CSY & SON S.p.A.

Customer support portal

My requests
Back to Home

Privacy Policy

Last updated: 28 March 2026

1. Data Controller

CSY & SON S.p.A.
Vicolo San Michele 15, 21100 Varese (VA), Italy
VAT / Tax Code: IT03264840129
Privacy contact: privacy@csyeson.it

2. Scope and Purpose

This portal (support.csyeson.it) is operated by CSY & SON S.p.A. as a customer support and after-sales assistance interface. Through the portal, users may submit service requests, spare parts inquiries, technical questions, and view the status of their own requests.

Personal data provided through the portal are processed for the following purposes:

  • Handling and managing support requests (service, repair, spare parts, technical inquiries)
  • Communicating with the user regarding their request
  • Verifying warranty eligibility and product documentation
  • Authenticating users to the reserved area via secure email link
  • Validating addresses and VAT numbers for invoicing accuracy
  • Protecting the portal against automated abuse

3. Categories of Data Processed

The portal collects only ordinary personal data necessary for support activities:

  • Contact information: name, email address, phone number
  • Tax and fiscal identifiers: VAT number, Codice Fiscale, SDI code (where applicable under Italian law)
  • Company information: company name, dealer code
  • Postal addresses: billing and, where relevant, shipping address
  • Product information: brand, model, serial number, purchase details
  • Service request details: fault description, accessories, packaging information
  • File attachments: invoices, photos, or videos uploaded to document the request

The portal does not intentionally collect special-category personal data as defined by Article 9 of the GDPR (e.g. health, biometric, political, or religious data).

4. Legal Basis

Data processing is based on:

  • Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR): processing necessary to handle the user's support request
  • Legal obligation (Art. 6(1)(c) GDPR): tax and invoicing documentation requirements
  • Legitimate interest (Art. 6(1)(f) GDPR): security measures, bot protection, and portal functionality

Providing the requested data is necessary to process the support request. If the required data are not provided, the request may not be processed.

5. Data Recipients and Third-Party Services

Data submitted through the portal may be communicated to the following categories of recipients, acting as data processors or independent controllers as applicable:

  • Freshdesk (Freshworks Inc.): cloud-based support ticketing platform used to manage and process support requests
  • Cloudflare Turnstile (Cloudflare Inc.): anti-bot security service used to protect form submissions
  • Postmark (ActiveCampaign LLC): transactional email service used exclusively to deliver authentication emails for the reserved area
  • Google Address Validation (Google LLC): optional service used to validate and normalize postal addresses
  • VIES (European Commission): public service used to verify EU VAT numbers

Some of these services may involve the transfer of data to servers located outside the European Economic Area. Where applicable, such transfers are governed by Standard Contractual Clauses or other mechanisms recognized under applicable data protection law.

6. Data Retention

Personal data submitted through the portal are transmitted to the company's support management systems, where they are retained in accordance with applicable legal and business requirements, for a period of up to 10 years.

The portal itself functions primarily as a transmission interface. Uploaded files are handled temporarily during submission and are not permanently stored on the portal.

7. Reserved Area and Authentication

The portal provides a reserved area where users can view the status of their own support requests. Access is granted through a secure, passwordless mechanism: the user provides their email address, receives a single-use time-limited link, and clicking it establishes a short-lived authenticated session.

Access is limited strictly to requests associated with the authenticated email address. No passwords are used or stored.

8. Cookies and Browser Storage

Cookies:

  • Session cookie (first-party, essential): used to maintain authentication in the reserved area for the duration of the session.
  • Security cookies (third-party, essential): set by the anti-bot protection service during form submission.

Browser storage:

The portal may store the following data locally in your browser for convenience and usability:

  • Your language preference
  • Dealer contact details to facilitate repeat form submissions (stored on your device only and not transmitted unless a form is submitted)
  • Form draft progress to prevent accidental data loss (automatically cleared when the browser tab is closed)

The portal does not use analytics, profiling, or marketing cookies or tracking technologies.

9. Rights of the Data Subject

In accordance with Articles 15-22 of the GDPR, data subjects may exercise the following rights:

  • Right of access to personal data
  • Right to rectification
  • Right to erasure (right to be forgotten)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing

To exercise these rights, contact: privacy@csyeson.it

10. Right to Lodge a Complaint

Data subjects have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or with any other competent supervisory authority.

11. Minors

This portal is not intended for use by minors. CSY & SON S.p.A. does not knowingly collect personal data from persons under the age of 18.

12. Updates to This Policy

This privacy policy may be updated periodically. The date of the last update is indicated at the top of this page. Users are encouraged to review this page periodically.