@evascan.app. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
8. Cookies and Tracking Technologies
The EVA platform uses technical cookies necessary for the operation of the service: • Session cookies: to manage authentication and maintain the user session. • Preference cookies: to store language and display preferences. We do not use profiling cookies or third-party cookies for advertising purposes. For more information on the technical cookies used, please refer to our Cookie Policy.
9. Data Security
We adopt appropriate technical and organizational measures to protect your personal data: • Encryption of passwords and sensitive data. • Secure connections via HTTPS protocol. • Role-based access controls. • Continuous security monitoring. • Backup and disaster recovery procedures. • Staff training on data protection.
10. Changes to This Policy
We reserve the right to modify this policy at any time. Changes will be published on this page with an indication of the last update date. We encourage you to periodically review this page to stay informed about any changes.
11. Contact Us
For any questions regarding this policy or the processing of your personal data, you can contact us: Email: info@evascan.app