Privacy Policy

Last updated: May 29, 2026 · Version 1.1

This notice describes how Zeli SRL processes personal data collected through the automazionezeli.com website and the Liara AI chat service, pursuant to EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.

Data Controller

The Data Controller is Zeli SRL, Via Pancaldi 59, 41122 Modena (MO), Italy, VAT 01331980365. Internal DPO email: [email protected].

Data collected

We process the following categories of personal data:

• Session data: IP address (for the 14-day retention), browser user-agent, country code (via Cloudflare CF-IPCountry header), first-visit / last-visit timestamps.
• Chat conversations: text of messages sent to Liara and generated responses. Stored in identifiable form for 30 days, then pseudonymized and archived for statistical purposes for up to 24 months.
• Cookie preferences: technical cookie ff_consent storing analytics/marketing category choices. 12 months.
• Security events: attack attempts blocked by the Sentinel WAF (IP, user-agent, redacted payload). Stored 12 months for investigation + 7 years anonymized for audit.

Purposes of processing

Data is processed for:

• Delivery of the AI chat service: assisting users in searching for industrial components from the historical Zeli catalog.
• Anti-abuse protection: detection of bots, automated scanners, attacks (SQL injection, XSS, prompt injection) via the Sentinel WAF.
• Quality improvement: aggregated and anonymized analysis of conversations to improve Liara's technical knowledge.
• Legal obligations: cooperation with authorities on binding request.

Legal basis

Legal bases for processing are: (a) performance of the service requested by the user — Art. 6.1.b GDPR; (b) legitimate interest of the controller in protecting IT infrastructure — Art. 6.1.f GDPR; (c) user consent for analytics and marketing — Art. 6.1.a GDPR.

Retention period

Session data is deleted after 14 days. Chat conversations are identifiable for 30 days, then pseudonymized and retained up to 24 months for statistical purposes. Security events are retained 12 months identifiable + 7 years anonymized for audit.

Data recipients

Data is processed exclusively by authorized Zeli SRL personnel and is not transferred to third parties for marketing purposes. External processors include: Hetzner Online GmbH (hosting, Germany), Cloudflare Inc. (CDN/WAF, USA) under SCCs and DPA, SMTP Orion (Italy, transactional email provider).

Non-EU transfers

All application infrastructure is hosted in Germany (Hetzner Falkenstein). Cloudflare operates as a global edge and may see the IP and User-Agent header for filtering; this transfer is based on Standard Contractual Clauses (SCCs) and Data Processing Addendum. No chat data is sent to OpenAI, Anthropic Cloud or Google.

Your rights

You have the right to:

• Access your data (Art. 15 GDPR).
• Rectification of inaccurate data (Art. 16 GDPR).
• Erasure (right to be forgotten, Art. 17 GDPR), subject to legal obligations.
• Restriction of processing (Art. 18 GDPR).
• Data portability (Art. 20 GDPR).
• Object to processing (Art. 21 GDPR), including opt-out from internal ML training.
• Lodge a complaint with the Italian DPA (garanteprivacy.it).

To exercise your rights write to [email protected] specifying the right invoked. Response within 30 days.

Cookies and tracking

The site uses essential cookies (session, security, preferences) always active. Analytics cookies (Cloudflare Web Analytics, anonymized) and marketing only with explicit consent via banner. See the full cookie policy for per-cookie detail.

Security

We adopt appropriate technical and organizational measures (Art. 32 GDPR): encryption in transit (TLS 1.3), at-rest encryption of sensitive data (AES-256-GCM envelope), Sentinel WAF, immutable audit log, RBAC access control, staff training, periodic security assessments.

Complaints to the DPA

Without prejudice to any other administrative or judicial action, the user has the right to lodge a complaint with the Italian Data Protection Authority (Piazza Venezia 11, 00187 Rome — garanteprivacy.it).

Policy changes

This policy may be updated to reflect changes to the service or regulations. The current version is indicated at the top of the document. Substantial changes will be communicated via banner on site reopening.

DPO contacts

For any privacy-related request contact the internal DPO: Nicola Cucurachi · Email: [email protected] · Address: Zeli SRL, Via Pancaldi 59, 41122 Modena (MO), Italy.