Chatbot Privacy Note


CHATBOT PRIVACY NOTICE

PROVIDED PURSUANT TO ART. 13 OF EU REGULATION NO. 2016/679 (“GDPR”)

SEW-EURODRIVE Sas di SEW S.r.L & CO (hereinafter, the “Company” or “SEW-Eurodrive”) places the utmost importance on the security and confidentiality of the personal data of users (hereinafter, “Users”) who visit the website https://www.sew-eurodrive.it/ (hereinafter, the “Website”) and wishes to provide them with information regarding the processing of their personal data carried out in connection with the use of the automated chat service available on the Company’s Website, based on generative artificial intelligence systems (hereinafter, the “Chatbot” or the “Service”).


1. Data Controller and Data Protection Officer – DPO

The data controller is SEW-EURODRIVE Sas di SEW S.r.L & CO, with registered office at Via Bernini n. 12, 20033, Solaro (MI), Tax Code 00809480155 and VAT No. 00694930967 (hereinafter, the “Company” or “SEW-Eurodrive”).

For any request regarding the processing of personal data, as well as to exercise the rights granted under the GDPR and further described in section 9 below, you may contact the Company at the email address privacy@sew-eurodrive.it or by phone at +39 0296980245.

SEW-Eurodrive appoints a Data Protection Officer (“DPO”), designated pursuant to Article 37 of the GDPR, who can be contacted at the following email address: dpo@sew-eurodrive.it .


2. General information about the Chatbot

The Chatbot allows Users to submit requests for information, support, and assistance related to the products and services offered by SEW-Eurodrive. The Service is operated through an automated system based on artificial intelligence provided by Cognigy.AI GmbH.Responses provided via the Chatbot are intended as initial informational and support assistance in relation to the User’s requests. The Service does not involve automated decision-making within the meaning of Article 22 GDPR, as the responses generated by the Chatbot do not produce legal effects nor similarly significantly affect the User.


3. Categories of personal data processed

Through the Chatbot, the Company collects certain personal data relating to Users (hereinafter, “Personal Data”). In particular:

A. If the User uses the Service as an already authenticated customer, the Company may process the following categories of Personal Data:

  • first and last name;
  • email address used for login;
  • telephone number, where necessary for callbacks;
  • content of the request and conversation history;
  • number, date, and time of messages sent via chat;
  • User ID;
  • Session ID;
  • Contact ID;
  • information relating to orders, offers, or other transactions, where relevant to the User’s request;
  • country and language;
  • location, where requested

B. If the User uses the Service without logging in, the Company may process the following categories of Personal Data:

  • first and last name;
  • email address;
  • request content and conversation history;
  • date and time of messages sent via chat;
  • country and language;
  • location, where requested by the User.

Within the scope of the Service, technical data and logs relating to the use of the system may also be processed, including audit logs relating to the activities of the Company’s IT administrators and the IT administrators of the involved service providers.

The Company invites Users not to enter into the Chatbot any personal data that is not necessary for the submitted request, nor any data belonging to special categories pursuant to Article 9 of the GDPR, such as, by way of example, data relating to health, political opinions, religious or philosophical beliefs, trade union membership, biometric data, or data concerning sexual life or sexual orientation. Personal data are not used for the training of generative artificial intelligence models.


4. Purposes for which the Company processes Personal Data

Through the Chatbot, the Company collects Users’ Personal Data, which is either voluntarily provided by them or collected in the normal operation of the Service, and processes it for the purposes described below.

Close table
  Purposes of processing Categories of data processed Legal basis and provision Retention period
1 Processing purpose: Management of requests submitted via Chatbot
The Company processes the User’s Personal Data in order to receive, manage, and respond to requests submitted via the Chatbot, such as, by way of example: searching for products or catalogues; requesting assistance or repairs; identifying a product via serial number; downloading technical documentation; contacting our headquarters.
Depending on the cases referred to in section 3), letters A or B. Performance of a contract or pre-contractual measures taken at the request of the User, pursuant to Article 6(1)(b) GDPR, where the request relates to services, orders, quotations, or the initiation, performance, or termination of a business relationship with the Company.
Legitimate interest of the Company, pursuant to Article 6(1)(f) GDPR, for other assistance or support requests, as well as to enable the Company to properly and promptly manage incoming requests and ensure the correct functioning of the Service.

Providing the data is necessary to allow the Company to manage the request via the Chatbot. If not provided, the Company may not be able to respond through this channel, without prejudice to the possibility of using other contact channels made available by the Company.
Personal Data are processed to the extent and for the time necessary to manage the User’s request. Chatbot conversations and audit logs are stored, by default, for 30 days.
2 Service quality improvement
The Company may process data relating to interactions with the Chatbot for analysis, evaluation, and improvement of the quality of the Service, including verification of the Chatbot’s functioning, the correctness of conversational flows, and the effectiveness of the responses provided.
Depending on the cases referred to in section 3), letters A or B.
Consent of the User, pursuant to Article 6(1)(a) GDPR.

Providing personal data is optional. Consent may be withdrawn at any time, without affecting the lawfulness of processing carried out prior to withdrawal, by writing to the Company or to the DPO at the contact details indicated in this notice and/or through the additional methods made available within the Chatbot interface.
Personal Data are processed to the extent and for the time necessary to improve the Service. Chatbot conversations and audit logs are stored, by default, for 30 days.



3 Defence of legal rights
The Company may process Personal Data for the purpose of defending its rights in judicial, administrative, or out-of-court proceedings, and in the context of disputes arising in relation to the Services.
Depending on the case, the Personal Data collected for the purposes described above will be processed. Legitimate interest of the Company in protecting its rights (Article 6(1)(f) GDPR).

No new or specific data provision is required, as the Company will pursue this additional purpose, where necessary, by processing the data collected for the purposes described above.
Personal Data will be retained for the time necessary to pursue the protection of the relevant rights.
4 Compliance with legal obligations
The Company may process Personal Data in order to comply with obligations imposed by laws, regulations, or EU legislation, as well as provisions/requests from legally authorised authorities and/or supervisory and control bodies.
Depending on the need, the Personal Data collected for the purposes described above will be processed.
Compliance with a legal obligation (Article 6(1)(c) GDPR).

Providing Personal Data for this purpose is mandatory, as failure to do so would prevent the Company from fulfilling specific legal obligations.
For the time necessary to process the request or to comply with the applicable legal obligation.
We have stored a table for you here.

5. How we keep Personal Data secure

The Company adopts appropriate security measures to ensure the protection, security, integrity, and accessibility of Users’ Personal Data. These security measures are intended to prevent unauthorised access, disclosure, alteration, or destruction of Personal Data.

All Personal Data is stored on the Company’s secure IT systems or on those of our service providers and is accessible and used in accordance with our security standards and policies (or equivalent standards for our providers).


6. How long we retain Personal Data

The Company retains Users’ Personal Data only for as long as necessary to achieve the purposes for which it was collected or for any other related legitimate purpose.

Personal Data that is no longer needed, or for which there is no longer a legal basis for retention, will be irreversibly anonymised or securely deleted.

If Personal Data is processed for multiple purposes, it will be deleted or anonymised as soon as the retention period for the last applicable purpose has expired.

The table in section 4 sets out the retention periods applicable to each purpose.


7. Who we may share Personal Data with

Personal Data may be accessed by duly authorised employees of the Company, as well as by external suppliers who, where necessary, are appointed as data processors and provide support for the delivery of the Service.

External suppliers include, in particular, Cognigy.AI GmbH, which acts as a data processor. The live chat and AI chatbot service is operated via Amazon Web Services and Microsoft Azure cloud infrastructure.

You may contact the Company at privacy@sew-eurodrive.it to request access to the list of data processors and other entities with whom we share personal data.


8. Transfers to third countries

Your Personal Data will mainly be processed within the European Economic Area (EEA). However, the use of certain tools by the Company may, on a residual basis, involve the transfer of data to entities established in countries outside the European Union (EU) or the EEA (hereinafter, the “Third Countries”). Such transfers are carried out in compliance with Chapter V of the GDPR.

These external entities will process Personal Data either as independent data controllers or as data processors, duly appointed by the Company in accordance with data protection legislation (depending on their role in relation to the processing).You may contact the Company at any time using the contact details provided below to request information on the entities to which Personal Data is transferred, as well as to obtain a copy of the safeguards applied to such transfers.


9. Rights regarding the protection of Personal Data and the right to lodge complaints with the Supervisory Authority

Each User has the right to request from the Company, subject to the existence of the legal basis for the request:

a) access to Personal Data, as provided for under Article 15 of the GDPR;

b) rectification or completion of Personal Data held by the Company that is considered inaccurate, as provided for under Article 16 of the GDPR;

c) erasure of Personal Data for which the Company no longer has any legal basis for processing, as provided for under Article 17 of the GDPR;

d) restriction of the processing of Personal Data, where one of the conditions set out in Article 18 of the GDPR applies;

e) a copy of the Personal Data provided to the Company, in a structured, commonly used and machine-readable format, and the transmission of such data to another data controller (data portability), as provided for under Article 20 of the GDPR;

f) withdrawal of consent, where the processing is based on such legal basis.

Right to Object: in addition to the rights listed above, the User may object at any time to the processing of Personal Data carried out by the Company for the pursuit of its legitimate interest.

In the event of the exercise of the rights described above, the Company will process the Personal Data provided by the User solely for the purpose of responding to the request. Such data will then be stored in a dedicated archive for 2 years from the Company’s last response.

The exercise of these rights, which may be carried out via the Company’s contact details indicated in section 1 with the subject line “EXERCISE OF DATA PROTECTION RIGHTS” (specifying which right is being requested) or by written communication sent by post to the Data Controller’s address, is free of charge and not subject to formal requirements. The Company will verify that the User is entitled to exercise the relevant right and will generally respond within one month.

If the User believes that the processing of their Personal Data violates the GDPR, they have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) using the contact details available at www.garanteprivacy.it, or to seek judicial remedies.

Last updated: 29/06/2026